------------------------------------------------------------
revno: 1102
committer: Mark Sapiro <[email protected]>
branch nick: 2.2
timestamp: Mon 2010-03-29 13:47:23 -0700
message:
Added roster to the CGIs that return HTTP 401 status for an authentication
failure, and return HTTP 404 status from all CGIs for an invalid list name.
modified:
Mailman/Cgi/admin.py
Mailman/Cgi/admindb.py
Mailman/Cgi/confirm.py
Mailman/Cgi/edithtml.py
Mailman/Cgi/listinfo.py
Mailman/Cgi/options.py
Mailman/Cgi/private.py
Mailman/Cgi/rmlist.py
Mailman/Cgi/roster.py
Mailman/Cgi/subscribe.py
NEWS
--
lp:mailman/2.2
https://code.launchpad.net/~mailman-coders/mailman/2.2
Your team Mailman Checkins is subscribed to branch lp:mailman/2.2.
To unsubscribe from this branch go to
https://code.launchpad.net/~mailman-coders/mailman/2.2/+edit-subscription.
=== modified file 'Mailman/Cgi/admin.py'
--- Mailman/Cgi/admin.py 2009-03-13 16:24:11 +0000
+++ Mailman/Cgi/admin.py 2010-03-29 20:47:23 +0000
@@ -71,6 +71,8 @@
except Errors.MMListError, e:
# Avoid cross-site scripting attacks
safelistname = Utils.websafe(listname)
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
admin_overview(_('No such list <em>%(safelistname)s</em>'))
syslog('error', 'admin.py access for non-existent list: %s',
listname)
=== modified file 'Mailman/Cgi/admindb.py'
--- Mailman/Cgi/admindb.py 2010-03-06 21:04:54 +0000
+++ Mailman/Cgi/admindb.py 2010-03-29 20:47:23 +0000
@@ -88,6 +88,8 @@
except Errors.MMListError, e:
# Avoid cross-site scripting attacks
safelistname = Utils.websafe(listname)
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
handle_no_list(_('No such list <em>%(safelistname)s</em>'))
syslog('error', 'No such list "%s": %s\n', listname, e)
return
=== modified file 'Mailman/Cgi/confirm.py'
--- Mailman/Cgi/confirm.py 2010-03-06 21:47:47 +0000
+++ Mailman/Cgi/confirm.py 2010-03-29 20:47:23 +0000
@@ -61,6 +61,8 @@
safelistname = Utils.websafe(listname)
bad_confirmation(doc, _('No such list <em>%(safelistname)s</em>'))
doc.AddItem(MailmanLogo())
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s', listname, e)
return
=== modified file 'Mailman/Cgi/edithtml.py'
--- Mailman/Cgi/edithtml.py 2008-12-05 23:23:43 +0000
+++ Mailman/Cgi/edithtml.py 2010-03-29 20:47:23 +0000
@@ -68,6 +68,8 @@
# Avoid cross-site scripting attacks
safelistname = Utils.websafe(listname)
doc.AddItem(Header(2, _('No such list <em>%(safelistname)s</em>')))
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s', listname, e)
return
=== modified file 'Mailman/Cgi/listinfo.py'
--- Mailman/Cgi/listinfo.py 2009-03-13 16:24:11 +0000
+++ Mailman/Cgi/listinfo.py 2010-03-29 20:47:23 +0000
@@ -49,6 +49,8 @@
except Errors.MMListError, e:
# Avoid cross-site scripting attacks
safelistname = Utils.websafe(listname)
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
listinfo_overview(_('No such list <em>%(safelistname)s</em>'))
syslog('error', 'No such list "%s": %s', listname, e)
return
=== modified file 'Mailman/Cgi/options.py'
--- Mailman/Cgi/options.py 2010-02-05 01:24:51 +0000
+++ Mailman/Cgi/options.py 2010-03-29 20:47:23 +0000
@@ -79,6 +79,8 @@
doc.addError(_('No such list <em>%(safelistname)s</em>'))
doc.AddItem('<hr>')
doc.AddItem(MailmanLogo())
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s\n', listname, e)
return
=== modified file 'Mailman/Cgi/private.py'
--- Mailman/Cgi/private.py 2010-02-05 01:24:51 +0000
+++ Mailman/Cgi/private.py 2010-03-29 20:47:23 +0000
@@ -108,6 +108,8 @@
msg = _('No such list <em>%(safelistname)s</em>')
doc.SetTitle(_("Private Archive Error - %(msg)s"))
doc.AddItem(Header(2, msg))
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s\n', listname, e)
return
=== modified file 'Mailman/Cgi/rmlist.py'
--- Mailman/Cgi/rmlist.py 2005-08-27 01:40:17 +0000
+++ Mailman/Cgi/rmlist.py 2010-03-29 20:47:23 +0000
@@ -68,6 +68,8 @@
Bold(FontAttr(title, color='#ff0000', size='+2'))))
doc.AddItem('<hr>')
doc.AddItem(MailmanLogo())
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s\n', listname, e)
return
=== modified file 'Mailman/Cgi/roster.py'
--- Mailman/Cgi/roster.py 2008-12-07 17:41:12 +0000
+++ Mailman/Cgi/roster.py 2010-03-29 20:47:23 +0000
@@ -54,6 +54,8 @@
except Errors.MMListError, e:
# Avoid cross-site scripting attacks
safelistname = Utils.websafe(listname)
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
error_page(_('No such list <em>%(safelistname)s</em>'))
syslog('error', 'roster: no such list "%s": %s', listname, e)
return
@@ -99,6 +101,8 @@
realname = mlist.real_name
doc = Document()
doc.set_language(lang)
+ # Send this with a 401 status.
+ print 'Status: 401 Unauthorized'
error_page_doc(doc, _('%(realname)s roster authentication failed.'))
doc.AddItem(mlist.GetMailmanFooter())
print doc.Format()
=== modified file 'Mailman/Cgi/subscribe.py'
--- Mailman/Cgi/subscribe.py 2009-01-20 20:22:08 +0000
+++ Mailman/Cgi/subscribe.py 2010-03-29 20:47:23 +0000
@@ -60,6 +60,8 @@
safelistname = Utils.websafe(listname)
doc.AddItem(Header(2, _("Error")))
doc.AddItem(Bold(_('No such list <em>%(safelistname)s</em>')))
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s\n', listname, e)
return
=== modified file 'NEWS'
--- NEWS 2010-03-26 01:20:27 +0000
+++ NEWS 2010-03-29 20:47:23 +0000
@@ -109,7 +109,8 @@
subject to fail. Bug #266572.
- We now give an HTTP 401 status for authentication failures from admin,
- admindb, private and options logins.
+ admindb, private, options and roster CGIs, and an HTTP 404 status from
+ all the CGIs for an invalid list name.
- Fixed a bug where going to an archives/private/list.mbox/list.mbox URL
would result in a munged URL if authentication was required. Bug #266164.
_______________________________________________
Mailman-checkins mailing list
[email protected]
Unsubscribe:
http://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org
