[prev in list] [next in list] [prev in thread] [next in thread]
List: mailman-developers
Subject: [Mailman-Developers] Re: Bug in current authentication
From: barry () wooz ! org (Barry A ! Warsaw)
Date: 2002-02-28 2:35:47
[Download RAW message or body]
>>>>> "DM" == Dan Mick <dmick@utopia.West.Sun.COM> writes:
DM> but that misses the case of
DM> if not mlist.isMember(user) and mlist.private_roster == 1:
DM> which is my case. Why is that second check there?
To avoid leaking member information when the roster is private. The
intent is that when rosters are private, you don't want a "no such
member" error message when a non-member address is entered (because
the lack of such a message reveals positive hits when you've actually
entered a member address).
The bug is that when rosters are public, and you've entered a
non-member address, you should not see the unsubscribe or remind
buttons. I'll fix that.
-Barry
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic