| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
written by Ben Gertzfield, ported to MM2.1 by Marc MERLIN.
Specifically,
OPTCOLUMNS: Let's parameterize this.
membership_options(): Add a column for the nodupes field.
|
| |
|
|
|
| |
from the subscription confirmation form. The potential for mischief
seems high.
|
| |
|
|
|
|
| |
to the user in his/her own language, but as this may be different than
the list's preferred language, we have to wrap the message creation in
a try/finally which sets and restores the list's language.
|
| |
|
|
|
|
|
|
|
|
|
| |
Change all calls of add_error_message() to doc.addError().
main(): Fix the error reporting when no email address is given. Also,
rework the error reporting for when the login page's unsub or remind
buttons are used. Specifically, when rosters are public, we should
provide error messages when the given address is not a member, but
when rosters are private, lie about the confirmation message or
password reminder.
|
| |
|
|
| |
change the call sites accordingly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mailman/Gui/GUIBase.py module.
get_item_gui_value(): The gui component API has changed; use
getValue() instead of GetValue().
change_options(): We can really simplify a lot of this method because
the actual changing of the properties, value verification, and special
overrides are now all handled in the gui components themselves. We
now need only call out to the gui.handleForm() method.
Eventually, the membership management page should use the same
mechanism.
|
| | |
|
| |
|
|
|
|
|
| |
displaying so that nasty HTML can't sneak in. Also, set the readonly
attribute to true when creating the Message Headers and Message
Excerpt text boxes. This avoids the misperception that you can edit
the message before it's approved.
|
| |
|
|
|
|
|
| |
pass in the language that the message should be in. This allows us to
get the character set and header encodings right.
Patch by Ben Gertzfield.
|
| |
|
|
| |
that key is obsolete.
|
| |
|
|
|
| |
form data, because that key is obsolete. In change_options(), removed
Scott's way old comment since I think it's no longer applicable.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
lists_of_member(): Change the signature to take a MailList object as
the first argument, not a string hostname. This allows
lists_of_member() to filter out the current mailing list, which should
update its attribute the "normal" way.
main(): Use the new lists_of_member() signature where appropriate.
global_options(): The global_enable argument will contain the value
for the setDeliveryStatus() call. I.e. it won't be a boolean flag.
|
| |
|
|
| |
email addresses requesting subscription or unsubscription.
|
| |
|
|
|
|
|
|
|
|
| |
expansion of d['description'] referenced a local `esender' which, due
to code re-org wasn't defined. Define esender so as to avoid
cross-site scripting exploit.
Second, it wasn't correct to omit the form and submit button any time
there were ?details=... Fix this so that each stanza can decide
whether to add the form or not.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Also, in pending subscriptions listing, add a checkbox which will add
the address to the ban_list.
show_helds_overview(): Add a checkbox which will add the address to
the ban_list.
process_form(): Handle adding the address to the ban_list.
|
| |
|
|
| |
getattr(), since they won't exist.
|
| |
|
|
|
|
|
|
| |
pending results), be sure we still save the list!
show_helds_overview(), process_form(): When messages are being held by
a moderated member, give the list admin a chance to clear the moderate
bit.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
membership_options(): Refactor calculation of adminurl. Also, add a
hack to hide or display the table legend (normally hidden) using
QUERY_STRING extensions. This may not yet play nicely with all the
member chunking extensions.
Add Dan Mick idea to include an indication of the reason for
`nomail'. Use an abbreviation, described in the legend.
|
| |
|
|
| |
assertion. This fixes subscription approvals.
|
| |
|
|
| |
OldStyleMemberships.py. Backing it out.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this five years from now ;). In brief,
We now organize held postings by sender address and this "summary" is
what's presented when .../mailman/admindb/listname is visited. The
pending subs and unsubs don't change, but the preamble is shorted
(with links to more detailed instructions).
For each group of held messages, you can click on one link to see the
details of the all the messages sent by a single address, or you can
click on a different link to view the details of just a single
message. A third link lets you view the details of all the held
messages, just like the old admindb page used to give you.
The details page is just like the old admindb in form and function,
except that ADMINDB_PAGE_TEXT_LIMIT now works ;) and there are links
back to the summary page.
One additional neat hack is that on the summary page, there's an
option to add an email address to one of the auto sender filter lists
(viewable in the admin/privacy/sender screen). This is only visible
if the address isn't already on one of the four filter lists.
Where this should be a boon is if you've got a bunch of messages being
held that are coming from the same address, and they all appear to be
spam. You can discard them all in one fell swoop (no click-'n'-scroll
necessary!), and add them to the auto-discard list, so you never have
to worry about them again.
Note that if what you wanted to do was add a regexp to say the
auto-discard list, you'd have to first add this address, then go to
the admin/privacy/sender page and edit the address into a regexp
filter. Easily done, while reducing the complexity of the admindb
summary page, which already pushes the edge of "too busy".
|
| |
|
|
|
| |
accidently changed an option for the same user. We just ignore the
NotAMemberError that can get raised.
|
| |
|
|
|
|
|
|
| |
re-enabling of a disabled membership). Specifically,
reenable_cancel(), reenable_confirm(), reenable_prompt(): New
functions to prompt for, cancel (i.e. defer) and confirm thru-the-web
re-enabling of a disabled membership.
|
| |
|
|
|
|
|
|
|
|
| |
category form data processing. The intention is to eventually push
most of the special casing out of this script, where it's simply too
hard to maintain. Specifically,
get_item_gui_value(): If the gui component has a GetValue() method,
call it to get the current value of the attribute. This lets us
implement the seconds<->days mapping in the Bounce.py gui component.
|
| |
|
|
|
| |
setDeliveryStatus() to change the delivery status -- instead of the
member options. When disabling, do it BYUSER.
|
| |
|
|
|
|
|
|
|
|
| |
getDeliveryStatus() instead of getMemberOption(). Fix the FIXME code
which was doing a direct key search in mlist.members. This code is
less efficient but plays nice with the MemberAdaptor API.
change_options(): Handle the <user>_nomail option through the
setDeliveryStatus() method instead of the setMemberOption() method.
Disable BYADMIN.
|
| |
|
|
|
| |
excerpt so that it can't sneak in table breaking HTML or evil
Javascript. Fixes SF bug #486340. Patch and report by Greg Lindahl.
|
| |
|
|
|
|
|
|
| |
so that the selected language is propagated from the listinfo page to
the options login page. Also, grab the default language setting from
the form field.
loginpage(): Add a language selection widget.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Fixes to prevent cross-site scripting exploits. See
http://www.cert.org/advisories/CA-2000-02.html
Reported by zeno@cgisecurity.com
Fix is to cgi.escape() any strings regurgitated from the url back to
the browser in the html response.
|
| |
|
|
|
|
| |
which is just like EmailList except that it also allows "extended
email addresses", really just regular expressions, which must start
with a ^ (otherwise it's taken as a literal address).
|
| |
|
|
| |
longer include the leading dash.
|
| |
|
|
|
| |
the admin database, otherwise it won't be in the list's preferred
language.
|
| |
|
|
|
| |
would be a duplicate of one in bin/newlist. Web version and email
version should have different entries in the message catalog.
|
| |
|
|
|
|
|
|
|
|
| |
results strings should be displayed in the language that the
subscribee has requested. Also, tailor the response message based on
whether the moderators have to approve a confirmed request or not.
Reported by Daniel Buchmann.
subscription_confirm(): Need a `listname' local variable for _()
string interpolation.
|
| |
|
|
|
|
|
| |
or login, be sure we test for membership with isMember() before we
call the methods that require the user to be a member. Organize the
code such that membership isn't leaked due to the result messages, and
that mischievous attempts are logged.
|
| |
|
|
| |
list exists before we try to write the template file.
|
| |
|
|
|
| |
explanation needs to be written to reflect the fact that password
inputs are not on the general optinos page anymore.
|
| |
|
|
|
| |
host matching. We simply need to find the lowercased hostname in the
web_page_url to find a match.
|
| |
|
|
|
|
| |
markings. Found by Szilard Vizi.
password_inputs(): We don't need the <a name=...> bit anymore.
|
| |
|
|
| |
Kikuchi.
|
| |
|
|
| |
Kikuchi.
|
| | |
|
| |
|
|
| |
should just use the empty string if there's no real name.
|
| |
|
|
|
|
|
| |
that we can apply any list admin approval if necessary.
Also, the result message displayed depends on whether approval was
needed or not.
|
| | |
|
| |
|
|
| |
description three times (two should be enough <wink>).
|
| | |
|
