Mailman's CGI doesn't seem to handle the PROPFIND HTTP Request Method
Forwarding a bug from the Debian bug tracking system: http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=202821 Anyone else seen this? What wrong here/who's fault is this? <QUOTE> When browsing Mailman's administrative pages, Galeon does some PROPFIND HTTP (WebDAV ?) requests. It seems that MailMan then tries to answer to these requests instead of ignoring them, and fails : --- Mailman's traceback --- Jul 25 10:09:29 2003 admin(18164): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(18164): [----- Mailman Version: 2.1.2 -----] admin(18164): [----- Traceback ------] admin(18164): Traceback (most recent call last): admin(18164): File "/var/lib/mailman/scripts/driver", line 87, in run_main admin(18164): main() admin(18164): File "/usr/lib/mailman/Mailman/Cgi/admin.py", line 82, in main admin(18164): cgidata.getvalue('adminpw', '')): admin(18164): File "/usr/lib/python2.2/cgi.py", line 558, in getvalue admin(18164): if self.has_key(key): admin(18164): File "/usr/lib/python2.2/cgi.py", line 601, in has_key admin(18164): raise TypeError, "not indexable" admin(18164): TypeError: not indexable admin(18164): [----- Python Information -----] admin(18164): sys.version = 2.2.3+ (#1, Jul 5 2003, 11:04:18) [GCC 3.3.1 20030626 (Debian prerelease)] admin(18164): sys.executable = /usr/bin/python admin(18164): sys.prefix = /usr admin(18164): sys.exec_prefix = /usr admin(18164): sys.path = /usr admin(18164): sys.platform = linux2 admin(18164): [----- Environment Variables -----] admin(18164): HTTP_ACCEPT: */* admin(18164): PYTHONPATH: /var/lib/mailman admin(18164): SERVER_SOFTWARE: Apache/1.3.27 (Unix) Debian GNU/Linux PHP/4.1.2 admin(18164): SCRIPT_FILENAME: /usr/lib/cgi-bin/mailman/admin admin(18164): SERVER_ADMIN: root@www.librelogiciel.com admin(18164): SCRIPT_NAME: /mailman/admin admin(18164): SERVER_SIGNATURE: admin(18164): REQUEST_METHOD: PROPFIND ... --- Mailman's traceback --- </QUOTE> -- Daniel Buchmann <avalon@users.sourceforge.net>
* Daniel Buchmann | Forwarding a bug from the Debian bug tracking system: | http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=202821 | | Anyone else seen this? What wrong here/who's fault is this? It seems to me like the driver wrapper should filter out everything which is not in ['GET', 'POST', 'HEAD']. Something like --- mailman-2.1.2.orig/scripts/driver +++ mailman-2.1.2/scripts/driver @@ -56,6 +56,7 @@ # These will ensure that even if something between now and the # creation of the real logger below fails, we can still get # *something* meaningful. + logger = None try: import paths @@ -81,6 +82,15 @@ module = getattr(pkg, scriptname) main = getattr(module, 'main') try: + import os + request_method = os.environ.get('REQUEST_METHOD') + if not request_method in ['GET', 'POST', 'HEAD']: + print "Status: 405 Method not allowed" + print "Content-type: text/plain" + print + print "The method is not allowed" + sys.exit() + try: sys.stderr = logger sys.stdout = tempstdout works for me. -- Tollef Fog Heen ,''`. UNIX is user friendly, it's just picky about who its friends are : :' : `. `' `-
participants (2)
-
Daniel Buchmann -
Tollef Fog Heen