Hello. On Sat, 14 Sep 2013 13:21:37 +0200 Frederic Peters <[email protected]> wrote:
Hi,I discovered that bug today and wrote a patch, I tested it against mailman 2.1.13 (as found in Squeeze); I tracked the change in Mailman and found it to be revision 972: CGI/admin.py The email address which forms a part of the various CGI data keys in the admin membership list is now urllib.quote()ed. This allows changing options for and unsubbing an address which contains a double-quote character. -- http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/972 Fred --- listadmin.pl.orig 2013-09-14 13:10:33.760699371 +0200 +++ listadmin.pl 2013-09-14 13:11:54.785101152 +0200 @@ -588,7 +588,7 @@sub url_quote_parameter {my $param = shift; - $param =~ s/(\W)/sprintf ("%%%02x", ord ($1))/ge; + $param =~ s/(\W)/sprintf ("%%%02X", ord ($1))/ge; $param; }@@ -1763,6 +1763,7 @@user => \@addresses); for my $a (@addresses) { $params{$a . "_unsub"} = "on"; # Mailman 2.x + $params{url_quote_parameter($a) . "_unsub"} = "off" # Mailman >=2.1.12 } my $resp = $ua->post($url, \%params); return $resp->status_line unless $resp->is_success;
This seems to encode "too much" AND the parameter has to be "on".
Against mailman 2.1.15 is apparently "enough" to just encode the "@" sign.
I propose this patch:
*** ./listadmin.orig 2018-09-20 19:26:39.000000000 +0200
--- ./listadmin 2021-12-20 13:39:33.153488479 +0100
*************** sub remove_subscribers {
*** 1836,1841 ****
--- 1836,1845 ----
user => \@addresses);
for my $a (@addresses) {
$params{$a . "_unsub"} = "on"; # Mailman 2.x
+ # mailman > 2.1.11 encodes the "@" sign
+ my $b = $a;
+ $b =~ s/@/%40/;
+ $params{$b . "_unsub"} = "on"; # Mailman > 2.1.11
}
my $resp = $ua->post($url, \%params);
return $resp->status_line unless $resp->is_success;
Regards,
S. Ziehe
smime.p7s
Description: S/MIME Cryptographic Signature
