[Bug 1160647] Re: request forgery check displayed when only viewing admin pages
Phil Sutter
p.launchpad at nwl.cc
Sun Apr 7 00:27:29 CEST 2013
These two tests do not make any difference to the symptom. Though I
think I found the culprit, but first things first.
The reason why no error message is displayed right after login is that
the login process is itself a form submission, and those are working as
initially stated. So the problem is not really "caused" by clicking one
of the page top links, also indicated by a browser page refresh also
showing the error message.
I did in turn add the same debug output to admin.py itself, which did
not show anything special other than that the FieldStorage constructor
returned 'FieldStorage(None, None, [MiniFieldStorage('admin', '')])'.
While looking at the class's implementation again, I noticed that
sys.argv is parsed while constructing the internal list so I added
'sys.argv[1]' to my debugging statement -> bingo!
This is what happens:
- the cgi-wrapper 'cgi-bin/admin' calls 'scripts/driver' with the scriptname as first parameter (i.e. 'admin')
- 'scripts/driver' then uses 'sys.argv[1]' to find out it has to call 'main()' in 'Cgi/admin.py', but leaves 'sys.argv' intact
- 'Cgi/admin.py' then calls the FieldStorage constructor which finds data in 'sys.argv[1]'
(the FieldStorage class blows my mind, so I didn't bother digging to the point where this actually turns into a request parameter value)
Could this be a problem with python2.7 (default on my system) instead of
python3? Since the 'printenv' code you suggested is also python2 syntax
I guess this should be a working configuration, no?
Just for the record: in 'scripts/driver', below line 94 which reads
'scriptname = sys.argv[1]' I added a new line: 'sys.argv[1] = ""' which
indeed made the error message disappear. Didn't test full functionality
though.
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1160647
Title:
request forgery check displayed when only viewing admin pages
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1160647/+subscriptions
More information about the Mailman-coders
mailing list