| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
during early initialization so that we're guaranteed to get the right value
regardless of the shell umask used to invoke the command line script. While
we're at it, we can remove almost all individual umask settings previously in
the code, and make file permissions consistently -rw-rw---- (IOW, files are no
longer other readable).
The only subsystem that wasn't changed was the archiver, because it uses its
own umask settings to ensure that private archives have the proper
permissions. Eventually we'll mess with this, but if it ain't broken...
Note that check_perms complains about directory permissions, but I think
check_perms can be fixed (or perhaps, even removed?!). If we decide to use
LMTPRunner and HTTPRunner exclusively then no outside process will be touching
our files potentially with the incorrect permissions, umask, owner, or group.
If we control all of our own touch points then I think we can lock out
'other'.
Another open question is whether Utils.set_global_password() can have its
umask setting removed. It locks permissions down so even the group can't
write to the site password file, but the default umask of 007 might be good
enough even for this file.
Utils.makedirs() now takes an optional mode argument, which defaults to 02775
for backward compatibility. First, the default mode can probably be changed
to 02770 (see above). Second, all code that was tweaking the umask in order
to do a platform compatible os.mkdir() has now been refactored to use
Utils.makedirs().
Another tricky thing was getting SQLite via SQLAlchemy to create its
data/mailman.db file with the proper permissions. From the comment in
dbcontext.py:
# XXX By design of SQLite, database file creation does not honor
# umask. See their ticket #1193:
# http://www.sqlite.org/cvstrac/tktview?tn=1193,31
More details in that file, but the work around is to essentially 'touch' the
database file if 'sqlite' is the scheme of the SQLAlchemy URL. This little
pre-touch sets the right umask honoring permission and won't hurt if the file
already exists. SQLite will happily keep the existing permissions, and in
fact that ticket referenced above recommends doing things this way.
In the Mailman.database.initialize(), create a global lock that prevents more
than one process from entering this init function at the same time. It's
probably not strictly necessary given that I believe all the operations in
dbcontext.connect() are multi-processing safe, but it also doesn't seem to
hurt and prevents race conditions regardless of the database's own
safeguards (or lack thereof).
Make sure nightly_gzip.py calls initialize().
|
| |
|
|
|
|
|
| |
Do this and switch PUBLIC_ARCHIVE_URL to use $-substitution strings instead of
%-substitution strings (no backward compatibility is provided).
Minor style nits.
|
| |
|
|
|
|
|
|
| |
notifications.
wsgi_app.py ... URI normalization by stripping trailing slash. We need
Special care for 'private'.
Strip dot only components in the PATH_INFO for sanitization.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
traces of our crufty old Syslog. Most of this work was purely mechanical,
except for:
1) Initializing the loggers. For this, there's a new module
Mailman/loginit.py (yes all modules from now on will use PEP 8
names). We can't call this 'logging.py' because that will
interfere with importing the stdlib module of the same name (can
you say Python 2.5 and absolute imports?).
If you want to write log messages both to the log file and to
stderr, pass True to loginit.initialize(). This will turn on
propagation of log messages to the parent 'mailman' logger, which
is set up to print to stderr. This is how bin/qrunner works when
not running as a subprocess of mailmanctl.
2) The driver script. I had to untwist the StampedLogger stuff and
implement differently printing exceptions and such to log/error
because standard logging objects don't have a write() method. So
we write to a cStringIO and then pass that to the logger.
3) SMTPDirect.py because of the configurability of the log messages.
This required changing SafeDict into a dict subclass (which is
better than using UserDicts anyway -- yay Python 2.3!). It's
probably still possible to flummox things up if you change the
name of the loggers in the SMTP_LOG_* variables in mm_cfg.py.
However, the worst you can do is cause output to go to stderr and
not go to a log file.
Note too that all entry points into the Mailman system must call
Mailman.loginit.initialize() or the log output will go to stderr
(which may occasionally be what you want). Currently all CGIs and
qrunners should be working properly.
I wish I could have tested all code paths that touch the logger, but
that's infeasible. I have tested this, but it's possible that there
were some mistakes in the translation.
- Mailman.Bouncers.BounceAPI.Stop is a singleton, but not a class
instance any more.
- True/False code cleanup, PEP 8 import restructuring, whitespace
normalization, and copyright year updates, as appropriate.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Also, use Utils.websafe() consistently throughout, instead of the
inconsistent calls to cgi.escape().
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Fixes to prevent cross-site scripting exploits. See
http://www.cert.org/advisories/CA-2000-02.html
Reported by zeno@cgisecurity.com
Fix is to cgi.escape() any strings regurgitated from the url back to
the browser in the html response.
|
| |
|
|
| |
list exists before we try to write the template file.
|
| |
|
|
| |
Kikuchi.
|
| |
|
|
|
| |
trick-out of template_data. Add back the definition of _ (provided by
Juan Carlos Rey Anaya).
|
| | |
|
| |
|
|
| |
as translatable.
|
| |
|
|
|
| |
argument anymore. Other colors are no longer hardcoded, but taken
from mm_cfg.
|
| |
|
|
|
|
|
|
|
|
| |
has been removed.
FormatHTML(): Call Utils.maketext() instead of SnarfHTMLTemplate()
since that's also been removed.
ChangeHTML(): Don't use mlist._template_dir to find the path to the
list-centric template. Instead use mlist.fullpath().
|
| |
|
|
| |
script was not setting up the i18n environment in the `blessed' way.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
wrapper.
Fix some _() wrappings to use local variables.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
bomb with tracebacks if PATH_INFO environment variable wasn't defined.
Fixed this by making them all use Utils.GetPathPieces() and "doing
something sensible" when that returned a false value.
Also, edithtml is now hidden behind a login screen, so there's no need
to enter the list password to edit the html. You can't even get to
the list of files to edit unless you've admin authenticated. Closes
SF bug #114091, Jitterbug PR# 24.
|
| |
|
|
|
|
|
| |
to SF Bug #110753. Specifically,
main(), FormatHTML(): Use GetScriptURL() instead of
GetRelativeScriptURL().
|
| | |
|
| |
|
|
| |
syslog() interface.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
mailing list. In all cases, catch the base exception class
MMListError, and output HTML indicating the specified list doesn't
exist. A more detail message gets printed to logs/error (the str() of
the actual exception details).
Also:
admin.py - Don't catch MMBadConfigError around
mlist.parse_matching_header_opt() since this method doesn't ever
raise that exception. Actually, that exception isn't raised
anywhere in Mailman, so it's been removed.
|
| | |
|
| |
|
|
|
|
| |
programming constructs. Could still use a lot more work.
Background is finally #ffffff like all other pages! :)
|
| | |
|
| |
|
|
|
| |
lines 95, 161
scott
|
| | |
|
| |
|
|
|
|
|
| |
the Mailman package (using the semi-bogus, but quickly implemented
from ... import style).
main()-ify, but needed a few bogus global decls
|
|
|
handle logging to an error file, and no longer import paths. Also,
any checks for __main__ have been removed.
|
