------------------------------------------------------------
revno: 1231
committer: Mark Sapiro <[email protected]>
branch nick: 2.1
timestamp: Mon 2010-03-29 13:48:11 -0700
message:
Added roster to the CGIs that return HTTP 401 status for an authentication
failure, and return HTTP 404 status from all CGIs for an invalid list name.
modified:
Mailman/Cgi/admin.py
Mailman/Cgi/admindb.py
Mailman/Cgi/confirm.py
Mailman/Cgi/edithtml.py
Mailman/Cgi/listinfo.py
Mailman/Cgi/options.py
Mailman/Cgi/private.py
Mailman/Cgi/rmlist.py
Mailman/Cgi/roster.py
Mailman/Cgi/subscribe.py
NEWS
--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1
Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to
https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription.
=== modified file 'Mailman/Cgi/admin.py'
--- Mailman/Cgi/admin.py 2009-07-31 22:37:29 +0000
+++ Mailman/Cgi/admin.py 2010-03-29 20:48:11 +0000
@@ -71,6 +71,8 @@
except Errors.MMListError, e:
# Avoid cross-site scripting attacks
safelistname = Utils.websafe(listname)
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
admin_overview(_('No such list <em>%(safelistname)s</em>'))
syslog('error', 'admin.py access for non-existent list: %s',
listname)
=== modified file 'Mailman/Cgi/admindb.py'
--- Mailman/Cgi/admindb.py 2010-03-06 21:03:24 +0000
+++ Mailman/Cgi/admindb.py 2010-03-29 20:48:11 +0000
@@ -88,6 +88,8 @@
except Errors.MMListError, e:
# Avoid cross-site scripting attacks
safelistname = Utils.websafe(listname)
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
handle_no_list(_('No such list <em>%(safelistname)s</em>'))
syslog('error', 'No such list "%s": %s\n', listname, e)
return
=== modified file 'Mailman/Cgi/confirm.py'
--- Mailman/Cgi/confirm.py 2010-03-06 21:44:34 +0000
+++ Mailman/Cgi/confirm.py 2010-03-29 20:48:11 +0000
@@ -61,6 +61,8 @@
safelistname = Utils.websafe(listname)
bad_confirmation(doc, _('No such list <em>%(safelistname)s</em>'))
doc.AddItem(MailmanLogo())
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s', listname, e)
return
=== modified file 'Mailman/Cgi/edithtml.py'
--- Mailman/Cgi/edithtml.py 2008-12-05 23:23:43 +0000
+++ Mailman/Cgi/edithtml.py 2010-03-29 20:48:11 +0000
@@ -68,6 +68,8 @@
# Avoid cross-site scripting attacks
safelistname = Utils.websafe(listname)
doc.AddItem(Header(2, _('No such list <em>%(safelistname)s</em>')))
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s', listname, e)
return
=== modified file 'Mailman/Cgi/listinfo.py'
--- Mailman/Cgi/listinfo.py 2009-07-31 22:37:29 +0000
+++ Mailman/Cgi/listinfo.py 2010-03-29 20:48:11 +0000
@@ -49,6 +49,8 @@
except Errors.MMListError, e:
# Avoid cross-site scripting attacks
safelistname = Utils.websafe(listname)
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
listinfo_overview(_('No such list <em>%(safelistname)s</em>'))
syslog('error', 'No such list "%s": %s', listname, e)
return
=== modified file 'Mailman/Cgi/options.py'
--- Mailman/Cgi/options.py 2010-02-05 01:23:54 +0000
+++ Mailman/Cgi/options.py 2010-03-29 20:48:11 +0000
@@ -78,6 +78,8 @@
doc.addError(_('No such list <em>%(safelistname)s</em>'))
doc.AddItem('<hr>')
doc.AddItem(MailmanLogo())
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s\n', listname, e)
return
=== modified file 'Mailman/Cgi/private.py'
--- Mailman/Cgi/private.py 2010-02-05 01:23:54 +0000
+++ Mailman/Cgi/private.py 2010-03-29 20:48:11 +0000
@@ -108,6 +108,8 @@
msg = _('No such list <em>%(safelistname)s</em>')
doc.SetTitle(_("Private Archive Error - %(msg)s"))
doc.AddItem(Header(2, msg))
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s\n', listname, e)
return
=== modified file 'Mailman/Cgi/rmlist.py'
--- Mailman/Cgi/rmlist.py 2005-08-27 01:40:17 +0000
+++ Mailman/Cgi/rmlist.py 2010-03-29 20:48:11 +0000
@@ -68,6 +68,8 @@
Bold(FontAttr(title, color='#ff0000', size='+2'))))
doc.AddItem('<hr>')
doc.AddItem(MailmanLogo())
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s\n', listname, e)
return
=== modified file 'Mailman/Cgi/roster.py'
--- Mailman/Cgi/roster.py 2008-12-07 17:41:12 +0000
+++ Mailman/Cgi/roster.py 2010-03-29 20:48:11 +0000
@@ -54,6 +54,8 @@
except Errors.MMListError, e:
# Avoid cross-site scripting attacks
safelistname = Utils.websafe(listname)
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
error_page(_('No such list <em>%(safelistname)s</em>'))
syslog('error', 'roster: no such list "%s": %s', listname, e)
return
@@ -99,6 +101,8 @@
realname = mlist.real_name
doc = Document()
doc.set_language(lang)
+ # Send this with a 401 status.
+ print 'Status: 401 Unauthorized'
error_page_doc(doc, _('%(realname)s roster authentication failed.'))
doc.AddItem(mlist.GetMailmanFooter())
print doc.Format()
=== modified file 'Mailman/Cgi/subscribe.py'
--- Mailman/Cgi/subscribe.py 2009-01-20 20:22:08 +0000
+++ Mailman/Cgi/subscribe.py 2010-03-29 20:48:11 +0000
@@ -60,6 +60,8 @@
safelistname = Utils.websafe(listname)
doc.AddItem(Header(2, _("Error")))
doc.AddItem(Bold(_('No such list <em>%(safelistname)s</em>')))
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s\n', listname, e)
return
=== modified file 'NEWS'
--- NEWS 2010-03-26 01:14:56 +0000
+++ NEWS 2010-03-29 20:48:11 +0000
@@ -39,7 +39,8 @@
subject to fail. Bug #266572.
- We now give an HTTP 401 status for authentication failures from admin,
- admindb, private and options logins.
+ admindb, private, options and roster CGIs, and an HTTP 404 status from
+ all the CGIs for an invalid list name.
- Backported the listinfo template change from the 2.2 branch to fix
Bug #514050.
_______________________________________________
Mailman-checkins mailing list
[email protected]
Unsubscribe:
http://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org
