List Server Patches

modifications to wwsympa.fcgi

subscribe action

instead of sending the user their password on a subscribe, which is ridiculous, we change it so
that users get a confirmation email which they can reply to (for both subscribe and unsubscribe).

function do_subrequest

my $auth_method = 'smtp';
my $comment = '';
my $sender = $in{'email'};
my $which = $list->{'name'};
my $time_command = time;
my $action = &List::request_action('subscribe',$auth_method,$robot,{'listname'=>$which, 'sender'=>$sender});
&do_log('err', 'subscribe action : %s', $action);

if ($action =~ /owner/i) {
        push @msg::report, sprintf Msg(6, 25, $msg::subscription_forwarded);
        ## Send a notice to the owners.
        $list->send_notify_to_owner({'who' => $sender,
                'keyauth' => $list->compute_auth($sender,'add'),
                'replyto' => &Conf::get_robot_conf($robot, 'sympa'),
                'gecos' => $comment,
                'type' => 'subrequest'}
        );
        $list->store_subscription_request($sender, $comment);
        do_log('info', 'SUB %s from %s forwarded to the owners of the list (%d seconds)', $which, $sender,time-$time_command);
        $param->{'status'} = 'notauth_passwordsent';
        return 1;
}
if ($action =~ /request_auth/i) {
        my $cmd = 'subscribe';
        $list->request_auth ($sender, $cmd, $robot, '');
        do_log('info', 'SUB %s from %s, auth requested (%d seconds)', $which, $sender,time-$time_command);
        $param->{'status'} = 'notauth_passwordsent';
        return 1;
}

function do_sigrequest

*  &do_sendpasswd();
+  $list->request_auth($in{'email'}, 'signoff', $robot, '');

To also get this to work, the template files sigrequest.tpl and subrequest.tpl should
be changed so that it doesn’t instruct you to check your mail for the password.

dump emails

the dump function includes lots of other stuff, like reception mode and date of subscription.
what we really want is for admins to be able to export a list of subscribers.

if you do the action dump/list?type=simple then you get just emails.

wwsympa.fcgi function do_dump:
{’
my listnames = $param->{'list'}; + if ($in{'type'} eq 'simple') { + &List::dump_emails(listnames);
+ $param→{’file’} = “$list→{’dir’}/emails.db.dump”;
+ }
+ else {
&List::dump(@listnames);
$param→{’file’} = “$list→{’dir’}/subscribers.db.dump”;
+ }
return 1;
’}

add to List.pm:

sub dump_emails {
    my @listnames = @_;
    do_log('debug2', 'List::dump_emails(%s)', @listnames);

    foreach my $l (@listnames) {
        my $list = new List($l);
        my $user_file_name = "$list->{'dir'}/emails.db.dump";
        do_log('debug3', 'Dumping list %s',$l);
        $list->_save_email_file($user_file_name);
    }
    return 1;
}

sub _save_email_file {
    my($self, $file) = @_;
    do_log('debug3', 'List::_save_users_file(%s)', $file);

    my($k, $s);
    do_log('debug2','Saving email file %s', $file);
    open SUB, "> $file" or return undef;

    for ($s = $self->get_first_user(); $s; $s = $self->get_next_user()) {
        printf SUB "%s\n", $s->{'email'};
    }
    close SUB;
    return 1;
}

 

thank you very much. Papa’s freezeria

 
   

I’m not sure what the best approach is. Still looking for a nice one. NGSSoftware offers one that Drift Boss scans for vulnerabilities but does not display patches when compared to the Microsoft database.