$grouplistid = db_result($res,$i,'group_list_id');
$public = db_result($res,$i,'is_public');
+ $listname = trim($listname);
+ if (!$listname) {
+ $err .= "Empty name for a mailing list in 'mail_group_list' table\n";
+ break;
+ }
+ if (!preg_match('/^[a-z0-9\-_\.]*$/', $listname) || $listname == '.' || $listname == '..') {
+ $err .= 'Invalid List Name: ' . $listname;
+ break;
+ }
+
// Here we assume that the privatize_list.py script is located in the same dir as this script
$script_dir = dirname(__FILE__);
$privatize_cmd = escapeshellcmd(forge_get_config('mailman_path').'/bin/config_list -i '.$script_dir.'/privatize_list.py '.$listname);
for($k = 0; $k < $rows; $k++) {
$deleted_mail_list = db_result($res,$k,'mailing_list_name');
+ $deleted_mail_list = trim($deleted_mail_list);
+ if (!$deleted_mail_list) {
+ $err .= "Empty name for a mailing list in 'deleted_mailing_lists' table\n";
+ break;
+ }
+ if (!preg_match('/^[a-z0-9\-_\.]*$/', $deleted_mail_list) || $deleted_mail_list == '.' || $deleted_mail_list == '..') {
+ $err .= 'Invalid List Name: ' . $deleted_mail_list;
+ break;
+ }
exec(forge_get_config('mailman_path')."/bin/rmlist -a $deleted_mail_list", $output);
$success = false;
foreach ($output as $line) {
session_require_perm ('project_admin', $group->getID()) ;
$ml = new MailingList($group,getIntFromGet('group_list_id'));
+if ($ml->isError()) {
+ exit_error($ml->getErrorMessage(),'home');
+}
if (getStringFromPost('submit')) {
$sure = getStringFromPost('sure');