[Mailman-Users] Automated Subscription Bots Inundating ListOwners With Subscription Requests

Mark Sapiro mark at msapiro.net
Sun Dec 9 18:11:28 CET 2012 

On 12/9/2012 8:14 AM, Ivan Fetch wrote:
> 
> I downloaded the three modified files from this patch, and diffed them against 2.1.14 files. It looks like this patch will mostly apply to 2.1.14, but I'm not sure about the differences relating to comparing passwords, and the use of "strip." See 128,129c146,147 in the patch below for the what I am asking about.
> 
> 
> Here is my diff:
> 
[...]
> 112c113
> <     email = cgidata.getvalue('email', '')
> ---
>>     email = cgidata.getvalue('email', '').strip()


The above is the fix for
<https://bugs.launchpad.net/mailman/+bug/745432>. It would be better to
include the .strip() as it fixes the bug.


[...]
> 128,129c146,147
> <     password = cgidata.getvalue('pw')
> <     confirmed = cgidata.getvalue('pw-conf')
> ---
>>     password = cgidata.getvalue('pw', '').strip()
>>     confirmed = cgidata.getvalue('pw-conf', '').strip()
> 131c149
> <     if password is None and confirmed is None:
> ---
>>     if not password and not confirmed:
> 133c151
> <     elif password is None or confirmed is None:
> ---
>>     elif not password or not confirmed:


The above is all part of the fix for
<https://bugs.launchpad.net/mailman/+bug/778088>. The full fix is at
<http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1303>.

It would be better to include the .strip() as that fixes the bug for the
subscribe form. The other changes at 131 and 133 are important if you
make the changes at 128,129c146,147 because the change from
cgidata.getvalue('..') to cgidata.getvalue('..', '') returns the null
string rather than None if the value is missing.

In other words, it is safe to install the patched 2.1.15 module in
2.1.14. The changes will fix bugs and not break anything.

Or you can apply just the patch to 2.1.14 and continue to live with the
bugs.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list