| Age | Commit message (Collapse) | Author |
|---|
|
This field is populated by pglister_sync, copying information from
auth_user.username, which can be up to 150 characters.
|
|
|
|
Previously we'd generate links for each individual email, when clicking
the link on the emails. This generates a huge number of URLs that
contain basically the same thing, which has an adverse effect on both
caching and (stupid) bots. So round it off to even days which puts at
least some level of a cap on it.
Also, when a hit comes in that specifies the full hour, redirect it back
to the rounded-off value.
|
|
This makes a tiny javascript run to convert it into a POST and then
receive that POST. The idea behind this is to remove the links from view
of crawlers (hello AI bots!) that completely ignore robots.txt, causing
lots of redirect chains on account of logins.
We still allow GET requests on those endpoints, as there are external
links pointing to them as well as people having scripts. But those are
at least to fewer emails than all.
|
|
At least GMail will show the Message-ID including the < > characters.
|
|
This was missed when pgweb@8b420bfd4 was added.
Reported-by: Sehrope Sarkuni <sehrope@jackdb.com>
|
|
When an attachment is downloaded, add the http header
X-attached-to-message with the message-id of the message that the
attachment belongs to.
|
|
|
|
We're supposed to feed django bytes, and by feeding it a string it got
converted bytes->string by the mail end and then string->bytes by
django. Which promptly blew up on bad encodings. By keeping it as bytes
all the way, the problem is ignored.
|
|
Too many browsers have changed the wrong way and doesn't actually prompt
people properly, which means they try to log in with a bunch of random
things, none of them being "archives/antispam". So instead, send them
off to do a community login, now that we have support for this (which
was added when we added message re-sending).
If the request comes in with the authentication header already on it and
it being a valid archives/antispam combination, keep allowing that so we
don't break scripts and plugins that we don't have to break.
|
|
Search forms currently point to the hardcoded address of www.postgresql.org.
Add a parameter in the settings to make it possible to configure the domain
hosting the /search/ function.
Originally from Célestin Matte, but in the end not his patch
|
|
|
|
Allows the use of IP ranges in CIDR format in the SEARCH_CLIENTS
parameter. Individual addresses can still be specified and continue to
work like before.
|
|
Back in 2018, commit 4d159ca accidentally included unrelated
functionality which was not completed. This causes the database to be
out of sync with the models defined in the code.
This commit reverts those parts that were not supposed to be included
and leaves the changes that actually were. The code can be re-added once
completed...
Spotted by Célestin Matte
|
|
The lack of this would result in a 404 for any users who clicked a
resend link when (1) they were not logged in, and (2) the messageid
cotnained a plus character. This would then end up getting unescaped
one too many times in the authentication flow and came out as a space on
the other end instead of a plus.
Reported by Justin Pryzby (and several others, but Justin was persistant
in tracking down good examples)
|
|
When suggesting which lists people should use first, we should use the
recommended name for the list.
|
|
Without the proper quoting, having a + sign in a message-id would get
unquoted to a space before sending the user off to the community
authentication, which in turn would then redirect back to the incorrect
url.
Reported by Noah Misch
|
|
The specification is a bit unclear on which it should be and completely
unclear about what should go in the field, but at least it seems most
implementations use article:author rather than og:article:author, so try
changing it.
Also change og:published_time to be article:published_time.
|
|
This makes for nicer "previews" on for example twitter when posting
links.
Suggested by Andres Freund
|
|
|
|
|
|
Rename title above Tips to be about Tips, add paragraph talking about
how to Unsubscribe.
|
|
This was pointing to the Wiki page, which was pointing to
a different page on .org
|
|
It seems older django implicitly added a bytes() around bytea fields
returned from psycopg2. The actual change happened around the python3
move, but django painted over the differences so we didn't realize it
needed to be changed.
|
|
|
|
|
|
|
|
|
|
This page just says the resend has completed, but a user having the
messageid but subscribed to a *different* list on the same server could
leak the existance of the email.
|
|
|
|
|
|
Now that we use xkey for purging, no need to keep the old headers
around.
|
|
The way it was done ended up defeaeting the service sending things right
away for people who did *not* violate the rate limit.
So instead, keep track of exactly when the last email was sent for each
user, and rate-limit based on that.
|
|
Per-user limit that says how many seconds must go between each email.
Outgoing emails are also delayed by this much (or we'd miss it)
|
|
To the same user, that is.
|
|
Instead of just our own x-pglm and x-pgthread, add specific xkey
headers. These are used by our Varnish frontends to purge more
efficiently.
For the time being, leave the older headers in place -- we need to have
the entire contents of the cache containing xkey headers before we can
start using xkey for purging, and only once that is done we will be able to
remove the non-xkey headers.
|
|
This allows a logged-in user to get an email delivered to their mailbox,
thereby making it easy to reply to even if they haven't got it already
(and don't have a MUA capable of handling mbox files).
The email body will go out unmodified (including any list headers that
are stored in the archives, but this does not include for example the
unsubscribe link). Envelope sender is set to one configured in the ini
file, and envelope recipient is set to the email address of the user.
|
|
Missed in py3 migration
|
|
We already did that check in the list of emails, but not on the
individual email.
|
|
From user feedback, the scrolling navigation bar would cause problems with
readability, especially in larger font views. This keeps the navigation bar
pinned to the top, until we can find a way to more easily handle this.
In the context of pgarchives, this is one bit of "future-proofing" as we do not
currently show the shout box in pgarchives, but may do so in the near future.
|
|
It's supposed to be archives/antispam, but if a password with an actual
colon sign in it was used, it'd crash instead of asking for auth again.
|
|
|
|
This moves the javascript out to the main.js file like we already had
done for the main website.
This also removes attempts to use the selectmenu plugin for the
dropdown. This has not worked since the new design was put in place,
because the appropriate scripts were simply never loaded. As people
seems to be happy with that, stop *trying* to load them causing
javascript failures on every webpage.
|
|
This should never have worked, but as the old python version would leak
the last message in the previous loop, it did work. As all messages have
the same threadid (when they're on teh same thread), just us the one in
the known-existing message instead.
|
|
|
|
|
|
|
|
Per pep8 warnings, adjust indentation for consistency
|
|
pep8 standard for indentation
|
|
|
