Bug 231594 - mailman input data validation bug- redhat affected too
mailman input data validation bug- redhat affected too
Status: CLOSED DEFERRED
Product: Red Hat Web Site
Classification: Red Hat
Component: Other (Show other bugs)
current
All Linux
medium Severity medium
: ---
: ---
Assigned To: Web Development
Web Development
http://www.redhat.com/mailman/options...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-09 02:05 EST by Adrian
Modified: 2007-10-17 12:34 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-10-17 12:34:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adrian 2007-03-09 02:05:32 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2

Description of problem:
summary:
mailman goes amnesic if you subscribe with a mail address ending in ":". You cannot unsubscribe/change options.


more details:
I think I might have triggered a bug in the list manager. ooops.

I subscribed to the fedora-package-announce list but somehow my mail address went through as "my_address@my_host:"

Yes, that is a ":" character at the end of the address. I think it went in there because I used the clipboard and pasted the address instead of typing it manually. I got some extra data in this way. ouch.

I did not notice the ":" character at first because the list manager interface did not show any error message (input data validation should have caught this), and also because the confirmation mail arrived correctly. 

I used the http link in the message to confirm, but when i tried to go to the interface to set the list options i got this message:

=======================================
Bug in Mailman version 2.1.5

We're sorry, we hit a bug!

Please inform the webmaster for this site of this problem. Printing of
traceback and other system information has been explicitly inhibited,
but the webmaster can find this information in the Mailman error logs.
=======================================

I can't even set the options now, i cannot even unsubscribe.


when i go to the page

http://www.redhat.com/mailman/options/fedora-package-announce/my_address%40my_host%3A
(taken from the mailing list reminder i received)

and when I click the UNSUBSCRIBE button, everything works, i get an unsubscribe confirmation request message.

http://www.redhat.com/mailman/confirm/fedora-package-announce/0929f56957342bf7003babe116ffac47adf3e418

i click it to confirm, get to a page 
....
Hit the Unsubscribe button below to complete the confirmation process.
Or hit Cancel and discard to cancel this unsubscibe request.
....

BUT when i click the unsubscribe button i get this:
=========================
Bad confirmation string
Invalid confirmation string. It is possible that you are attempting to confirm a request for an address that has already been unsubscribed.
========================


I already contacted the list managers (fedora-package-announce-owner at_redhat.com, notting at_ redhat.com, and jkeating at_redhat.com), but i have not received any reply yet.


Version-Release number of selected component (if applicable):
(the current one used by redhat for the list manager interface)

How reproducible:
Always


Steps to Reproduce:
1. subscribe with an email address which has the character ":" added at the end
2. wait for confirmation mail to arrive, click the confirmation link
3. now try to change subscription options in the web interface, or even to unsubscribe. you can't.

Actual Results:
mailman errors that corrupt the subscribers list database format.

Expected Results:
normal subscription options editing or normal unsubscription

Additional info:
Comment 1 Adrian 2007-06-25 13:48:39 EDT
edit:
hmm, seems this is another instance of this bug, from april 2005 on fourceforge:

http://sourceforge.net/tracker/index.php?func=detail&aid=1180872&group_id=103&atid=100103

[ 1180872 ] subscriber with colon in address can't be removed
Comment 2 Max Spevack 2007-06-25 13:49:50 EDT
I solved this guy's issue related to Fedora, but doesn't change the fact that
there is a bug in mailman that prevents the mailman administration tools from
handling an email address that contains a colon.
Comment 3 manoj 2007-10-17 12:34:14 EDT
Assigned to appropriate group

Note You need to log in before you can comment on or make changes to this bug.