Hi Mark, the workaround works fine.
Thanks a lot for the great support. Gerhard Rappenecker >>> > On 06/13/2013 03:51 AM, Gerhard Rappenecker wrote: >> Hi all, >> >> since upgrading to mailman 2.1.15 the following problem occurs: >> >> When lists admins want to change the list parameters or member-list by the > webinterface they receive: >> "Error: The form lifetime has expired. (request forgery check)" and no > change is done. >> >> IMPORTANT: This error only happens when the list-name contains a plus-sign > "+", like e+t...@lists.myorg.com. > > > This is a bug in the new CSRF checking scheme introduced in 2.1.15. It > will take me a day or so to do a proper fix. In the mean time, you can > edit the Mailman/CSRFcheck.py module by adding immediately following the > lines > > def csrf_check(mlist, token): > """ check token by mailman cookie validation algorithm """ > > the line > > return True > > which will effectively disable the check and return pre-2.1.15 behavior. > > -- > Mark Sapiro <m...@msapiro.net> The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users@python.org > http://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ > Unsubscribe: > http://mail.python.org/mailman/options/mailman-users/g.rappenecker%40hs-offen > burg.de ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
