[Mailman-Developers] We may need to escape percent signs in admin
forms
Tom Neff
tneff at grassyhill.org
Fri Oct 22 14:50:23 CEST 2004
I notice that on one of my lists, a moderator had been using the "Add
(address) to a sender filter" checkbox on a lot of pending moderator
requests, so that a substantial list of automatic-discard addresses had
been built *without* ever using the Sender Filters admin page.
When I went to the Sender Filters page myself and tried to change something
else, the Submit blew up with
TypeError: not enough arguments for format string
in htmlformat.py . I googled this and on a couple of Python forums I found
the suggestion than an un-escaped percent sign had found its way into a
template. My templates are untouched but Mailman builds a lot of documents
on the fly, so I scanned the pre-submit Sender Filters page source for
percents and lo, there were a couple in the list of auto-discard email
addresses. On a whim I removed them and re-Submitted. Instant success.
I am too swamped to hack the Mailman code right now but if someone wants to
take a look, it may be that there is something called addError that is
passing un-escaped text. We might want to come in after any template
substitution and escape what's left. Or something.
More information about the Mailman-Developers
mailing list