Public bug reported:
The only way to get access to the list of users for my group is via the email interface "who" request. Mailman quite properly allows me to set arbitrary passwords that may have spaces. However the email interface becomes confused when I send who This is just one password email@example.com
It seems like the parser should correctly note the "address=" keyword and figure out that everything (space delimited) between "who" and "address" is password. OR it should allow shell-like quoting.
** Affects: mailman Importance: Undecided Status: New
The issue is the whole command line is 'parsed' into tokens by CommandRunner using split(). CommandRunner has no knowledge of the syntax of the command. It only knows the first token is the command name and it passes the list of tokens to the command. Thus, the 'who' command gets ['This', 'is', 'just', 'one', 'password', 'firstname.lastname@example.org']. Even if it were to recognize that arg is an 'address=' and assume arg[:5] is the words of the password, it still doesn't know how to reassemble them as there may have been multiple spaces between words.
The correct fix would be to teach CommandRunner about quotes and escapes so it could correctly parse 'How's this for a password' into one token. This is complex, but I'll work on it.
I'm curious though as to why you can't get the roster via the web UI.
** Changed in: mailman Status: New => Confirmed
** Changed in: mailman Assignee: (unassigned) => Mark Sapiro (msapiro)
Thanks. If you can reasonably peel off part of your "work on it" I'd be happy to lay a hand to it. I've been developing in python now for a decade more or less (with intervals when Java was shop-required). Just finished moving my personal library of tools to Python 3, but only aliased "python" to python3 last week. Oh, and I'm retired, so there is free time, albeit not as much as folks with jobs think.
What I'd really like is a web interface such as I provide for the dance weekend pages I administer: A button that offers "download as CSV" for the Membership list. Barring that, accessing all 787 list members, one page at a time, scraping the pages into an editor, and then doing what I need to do would be a serious PITA. The "who" command is _exactly_ what I want. So, until now, my work process has been. And: I have no sysadmin access to the list: On that server I'm a pure (admin-level for mailman) user.
try it (about annually, so I forget between) realize it failed realize what the problem is change the password grab the info change the password again
As you can imagine, this is less than ideal.
Oh, and I'm retired, so there is free time, albeit not as much as
folks with jobs think.
I'm retired too (27 + years). You've probably heard the line "There are two kinds of retired people - those who are bored stiff and those who can't figure out how they ever had time to go to work." I think we're both in the latter category.
What I'd really like is a web interface such as I provide for the
dance weekend pages I administer: A button that offers "download as CSV" for the Membership list.
If you have admin access to the list, it will screen scrape the admin membership list and give you what you want.
As far as fixing this bug, I have this idea:
import re # See https://www.metaltoad.com/blog/regex-quoted-string-escapable-quotes qre = re.compile(r"""((?<![\])['"])((?:.(?!(?<![\])\1))*.?)\1""")
def get_args(s): mo = qre.search(s) if not mo: return s.split() else: args = s[:mo.start()].split() args.append(re.sub('\\(['"])', '\1', mo.group(2))) args.extend(get_args(s[mo.end():])) return args
The re.sub() in the args.append is because without it the ' in
'How's this for a password'
gets returned literally as ' rather than just '.
I still need to do more testing to be sure it won't break anything. The main concern I have is if someone has a password that has quotes and/or backslashes in it, this will potentially break something that currently works. For example, an actual password of ab'cd'ef will be split into 3 tokens and fail
But since you don't have sysadmin access to the server, even if this gets in the next release, when do you think it will get to you?
Also, the roster (http(s)://example.com/roster/list_name), as opposed to the admin membership list, is all on one page.
Because of the ambiguity over a quoted password vs. a password containing quotes, I don't think I can fix this without potentially breaking things.
Also, see https://wiki.list.org/x/4030569 for other ways to get a member list.
** Changed in: mailman Importance: Undecided => Low
** Changed in: mailman Status: Confirmed => Won't Fix