summaryrefslogtreecommitdiff
path: root/Mailman/Cgi (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* back porting from 2.1.6tkikuchi2005-08-288-76/+242
|
* FSF office has moved. chdcking in for MAIN branch.tkikuchi2005-08-2714-14/+14
|
* process_request(), request_creation(): Close cross-site scriptingbwarsaw2003-09-281-14/+20
| | | | | | exploits found by Ned Dawes. Also, whitespace normalization. Backport candidate.
* membership_options(): Email addresses must be us-ascii, but it'sbwarsaw2003-06-171-1/+3
| | | | | | | | | | | | | | possible they got into the database as Unicode objects instead of string objects. So before processing the address for the membership management pages, encode them all to ascii (note that we're /not/ talking about the realnames). This will still crash if there are non-ascii characters in the email address, but as that is illegal, it should never happen <wink>. Closes SF # 755188. Back port candidate.
* show_helds_overview(): Slightly reword the "Add <email> to senderbwarsaw2003-06-091-1/+1
| | | | | | | filter" so that it's clearer that the radio array that follows selects the bucket the address will be added to. Backport candidate
* listinfo_overview(): Martin Pool's patch #688410 to improve thebwarsaw2003-05-151-1/+1
| | | | | | | | phrasing on the listinfo page. Requires translation updates. Backport candidate.
* cosmeticbwarsaw2003-04-061-2/+0
|
* subscription_confirm(): Catch HostileSubscriptionError and display anbwarsaw2003-03-161-0/+5
| | | | | | error message. Closes SF bug # 703941 by Stuart Bishop, who also suggested the basic fix.
* Update copyright yearsbwarsaw2003-03-111-1/+1
|
* SF patch #683906, add $DESTDIR to install target, by Ademar de Souza Reistwouters2003-03-111-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Jr, after much checking and rechecking (and some massaging) by me. Checking in now before I fall asleep and forget what all this was for. This patch adds the ability to 'make DESTDIR=/some/dir/tree install' that doesn't influence the paths stored in e.g. Defaults.py at all, which is of good use for various package managers. It is not all that package managers must do, however! Running make install with DESTDIR set means bin/update is never run, and mm_cfg.py is always written; package managers should make sure the appropriate post-installation is done, and that mm_cfg.py is treated as a config file. This patch inadvertently fixes some bogus whitespace: 8-spaces where surrounding code used tabs. The difference was harmless because the 8-spaces were used inside shell-continued-oneliners, but it is confusing and could lead to future harm. I'm too tired to make those two or three changes in a separate checkin, sorry. This patch also assumes the various packages that are installed using distutils do not record (or rather, use) their installation paths anywhere, but this seems to hold true at least for the moment. Also, I've done so many slow cvs diff's, I'm wondering when we'll switch to Subversion. Unfortunately, I've also done so many 'cvs diff -c > file; patch -p0 -R < file's to switch back and forth between patches and change sets, I'm wondering when we'll switch to Aegis as well. :-P
* change_options(): Use digest_is_default for the default massbwarsaw2003-02-111-1/+1
| | | | subscription delivery mode. Patch by Todd (Freedom Lover).
* Whitespace normalizationbwarsaw2003-02-071-6/+6
|
* guess_type(): Compatibility function for Python 2.1/2.2, the formerbwarsaw2003-02-031-1/+10
| | | | | | | which does not accept the strict flag to mimetypes.guess_type(). main(): If guess_type() returns None, use text/html so that the private archive summary page displays correctly.
* main(): Sanity check the language cgi variable.bwarsaw2003-01-274-23/+27
|
* subscription_confirm(): Sanity check the language cgi variable.bwarsaw2003-01-271-7/+9
|
* change_options(): Sanity check the user's selected language to be surebwarsaw2003-01-271-2/+2
| | | | it's one of the valid language.
* Fixes for the cross-site scripting bugbwarsaw2003-01-261-14/+23
| | | | | | | | | | | | | | | | | | | | | | http://online.securityfocus.com/archive/1/308154 Closes SF bug # 674533 by Tokio Kikuchi Specifically, main(), loginpage(): Check the `user' cgi var for validity and print an innocuous (and non-privacy leaking) message if it fails that test. Don't pass the entire cgidata object to loginpage; instead give just the language argument which is all the latter function uses. Also, be sure to use `safeuser' everywhere we print a message to the results page. safeuser is the escaped version of the `user' cgi var. Unrelated: main(): Sanity check the `language' cgi variable and use the mailing lists's preferred language if it is deliberately invalid.
* main(), content_type(): Removed the latter; mimetyes.guess_type() doesbwarsaw2003-01-201-15/+8
| | | | | | this better. Whitespace normalization.
* main(): In the change-of-address section, we only want to show thebwarsaw2003-01-021-3/+5
| | | | | | | | | | | | "you are already using that email address" message if the newaddress matches the case-preserved (subscribed) address. Also, in the set_address section, if cpuser is None, set it to the the user address, since that's what we'll use now as the old address in the ChangeMemberAddress() call. This and related changes should fix problems when the address we're changing to differs for the current address by case only.
* request_creation(): Remove a left over debugging print.bwarsaw2002-12-311-2/+0
|
* subscription_prompt(): Move the setting of the title to after thebwarsaw2002-12-311-4/+9
| | | | | | | | | | | | | | point where the i18n and doc languages are set. Also, get the languages using GetLanguageDescr() so that the language pull down list is also in the correct language. Fixes SF #658213 reported and patches by Daniel Buchmann. subscription_cancel(): Set the language to the user's preferred so that the cancel message is given in the right language. subscription_confirm(): Set the i18n and doc languages to the language from the form so it also shows up in the correct language.
* show_helds_overview(): Finally tracked down a most annoying buglet.bwarsaw2002-12-241-1/+4
| | | | | | | If a non-member sends a message which is held, but then the sender subsequently subscribes to the list, a confusing admindb page is shown. Now we include a message that the sender has since joined the list.
* Donn Cave's patch #602087 to honor configure's --srcdir switch.bwarsaw2002-12-121-1/+1
|
* heldmsg_prompt(): Translate the reason for the hold.bwarsaw2002-12-121-1/+1
|
* show_helds_overview(): Be sure to translate the `reason' for a hold.bwarsaw2002-12-121-2/+5
|
* Typo fixes, "administator" -> "administrator". Closes SF #650932bwarsaw2002-12-111-3/+3
|
* membership_options(): A fix for bug #644950 and other problems withbwarsaw2002-12-091-29/+32
| | | | | | | | chunks and buckets. When there are thousands of list members, the bucket and chunk calculation was broken when visiting the first [Membership List] link. First, the wrong bucket was being displayed, and second /all/ the members were being displayed. That made it take a really long time to render the page.
* process_request(): Use shutil.rmtree() instead of Utils.rmdirhier(),bwarsaw2002-12-021-3/+26
| | | | | | | but also catch possible EACCES or EPERM exceptions that might get raised. If that happens, log the problem to logs/error and provide some feedback to the admin that their ttw action had some failures. They site admin will have to clean up any problems.
* subscription_confirm(), unsubscription_confirm(),bwarsaw2002-12-021-4/+4
| | | | | addrchange_confirm(), reenable_confirm(): MMNoSuchUserError -> NotAMemberError
* main(), show_pending_subs(), show_pending_unsubs(),bwarsaw2002-12-021-11/+27
| | | | | | show_helds_overview(): The various show_*() methods now return the number of items (or an approximation) they have formatted for display. If it's zero, then don't add the form to the final output in main().
* change_options(): MMNoSuchUserError -> NotAMemberErrorbwarsaw2002-12-021-2/+2
|
* change_options(): Don't handle `emergency' moderation here -- it's abwarsaw2002-11-211-4/+0
| | | | normal config variable now.
* show_post_requests(): "rejection-notice" (i.e. the dash) doesn't playbwarsaw2002-11-191-1/+1
| | | | | nice when METADATA_FORMAT = METAFMT_ASCII. This is part of patch #567288 by Maximillian Dornseif.
* membership_options(): Don't assume the environment has QUERY_STRING.bwarsaw2002-11-181-28/+30
|
* list_listinfo(): Fix a u/i buglet for when no choice is given betweenbwarsaw2002-11-161-0/+4
| | | | | | | | digest and non-digest delivery. listinfo.html now has <mm-digest-question-start> and <mm-digest-question-end> tags which get comment start/enders if the question is meaningless. Requires template changes to all langauge's listinfo.html files.
* change_options(): Display the fullname and address of the member justbwarsaw2002-11-161-1/+2
| | | | subscribed, web-safe-ifying and uncanonstr'ing.
* main(): Watch out for unsubscription confirmations on addresses thatbwarsaw2002-11-151-7/+14
| | | | | have already been unsub'd, e.g. by the list administrator. Log an error message and throw the cookie away.
* Must import sys for signal handlers to work. Patch by Terry Hardie,bwarsaw2002-11-071-5/+6
| | | | | | closes SF patch # 635227. Also, whitespace normalization.
* show_pending_subs(): Always uncanonstr() the fullname, even if it'sbwarsaw2002-11-061-2/+1
| | | | | just an empty string. This avoids seeing the u'' when no real name was given.
* request_creation(): Sort the languages by long (human readable) namebwarsaw2002-11-041-4/+12
| | | | in the language of the create page.
* show_results(): Because of some html form peculiarities, especially onbwarsaw2002-11-041-10/+5
| | | | | | | | | | | the membership management pages, the u/i for emergency moderation is changed. Now, if the list is not being moderated, no indication under the categories is made (we can change this if people want). To turn on emergency moderation, you need to go to the General category under Additional Settings. If you enable emergency moderation, you will get the big red sign, but no checkbox -- the sign will be linked to the VARHELP for the emergency option.
* show_pending_subs(): Another place where we have to uncanonstr() abwarsaw2002-10-291-0/+2
| | | | full name.
* add_options_table_item(): Pass the elaboration tobwarsaw2002-10-281-3/+7
| | | | | | | get_item_gui_description(). get_item_gui_description(): If the description is different than the elaboration, use the term "Details", otherwise use the term "Edit".
* show_helds_overview(), show_post_requests(): Suggestion by Peerbwarsaw2002-10-251-3/+16
| | | | | | Heinlein, show the received time of the held message, if available. Also, some minor u/i tweaking.
* add_options_table_item(), get_item_gui_value(): Pass the `extra' bitbwarsaw2002-10-191-12/+15
| | | | | | | | of information in the gui item description tuple to get_item_gui_value(). This latter is usually ignored, but for radio buttons, can be a flag specifying whether horizontal or vertical buttons should be used. The default is 0 for backwards compatibility, signifying horizontal radio buttons.
* process_request(): Catch BadListNameError's that can get raised if thebwarsaw2002-10-061-2/+6
| | | | proposed list name is invalid.
* subscription_confirm(): Patch by Tokio Kikuchi, we need to pass thebwarsaw2002-10-051-1/+1
| | | | language into the canonstr() call to properly display the fullname.
* membership_options(): Slight code re-arrangement so we're always surebwarsaw2002-10-041-2/+2
| | | | | that the member's name gets encoded safely for the list's language's charset, which is the charset the page is going to be rendered in.
* subscription_prompt(), subscription_confirm(): Two more places wherebwarsaw2002-09-191-3/+5
| | | | | | we have to convert strings to or from unicode. Given by Tokio Kikuchi, modified slightly by Barry (if it's still broken, it's my mistake).
* change_options(): Patch by Tokio Kikuchi, we need to canonicalize thebwarsaw2002-09-181-0/+1
| | | | realname string.
generated by cgit v1.2.3-70-g09d2 (git 2.52.0) at 2026-01-16 10:50:01 +0000