| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pending.py module is removed. Added an interface to this functionality such
that any IPendable (essentially a key/value mapping) can be associated with a
token, and that token can be confirmed and has a lifetime. Any keys and
values can be stored, as long as both are unicodes.
Added a doctest.
Modified initialization of the database layer to support pluggability via
setuptools. No longer is this layer initialized from a module, but now it's
instantiated from a class that implements IDatabase. The StockDatabase class
implements the SQLAchemy/Elixir layer, but this can be overridden in a
setup.py. Bye bye MANAGERS_INIT_FUNCTION, we hardly knew ye.
Added a package Mailman.app which will contain certain application specific
functionality. Right now, the only there there is an IRegistar
implementation, which didn't seem to fit anywhere else.
Speaking of which, the IRegistrar interface implements all the logic related
to registration and verification of email addresses. Think the equivalent of
MailList.AddMember() except generalized out of a mailing list context. This
latter will eventually go away. The IRegistrar sends the confirmation email.
Added an IDomain interface, though the only implementation of this so far
lives in the registration.txt doctest. This defines the context necessary for
domain-level things, like address confirmation.
A bunch of other cleanups in modules that are necessary due to the refactoring
of Pending, but don't affect anything that's actually tested yet, so I won't
vouch for them (except that they don't throw errors on import!).
Clean up Defaults.py; also turn the functions seconds(), minutes(), hours()
and days() into their datetime.timedelta equivalents.
Consolidated the bogus email address exceptions.
In some places where appropriate, use email 4.0 module names instead of the
older brand.
Switch from Mailman.Utils.unique_message_id() to email.utils.make_msgid()
everywhere. This is because we need to allow sending not in the context of a
mailing list (i.e. domain-wide address confirmation message). So we can't use
a Message-ID generator that requires a mailing list. OTOH, this breaks
Message-ID collision detection in the mail->news gateway. I'll fix that
eventually.
Remove the 'verified' row on the Address table. Now verification is checked
by Address.verified_on not being None.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
existing unit tests. Here's a summary of the changes.
- Removed all dependent third party packages, since the setup.py file now
claims all package dependencies such that they can be automatically
installed from the cheeseshop.
- Moved the misc directory into the Mailman package as Mailman/data. Moved
templates and messages to Mailman subpackages.
- Added an ILanguageManager interface, plus an implementation, so that
we don't use Defaults.LC_DESCRIPTIONS directly anymore. Added a doctest
for this interface and implementation. Defaults.LANGUAGES is moved into
mailman.cfg. Defaults.LANGUAGE_DICT is moved to _DEFAULT_LANGUAGE_DATA, and
LC_DESCRIPTIONS is removed. The calculation of the available and enabled
languages is moved to the Configuration class, but this will probably still
need work. Utils.GetLanguageDescr() and Utils.IsLanguage() are removed.
I'd like to remove GetCharSet() eventually too, but there are too many uses
of this currently, so I'm deferring it.
- Utils.findtext(): Hacks added so that templates can be retrieved from the
language catalog. The hack is that the template contents are used to find
the translation, but in the one test case where this is actually flexed, the
trailing newline in the file contents has to be trimmed. This is probably
not right.
- No more Defaults.py.in or mm_cfg.py! Defaults.py.in is moved to Defaults.py
and is no longer created from a template file. The script called
make_instance is added which creates an etc/mailman.cfg file from
mailman.cfg.in (previously, mailman.cfg.sample) and /that/ file now has the
small number of calculated values. In general, make_instance will not touch
mailman.cfg if it exists, unless the --force option is given. CGIEXT is
made the empty string by default (i.e. not generated). make_instance grows
a --var-dir option. Fleshed out the --languages opton.
- Defaults.py grows a DEFAULT_VAR_DIRECTORY variable, which is the default
location of the 'var' directory. The Configuration class uses this as one
of the directories it searches for its landmark, i.e. etc/mailman.cfg.
RUNTIME_DIR is gone, as is VAR_PREFIX.
- testall needs to write MAILMAN_USER, MAILMAN_UID, MAILMAN_GROUP,
MAILMAN_GID, and LANGUAGES run time variables.
- bin/withlist no longer needs to add config.BIN_DIR to sys.path, because in
fact that variable doesn't exist any more.
- Tweak the French catalog to make a test work. This is needed because of the
conversion from %-strings to $-strings.
- The setup.py now generates the .mo files before it does its thing. This
will have to be fixed, but for now we must generate these files on setup
build time instead of installation time.
- Removed an unused interface.
|
| |
|
|
|
|
|
|
|
|
|
| |
Ignore mailman.egg-info
In bin/make_instance.py: Catch and ignore import errors when importing
Mailman.i18n. Before this script has actually been run, there won't be enough
infrastructure in place of the import to succeed. Include several other fixes
in this file.
Add install_requires to the setup script.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
confident the Elixir branch is ready to become mainline. Also, fewer branches
makes for an easier migration to a dvcs.
Don't expect much of the old test suite to work, or even for much of the old
functionality to work. The changes here are disruptive enough to break higher
level parts of Mailman. But that's okay because I am slowly building up a new
and improved test suite, which will lead to a functional system again.
For now, only the doctests in Mailman/docs (and their related test harnesses)
will pass, but they all do pass. Note that Mailman/docs serve as system
documentation first and unit tests second. You should be able to read the
doctest files to understand the underlying data model.
Other changes included in this merge:
- Added the Mailman.ext extension package.
- zope.interfaces uses to describe major components
- SQLAlchemy/Elixir used as the database model
- Top level doinstall target renamed to justinstall
- 3rd-party packages are now installed in pythonlib/lib/python to be more
compliant with distutils standards. This allows us to use just --home
instead of all the --install-* options.
- No longer need to include the email package or pysqlite, as Python 2.5 is
required (and comes with both packages).
- munepy package is included, for Python enums
- IRosterSets are added as a way to manage a collection of IRosters. Roster
sets are named so that we can maintain the indirection between mailing lists
and rosters, where the two are maintained in different storages.
- IMailingListRosters: remove_*_roster() -> delete_*_roster()
- Remove IMember interface.
- Utils.list_names() -> config.list_manager.names
- fqdn_listname() takes an optional hostname argument.
- Added a bunch of new exceptions used throughout the new interfaces.
- Make LockFile a context manager for use with the 'with' statement.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
column in the database for this list of strings. We use SQLAlchemy's
many-to-many relationship, however because of this, you cannot simply append
new unicodes to .available_languages. You need to wrap the language code in a
Language instance and append that instance to the list.
In order to handle this, I added a property MailList.language_codes which
returns a list of the code strings (not Language instances). Also new are
MailList.set_languages() for setting (i.e. overriding) the set of available
languages for the list; and add_language() which takes a single language code,
wraps it, and appends it. The code does not and should not use
.available_languages directory any more.
MailList.GetAvailableLanguages() is removed. The 'available_languages' column
is removed from the Listdata table.
Add a getValue() to Mailman.Gui.Language in order to unwrap the language codes
stored in the database's association table. Modify _setValue() to do the
wrapping.
In dbcontext.py, don't import * from the sqlalchemy package. It contains a
'logging' name which is not the standard Python logging package. I also added
essentially a bag of attributes class called Tables which will hold references
to all the SA tables that are created. Update the make_table() API to take an
instance of Tables.
Added a close() method to DBContext. This is needed for the updated unit test
suite.
Changed bin/import.py so that when available_languages is being set, it calls
MailList.set_languages() instead of trying to set that attribute directly.
Updated some language idioms while I was at it.
More eradication of mm_cfg in favor of the config object and the Defaults
module.
In testall.py, call initialize() instead of loginit.initialize().
Promote MAX_RESTARTS into a Defaults.py.in variable. This is because the unit
tests will knock that value down to something not so annoying should one of
the qrunner-required tests traceback.
Several other important changes to the unit test suite (which now completely
succeeds again!):
- Set the uid and gid of the temporary mailman.cfg and tmp*.db files to the
Mailman user and group as specified in the config object.
- Make sure that all of the tests point to a SQLite database file that was
created with the tempfile module. This way we don't pollute our main
database with data that is getting created during the unit tests.
- In the TestBase.setUp() method, be sure to close the existing dbcontext,
clear out the mappers, and then reconnect the dbcontext with the new
SQLALCHEMY_ENGINE_URL pointing to the tempfile. However, we don't need to
reload the MailList instance any more.
- Make all tests work, except for the tests that require crypt. That upgrade
path will not be available in this version of Mailman.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
First off, there are several password hashing schemes added including SHA,
salted-SHA, and RFC 2989 PBKDF2 (contributed by Bob Fleck). Then we encode
the password using RFC 2307 style syntax. At least I think: specifically
things like the PRF and iteration count for PBKDF2 are encoded the way I
/think/ is intended for RFC 2307 but I could be wrong. Seems darn hard to
find definitive information about that.
In any event, even though CLEARTEXT passwords are supported, they are mostly
deprecated, even for user passwords. It also allows us to easily update all
passwords to a new hashing scheme when the existing schemes get cracked. The
default scheme (specified in Defaults.py.in) is salted-SHA with a 20 byte salt
(the salt length and PBKDF2 iteration counts can only be specified in the
passwords.py file).
These hashed passwords are used for user passwords, list owner and moderator
passwords, and site and list creator passwords.
Of course this means that user password reminders are impossible now. They've
been ripped out of the code for a while, but now we'll need to implement
password resets since user passwords cannot be recovered.
bin/export has had several changes:
- export no longer converts to dollar strings. Were assuming dollar strings
are used by default for all new lists and any imported lists will already be
converted to dollar strings.
- Likewise, rip out the password scheme stuff, since cleartext passwords can
never be exported, so we might as well always include the member's hashed
password.
- Fix exporting to stdout when that stream can only handle ascii by wrapping
stdout in a utf-8 codec writer.
Other changes:
- add a missing import to HTTPRunner.py
- Convert GUIBase.py to use Defaults.* for constants instead of mm_cfg.*
- Remove pre-Python 2.4 compatibility from Utils.py. We've already said
Python 2.4 will be a minimum requirement.
- Change the permissions on the global password file. The default 007 umask
is used and should be good enough.
- bin/newlist adds the ability to specify the password scheme (or list the
available schemes) for the list owner password. It is not possible to set
the scheme on a per-list basis. bin/mmsitepass does the same, but for the
site and list creator passwords.
- Fix a nasty problem with bin/import. The comment in the code says it best:
# XXX Here's what sucks. Some properties need to have
# _setValue() called on the gui component, because those
# methods do some pre-processing on the values before they're
# applied to the MailList instance. But we don't have a good
# way to find a category and sub-category that a particular
# property belongs to. Plus this will probably change. So
# for now, we'll just hard code the extra post-processing
# here. The good news is that not all _setValue() munging
# needs to be done -- for example, we've already converted
# everything to dollar strings.
- Set the 'debug' logger to logging.DEBUG level. It doesn't seem to make much
sense for the debugging log to ignore debug messages.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://mailman.svn.sourceforge.net/svnroot/mailman/branches/tmp-sqlalchemy-branch
................
r8114 | bwarsaw | 2006-12-06 00:16:54 -0500 (Wed, 06 Dec 2006) | 44 lines
Initial take on using SQLAlchemy to store list data in lieu of Python pickles.
While all the list data (including OldStyleMemberships attributes) are stored
in the database, many attributes are stored as PickleTypes binary data. This
isn't idea but it gets things working until a more sophisticated schema can be
developed.
MailList class is now a new-style class, as is required by SQLAlchemy. This
makes several things, er, interesting. Rip out all the low-level pickle
reading and writing stuff. Hook SA transaction events into Lock() and
Unlock(). Move the hooking of the _memberadaptor into InitTempVars(), which
gets called by the SQLAlchemy hooks (MailList.__init__() never is).
Add an initialize.py module which centralizes all the initialization bits that
command line scripts have to do, including configuration, logging, and atabase
initialization.
This change also converts bin/withlist to mmshell wrapper.
Update to SQLAlchemy 0.3.1.
Revamp paths.py.in considerably. There were several problems with the old
way. We no longer disable default loading of site-packages so we don't need
to add Python's site-packages back to sys.path. Also, because
site.addsitedir() causes things like .pth paths to be /appended/ to sys.path,
they actually won't override any site-installed packages. E.g. if SQLAlchemy
is installed in the system Python, our version will not override. IIUC,
setuptools-based packages can be configured to work properly in the face of
package versions, however not all packages we currently depend on are
setuptools-based. So instead, we steal a bit of stuff from site.py but change
things so the prepend .pth stuff to sys.path.
Update several modules to use True/False and whitespace normalization.
Convert from mm_cfg to config object. Modernize a few coding constructs.
Add a couple of exceptions to handle database problems.
In the export script, include the widget type in the elements. This helped in
my stupid little throw away conversion script, but I think it will be more
generally useful.
Add an interact.py module which refactors interactive interpreter access.
Mostly this is used by withlist -i, but it lets us import Mailman.interact and
drop into a prompt just about anywhere (e.g. debugging).
................
r8115 | bwarsaw | 2006-12-07 09:13:56 -0500 (Thu, 07 Dec 2006) | 22 lines
Start to flesh out more of the SQLAlchemy mechanisms.
Added a MailList.__new__() which hooks instantiation to use a query on
dbcontext to get an existing mailing list. A 'no-args' call means we're doing
a Create(), though eventually that will change too.
For now, disable the CheckVersion() call. Eventually this will be folded into
schema migration.
list_exists(): Rewrite to use the dbcontext query to determine if the named
mailing list exists or not. Requires the fqdn_listname.
Eradicate two failed member adaptors: BDBMemberAdaptor and SAMemberships.
Change the way the DBContext holds onto tables. It now keeps a dictionary
mapping the table's name to the SA Table instance. This makes it easier to
look up and use the individual tables.
Add 'web_page_url' as an attribute managed by SA, and remove a debugging
print.
................
r8116 | bwarsaw | 2006-12-11 07:27:47 -0500 (Mon, 11 Dec 2006) | 29 lines
Rework the whole dbcontext and transaction framework. SA already handles
nested transactions so we don't have to worry about them. However, we do have
the weird situation where some transactions are tied to MailList
.Lock()/.Unlock()/.Save() and some are tied to non-mlist actions. So now we
use an @txn decorator to put methods in a session transaction, but then we
also hook into the above MailList methods as possibly sub-transactions. We
use a weakref subclass to manage the MailList interface, with a dictionary
mapping MailList fqdn_listnames against transactions. The weakrefs come in by
giving us a callback when a MailList gets derefed such that we're guaranteed
to rollback any outstanding transaction.
Also, we have one global DBContext instance but rather than force the rest of
Mailman to deal with context objects, instead we expose API methods on that
object into the Mailman.database module, which the rest of the code will use.
Such methods must be prepended with 'api_' to get exposed this way.
bin/rmlist now works with the SA-backend. I refactored the code here so that
other code (namely, the test suite) can more easily and consistently remove a
mailing list. This isn't the best place for it ultimately, but it's good
enough for now.
New convenience functions Utils.split_listname(), .fqdn_listname().
Convert testall to use Mailman.initialize.initialize(). Not all tests work,
but I'm down to only 8 failures and 7 errors. Also, do a better job of
recovering from failures in setUp().
MailList.__new__() now takes keyword arguments.
................
r8117 | bwarsaw | 2006-12-11 22:58:06 -0500 (Mon, 11 Dec 2006) | 7 lines
Unit test repairs; even though the unit tests are still pretty fragile,
everything now passes with the SQLAlchemy storage of list data.
Added missing 'personalize' column. Converted mailmanctl and qrunner to
initialize() interface. Fixed _cookie_path() to not fail if SCRIPT_NAME is
not in the environment.
................
r8118 | bwarsaw | 2006-12-27 18:45:41 -0500 (Wed, 27 Dec 2006) | 21 lines
Utils.list_names(): Use a database query to get all the list names.
dbcontext.py: Added api_get_list_names() to support Utils.list_names().
listdata.py: Added two additional MailList attributes which need to be stored
in the database. The first is 'admin_member_chunksize' which isn't modifiable
from the web. The second is 'password' which holds the list's password.
HTMLFormatObject: item strings can now be unicodes.
bin/list_lists.py: Must call initialize() to get the database properly
initialized, not just config.load(). This will be a common theme.
SecurityManager.py:
- Remove md5 and crypt support
- Added mailman.debug logger, though it will be only used during
debugging.
- The 'secret' can be a unicode now.
- A few coding style updates; repr() instead of backticks, 'key in dict'
instead of 'dict.has_key(key)'
................
r8119 | bwarsaw | 2006-12-27 19:13:09 -0500 (Wed, 27 Dec 2006) | 2 lines
genaliases.py: config.load() -> initialize()
................
r8120 | bwarsaw | 2006-12-27 19:17:26 -0500 (Wed, 27 Dec 2006) | 9 lines
Blocked revisions 8113 via svnmerge
........
r8113 | bwarsaw | 2006-12-05 23:54:30 -0500 (Tue, 05 Dec 2006) | 3 lines
Initialized merge tracking via "svnmerge" with revisions "1-8112" from
https://mailman.svn.sourceforge.net/svnroot/mailman/branches/tmp-sqlalchemy-branch
........
................
r8121 | bwarsaw | 2006-12-28 23:34:52 -0500 (Thu, 28 Dec 2006) | 20 lines
Remove SIGTERM handling from all the CGI scripts. This messes with HTTPRunner
because when you issue "mailmanctl stop" after the signal handler has been
installed, the process will get a SIGTERM, the signal handler will run, and
the process will exit with a normal zero code. This will cause mailmanctl to
try to restart the HTTPRunner.
I don't think we need that stuff at all when running under wsgi with a
SQLAlchemy backend. If mailmanctl kills the HTTPRunner in the middle of the
process, I believe (but have not tested) that the transaction should get
properly rolled back at process exit. We need to make sure about this, and
also we need to test the signal handling functionality under traditional CGI
environment (if we even still want to support that).
Also, make sure that we don't try to initialize the loggers twice in qrunner.
This was the cause of all the double entries in logs/qrunner.
Fix a coding style nit in mailmanctl.py.
De-DOS-ify line endings in loginit.py.
................
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Configurable no-list error.
- Ultimate loop stop address in transport -> aliases.
- LMTP_ONLY_DOMAIN needs no individual transport entry.
- Use of alias/lmtp is exclusive.
WSGI brushups.
- _cookie_path() was made simple and retain common cookie for
admin/admindb/... etc.
- Removed absolute=1 from admindb/confirm/create/options.
configuration.py
- Use of add_runner() in etc/mailman.cfg needs change. config
is not loaded yet?
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bogus apparent messages into the error log, possibly inducing an admin to
visit a phishing site.
- options.py
Topics.py
Tagger.py
MailList.py
Utils.py
Version.py
versions.py
The processing of Topics regular expressions has changed. Previously the
Topics regexp was compiled in verbose mode but not documented as such
which caused some confusion. Also, the documentation indicated that topic
keywords could be entered one per line, but these entries were not
properly. Topics regexps are now compiled in non-verbose mode and multi-
line entries are 'ored'. Existing Topics regexps will be converted when
the list is updated so they will continue to work.
|
| |
|
|
| |
- Handlers/CalcRecips.py - Changed to not process topics if topics
are disabled for the list.
|
| |
|
|
|
|
| |
the builtin types. Two still remain: a check against ClassType and a check
against MethodType. Also, fix some hinky type comparisons to use isinstance()
consistently.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
traces of our crufty old Syslog. Most of this work was purely mechanical,
except for:
1) Initializing the loggers. For this, there's a new module
Mailman/loginit.py (yes all modules from now on will use PEP 8
names). We can't call this 'logging.py' because that will
interfere with importing the stdlib module of the same name (can
you say Python 2.5 and absolute imports?).
If you want to write log messages both to the log file and to
stderr, pass True to loginit.initialize(). This will turn on
propagation of log messages to the parent 'mailman' logger, which
is set up to print to stderr. This is how bin/qrunner works when
not running as a subprocess of mailmanctl.
2) The driver script. I had to untwist the StampedLogger stuff and
implement differently printing exceptions and such to log/error
because standard logging objects don't have a write() method. So
we write to a cStringIO and then pass that to the logger.
3) SMTPDirect.py because of the configurability of the log messages.
This required changing SafeDict into a dict subclass (which is
better than using UserDicts anyway -- yay Python 2.3!). It's
probably still possible to flummox things up if you change the
name of the loggers in the SMTP_LOG_* variables in mm_cfg.py.
However, the worst you can do is cause output to go to stderr and
not go to a log file.
Note too that all entry points into the Mailman system must call
Mailman.loginit.initialize() or the log output will go to stderr
(which may occasionally be what you want). Currently all CGIs and
qrunners should be working properly.
I wish I could have tested all code paths that touch the logger, but
that's infeasible. I have tested this, but it's possible that there
were some mistakes in the translation.
- Mailman.Bouncers.BounceAPI.Stop is a singleton, but not a class
instance any more.
- True/False code cleanup, PEP 8 import restructuring, whitespace
normalization, and copyright year updates, as appropriate.
|
| |
|
|
|
|
|
|
|
|
|
| |
- Remove True/False binding cruft
- Remove __future__ statements for nested scopes
- Remove ascii_letters import hack from Utils.py
- Remove mimetypes.guess_all_extensions import hack from Scrubber.py
- In Pending.py, set _missing to object() (better than using [])
Also, update copyright years where appropriate, and re-order imports more to
my PEP 8 tastes. Whitespace normalize.
|
| |
|
|
| |
address changes and confirmations of same.
|
| |
|
|
|
|
|
| |
This is not good if list admin cannot be fully trusted. This patch
disables the list admin's ability of changing the user option/subscription
globally; changes are effective only within the list. Site admin
can change globally if mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set Yes.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://online.securityfocus.com/archive/1/308154
Closes SF bug # 674533 by Tokio Kikuchi
Specifically,
main(), loginpage(): Check the `user' cgi var for validity and print
an innocuous (and non-privacy leaking) message if it fails that test.
Don't pass the entire cgidata object to loginpage; instead give just
the language argument which is all the latter function uses.
Also, be sure to use `safeuser' everywhere we print a message to the
results page. safeuser is the escaped version of the `user' cgi var.
Unrelated:
main(): Sanity check the `language' cgi variable and use the mailing
lists's preferred language if it is deliberately invalid.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
"you are already using that email address" message if the newaddress
matches the case-preserved (subscribed) address.
Also, in the set_address section, if cpuser is None, set it to the the
user address, since that's what we'll use now as the old address in
the ChangeMemberAddress() call.
This and related changes should fix problems when the address we're
changing to differs for the current address by case only.
|
| |
|
|
|
|
| |
closes SF patch # 635227.
Also, whitespace normalization.
|
| |
|
|
|
|
|
|
| |
need to convert it to a unicode string using the charset of the
language of the page.
options_page(): When printing the member's full name, be sure to
encode it to the charset of the language of the page.
|
| |
|
|
| |
607469 by John Parise.
|
| |
|
|
|
|
| |
global opts are requested. This adds a __nonzero__() method to class
Global and tests for truth before doing the gmlist loop. Closes SF
patch #602084.
|
| |
|
|
|
|
|
|
| |
is already a member of the current list. If the change is requested
globally, we'll output a warning message but still allow the change to
go through (we'll catch already-a-member situations elsewhere).
If the request is not global, then we'll refuse to make the change.
|
| |
|
|
|
| |
Also, use Utils.websafe() consistently throughout, instead of the
inconsistent calls to cgi.escape().
|
| |
|
|
|
| |
that any email address previously provided propagates to the form in
the new language.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
listinfo.py
list_listinfo(): If the list only has one language enabled, omit
the language choice box. It's a waste of screen real-estate.
HTMLFormatter
GetStandardReplacements(): ditto
options.py
loginpage(): ditto. Also omit the paragraph that talks about
session cookies. It's probably over the heads of most users.
main(): Don't print the "No address given" if we're traveling here
from the listinfo page and they left the address field blank, as
per the instructions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
should be settable globally, since you're probably using the same MUA
for all your list traffic. Specifically:
main(): Define a Global class as a bag of attributes, and use this
instead of the separate global_* variables. Added the extraction of
the mime-globally form variable which sets the MIME digest setting
globally. Always call global_options(), which now does the "do we
need to do anything" test before locking the list.
options_page(): Replace <mm-global-mime-button> with a checkbox for
setting the MIME/plain text flag.
global_options(): Signature changed to take an instance. Make sure
that all non _* attributes have a non-None value before locking the
list. Also, set the DisableMime member option.
|
| |
|
|
|
| |
otherwise status for multiple actions may run together. Found by Fred
Drake.
|
| |
|
|
|
| |
DeleteMember(). whence is destined for the log files, so it should
definitely not be translated!
|
| |
|
|
| |
"can't digest". Noticed by Marc MERLIN.
|
| |
|
|
|
|
|
|
|
| |
written by Ben Gertzfield, ported to MM2.1 by Marc MERLIN.
Specifically,
main(), options_page(), global_options(): Added support for the
nodupes option, including setting nodupes globally.
|
| |
|
|
|
|
|
|
|
|
|
| |
Change all calls of add_error_message() to doc.addError().
main(): Fix the error reporting when no email address is given. Also,
rework the error reporting for when the login page's unsub or remind
buttons are used. Specifically, when rosters are public, we should
provide error messages when the given address is not a member, but
when rosters are private, lie about the confirmation message or
password reminder.
|
| |
|
|
| |
that key is obsolete.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
lists_of_member(): Change the signature to take a MailList object as
the first argument, not a string hostname. This allows
lists_of_member() to filter out the current mailing list, which should
update its attribute the "normal" way.
main(): Use the new lists_of_member() signature where appropriate.
global_options(): The global_enable argument will contain the value
for the setDeliveryStatus() call. I.e. it won't be a boolean flag.
|
| |
|
|
|
| |
setDeliveryStatus() to change the delivery status -- instead of the
member options. When disabling, do it BYUSER.
|
| |
|
|
|
|
|
|
| |
so that the selected language is propagated from the listinfo page to
the options login page. Also, grab the default language setting from
the form field.
loginpage(): Add a language selection widget.
|
| |
|
|
|
|
|
|
|
|
| |
Fixes to prevent cross-site scripting exploits. See
http://www.cert.org/advisories/CA-2000-02.html
Reported by zeno@cgisecurity.com
Fix is to cgi.escape() any strings regurgitated from the url back to
the browser in the html response.
|
| |
|
|
|
|
|
| |
or login, be sure we test for membership with isMember() before we
call the methods that require the user to be a member. Organize the
code such that membership isn't leaked due to the result messages, and
that mischievous attempts are logged.
|
| |
|
|
|
|
|
| |
that we can apply any list admin approval if necessary.
Also, the result message displayed depends on whether approval was
needed or not.
|
| |
|
|
| |
makes the "Authentication failed" tests work.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
membership mining when private rosters are being used. Also, fix a
bug in the chopping up of the url parts.
We now print the "Authentication failed" message in the authentication
clause when the `password' key, not the `login' key is present (the
latter won't be when the email address is given on the url, but the
former will always be present).
When mlist.private_roster is <> 0, this means we do have private
rosters (either to the list membership or to the list admins). In
that case, set user to None and continue on. The display will use the
provided email address even if it's not a member, and we'll get a
normal "Authentication failed" message, which doesn't reveal whether
it was the email address or the password that mismatched.
loginpage(): Always set the form action to .../mailman/options
without the email address in the url. If the user was provided to the
login script, hide it (obscured) in a Hidden input field. This way,
we essentially clear any unauthorized emails from the url.
|
| |
|
|
|
|
| |
ApprovedDeleteMember(). When the user unsubscribes via her
options page, admin notification should follow the list's
setting.
|
| |
|
|
| |
such member' error.
|
| |
|
|
|
|
|
|
|
|
|
| |
url or in the form data. In that case, present the login page
with an extra field prompting for the email address. Also,
optionally get the email address out of the form data, if
present. listinfo.html has changed so that it calls this script
directly, with the `email' item holding the address. The login
page uses the same item name, so either will work.
loginpage(): Accept user=None meaning, prompt for the email address.
|
| |
|
|
|
| |
SetPreferredLanguage() -> setMemberLanguage(); setMemberTopics();
getMemberTopics().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
member's real names. Specifically,
main(): IsMember() -> isMember();
FindUser()/GetUserSubscribedAddress() -> getMemberCPAddress()
GetPreferredLanguage() -> getMemberLanguage()
Support the printing of topic details when they click on the
"Details" link after the topic name (works like admin interface's
VARHELP).
In the change-of-address stanza, add a check for the fullname
field, which contains the member's real name. After extracting
the fullname, new-address, and confirm-address fields, be more
careful about including error messages, so that if the real name
field is set or cleared, we ignore the address fields if they are
both blank. Handle setting the member's name globally, just like
a global change of address.
DeleteMember() -> ApprovedDeleteMember()
Add recognition of the ReceiveNonmatchingTopics flag to determine
what the user wants for messages that match no topics (they can
either receive them or ignore them).
GetUserOption() -> getMemberOption()
Add processing of user topic selections.
SetUserOption() -> setMemberOption() and don't special case when
setting digest deliver; setMemberOption() handles that properly.
options_page(): Include the user's full name in presentable_user, as
in "john.doe@dom.ain, John Doe". If there's no user name then
just print the email address as before.
"Change My Address" button -> "Change My Address and Name"
Add replacements for the fullname box, and the topics option.
IsMember() -> isMember()
ChangeUserPassword() -> setMemberPassword()
SetUserOption() -> setMemberOption()
topic_details(): New method to include the topic details in the top
information area.
|
