[Mailman-Users] Problem with plus-sign "+" in the list-name
Mark Sapiro
mark at msapiro.net
Thu Jun 13 16:29:51 CEST 2013
On 06/13/2013 03:51 AM, Gerhard Rappenecker wrote:
> Hi all,
>
> since upgrading to mailman 2.1.15 the following problem occurs:
>
> When lists admins want to change the list parameters or member-list by the webinterface they receive:
> "Error: The form lifetime has expired. (request forgery check)" and no change is done.
>
> IMPORTANT: This error only happens when the list-name contains a plus-sign "+", like e+test at lists.myorg.com.
This is a bug in the new CSRF checking scheme introduced in 2.1.15. It
will take me a day or so to do a proper fix. In the mean time, you can
edit the Mailman/CSRFcheck.py module by adding immediately following the
lines
def csrf_check(mlist, token):
""" check token by mailman cookie validation algorithm """
the line
return True
which will effectively disable the check and return pre-2.1.15 behavior.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list