Finish FieldStorage migration: admin, admindb, edithtml.

Replace legacy cgi.FieldStorage [.value] access with getfirst/getlist and a
shared _field_upload_text helper for multipart mass subscribe/unsub/memberlist
uploads (Mailman.Utils.FieldStorage keeps file bodies in _files, not subscript
values).

Author: jaredmauch

Mailman/Cgi/admin.py

@@ -56,6 +56,31 @@ def D_(s):
 AUTH_CONTEXTS = (mm_cfg.AuthListAdmin, mm_cfg.AuthSiteAdmin)
 
 
+def _field_upload_text(cgidata, fieldname):
+    """Decode multipart file upload text, or fall back to getfirst (FieldStorage)."""
+    fn = getattr(cgidata, 'filename', None)
+    if callable(fn) and fn(fieldname):
+        fobj = cgidata.file(fieldname)
+        if fobj is None:
+            return cgidata.getfirst(fieldname, '') or ''
+        try:
+            raw = fobj.read()
+        finally:
+            try:
+                fobj.close()
+            except EnvironmentError:
+                pass
+            try:
+                os.unlink(fobj.name)
+            except OSError:
+                pass
+        enc = getattr(cgidata, 'encoding', None) or 'utf-8'
+        if isinstance(raw, bytes):
+            return raw.decode(enc, getattr(cgidata, 'errors', None) or 'replace')
+        return raw or ''
+    return cgidata.getfirst(fieldname, '') or ''
+
+
 
 def main():
     # Try to find out which list is being administered
@@ -1459,10 +1484,7 @@ def safeint(formvar, defaultval=None):
     # mass subscription, removal processing for members category
     subscribers = ''
     subscribers += str(cgidata.getfirst('subscribees', ''))
-    sub_uploads = cgidata.getfirst('subscribees_upload', '')
-    if isinstance(sub_uploads, bytes):
-        sub_uploads = sub_uploads.decode()
-    subscribers += sub_uploads
+    subscribers += _field_upload_text(cgidata, 'subscribees_upload')
     if subscribers:
         entries = [_f for _f in [n.strip() for n in subscribers.splitlines()] if _f]
         send_welcome_msg = safeint('send_welcome_msg_to_this_batch',
@@ -1540,13 +1562,8 @@ def safeint(formvar, defaultval=None):
     # Unsubscriptions
     removals = ''
     if 'unsubscribees' in cgidata:
-        removals += cgidata['unsubscribees'].value
-    if 'unsubscribees_upload' in cgidata and \
-           cgidata['unsubscribees_upload'].value:
-        unsub_upload = cgidata['unsubscribees_upload'].value
-        if isinstance(unsub_upload, bytes):
-            unsub_upload = unsub_upload.decode()
-        removals += unsub_upload
+        removals += cgidata.getfirst('unsubscribees', '') or ''
+    removals += _field_upload_text(cgidata, 'unsubscribees_upload')
     if removals:
         names = [_f for _f in [n.strip() for n in removals.splitlines()] if _f]
         send_unsub_notifications = safeint(
@@ -1651,10 +1668,7 @@ def safeint(formvar, defaultval=None):
     # sync operation
     memberlist = ''
     memberlist += cgidata.getvalue('memberlist', '')
-    upload = cgidata.getvalue('memberlist_upload', '')
-    if isinstance(upload, bytes):
-        upload = upload.decode()
-    memberlist += upload
+    memberlist += _field_upload_text(cgidata, 'memberlist_upload')
     if memberlist:
         # Browsers will convert special characters in the text box to HTML
         # entities. We need to fix those.
@@ -1745,13 +1759,7 @@ def clean_input(x):
                 mlist.setMemberOption(member, mm_cfg.Moderate, val)
     # do the user options for members category
     if 'setmemberopts_btn' in cgidata and 'user' in cgidata:
-        user = cgidata['user']
-        if type(user) is list:
-            users = []
-            for ui in range(len(user)):
-                users.append(urllib.parse.unquote(user[ui].value))
-        else:
-            users = [urllib.parse.unquote(user.value)]
+        users = [urllib.parse.unquote(u) for u in cgidata.getlist('user')]
         errors = []
         removes = []
         for user in users:

Mailman/Cgi/admindb.py

@@ -932,11 +932,12 @@ def process_form(mlist, doc, cgidata):
     banaddrs = []
     erroraddrs = []
     for k in list(cgidata.keys()):
-        formv = cgidata[k]
-        if type(formv) == list:
+        vals = cgidata.getlist(k)
+        if len(vals) != 1:
             continue
+        formv = vals[0]
         try:
-            v = int(formv.value)
+            v = int(formv)
             request_id = int(k)
         except ValueError:
             continue
@@ -965,13 +966,13 @@ def process_form(mlist, doc, cgidata):
         forward = 0
         forwardaddr = ''
         if commentkey in cgidata:
-            comment = cgidata[commentkey].value
+            comment = cgidata.getfirst(commentkey)
         if preservekey in cgidata:
-            preserve = cgidata[preservekey].value
+            preserve = cgidata.getfirst(preservekey)
         if forwardkey in cgidata:
-            forward = cgidata[forwardkey].value
+            forward = cgidata.getfirst(forwardkey)
         if forwardaddrkey in cgidata:
-            forwardaddr = cgidata[forwardaddrkey].value
+            forwardaddr = cgidata.getfirst(forwardaddrkey)
         # Should we ban this address?  Do this check before handling the
         # request id because that will evict the record.
         if cgidata.getfirst(bankey):

Mailman/Cgi/edithtml.py

@@ -240,7 +240,7 @@ def ChangeHTML(mlist, cgi_info, template_name, doc, lang=None):
         doc.AddItem(Header(3,_("HTML Unchanged.")))
         doc.AddItem('<hr>')
         return
-    code = cgi_info['html_code'].value
+    code = cgi_info.getfirst('html_code')
     if Utils.suspiciousHTML(code):
         doc.AddItem(Header(3,
            _(f"""The page you saved contains suspicious HTML that could