[Mailman-Users] Antw: Re: Problem with plus-sign "+" in the list-name
Gerhard Rappenecker
G.Rappenecker at hs-offenburg.de
Thu Jun 13 16:56:21 CEST 2013
Hi Mark,
the workaround works fine.
Thanks a lot for the great support.
Gerhard Rappenecker
>>>
> On 06/13/2013 03:51 AM, Gerhard Rappenecker wrote:
>> Hi all,
>>
>> since upgrading to mailman 2.1.15 the following problem occurs:
>>
>> When lists admins want to change the list parameters or member-list by the
> webinterface they receive:
>> "Error: The form lifetime has expired. (request forgery check)" and no
> change is done.
>>
>> IMPORTANT: This error only happens when the list-name contains a plus-sign
> "+", like e+test at lists.myorg.com.
>
>
> This is a bug in the new CSRF checking scheme introduced in 2.1.15. It
> will take me a day or so to do a proper fix. In the mean time, you can
> edit the Mailman/CSRFcheck.py module by adding immediately following the
> lines
>
> def csrf_check(mlist, token):
> """ check token by mailman cookie validation algorithm """
>
> the line
>
> return True
>
> which will effectively disable the check and return pre-2.1.15 behavior.
>
> --
> Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> http://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
> http://mail.python.org/mailman/options/mailman-users/g.rappenecker%40hs-offen
> burg.de
More information about the Mailman-Users
mailing list