[Mailman-Users] Controlling Mailman 2.1.x remotely

[S. Patrick Eaton]

Hello, Mailman experts.

I've been doing some development work for a Tokyo-based NPO that offers
participation in a number of Mailman lists as one of the benefits of
membership in the organization. Because membership in the organization is a
requirement for participating in the Mailman discussions, the organization
has not been providing members with direct access to the Mailman
administrative features for subscribing and unsubscribing, but instead has
been providing a homegrown administrative interface that uses PHP and curl
to simulate user interactions via POST.

When a recent update to Mailman introduced CSRF tokens, however, this
approach broke down and the organization has been struggling to figure out
how to manage the lists ever since. We know that Mailman 3 provides an API,
which is exactly what we need, but because the site and Mailman lists are
both on shared hosting, we are currently only able to use Mailman 2.1.x.

Can anyone recommend a good approach to managing subscriptions in an
automated way using either PHP or Python until such time as we can get our
host to upgrade to Mailman 3?

Any suggestions or pointers would be greatly appreciated.

With many thanks in advance,

Sako Eaton
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Controlling Mailman 2.1.x remotely

[Mark Sapiro]

On 08/10/2014 01:07 PM, S. Patrick Eaton wrote:
 
 ... has
 been providing a homegrown administrative interface that uses PHP and curl
 to simulate user interactions via POST.
 
 When a recent update to Mailman introduced CSRF tokens, however, this
 approach broke down and the organization has been struggling to figure out
 how to manage the lists ever since.


If you are authenticating to the admin interface via a cookie from a
preceding login, you can modify the PHP scripts to first GET the page,
parse the page for the value of csrf_token and submit csrf_token=value
along with the POST data.

On the other hand, if you authenticate by including
adminpw=adminpassword in the POST data, the CSRF token is not required
as it is only checked if authentication is not via password.

See http://wiki.list.org/x/Z4A9.

-- 
Mark Sapiro m...@msapiro.netThe highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org