On 06/13/2013 03:51 AM, Gerhard Rappenecker wrote:
> Hi all,
>
> since upgrading to mailman 2.1.15 the following problem occurs:
>
> When lists admins want to change the list parameters or member-list by the
> webinterface they receive:
> "Error: The form lifetime has expired. (request forgery check)" and no change
> is done.
>
> IMPORTANT: This error only happens when the list-name contains a plus-sign
> "+", like e+t...@lists.myorg.com.
This is a bug in the new CSRF checking scheme introduced in 2.1.15. It
will take me a day or so to do a proper fix. In the mean time, you can
edit the Mailman/CSRFcheck.py module by adding immediately following the
lines
def csrf_check(mlist, token):
""" check token by mailman cookie validation algorithm """
the line
return True
which will effectively disable the check and return pre-2.1.15 behavior.
--
Mark Sapiro <m...@msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
