ó @ü½cc@sdZddlZddlZddlZddlZddlmZddlmZddlTddl m Z ddlm Z ddl m Z dd lmZdd lmZdd lmZejZejejfZd „Zdd „Zdd„ZdS(sCScript which implements admin editing of the list's html templates.iÿÿÿÿN(tUtils(tMailList(t*(t HTMLFormatter(tErrors(tAuth(tsyslog(ti18n(t csrf_checkcCsjd„}d|dƒfd|dƒfd|dƒfd|d ƒfd |d ƒfd |d ƒfd|dƒfd|dƒfd|dƒfd|dƒfd|dƒfd|dƒfd|dƒfd|dƒfd|dƒfd |d!ƒfd"|d#ƒff}tj}tƒ}tjtjƒ|jtjƒtjƒ}|s}|jt d$|d%ƒƒƒ|j ƒGHdS|d&j ƒ}yt j |d'd&ƒ}Wnet jk r }tj|ƒ}|jt d$|d(ƒƒƒd)GH|j ƒGHtd*d+||ƒdSXtj|jƒ|j|jƒtjƒ}y|jd,d-ƒWnWtk r§|jt d$|d.ƒƒƒ|jt|d/ƒƒƒd0GH|j ƒGHdSXd1d,d2g} |jƒ} t| ƒt| ƒr÷t||jd3ƒd4ƒ} nt} |jd,ƒr"d-tjd5| ƒdS|jd?d-ƒ}||j%ƒkr|j}ntj|ƒ|j|ƒ|j&}t'|ƒd@krý|d@}x||D];\}}||kr[||ƒ}|j(|dAƒƒPq[q[Wtj|ƒ}|j(|dBƒƒ|jt d$|dCƒƒƒ|j|j)ƒƒ|j ƒGHdSnÖ|j(|dDƒƒ|jt d@|dDƒƒƒ|jt d$|dEƒƒƒt*ƒ}xG|D]?\}}t+|j,dFƒdG|||ƒƒ}|j|ƒqXW|jt!dH|ƒƒ|j|j)ƒƒ|j ƒGHdSzq|jƒr*|j dIƒ r*| rt-||||dJ|ƒq*|j.|dKƒƒnt/||||dJ|ƒWd|j|j)ƒƒ|j ƒGHXdS(LNcSs|S(N((ts((s3/export/web/mailman/mailman/Mailman/Cgi/edithtml.pyt_,ss listinfo.htmlsGeneral list information pagessubscribe.htmlsSubscribe results pages options.htmlsUser specific options pagessubscribeack.txtsWelcome email text files masthead.txtsDigest mastheads postheld.txtsUser notice of held posts approve.txts User notice of held subscriptions refuse.txts#Notice of post refused by moderators invite.txtsInvitation to join lists verify.txtsRequest to confirm subscriptions unsub.txts!Request to confirm unsubscriptionsnomoretoday.txts!User notice of autoresponse limits postack.txtsUser post acknowledgements disabled.txts'Subscription disabled by bounce warnings admlogin.htmlsAdmin/moderator login pages private.htmlsPrivate archive login pages userpass.txtsOn demand password reminderisList name is required.itlocks&No such list %(safelistname)ssStatus: 404 Not Foundterrorsedithtml: No such list "%s": %stadminpwttErrorsInvalid options to CGI script.sStatus: 400 Bad RequesttVARHELPtadmlogint csrf_tokentadmint HTTP_COOKIEs+1sAuthorization failed.tHTTP_FORWARDED_FORtHTTP_X_FORWARDED_FORt REMOTE_ADDRsunidentified origintsecuritys3Authorization failed (edithtml): list=%s: remote=%stmsgtlanguageis/%(realname)s -- Edit html for %(template_info)ssEdit HTML : Errors&%(safetemplatename)s: Invalid templates!%(realname)s -- HTML Page EditingsSelect page to edit:tedithtmlt/s+2tlangformtlangs6The form lifetime has expired. (request forgery check)(0RR tDocumentt set_languagetmm_cfgtDEFAULT_SERVER_LANGUAGERt GetPathPiecestAddItemtHeadertFormattlowerRRt MMListErrortwebsafeRtpreferred_languagetcgit FieldStoragetgetfirstt TypeErrortBoldtkeystsetRtTruetostenvirontWebAuthenticatet AuthListAdmint AuthSiteAdminthas_keytFontSizetgetRt loginpagetGetAvailableLanguagest real_nametlentSetTitletGetMailmanFootert UnorderedListtLinkt GetScriptURLt ChangeHTMLtaddErrort FormatHTML(R t template_datatdoctpartstlistnametmlisttet safelistnametcgidatat safe_paramstparamst csrf_checkedRtremoteRtrealnamet template_namettemplatetinfot template_infotsafetemplatenamet template_listtl((s3/export/web/mailman/mailman/Mailman/Cgi/edithtml.pytmain)sà               !               & c Cs€||jƒkr|j}ntj|ƒ}|jtdd|jƒƒ|jtd|ƒƒ|jdƒt|jdƒt dƒƒ}t|jdƒt dƒƒ}|jt d|ƒƒ|jd ƒ|jt d|ƒƒ|jd ƒ|jdƒt |jƒƒdkr¨t |jdƒd |d |d t ƒ}|j|jddt dƒƒƒ|j|j|ƒƒ|jtddƒƒ|j|ƒ|jdƒnt |jdƒd |d |d t ƒ} tj|ddd|d |ƒ} | jtd| ddddƒƒ| jd t dƒƒ||jkrS| jtd|ƒƒn| jtdt dƒƒƒ|j| ƒdS(Nis%s:s
Rs0View or edit the list configuration information.Rs)Edit the public HTML pages and text filess+1s
s

RRKtcontextsseditlang-buttonttextsEdit this template forRR2trawRt html_codetrowsi(tcolsiKs#When you are done making changes...RtsubmitsSubmit Changes(R<R*Rt GetCharSetR$R%R=RBRCR R9R>tFormt AUTH_CONTEXTSt FormatButtontGetLangSelectBoxtHiddentmaketexttTextAreat SubmitButton( RKRHRTRWRtlcsettlinktbacklinkRtformR]((s3/export/web/mailman/mailman/Mailman/Cgi/edithtml.pyRFÁsD       !"c Csõ||jƒkr|j}n|jdƒsv|jtdtdƒƒƒ|jtdtdƒƒƒ|jdƒdS|dj}tj|ƒr |jtdtdƒƒƒ|jtdƒƒ|jt dtd ƒƒƒ|jtdtd ƒƒƒ|jdƒdSt j j |j ƒ|ƒ}t jd ƒ}zFyt j|d ƒWn+tk rx}|jtjkry‚qynXWdt j|ƒXtt j j ||ƒd ƒ} z| j|ƒWd| jƒX|jtdtdƒƒƒ|jdƒdS(NR_isCan't have empty html page.sHTML Unchanged.s

s The page you saved contains suspicious HTML that could potentially expose your users to cross-site scripting attacks. This change has therefore been rejected. If you still want to make these changes, you must have shell access to your Mailman server. sSee shttp://wiki.list.org/x/jYA9s FAQ 4.48.sPage Unchanged.iiýtwsHTML successfully updated.(R<R*R8R$R%R tvalueRtsuspiciousHTMLRBR3tpathtjointfullpathtumasktmkdirtOSErrorterrnotEEXISTtopentwritetclose( RKtcgi_infoRTRHRtcodetlangdirtomaskRLtfp((s3/export/web/mailman/mailman/Mailman/Cgi/edithtml.pyRDêsD        (t__doc__R3R+RytretMailmanRRtMailman.htmlformattMailman.HTMLFormatterRRt Mailman.CgiRtMailman.Logging.SyslogRRtMailman.CSRFcheckRR R!R6R7ReR[tNoneRFRD(((s3/export/web/mailman/mailman/Mailman/Cgi/edithtml.pyts$       ˜ )