** Description changed: The hash(#) is a valid character as far as the local part of the email addresses is concerned. So, as the mailing list addresses are email addresses too, we can use # in the list names too. And, in context with mailman it works well. We can create a list with list_id sam#hashed.host.org for the address sam#has...@host.org . This works fine. But it makes the list_id to contain the hash character and therefore the REST endpoint for retrieving list wise info becomes invalid, i.e : <api-root>/lists/sam#hashed.host.org Because in an URL the stuff after # is treated as document starting point i.e an id identifier or something of a dom element. This is not a valid PATH for the server. Therefore the falcon wsgi request object does not contain information of that and the req.path simply returns sam as the list_id ( http://bazaar.launchpad.net/~mailman-coders/mailman/3.0/view/head:/src/mailman/rest/wsgiapp.py#L65 ) giving a 404 because there is no any list with list id sam. The mailman client works fine, it sends a GET to <api-root>lists/sam#hashed.host.org. - This causes the REST end points which needs list_id to return 404 or in worse we can have a list_id clash between ids sam#XXXXX and sam. Further more if the list_id starts with a # character then the server finds list_id to be empty string and therefore we get a KEY ERROR because fqdn_listname is not set too. The bug highly effects postorius too. The lists index template at /postorius/lists/ cannot be rendered as it uses the former REST endpoint and again a 404 is given. And, until we delete this list from the database, we can't do anything except of getting a 404 and KEY ERROR each time. - As far as security is concerned, if an another user created a public list using a hash character, then public list indexing would also fail. + This causes the REST end points which needs list_id to return 404 or in + worse we can have a list_id clash between ids sam#XXXXX and sam. Further + more if the list_id starts with a # character then the server finds + list_id to be empty string and therefore we get a KEY ERROR because + fqdn_listname is not set too. The bug highly effects postorius too. The + lists index template at /postorius/lists/ cannot be rendered as it uses + the former REST endpoint and again a 404 is given. And, until we delete + this list from the database, we can't do anything except of getting a + 404 and KEY ERROR each time.
-- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1429366 Title: Anatomy of list ids does not keep with that of urls causes some REST end points to return 404 always To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1429366/+subscriptions _______________________________________________ Mailman-coders mailing list Mailman-coders@python.org https://mail.python.org/mailman/listinfo/mailman-coders
