[Mailman-Users] Mailman 2.1.15 doesn't allow admin changes on private lists

[Stephen J. Turnbull]

Charles Buckley writes:

 > I experimented with this a bit, and found that I could eliminate
 > the footer on my public (browsable) list on the same server. So I
 > tried converting my other private (non-browsable) list to be
 > browsable, at which point I could eliminate the footer, and then
 > switch the list back to being non-browsable.
 > 
 > But once I tried to implement the workaround on the non-browsable
 > list I wanted to change, I got the same defective behaviour when
 > trying to switch the list to be browsable

Did you test on the second private list *without* changing the
"private" flag?  If not, my guess is that the private flag is a red
herring, and that there is some other issue with the recalcitrant list
that causes you to get bounced back to the login page.

Please check the Mailman and webserver logs to see if there is
evidence of errors there.  With luck there will be a Python traceback
from an exception.  If you're using Apache as the webserver,
tracebacks are usually in the error.log, and there may be a 5xx status
in the access.log (I bet not though since you get served the login
page rather than a Server Error page, and that makes me somewhat
pessimistic about finding a traceback in error.log).

 > I saw a report of this behaviour on this mailing list from the year
 > 2000.

If you have an URL for this post, or a timestamp, or even a precise
date, it might be helpful.  I can't find it.

 > It is still going on now in 2023. One would think that some
 > information on how to workaround this bug would have been found
 > between now and back then. 

I rather doubt it's the same bug (but it's worth comparing).  Mailman
2.0 was in beta in 2000, and pretty much anything from mail composed
by badly written Japanese MUAs to mail composed by the even less
conformant Windows 2000 Outlook betas could crash it.  Mailman 2.1 was
released in 2006 with a *lot* of attention to input validation and
exception handling, although more on the email side than the web UI
side.

 > Note that, when I am able to successfully change a setting, I am
 > never sent back to the list admin login page.

That's expected.  My guess is that some content, probably an invisible
control character in a text field in the form (I've seen ^T mentioned
more than once, don't ask me why), is causing the form parser to raise
an exception, which who-knows-why gets caught by the not-logged-in
handler.  (My guesses are close to correct about 20% of the time.
Good enough to look there first, but don't bet your car. ;-)

I think all the browsers you mention have developer modes or plugins.
Mailman pages don't have horribly complicated DOMs, so if you want to
go through either the DOM or the page source for the form and see if
you can spot some weird character in one of the fields (likely, but
not certainly, the footer you're trying to change), you might have
some luck.  Also, "_" (underscore) may be a "weird character" --
Mailman 3's list importer complains about footers that contain it.
(Who knows why, I don't think it's weird, but Mailman 3 does kvetch.)

Regards,
Steve

--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/
Member address: arch...@jab.org

[Mailman-Users] Mailman 2.1.15 doesn't allow admin changes on private lists

[Charles Buckley]

I run three Mailman lists on my web server, one browsable and two 
non-browsable. I wanted to eliminate the footer that gets added to the bottom 
of messages distributed by one of the private (non-browsable) lists.

When I tried to do this, I would browse to the admin non-digest page, delete 
the contents of the Footer field, and hit "Submit my changes". This would send 
me to a login for admin privileges of the list in question. I would log back 
in, only to find myself on the page I had just modified, but the modification I 
made did not take place.

I experimented with this a bit, and found that I could eliminate the footer on 
my public (browsable) list on the same server. So I tried converting my other 
private (non-browsable) list to be browsable, at which point I could eliminate 
the footer, and then switch the list back to being non-browsable.

But once I tried to implement the workaround on the non-browsable list I wanted 
to change, I got the same defective behaviour when trying to switch the list to 
be browsable -- I would get redirected to the admin login page for the list in 
question, log in successfully, only to come back and find myself on the same 
privacy page, with no changes having been made.

I saw a report of this behaviour on this mailing list from the year 2000. It is 
still going on now in 2023. One would think that some information on how to 
workaround this bug would have been found between now and back then.

Note that, when I am able to successfully change a setting, I am never sent 
back to the list admin login page.

I have also posted this as a bug via the Mailman launchpad.  This behaviour 
appears to be browser-independent; I have tried it on Firefox, Chrome, and 
Edge.  

 

Any advice would be appreciated.

 

Charles Buckley

 

--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/
Member address: arch...@jab.org