1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
#!/usr/local/bin/python
"""Produce subscriber roster, using listinfo form data, roster.html template.
Takes listname in PATH_INFO."""
__version__ = "$Revision: 388 $"
# We don't need to lock in this script, because we're never going to change
# data.
import sys
sys.path.append('/home/mailman/mailman/modules')
import os, string
import cgi
import mm_utils, maillist, htmlformat, mm_cfg, mm_err
try:
sys.stderr = mm_utils.StampedLogger("error", label = 'roster',
manual_reprime=1, nofail=0)
except IOError:
pass # Oh well - SOL on redirect, errors show thru.
def main():
doc = htmlformat.Document()
form = cgi.FieldStorage()
list = get_list()
bad = ""
# These nested conditionals constituted a cascading authentication
# check, yielding a
if not list.private_roster:
# No privacy.
bad = ""
else:
auth_req = ("%s subscriber list requires authentication."
% list.real_name)
if not form.has_key("roster-pw"):
bad = auth_req
else:
pw = form['roster-pw'].value
# Just the admin password is sufficient - check it early.
if not list.ValidAdminPassword(pw):
if not form.has_key('roster-email'):
# No admin password and no user id, nogo.
bad = auth_req
else:
id = form['roster-email'].value
if list.private_roster == 1:
# Private list - members visible.
try:
list.ConfirmUserPassword(id, pw)
except (mm_err.MMBadUserError,
mm_err.MMBadPasswordError):
bad = ("%s subscriber authentication failed."
% list.real_name)
else:
# Anonymous list - admin-only visible
# - and we already tried admin password, above.
bad = ("%s admin authentication failed."
% list.real_name)
if bad:
doc = error_page_doc(bad)
doc.AddItem(list.GetMailmanFooter())
print doc.Format()
sys.exit(0)
replacements = list.GetStandardReplacements()
doc.AddItem(list.ParseTags('roster.html', replacements))
print doc.Format()
def get_list():
"Return list or bail out with error page."
list_info = mm_utils.GetPathPieces(os.environ['PATH_INFO'])
if len(list_info) != 1:
error_page("Invalid options to CGI script.")
sys.exit(0)
list_name = string.lower(list_info[0])
try:
list = maillist.MailList(list_name)
except mm_err.MMUnknownListError:
error_page("%s: No such list.", list_name)
sys.exit(0)
if not list._ready:
error_page("%s: No such list.", list_name)
sys.exit(0)
list.Unlock()
return list
def error_page(errmsg, *args):
print apply(error_page_doc, (errmsg,) + args).Format()
def error_page_doc(errmsg, *args):
"""Produce a simple error-message page on stdout and exit.
Optional arg justreturn means just return the doc, don't print it."""
doc = htmlformat.Document()
doc.AddItem(htmlformat.Header(2, "Error"))
doc.AddItem(htmlformat.Bold(errmsg % args))
return doc
if __name__ == "__main__":
main()
|
