def _setValue(self, mlist, property, val, doc): if property == 'real_name' and \ val.lower() != mlist.internal_name().lower(): # These values can't differ by other than case doc.addError(_("""<b>real_name</b> attribute not changed! It must differ from the list's name by case only.""")) elif property == 'new_member_options': # Get current value because there are valid bits not in OPTIONS. # If we're the admin CGI, we then process the bits in OPTIONS, # turning them on or off as appropriate. Otherwise we process all # the bits in mm_cfg.OPTINFO so that config_list can set and reset # them. newopts = mlist.new_member_options if isinstance(doc, Document): opts = OPTIONS else: opts = mm_cfg.OPTINFO for opt in opts: bitfield = mm_cfg.OPTINFO[opt] if opt in val: newopts |= bitfield else: newopts &= ~bitfield mlist.new_member_options = newopts elif property == 'subject_prefix': # Convert any html entities to Unicode mlist.subject_prefix = Utils.canonstr( val, mlist.preferred_language) elif property == 'info': if val != mlist.info: if Utils.suspiciousHTML(val): doc.addError(_("""The <b>info</b> attribute you saved contains suspicious HTML that could potentially expose your users to cross-site scripting attacks. This change has therefore been rejected. If you still want to make these changes, you must have shell access to your Mailman server. This change can be made with bin/withlist or with bin/config_list by setting mlist.info. """)) else: mlist.info = val elif property == 'admin_member_chunksize' and (val < 1 or not isinstance(val, int)): doc.addError(_("""<b>admin_member_chunksize</b> attribute not changed! It must be an integer > 0.""")) elif property == 'host_name': try: Utils.ValidateEmail('user@' + val) except Errors.EmailAddressError: doc.addError(_("""<b>host_name</b> attribute not changed! It must be a valid domain name.""")) else: GUIBase._setValue(self, mlist, property, val, doc) else: GUIBase._setValue(self, mlist, property, val, doc)
def _setValue(self, mlist, property, val, doc): if property == 'real_name' and \ val.lower() <> str(mlist.real_name.lower()): # These values can't differ by other than case doc.addError(_("""<b>real_name</b> attribute not changed! It must differ from the list's name by case only.""")) elif property == 'new_member_options': # Get current value because there are valid bits not in OPTIONS. # If we're the admin CGI, we then process the bits in OPTIONS, # turning them on or off as appropriate. Otherwise we process all # the bits in mm_cfg.OPTINFO so that config_list can set and reset # them. newopts = mlist.new_member_options if isinstance(doc, Document): opts = OPTIONS else: opts = mm_cfg.OPTINFO for opt in opts: bitfield = mm_cfg.OPTINFO[opt] if opt in val: newopts |= bitfield else: newopts &= ~bitfield mlist.new_member_options = newopts elif property == 'subject_prefix': # Convert any html entities to Unicode mlist.subject_prefix = Utils.canonstr( val, mlist.preferred_language) elif property == 'info': if val <> mlist.info: if 0 and Utils.suspiciousHTML(val): doc.addError(_("""The <b>info</b> attribute you saved contains suspicious HTML that could potentially expose your users to cross-site scripting attacks. This change has therefore been rejected. If you still want to make these changes, you must have shell access to your Mailman server. This change can be made with bin/withlist or with bin/config_list by setting mlist.info. """)) else: mlist.info = val elif property == 'admin_member_chunksize' and (val < 1 or not isinstance(val, IntType)): doc.addError(_("""<b>admin_member_chunksize</b> attribute not changed! It must be an integer > 0.""")) else: GUIBase._setValue(self, mlist, property, val, doc)
def ChangeHTML(mlist, cgi_info, template_name, doc): if 'html_code' not in cgi_info: doc.AddItem(Header(3, _("Can't have empty html page."))) doc.AddItem(Header(3, _("HTML Unchanged."))) doc.AddItem('<hr>') return code = cgi_info['html_code'].value if Utils.suspiciousHTML(code): doc.AddItem( Header( 3, _("""The page you saved contains suspicious HTML that could potentially expose your users to cross-site scripting attacks. This change has therefore been rejected. If you still want to make these changes, you must have shell access to your Mailman server. """))) doc.AddItem(_('See ')) doc.AddItem(Link('http://wiki.list.org/x/jYA9', _('FAQ 4.48.'))) doc.AddItem(Header(3, _("Page Unchanged."))) doc.AddItem('<hr>') return langdir = os.path.join(mlist.fullpath(), mlist.preferred_language) # Make sure the directory exists omask = os.umask(0) try: try: os.mkdir(langdir, 0o2775) except OSError as e: if e.errno != errno.EEXIST: raise finally: os.umask(omask) fp = open(os.path.join(langdir, template_name), 'wb') try: fp.write(code) finally: fp.close() doc.AddItem(Header(3, _('HTML successfully updated.'))) doc.AddItem('<hr>')
def ChangeHTML(mlist, cgi_info, template_name, doc): if not cgi_info.has_key('html_code'): doc.AddItem(Header(3,_("Can't have empty html page."))) doc.AddItem(Header(3,_("HTML Unchanged."))) doc.AddItem('<hr>') return code = cgi_info['html_code'].value if Utils.suspiciousHTML(code): doc.AddItem(Header(3, _("""The page you saved contains suspicious HTML that could potentially expose your users to cross-site scripting attacks. This change has therefore been rejected. If you still want to make these changes, you must have shell access to your Mailman server. """))) doc.AddItem(_('See ')) doc.AddItem(Link( 'http://wiki.list.org/x/jYA9', _('FAQ 4.48.'))) doc.AddItem(Header(3,_("Page Unchanged."))) doc.AddItem('<hr>') return langdir = os.path.join(mlist.fullpath(), mlist.preferred_language) # Make sure the directory exists omask = os.umask(0) try: try: os.mkdir(langdir, 02775) except OSError, e: if e.errno <> errno.EEXIST: raise finally: os.umask(omask) fp = open(os.path.join(langdir, template_name), 'w') try: fp.write(code) finally: fp.close() doc.AddItem(Header(3, _('HTML successfully updated.'))) doc.AddItem('<hr>')