We set up an SSL arrangement so our admin password isn't traversing the net in clear text, but were temporarily thwarted by the fact that the admin CGI scripts sometimes use Absolute paths, which didn't include the https://. I made some hacks; comments? (Does this look right, Barry et. al.?)
(This is to v1.1; if it looks good, I'll put it in CVS and put it back)
How does the putback process usually work? Does someone review code, or do we have a "holding area" that's protected somehow, or?...
Anyway, here are context diffs:
=================================================================== RCS file: RCS/admin.py,v retrieving revision 1.1 diff -c -r1.1 admin.py *** admin.py 1999/12/15 05:29:10 1.1 --- admin.py 1999/12/15 05:29:50
*** 534,540 **** buttons = [] for ci in chunk_indices: start, end = chunks[ci][0], chunks[ci][-1] ! url = lst.GetAbsoluteScriptURL('admin') buttons.append("<a href=%s/members?chunk=%d> from %s to %s </a>" % ( url, ci, start, end)) buttons = apply(UnorderedList, tuple(buttons)) --- 534,540 ---- buttons = [] for ci in chunk_indices: start, end = chunks[ci][0], chunks[ci][-1] ! url = lst.GetRelativeScriptURL('admin') buttons.append("<a href=%s/members?chunk=%d> from %s to %s </a>" % ( url, ci, start, end)) buttons = apply(UnorderedList, tuple(buttons))
*** 544,550 **** footer = "<p>" for member in all: mtext = '<a href="%s">%s</a>' % ( ! lst.GetAbsoluteOptionsURL(member, obscured=1), lst.GetUserSubscribedAddress(member)) cells = [mtext + "<input type=hidden name=user value=%s>" % (member), Center(CheckBox(member + "_subscribed", "on", 1).Format())] --- 544,550 ---- footer = "<p>" for member in all: mtext = '<a href="%s">%s</a>' % ( ! lst.GetRelativeOptionsURL(member, obscured=1), lst.GetUserSubscribedAddress(member)) cells = [mtext + "<input type=hidden name=user value=%s>" % (member), Center(CheckBox(member + "_subscribed", "on", 1).Format())]
=================================================================== RCS file: RCS/MailList.py,v retrieving revision 1.1 diff -c -r1.1 MailList.py *** MailList.py 1999/12/15 05:30:09 1.1 --- MailList.py 1999/12/15 05:31:01
*** 194,199 **** --- 194,209 ---- treated = addr return "%s/%s" % (options, treated)
def GetRelativeOptionsURL(self, addr, obscured=0):# address could come in case-preservedaddr = string.lower(addr)options = self.GetRelativeScriptURL('options')if obscured:treated = Utils.ObscureEmail(addr, for_text=0)else:treated = addrreturn "%s/%s" % (options, treated)
settings.""" user = self.GetUserCanonicalAddress(user)def GetUserOption(self, user, option): """Return user's setting for option, defaulting to 0 if no
"DM" == Dan Mick <Dan.Mick@West.Sun.COM> writes:
DM> We set up an SSL arrangement so our admin password isn't
DM> traversing the net in clear text, but were temporarily
DM> thwarted by the fact that the admin CGI scripts sometimes use
DM> Absolute paths, which didn't include the https://. I made
DM> some hacks; comments? (Does this look right, Barry et. al.?)What do you think of the following instead.
def GetScriptURL(self, scriptname, relative=0):
if relative:
prefix = '../' * Utils.GetNestingLevel()
elif self.web_page_url:
prefix = self.web_page_url
else:
prefix = mm_cfg.DEFAULT_URL
i = len(prefix)-1
while i >= 0 and prefix[i] == '/':
i = i - 1
prefix = prefix[:i+1]
return '%s/%s%s/%s' % (prefix, scriptname, mm_cfg.CGIEXT,
self.internal_name())
def GetOptionsURL(self, scriptname, obscure=0, relative=0):
addr = string.lower(addr)
url = self.GetScriptURL('options', relative)
if obscured:
addr = Utils.ObscureEmail(addr)
return '%s/%s' % (url, addr)and getting rid of GetRelativeScriptURL(), GetAbsoluteScriptURL(), GetAbsoluteOptionsURL(). Also, modifying the rest of the source to use just one of these two new functions.
If you like it, I'll make these changes to the CVS tree.
DM> How does the putback process usually work? Does someone
DM> review code, or do we have a "holding area" that's protected
DM> somehow, or?...Basically, post the code to mailman-developers, or send it to mailman-cabal. It's up to one of the core maintainers to integrate it with the CVS code base.
-Barry
participants (2)
-
Barry A. Warsaw -
Dan Mick