[Mailman-Users] Which parts of mailman are platform-dependent?
Here's why I want to know: We're getting ready to jack up our environment and drag out two (tired, weak) machines running Solaris on SPARC, replacing them with two (strong, healthy) Red Hat boxes, runing on Intel hardware. Unfortunately, we're not going to swap them at the same time. Currently, one of those machines is our mail server, and the other is the web server. The web server is what provides Mailman access for administrative tasks and for archive access. That's the machine that will be replaced first. If all goes smoothly (yeah, right :-), we will, at the same time that we replace the web server, move mail server duties to that machine as well. If things don't go well, then mail may end up continuing to run on the Solaris box. From what I've been able to figure out, there are two parts of mailman that are platform-dependent: $MAILMAN_HOME/mail/mailman (the wrapper that mail is piped to) $MAILMAN_HOME/cgi-bin/* (which get used by the web server) Everything in $MAILMAN_HOME/bin is python and so should be platform-independent, right? If I'm correct, then if things go badly and we end up in the situation where our mail server is running Solaris on SPARC and our web server is running Linux on Intel, then assuming that the two machines share $MAILMAN_HOME, I just have to ensure that the wrapper is a SPARC executable, while the cgi-bin files are Intel executables. Or have I missed something? Anything else that will care? -- Steve Burlingmailto:[EMAIL PROTECTED] University of Michigan, ICPSRVoice: +1 734 615.3779 330 Packard Street FAX: +1 734 647.8700 Ann Arbor, MI 48104-2910 -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Which parts of mailman are platform-dependent?
At 12:25 PM -0500 3/11/07, Steve Burling wrote: From what I've been able to figure out, there are two parts of mailman that are platform-dependent: $MAILMAN_HOME/mail/mailman (the wrapper that mail is piped to) $MAILMAN_HOME/cgi-bin/* (which get used by the web server) That's not really platform-dependant. Mailman itself is pure Python, so should run anywhere that Python does. These kinds of things are installation-dependant, and if you were to install Mailman in a different location on exactly the same platform, then these things would be different -- or at least in different places. The standard locations for things in the typical Mailman world (i.e., as downloaded directly from our sources) are usually somewhat different from where things get put if you use a version that has been pre-packaged by someone else. However, since these locations involve things in the code that can be buried pretty deep, if you want to move a Mailman installation from one platform to another, I would recommend that you completely re-install Mailman from the appropriate sources on the new box, then copy over just the configuration files and archives for the lists. -- Brad Knowles [EMAIL PROTECTED], Consultant Author LinkedIn Profile: http://tinyurl.com/y8kpxu Slides from Invited Talks: http://tinyurl.com/tj6q4 -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
[Mailman-Users] Removing illegal character user names
Hi all, Through some finger incontinence on my part (trying to do list admin w too late at night when I should have been in bed asleep) I have managed to add an illegally-named user whom I now cannot unsubscribe ... It is also possible I've discovered a bug, in which case the circumstances were a mass subscribe exercise where (in this case) I forgot to add a space between the username and the email address, so the input line looked like this User[EMAIL PROTECTED] and the list added them as this User [EMAIL PROTECTED] I can see the user name in the list admin console but it will not allow me to unsubscribe or no mail the user. Can anyone advise, help at all, please? -- Regards, Mike -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Which parts of mailman are platform-dependent?
--On March 11, 2007 11:34:02 AM -0500 Brad Knowles [EMAIL PROTECTED] wrote: That's not really platform-dependant. Mailman itself is pure Python, so should run anywhere that Python does. These kinds of things are installation-dependant, and if you were to install Mailman in a different location on exactly the same platform, then these things would be different -- or at least in different places. Unless I'm missing something (which is entirely possible), it's not true that Mailman is pure Python. There is a bunch of C code in $MAILMAN_SRC/src, which gets compiled into platform-specific executable files. These end up as $MAILMAN_HOME/mail/mailman, and $MAILMAN_HOME/cgi-bin/whatever. And it's these that I'm concerned with. $MAILMAN_HOME/mail/mailman gets executed by the MTA, as a result of the pipes in the alias file. So they had better be compiled for the same architecture as the mailer. $MAILMAN_HOME/cgi-bin/* get executed by the web server, and so had better be compiled for the same architecture as the web server. If, as might happen for us, those architectures are different, then some extra precautions have to be taken. The standard locations for things in the typical Mailman world (i.e., as downloaded directly from our sources) are usually somewhat different from where things get put if you use a version that has been pre-packaged by someone else. And we, for historical (hysterical?) reasons, have yet another location. We also want to run later versions of mailman than Red Hat provides (and certainly a later versions than we have been running, so will definitely build from source. However, since these locations involve things in the code that can be buried pretty deep, if you want to move a Mailman installation from one platform to another, I would recommend that you completely re-install Mailman from the appropriate sources on the new box, then copy over just the configuration files and archives for the lists. We will certainly do this; my concern is that if we end up in the unenviable position of having to leave our mail server on the old hardware for awhile, whether there is anything *other* than $MAILMAN_HOME/mail/mailman that I have to make sure gets built for that platform. I apologize in advance if I'm being particular stupid about this, but the day is fast approaching when we cut over to the new web server hardware, and I'd rather think about this ahead of time than sit there that day, saying, Well, sh*t, that's not good... -- Steve Burlingmailto:[EMAIL PROTECTED] University of Michigan, ICPSRVoice: +1 734 615.3779 330 Packard Street FAX: +1 734 647.8700 Ann Arbor, MI 48104-2910 -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Which parts of mailman are platform-dependent?
Steve Burling wrote: Unless I'm missing something (which is entirely possible), it's not true that Mailman is pure Python. There is a bunch of C code in $MAILMAN_SRC/src, which gets compiled into platform-specific executable files. These end up as $MAILMAN_HOME/mail/mailman, and $MAILMAN_HOME/cgi-bin/whatever. And it's these that I'm concerned with. You are correct. Since these modules get compiled and bound with local C runtime that is presumably platform specific, the bound programs are platform specific. $MAILMAN_HOME/mail/mailman gets executed by the MTA, as a result of the pipes in the alias file. So they had better be compiled for the same architecture as the mailer. $MAILMAN_HOME/cgi-bin/* get executed by the web server, and so had better be compiled for the same architecture as the web server. If, as might happen for us, those architectures are different, then some extra precautions have to be taken. Correct again. snip my concern is that if we end up in the unenviable position of having to leave our mail server on the old hardware for awhile, whether there is anything *other* than $MAILMAN_HOME/mail/mailman that I have to make sure gets built for that platform. configure has a --exec-prefix option to set the path for the architecture dependent stuff. This affects the paths for the mail/, cgi-bin/, and bin/ directories. It also affects the Defaults.py setting of EXEC_PREFIX which in turn sets WRAPPER_DIR which is only used by bin/check_perms and by Mailman/MTA/Utils.py for making aliases. I don't think there actually is any architecture dependant stuff in bin/, so I think you are correct to be concerned only with the wrappers in mail/ and cgi-bin/. -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Removing illegal character user names
Mike Maughan wrote: It is also possible I've discovered a bug, in which case the circumstances were a mass subscribe exercise where (in this case) I forgot to add a space between the username and the email address, so the input line looked like this User[EMAIL PROTECTED] and the list added them as this User [EMAIL PROTECTED] I can't quite duplicate this. If I try to add User[EMAIL PROTECTED], I add [EMAIL PROTECTED] with real name User as expected even though there is no separating space. However, I can add User[EMAIL PROTECTED] or User[EMAIL PROTECTED], and the address User[EMAIL PROTECTED] gets added with no real name. This too is what I would expect (I don't know if we should disallow in an email address). The problem, the underlying cause of which I haven't yet identified (it probably messes up the post data from the web page), is it appears that you can't remove a user with who has a in the email address by checking the unsub box on the membership list. However, you can remove this member by entering the address in Mass Removal. -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Slow delivery
On 3/8/07 10:44 PM, Herman Privyhum [EMAIL PROTECTED] wrote: --- Brad Knowles [EMAIL PROTECTED] wrote: I'd be willing to bet you're waiting on DNS timeouts at the remote end for one or more of your users -- their MTA is slowing you down, maybe as a result of trying to do a reverse DNS lookup on your IP address. Thanks to all for the thorough replies. It appears that the solution actually lies in disabling ident. In Exim, this is achieved by setting the timeout to 0. #rfc1413_query_timeout = 30s rfc1413_query_timeout = 0s I may go back and turn it on again with a smaller timeout (suggestions as to how long is reasonable?). Just a note: The default value of rfc1413_query_timeout was reduced in recent versions of Exim to, I think, 5s. That was in preference to changing it to 0s, as a change to 0s would impact sites which don't change that default, something Philip doesn't like to do except when the major version changes. Philip will be retired (late September) before Exim 5 is out--the Exim community is well along in setting up a structure to deal with that. His retirement is, IMHO, much scarier with respect to the PCRE library than is is with respect to Exim. --John -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Removing illegal character user names
Mark Sapiro wrote: However, I can add User[EMAIL PROTECTED] or User[EMAIL PROTECTED], and the address User[EMAIL PROTECTED] gets added with no real name. This too is what I would expect (I don't know if we should disallow in an email address). Quoted local parts are allowed in email addresses, so the above are probably not valid, but Useruser@example.com or User\user@example.com are valid. The problem, the underlying cause of which I haven't yet identified (it probably messes up the post data from the web page), is it appears that you can't remove a user with who has a in the email address by checking the unsub box on the membership list. However, you can remove this member by entering the address in Mass Removal. It's as I suspected. The various input tags on the Membership list look like INPUT name=[EMAIL PROTECTED] type=CHECKBOX value=off where [EMAIL PROTECTED] is the email address. Clearly, if the address contains double quotes, the field name gets truncated or garbled, so it isn't possible to change anything for this member from the Membership list page.. -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Removing illegal character user names
Mark Sapiro sent the message below at 12:41 PM 3/11/2007: It's as I suspected. The various input tags on the Membership list look like INPUT name=[EMAIL PROTECTED] type=CHECKBOX value=off where [EMAIL PROTECTED] is the email address. Clearly, if the address contains double quotes, the field name gets truncated or garbled, so it isn't possible to change anything for this member from the Membership list page.. End original message. - Which is valid, and proper HTML usage, all parameters in any HTML tag should be enclosed in quotes. It is mandatory in XHTML. So how do you deal with this? Quite simply by escaping any non alpha-numeric character with either its symbolic or numeric code. It is always good practice in dealing with any sort of CGI or user generated data to ensure that just such situations or worse will not occur. If there is a Python module out there for escaping HTML strings, it seems like it would be a fairly simple task to apply the escape function while generating the output to the page. Dragon ~~~ Venimus, Saltavimus, Bibimus (et naribus canium capti sumus) ~~~ -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Which parts of mailman are platform-dependent?
At 1:53 PM -0500 3/11/07, Steve Burling wrote: I apologize in advance if I'm being particular stupid about this, but the day is fast approaching when we cut over to the new web server hardware, and I'd rather think about this ahead of time than sit there that day, saying, Well, sh*t, that's not good... I think Mark probably has a better handle on what you're talking about, so ignore everything I've said and pay attention to him instead. -- Brad Knowles [EMAIL PROTECTED], Consultant Author LinkedIn Profile: http://tinyurl.com/y8kpxu Slides from Invited Talks: http://tinyurl.com/tj6q4 -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] sendmail and solaris stuff
The esteemed Barry Warsaw has said: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Feb 27, 2007, at 10:44 PM, [EMAIL PROTECTED] wrote: Since you guys aren't working with either Sendmail or Solaris, I think it would be best for me to walk through and record the entire process, and give that to you as a basis for inclusion where and however you want to use it. Sounds great Hank, thanks. - -Barry I'm about to post a Sendmail/Mailman step-by-step. I've reduced the process to four steps, but have not repeated the smrsh link step that is already in the installation manual. This is for a simple installation, and I have not addressed things like multiple mail queues or use of a remote mail host. The method in my madness is to try to address the needs of the new-to-sendmail administrator in a get a simple installation working first mode. After thinking about it, I decided not to attempt to discuss such things as configuring sendmail to operate with a remote mail host, multiple mail queues, or name service. I think that all of those are both very site dependent, and adequately covered in the referenced Sendmail documentation. It's a dirt simple approach to doing a new O/S install with Sendmail, Python and Mailman install, and configuring things to work. I did include the main.mc masquerading lines needed to do a 2-domain virtual domain setup, which may seem redundant, as these are Sendmail issues. However, the sendmail.org FAQ for doing virtual domains is broken (or was---last week was last time I checked) and the bat book is deceptively incomplete in its discussion. In addition to addressing Mailman/Sendmail specifics only, I generally take the Ockham's Razor approach to getting something new working (the simplest is the best), along with the corollary to that. If it ain't broke, don't fix it. The result may seem absurdly short and intellectually dissatisfying to some, but I don't see any point in making a big project out of what's really a simple job. Hank -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
[Mailman-Users] Integrating Sendmail and Solaris (installation guide)
Mailman, in its default configuration, readily integrates with a properly-configured sendmail installation. The discussion below gives specific file locations for a Solaris 9 installation. Solaris 10 locates the sendmail control file sources in /etc/mail/cf rather than /usr/lib/mail/cf. Locations of the sendmail executable and ancillary files are compile-time options for sendmail, so you will need to determine file locations for your specific installation. In our discussion, we also assume that the sendmail MTA that communicates with the Internet backbone and Mailman are installed on the same node (same hardware box). Steps required for a Mailman-sendmail integration: 1. Enable smrsh. Creating the directory links was covered in the previous installation step. In addition, assure that the link to the smrsh program is declared in main.mc. (/usr/lib/mail/cf/main.mc on a Solaris 9 system). FEATURE(smrsh, /usr/lib/smrsh)dnl 2. For each list that you create, you need to add a set of alias pipes to the aliases file (typically /etc/mail/aliases) and run the newaliases program (/usr/sbin/newaliases). If you are following this guide for an initial Mailman installation, you will not be creating lists until later steps. Mailman will give you the alias information when you create a list. Additionaly, the $(prefix)/bin/genaliases script will generate all of aliases needed for all lists that have been created to stdout. These are in the correct format for the sendmail aliases file. 3. Set up sendmail masquerading to correspond to the Mailman configuration. For example, if your installation is on a machine known as myhost.mydomain.net and you create a list to receive mail at [EMAIL PROTECTED], you will need to masquerade as mydomain.net. You will also need to masquerade the sending envelope as well. In its simplest form, the statements in main.mc for doing this are: MASQUERADE_AS(`mydomain.net')dnl FEATURE(`masquerade_envelope')dnl 4. Add the masquerade address to /etc/mail/local-host-names. For the example above, the local-host-names file must have: mydomain.net The above four items cover the basics needed to integrate Mailman with a simple sendmail installation. Except for the need to enable smrsh and to install piping aliases, virtually everything surrounding a Mailman installation supported by the sendmail MTA is specific to sendmail, and some of the above is abstracted from sendmail documentation. This documentation includes: The README included in the sendmail source distribution from http://www.sendmail.org/ Costales, Bryan: Sendmail, 3rd edition, O'Reilly, 2002 This is commonly referred to as the bat book. Costales, Bryan: Sendmail 8.13 Companion, O'Reilly, 2006 Additional resources are the web site and sendmail faq at: http://www.sendmail.org/ Usenet newsgroup comp.mail.sendmail For convenience, we include comments here on sendmail configuration considerations that often come up on the mailman-users list. References are to Costales, Sendmail. A general guiding principle when working with sendmail is to keep it simple. In particular, configure and test your sendmail installation thoroughly, with user accounts running simple MUA's such as elm or mutt, before expecting sendmail to work with Mailman. Virtually all of the problems users encounter with sendmail are visible to simple MUA testing. In particular, do ALL of your sendmail configuration through the M4 macro files, rather than attempting to read and edit the .cf files. Since your M4 files will quickly become site-specific, we recommend copying the the full M4 setup to a local directory, and managing the configuration from there. This will prevent a sendmail upgrade from overlaying your site's configuration, something that has historically been a problem to Solaris users, where a sendmail upgrade is included in a patch cluster. Management of sendmail .cf files through the M4 files is discussed in Sendmail chapter 4. Virtual Domain handling: This refers to the case where a server at mydomain.net handles mail for otherdomain.com. The authoritative DNS for otherdomain.com is set with A and/or MX records pointing to the same IP as that for mydomain.net. Handling this in sendmail is straightforward. Masquerading is covered in detail in Sendmail section 4.4, pp160ff. However, the discussion does not give a complete main.mc file masquerading configuration, which we include here for convenience: MASQUERADE_AS(`mydomain.net')dnl FEATURE(`masquerade_entire_domain')dnl FEATURE(`limited_masquerade')dnl LOCAL_DOMAIN(`mydomain.net otherdomain.com')dnl MASQUERADE_DOMAIN(`mydomain.net')dnl In short, you include all of the domain names you are handling, but only specify masquerading for domains where you need a nodename removed from the canonical name. You also need to add the additional domain(s) to /etc/mail/local-host-names; each domain name on a separate line. Note that local-host-names is actually
Re: [Mailman-Users] Removing illegal character user names
Dragon wrote: Mark Sapiro sent the message below at 12:41 PM 3/11/2007: It's as I suspected. The various input tags on the Membership list look like INPUT name=[EMAIL PROTECTED] type=CHECKBOX value=off where [EMAIL PROTECTED] is the email address. Clearly, if the address contains double quotes, the field name gets truncated or garbled, so it isn't possible to change anything for this member from the Membership list page.. End original message. - Which is valid, and proper HTML usage, all parameters in any HTML tag should be enclosed in quotes. It is mandatory in XHTML. I never meant to imply that this was not proper usage. I only quoted the input tag in order to show that the email address was part of a field name. So how do you deal with this? Quite simply by escaping any non alpha-numeric character with either its symbolic or numeric code. It is always good practice in dealing with any sort of CGI or user generated data to ensure that just such situations or worse will not occur. If there is a Python module out there for escaping HTML strings, it seems like it would be a fairly simple task to apply the escape function while generating the output to the page. That's half (or less) of the solution. The other part is recognizing the input field names with escaped characters. The change to the admin.py script is not that difficult. In case anyone is interested, I have attached a patch. I am reluctant to commit the patch for a few reasons. It breaks a couple of screen scraping mailman-subscribers.py scripts which can be fixed, but what else does it break? Also, I'm not sure that there's really a problem needing to be fixed. RFC 2821 allows quoted local-parts in email addresses, but are there any in practice? If someone inadvertently subscribes an address with quotes as the OP did, the bad address can be easily removed via mass-remove even though not by the unsub checkbox. I understand the point about good practice, and we do try to validate user input in Mailman to avoid possible XSS attacks via the web interface. What we're dealing with here are syntactically validated email addresses so the really nasty stuff has already been caught. Still, I'm interested in feedback from anyone who has an opinion about this. -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan Index: admin.py === --- admin.py(revision 8160) +++ admin.py(working copy) @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2006 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2007 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -982,15 +982,16 @@ } # Now populate the rows for addr in members: +qaddr = urllib.quote(addr) link = Link(mlist.GetOptionsURL(addr, obscure=1), mlist.getMemberCPAddress(addr)) fullname = Utils.uncanonstr(mlist.getMemberName(addr), mlist.preferred_language) -name = TextBox(addr + '_realname', fullname, size=longest).Format() -cells = [Center(CheckBox(addr + '_unsub', 'off', 0).Format()), +name = TextBox(qaddr + '_realname', fullname, size=longest).Format() +cells = [Center(CheckBox(qaddr + '_unsub', 'off', 0).Format()), link.Format() + 'br' + name + - Hidden('user', urllib.quote(addr)).Format(), + Hidden('user', qaddr).Format(), ] # Do the `mod' option if mlist.getMemberOption(addr, mm_cfg.Moderate): @@ -999,7 +1000,7 @@ else: value = 'off' checked = 0 -box = CheckBox('%s_mod' % addr, value, checked) +box = CheckBox('%s_mod' % qaddr, value, checked) cells.append(Center(box).Format()) for opt in ('hide', 'nomail', 'ack', 'notmetoo', 'nodupes'): extra = '' @@ -1018,23 +1019,23 @@ else: value = 'off' checked = 0 -box = CheckBox('%s_%s' % (addr, opt), value, checked) +box = CheckBox('%s_%s' % (qaddr, opt), value, checked) cells.append(Center(box.Format() + extra)) # This code is less efficient than the original which did a has_key on # the underlying dictionary attribute. This version is slower and # less memory efficient. It points to a new MemberAdaptor interface # method. if addr in mlist.getRegularMemberKeys(): -cells.append(Center(CheckBox(addr + '_digest', 'off', 0).Format())) +cells.append(Center(CheckBox(qaddr + '_digest', 'off', 0).Format())) else: -
Re: [Mailman-Users] Removing illegal character user names
Mark Sapiro writes: I understand the point about good practice, and we do try to validate user input in Mailman to avoid possible XSS attacks via the web interface. What we're dealing with here are syntactically validated email addresses so the really nasty stuff has already been caught. Still, I'm interested in feedback from anyone who has an opinion about this. How about a separate query box for getting at these unusual (if not bogus) addresses? Then the screenscrapers should continue to work, unless their parsers will break if the output is not identical up to the /html. For example, add to the member search query a find invalid addresses button. This should not cause any problems unless such addresses are present, and you don't need to worry about 100% RFC correctness (ie, you can be stricter than RFC 2822 demands) since any actual actions will be manual. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp