aboutsummaryrefslogtreecommitdiff
path: root/Mailman/Cgi/findmail.py
blob: d5f3c25285d70f60c40d54b26cca39660d768b01 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
import os
import sys
import cgi
import mimetypes
import time
import glob
import stat

from Mailman import mm_cfg
from Mailman import Utils
from Mailman import MailList
from Mailman import Errors
from Mailman import i18n
from Mailman.htmlformat import *
from Mailman.Logging.Syslog import syslog

# Set up i18n.  Until we know which list is being requested, we use the
# server's default.
_ = i18n._
i18n.set_language(mm_cfg.DEFAULT_SERVER_LANGUAGE)

script_name = 'findmail'

def main():
    env = os.environ
    doc = Document()
    doc.set_language(mm_cfg.DEFAULT_SERVER_LANGUAGE)

    form = cgi.FieldStorage()
    listname = form.getvalue('idxname','')

    if listname:
        try:
            mlist = MailList.MailList(listname, lock=0)
        except Errors.MMListError, e:
            # Avoid cross-site scripting attacks
            safelistname = Utils.websafe(listname)
            msg = _('No such list <em>%(safelistname)s</em>')
            doc.SetTitle(_("Archive Error - %(msg)s"))
            doc.AddItem(Header(2, msg))
            print doc.Format()
            syslog('error', 'No such list "%s": %s\n', listname, e)
            return

        if mlist.archive_private:
            username = form.getvalue('username', '')
            password = form.getvalue('password', '')
            message = ''
            if not mlist.WebAuthenticate((mm_cfg.AuthUser,
                                          mm_cfg.AuthListModerator,
                                          mm_cfg.AuthListAdmin,
                                          mm_cfg.AuthSiteAdmin),
                                          password, username):
                if form.has_key('submit'):
                    # This is a re-authorization attempt
                    message = Bold(FontSize('+1', _('Authorization failed.'))).Format()
                # Output the password form
                charset = Utils.GetCharSet(mlist.preferred_language)
                print 'Content-type: text/html; charset=' + charset + '\n\n'
                # Put the original full path in the authorization form, but
                # avoid trailing slash if we're not adding parts.
                # We add it below.
                action = mlist.GetScriptURL(script_name, absolute=1) + \
                           '?' + os.getenv('QUERY_STRING')
                # Escape web input parameter to avoid cross-site scripting.
                print Utils.maketext('private.html',
                                     {'action'  : Utils.websafe(action),
                                      'realname': mlist.real_name,
                                      'message' : message,
                                     }, mlist=mlist)
                return

    finder = os.getenv('MAIL_FINDER_CGI')
    os.execl(finder, os.path.basename(finder))

Return to:

Send suggestions and report system problems to the System administrator.