1
# Copyright (C) 1998-2016 by the Free Software Foundation, Inc.
1
# Copyright (C) 1998-2017 by the Free Software Foundation, Inc.
3
3
# This program is free software; you can redistribute it and/or
4
4
# modify it under the terms of the GNU General Public License
111
111
safe_params = ['displang-button', 'language', 'email', 'password', 'login',
112
112
'login-unsub', 'login-remind', 'VARHELP', 'UserOptions']
113
params = cgidata.keys()
114
params = cgidata.keys()
116
# Someone crafted a POST with a bad Content-Type:.
117
doc.AddItem(Header(2, _("Error")))
118
doc.AddItem(Bold(_('Invalid options to CGI script.')))
119
# Send this with a 400 status.
120
print 'Status: 400 Bad Request'
114
124
if set(params) - set(safe_params):
115
csrf_checked = csrf_check(mlist, cgidata.getvalue('csrf_token'))
125
csrf_checked = csrf_check(mlist, cgidata.getfirst('csrf_token'))
117
127
csrf_checked = True
118
128
# if password is present, void cookie to force password authentication.
119
if cgidata.getvalue('password'):
129
if cgidata.getfirst('password'):
120
130
os.environ['HTTP_COOKIE'] = ''
121
131
csrf_checked = True
124
134
# we might have a 'language' key in the cgi data. That was an explicit
125
135
# preference to view the page in, so we should honor that here. If that's
126
136
# not available, use the list's default language.
128
language = cgidata.getvalue('language')
130
# Someone crafted a POST with a bad Content-Type:.
131
doc.AddItem(Header(2, _("Error")))
132
doc.AddItem(Bold(_('Invalid options to CGI script.')))
133
# Send this with a 400 status.
134
print 'Status: 400 Bad Request'
137
language = cgidata.getfirst('language')
138
138
if not Utils.IsLanguage(language):
139
139
language = mlist.preferred_language
140
140
i18n.set_language(language)
141
141
doc.set_language(language)
144
user = cgidata.getvalue('email')
144
user = cgidata.getfirst('email')
146
146
# If we're coming from the listinfo page and we left the email
147
147
# address field blank, it's not an error. Likewise if we're
148
148
# coming from anywhere else. Only issue the error if we came
149
149
# via one of our buttons.
150
if (cgidata.getvalue('login') or cgidata.getvalue('login-unsub')
151
or cgidata.getvalue('login-remind')):
150
if (cgidata.getfirst('login') or cgidata.getfirst('login-unsub')
151
or cgidata.getfirst('login-remind')):
152
152
doc.addError(_('No address given'))
153
153
loginpage(mlist, doc, None, language)
154
154
print doc.Format()
194
194
# And now we know the user making the request, so set things up to for the
195
195
# user's stored preferred language, overridden by any form settings for
196
196
# their new language preference.
197
userlang = cgidata.getvalue('language')
197
userlang = cgidata.getfirst('language')
198
198
if not Utils.IsLanguage(userlang):
199
199
userlang = mlist.getMemberLanguage(user)
200
200
doc.set_language(userlang)
281
281
# Get the password from the form.
282
password = cgidata.getvalue('password', '').strip()
282
password = cgidata.getfirst('password', '').strip()
283
283
# Check authentication. We need to know if the credentials match the user
284
284
# or the site admin, because they are the only ones who are allowed to
285
285
# change things globally. Specifically, the list admin may not change
391
391
if cgidata.has_key('change-of-address'):
392
392
# We could be changing the user's full name, email address, or both.
393
393
# Watch out for non-ASCII characters in the member's name.
394
membername = cgidata.getvalue('fullname')
394
membername = cgidata.getfirst('fullname')
395
395
# Canonicalize the member's name
396
396
membername = Utils.canonstr(membername, language)
397
newaddr = cgidata.getvalue('new-address')
398
confirmaddr = cgidata.getvalue('confirm-address')
397
newaddr = cgidata.getfirst('new-address')
398
confirmaddr = cgidata.getfirst('confirm-address')
400
400
oldname = mlist.getMemberName(user)
401
401
set_address = set_membername = 0
403
403
# See if the user wants to change their email address globally. The
404
404
# list admin is /not/ allowed to make global changes.
405
globally = cgidata.getvalue('changeaddr-globally')
405
globally = cgidata.getfirst('changeaddr-globally')
406
406
if globally and not is_user_or_siteadmin:
407
407
doc.addError(_("""The list administrator may not change the names
408
408
or addresses for this user's other subscriptions. However, the
515
515
options_page(mlist, doc, user, cpuser, userlang)
516
516
print doc.Format()
518
newpw = cgidata.getvalue('newpw', '').strip()
519
confirmpw = cgidata.getvalue('confpw', '').strip()
518
newpw = cgidata.getfirst('newpw', '').strip()
519
confirmpw = cgidata.getfirst('confpw', '').strip()
520
520
if not newpw or not confirmpw:
521
521
options_page(mlist, doc, user, cpuser, userlang,
522
522
_('Passwords may not be blank'))
531
531
# See if the user wants to change their passwords globally, however
532
532
# the list admin is /not/ allowed to change passwords globally.
533
pw_globally = cgidata.getvalue('pw-globally')
533
pw_globally = cgidata.getfirst('pw-globally')
534
534
if pw_globally and not is_user_or_siteadmin:
535
535
doc.addError(_("""The list administrator may not change the
536
536
password for this user's other subscriptions. However, the
556
556
if cgidata.has_key('unsub'):
557
557
# Was the confirming check box turned on?
558
if not cgidata.getvalue('unsubconfirm'):
558
if not cgidata.getfirst('unsubconfirm'):
560
560
mlist, doc, user, cpuser, userlang,
561
561
_('''You must confirm your unsubscription request by turning
635
635
('nodupes', mm_cfg.DontReceiveDuplicates),
638
newval = int(cgidata.getvalue(item))
638
newval = int(cgidata.getfirst(item))
639
639
except (TypeError, ValueError):
671
671
# Process user selected topics, but don't make the changes to the
672
672
# MailList object; we must do that down below when the list is
674
topicnames = cgidata.getvalue('usertopic')
674
topicnames = cgidata.getfirst('usertopic')
676
676
# Some topics were selected. topicnames can actually be a string
677
677
# or a list of strings depending on whether more than one topic
726
726
# The enable/disable option and the password remind option may have
727
727
# their global flags sets.
728
if cgidata.getvalue('deliver-globally'):
728
if cgidata.getfirst('deliver-globally'):
729
729
# Yes, this is inefficient, but the list is so small it shouldn't
730
730
# make much of a difference.
731
731
for flag, newval in newvals:
733
733
globalopts.enable = newval
736
if cgidata.getvalue('remind-globally'):
736
if cgidata.getfirst('remind-globally'):
737
737
for flag, newval in newvals:
738
738
if flag == mm_cfg.SuppressPasswordReminder:
739
739
globalopts.remind = newval
742
if cgidata.getvalue('nodupes-globally'):
742
if cgidata.getfirst('nodupes-globally'):
743
743
for flag, newval in newvals:
744
744
if flag == mm_cfg.DontReceiveDuplicates:
745
745
globalopts.nodupes = newval
748
if cgidata.getvalue('mime-globally'):
748
if cgidata.getfirst('mime-globally'):
749
749
for flag, newval in newvals:
750
750
if flag == mm_cfg.DisableMime:
751
751
globalopts.mime = newval
added
removed
Mailman/Cgi/options.py
