On 11/26/2014 05:50 AM, Ulf Dunkel wrote: > I have now adjusted my stuff that way, that my server sends me myself an > email with the desired link, e.g. > > <http://<mydomain>/mailman/admin/<listname>/members/remove?send_unsub_ack_to_this_batch=1&send_unsub_notifications_to_list_owner=0&unsubscribees_upload=<user_email>&adminpw=<adminpassword>> > > This works fine for me, but - I don't like to send passwords via email > to my normal user mail account.
So why don't you just have your server do a wget or curl to get that URL instead of mailing it to you, or is mailing it to you some kind of confirmation step? > When I try > > <http://<mydomain>/mailman/admin/<listname>/members/remove?send_unsub_ack_to_this_batch=1&send_unsub_notifications_to_list_owner=0&unsubscribees_upload=<user_email>> > > instead (without the adminpw stuff), I get this funny error on the webpage: > > ----- snip ----- > Error: The form lifetime has expired. (request forgery check) > ----- snap ----- As Stephen says, that's CSRF protection. See the documentation of FORM_LIFETIME, SUBSCRIBE_FORM_SECRET and SUBSCRIBE_FORM_MIN_TIME in Defaults.py > Is there any chance to proceed with URLs like the one above and using > the web interface with the need to enter the admin password in the browser? I *think* it will work if you 'Logout' of the admin interface and then go to the unsubscribe URL. This will get the login page and when you log in, the unsubscribe will be processed. Or, you can disable the CSRF protection by removing the setting for SUBSCRIBE_FORM_SECRET from mm_cfg.py. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
