On 07/30/2018 05:08 AM, Bernie Cosell wrote: > I'm trying to submit a form or two from a program and I can't quite > understand Mailman's form handling, this with Mailman 2.1.23. > > What I've done is a little program that does something simple: it first > authenticates [and gets the appropriate cookies], then I GET the > mass-removal page [to get its csrf_object. Then I do a simple POST with > just three form fields: > > csrf_object=> <whatever it was in the GET of the page> > unsubscribees => the email address, > 'setmemberopts_btn => 'Submit Your Changes' > > The response I get back is the original page - no error and no success, just > the mass-removal page again. It is what would happen if you clicked on > the submit button without giving it anything to do > > I've also tried a similar POSTing with every field from the form included, > and always the same: a 200 response and I get the mass-removal page back > again. I'd look at the code, but I'm a perl guy -- never messed with python. > > What does Mailman do to when receiving a POST to decide if there's > something to do or not? THANKS!
It looks at the POST data. In the case of the admin CGI just returning the Mass Removals form with no errors and no changes, this means it got the right path to LISTNAME/members/remove and it got a good csrf_token. Given that, the only way it would return the form with no message is if it got no non-blank values for unsubscribees or unsubscribees_upload. You refer to csrf_token as csrf_object. If you are really submitting the value as csrf_object, that wouldn't work, but you should get an error. If you are using some kind of framework for submitting the post that would receive a redirect response of some kind and transparently do the redirection (eg http -> https) before returning the result, this could be <https://wiki.list.org/x/4030602> so see that. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
