update cgi

jaredmauch · jaredmauch · commit 5a44da99522a · 2025-05-14T00:20:02.000-04:00
diff --git a/Mailman/Cgi/admin.py b/Mailman/Cgi/admin.py
@@ -533,15 +533,23 @@ def show_results(mlist, doc, category, subcat, cgidata):
         'realname': mlist.real_name,
         'label': label
     })
-    doc.AddItem(Center(Header(2, _(
-        '%(realname)s mailing list administration<br>%(label)s Section') % {
-            'realname': mlist.real_name,
-            'label': label
-        })))
-    doc.AddItem('<hr>')
-    # Now we need to craft the form that will be submitted, which will contain
-    # all the variable settings, etc.  This is a bit of a kludge because we
-    # know that the autoreply and members categories supports file uploads.
+    
+    # Use ParseTags for the main content
+    replacements = {
+        'realname': mlist.real_name,
+        'label': label,
+        'adminurl': adminurl,
+        'admindburl': mlist.GetScriptURL('admindb'),
+        'listinfourl': mlist.GetScriptURL('listinfo'),
+        'edithtmlurl': mlist.GetScriptURL('edithtml'),
+        'archiveurl': mlist.GetBaseArchiveURL(),
+        'rmlisturl': mlist.GetScriptURL('rmlist') if mm_cfg.OWNERS_CAN_DELETE_THEIR_OWN_LISTS and mlist.internal_name() != mm_cfg.MAILMAN_SITE_LIST else None
+    }
+    
+    output = mlist.ParseTags('admin_results.html', replacements, mlist.preferred_language)
+    doc.AddItem(output)
+    
+    # Now we need to craft the form that will be submitted
     encoding = None
     if category in ('autoreply', 'members'):
         encoding = 'multipart/form-data'
@@ -556,127 +564,19 @@ def show_results(mlist, doc, category, subcat, cgidata):
             'adminurl': adminurl,
             'category': category
         }, encoding=encoding, mlist=mlist, contexts=AUTH_CONTEXTS)
-    # This holds the two columns of links
-    linktable = Table(valign='top', width='100%')
-    linktable.AddRow([Center(Bold(_("Configuration Categories"))),
-                      Center(Bold(_("Other Administrative Activities")))])
-    # The `other links' are stuff in the right column.
-    otherlinks = UnorderedList()
-    otherlinks.AddItem(Link(mlist.GetScriptURL('admindb'),
-                            _('Tend to pending moderator requests')))
-    otherlinks.AddItem(Link(mlist.GetScriptURL('listinfo'),
-                            _('Go to the general list information page')))
-    otherlinks.AddItem(Link(mlist.GetScriptURL('edithtml'),
-                            _('Edit the public HTML pages and text files')))
-    otherlinks.AddItem(Link(mlist.GetBaseArchiveURL(),
-                            _('Go to list archives')).Format() +
-                       '<br>&nbsp;<br>')
-    # We do not allow through-the-web deletion of the site list!
-    if mm_cfg.OWNERS_CAN_DELETE_THEIR_OWN_LISTS and \
-           mlist.internal_name() != mm_cfg.MAILMAN_SITE_LIST:
-        otherlinks.AddItem(Link(mlist.GetScriptURL('rmlist'),
-                                _('Delete this mailing list')).Format() +
-                           _(' (requires confirmation)<br>&nbsp;<br>'))
-    otherlinks.AddItem(Link('%s/logout' % adminurl,
-                            # BAW: What I really want is a blank line, but
-                            # adding an &nbsp; won't do it because of the
-                            # bullet added to the list item.
-                            '<FONT SIZE="+2"><b>%s</b></FONT>' %
-                            _('Logout')))
-    # These are links to other categories and live in the left column
-    categorylinks_1 = categorylinks = UnorderedList()
-    categorylinks_2 = ''
-    categorykeys = list(categories.keys())
-    half = len(categorykeys) / 2
-    counter = 0
-    subcat = None
-    for k in categorykeys:
-        label = _(categories[k][0])
-        url = '%s/%s' % (adminurl, k)
-        if k == category:
-            # Handle subcategories
-            subcats = mlist.GetConfigSubCategories(k)
-            if subcats:
-                subcat = Utils.GetPathPieces()[-1]
-                for k, v in subcats:
-                    if k == subcat:
-                        break
-                else:
-                    # The first subcategory in the list is the default
-                    subcat = subcats[0][0]
-                subcat_items = []
-                for sub, text in subcats:
-                    if sub == subcat:
-                        text = Bold('[%s]' % text).Format()
-                    subcat_items.append(Link(url + '/' + sub, text))
-                categorylinks.AddItem(
-                    Bold(label).Format() +
-                    UnorderedList(*subcat_items).Format())
-            else:
-                formatted_label = '[%s]' % label
-                categorylinks.AddItem(Link(url, Bold(formatted_label)))
-        else:
-            categorylinks.AddItem(Link(url, label))
-        counter += 1
-        if counter >= half:
-            categorylinks_2 = categorylinks = UnorderedList()
-            counter = -len(categorykeys)
-    # Make the emergency stop switch a rude solo light
-    etable = Table()
-    # Add all the links to the links table...
-    etable.AddRow([categorylinks_1, categorylinks_2])
-    etable.AddRowInfo(etable.GetCurrentRowIndex(), valign='top')
-    if mlist.emergency:
-        label = _('Emergency moderation of all list traffic is enabled')
-        etable.AddRow([Center(
-            Link('?VARHELP=general/emergency', Bold(label)))])
-        color = mm_cfg.WEB_ERROR_COLOR
-        etable.AddCellInfo(etable.GetCurrentRowIndex(), 0,
-                           colspan=2, bgcolor=color)
-    linktable.AddRow([etable, otherlinks])
-    # ...and add the links table to the document.
-    form.AddItem(linktable)
-    form.AddItem('<hr>')
-    form.AddItem(
-        _(f'''Make your changes in the following section, then submit them
-        using the <em>Submit Your Changes</em> button below.''')
-        + '<p>')
-
-    # The members and passwords categories are special in that they aren't
-    # defined in terms of gui elements.  Create those pages here.
+        
+    # Add the form content based on category
     if category == 'members':
-        # Figure out which subcategory we should display
-        subcat = Utils.GetPathPieces()[-1]
-        if subcat not in ('list', 'add', 'remove', 'change', 'sync'):
-            subcat = 'list'
-        # Add member category specific tables
         form.AddItem(membership_options(mlist, subcat, cgidata, doc, form))
         form.AddItem(Center(submit_button('setmemberopts_btn')))
-        # In "list" subcategory, we can also search for members
-        if subcat == 'list':
-            form.AddItem('<hr>\n')
-            table = Table(width='100%')
-            table.AddRow([Center(Header(2, _('Additional Member Tasks')))])
-            table.AddCellInfo(table.GetCurrentRowIndex(), 0, colspan=2,
-                              bgcolor=mm_cfg.WEB_HEADER_COLOR)
-            # Add a blank separator row
-            table.AddRow(['&nbsp;', '&nbsp;'])
-            # Add a section to set the moderation bit for all members
-            table.AddRow([_(f"""<li>Set everyone's moderation bit, including
-            those members not currently visible""")])
-            table.AddCellInfo(table.GetCurrentRowIndex(), 0, colspan=2)
-            table.AddRow([RadioButtonArray('allmodbit_val',
-                                           (_('Off'), _('On')),
-                                           mlist.default_member_moderation),
-                          SubmitButton('allmodbit_btn', _('Set'))])
-            form.AddItem(table)
     elif category == 'passwords':
         form.AddItem(Center(password_inputs(mlist)))
         form.AddItem(Center(submit_button()))
     else:
         form.AddItem(show_variables(mlist, category, subcat, cgidata, doc))
         form.AddItem(Center(submit_button()))
-    # And add the form
+        
+    # Add the form to the document
     doc.AddItem(form)
     doc.AddItem(mlist.GetMailmanFooter())
 
diff --git a/Mailman/Cgi/admindb.py b/Mailman/Cgi/admindb.py
@@ -873,16 +873,12 @@ def safe_get(key, default=''):
         # Check if there are any pending requests
         admindburl = mlist.GetScriptURL('admindb', absolute=1)
         if not mlist.NumRequestsPending():
-            doc.AddItem(_('There are no pending requests.'))
-            doc.AddItem(' ')
-            doc.AddItem(Link(admindburl, _('Click here to reload this page.')))
-            # Put 'Logout' link before the footer
-            doc.AddItem('\n<div align="right"><font size="+2">')
-            doc.AddItem(Link('%s/logout' % admindburl,
-                '<b>%s</b>' % _('Logout')))
-            doc.AddItem('</font></div>\n')
-            # Add the footer
-            doc.AddItem(mlist.GetMailmanFooter())
+            replacements = {
+                'admindburl': admindburl,
+                'logout_url': '%s/logout' % admindburl
+            }
+            output = mlist.ParseTags('admindb_empty.html', replacements, mlist.preferred_language)
+            doc.AddItem(output)
             return
 
         # Create a form for the overview with proper encoding
@@ -909,21 +905,19 @@ def safe_get(key, default=''):
             # Process the form data
             process_submissions(mlist, cgidata)
             # Show success message
-            doc.AddItem(_('Your changes have been made.'))
-            doc.AddItem(' ')
-            admindburl = mlist.GetScriptURL('admindb', absolute=1)
-            doc.AddItem(Link(admindburl, _('Click here to return to the pending requests page.')))
-            # Add the footer
-            doc.AddItem(mlist.GetMailmanFooter())
+            replacements = {
+                'admindburl': admindburl
+            }
+            output = mlist.ParseTags('admindb_success.html', replacements, mlist.preferred_language)
+            doc.AddItem(output)
             return
 
         # If we get here, something went wrong
-        doc.AddItem(_('Invalid action specified.'))
-        doc.AddItem(' ')
-        admindburl = mlist.GetScriptURL('admindb', absolute=1)
-        doc.AddItem(Link(admindburl, _('Click here to return to the pending requests page.')))
-        # Add the footer
-        doc.AddItem(mlist.GetMailmanFooter())
+        replacements = {
+            'admindburl': admindburl
+        }
+        output = mlist.ParseTags('admindb_error.html', replacements, mlist.preferred_language)
+        doc.AddItem(output)
 
     except Exception as e:
         mailman_log('error', 'admindb: Error in process_form: %s\n%s', 
diff --git a/Mailman/Cgi/edithtml.py b/Mailman/Cgi/edithtml.py
@@ -173,15 +173,13 @@ def _(s):
             print(doc.Format())
             return
     else:
-        doc.SetTitle(_('{realname} -- HTML Page Editing'))
-        doc.AddItem(Header(1, _('{realname} -- HTML Page Editing')))
-        doc.AddItem(Header(2, _('Select page to edit:')))
-        template_list = UnorderedList()
-        for (template, info) in template_data:
-            l = Link(mlist.GetScriptURL('edithtml') + '/' + template, _(info))
-            template_list.AddItem(l)
-        doc.AddItem(FontSize("+2", template_list))
-        doc.AddItem(mlist.GetMailmanFooter())
+        # Use ParseTags for the template selection page
+        replacements = {
+            'realname': realname,
+            'templates': template_data
+        }
+        output = mlist.ParseTags('edithtml_select.html', replacements, language)
+        doc.AddItem(output)
         print(doc.Format())
         return
 
@@ -192,7 +190,10 @@ def _(s):
             else:
                 doc.addError(
                   _('The form lifetime has expired. (request forgery check)'))
-        FormatHTML(mlist, doc, template_name, template_info, lang=language)
+        # Use ParseTags for proper template processing
+        replacements = mlist.GetStandardReplacements(language)
+        output = mlist.ParseTags(template_name, replacements, language)
+        doc.AddItem(output)
     finally:
         doc.AddItem(mlist.GetMailmanFooter())
         print(doc.Format())
diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py
@@ -326,19 +326,9 @@ def list_listinfo(mlist, language):
 
     # Process the template with replacements
     try:
-        # Ensure template content is unicode
-        if isinstance(template_content, bytes):
-            template_content = template_content.decode('utf-8', 'replace')
-        
-        # Process replacements
-        for key, value in replacements.items():
-            if isinstance(value, bytes):
-                value = value.decode('utf-8', 'replace')
-            template_content = template_content.replace(key, str(value))
-        
-        # Add the processed content to the document
-        doc.AddItem(template_content)
-        
+        # Use ParseTags for proper template processing
+        output = mlist.ParseTags('listinfo.html', replacements, language)
+        doc.AddItem(output)
     except Exception as e:
         mailman_log('error', 'Error processing template: %s', str(e))
         return
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
@@ -111,6 +111,7 @@ def main():
         doc.AddItem(Header(3, error_msg))
         print('Status: 400 Bad Request')
         print(doc.Format())
+        syslog('mischief', 'Private archive invalid path: %s', parts[0])
         return
 
     # Validate and sanitize the full path
@@ -233,13 +234,14 @@ def main():
         # page don't work.
         if true_filename.endswith('/index.html') and parts[-1] != 'index.html':
             action += SLASH
-        # Escape web input parameter to avoid cross-site scripting.
-        print(Utils.maketext(
-            'private.html',
-            {'action'  : Utils.websafe(action),
-             'realname': mlist.real_name,
-             'message' : message,
-             }, mlist=mlist))
+        # Use ParseTags for proper template processing
+        replacements = {
+            'action': Utils.websafe(action),
+            'realname': mlist.real_name,
+            'message': message
+        }
+        output = mlist.ParseTags('private.html', replacements, lang)
+        print(output)
         return
 
     lang = mlist.getMemberLanguage(username)
