MM-2.1.15: Small bug regarding the "request forgery check"
![](https://secure.gravatar.com/avatar/267565c6ab7816fe29beedf9a9cbcd44.jpg?s=120&d=mm&r=g)
Today I check the subscribers list ("Membership Management... Section") on one of our lists and called up the legend using "Click here to include the legend for this table."
After clicking on that link, the page did indeed display the legend, but the page now starts with:
Error: The form lifetime has expired. (request forgery check)
-- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebrandt@charite.de Campus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
![](https://secure.gravatar.com/avatar/0fbcef57d028af495d8c9a5992405f78.jpg?s=120&d=mm&r=g)
On Sun, Nov 11, 2012 at 1:37 PM, Ralf Hildebrandt < Ralf.Hildebrandt@charite.de> wrote:
+1
Shows in mine too!
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223
I can't hear you -- I'm using the scrambler.
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 11/11/2012 2:37 AM, Ralf Hildebrandt wrote:
I found and fixed this several days ago. See <http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1366>.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/267565c6ab7816fe29beedf9a9cbcd44.jpg?s=120&d=mm&r=g)
- Mark Sapiro <mark@msapiro.net>:
Thanks. WOrking OK for me :)
-- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebrandt@charite.de Campus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
![](https://secure.gravatar.com/avatar/0fbcef57d028af495d8c9a5992405f78.jpg?s=120&d=mm&r=g)
On Sun, Nov 11, 2012 at 8:38 PM, Ralf Hildebrandt < Ralf.Hildebrandt@charite.de> wrote:
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223
I can't hear you -- I'm using the scrambler.
![](https://secure.gravatar.com/avatar/e8182135be0245df69df7ddf7f70856a.jpg?s=120&d=mm&r=g)
Hi everyone,
I had this issue with MM 2.1.16 and the listname/members?start=(email) URL: it would display the message "Error: The form lifetime has expired. (request forgery check)" at the top of the page.
Dug in my archives and found this reference:
On Sun, Nov 11, 2012 at 7:09 PM, Odhiambo Washington <odhiambo@gmail.com>wrote:
My problem was fixed by adding the parameter 'start' to the list of safe params on hte very same line of Cgi/admin.py
-- Fil
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 05/06/2014 11:44 PM, Fil wrote:
And what generates that URL? Do you have a local mod for this? I don't see where in the admin UI such a URL is generated or recognized.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/e8182135be0245df69df7ddf7f70856a.jpg?s=120&d=mm&r=g)
On Wed, May 7, 2014 at 4:18 PM, Mark Sapiro <mark@msapiro.net> wrote:
And what generates that URL? Do you have a local mod for this? I don't see where in the admin UI such a URL is generated or recognized.
hmmm -- now that you mention it... maybe it's coming from one of the patches I did around the MySQL MemberAdaptor, so the roster could work with 300k members.
-- Fil
![](https://secure.gravatar.com/avatar/0fbcef57d028af495d8c9a5992405f78.jpg?s=120&d=mm&r=g)
On Sun, Nov 11, 2012 at 1:37 PM, Ralf Hildebrandt < Ralf.Hildebrandt@charite.de> wrote:
+1
Shows in mine too!
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223
I can't hear you -- I'm using the scrambler.
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 11/11/2012 2:37 AM, Ralf Hildebrandt wrote:
I found and fixed this several days ago. See <http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1366>.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/267565c6ab7816fe29beedf9a9cbcd44.jpg?s=120&d=mm&r=g)
- Mark Sapiro <mark@msapiro.net>:
Thanks. WOrking OK for me :)
-- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebrandt@charite.de Campus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
![](https://secure.gravatar.com/avatar/0fbcef57d028af495d8c9a5992405f78.jpg?s=120&d=mm&r=g)
On Sun, Nov 11, 2012 at 8:38 PM, Ralf Hildebrandt < Ralf.Hildebrandt@charite.de> wrote:
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223
I can't hear you -- I'm using the scrambler.
![](https://secure.gravatar.com/avatar/e8182135be0245df69df7ddf7f70856a.jpg?s=120&d=mm&r=g)
Hi everyone,
I had this issue with MM 2.1.16 and the listname/members?start=(email) URL: it would display the message "Error: The form lifetime has expired. (request forgery check)" at the top of the page.
Dug in my archives and found this reference:
On Sun, Nov 11, 2012 at 7:09 PM, Odhiambo Washington <odhiambo@gmail.com>wrote:
My problem was fixed by adding the parameter 'start' to the list of safe params on hte very same line of Cgi/admin.py
-- Fil
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 05/06/2014 11:44 PM, Fil wrote:
And what generates that URL? Do you have a local mod for this? I don't see where in the admin UI such a URL is generated or recognized.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/e8182135be0245df69df7ddf7f70856a.jpg?s=120&d=mm&r=g)
On Wed, May 7, 2014 at 4:18 PM, Mark Sapiro <mark@msapiro.net> wrote:
And what generates that URL? Do you have a local mod for this? I don't see where in the admin UI such a URL is generated or recognized.
hmmm -- now that you mention it... maybe it's coming from one of the patches I did around the MySQL MemberAdaptor, so the roster could work with 300k members.
-- Fil
participants (4)
-
Fil
-
Mark Sapiro
-
Odhiambo Washington
-
Ralf Hildebrandt