[Bug 1429366] Re: Anatomy of list ids does not keep with that of urls causes some REST end points to return 404 always

Ankush Sharma ankprashar at gmail.com
Sun Mar 8 19:31:30 CET 2015


** Description changed:

  The hash(#) is a valid character as far as the local part of the email
  addresses is concerned. So, as the mailing list addresses are email
  addresses too, we can use # in the list names too. And, in context with
  mailman it works well. We can create a list with  list_id
  sam#hashed.host.org for the address sam#hashed at host.org . This works
  fine. But it makes the list_id to contain the hash character and
  therefore the REST endpoint for retrieving list wise info becomes
  invalid, i.e :
  
  <api-root>/lists/sam#hashed.host.org
  
  Because in an URL the stuff after # is treated as document starting point i.e an id identifier or something of a dom element. This is not a valid PATH for the server. Therefore the falcon wsgi request object does not contain information of that and the req.path simply returns sam as the list_id ( http://bazaar.launchpad.net/~mailman-coders/mailman/3.0/view/head:/src/mailman/rest/wsgiapp.py#L65 ) giving a 404 because there is no any list with list id sam.
  The mailman client works fine, it sends a GET to <api-root>lists/sam#hashed.host.org.
  
- This causes the REST end points which needs list_id to return 404 or in worse we can have a list_id clash between ids sam#XXXXX and sam. Further more if the list_id starts with a # character then the server finds list_id to be empty string and therefore we get a KEY ERROR because fqdn_listname is not set too. The bug highly effects postorius too. The lists index template at /postorius/lists/ cannot be rendered as it uses the former REST endpoint and again a 404 is given. And, until we delete this list from the database, we can't do anything except of getting a 404 and KEY ERROR each time.
- As far as security is concerned, if an another user created a public list using a hash character, then public list indexing would also fail.
+ This causes the REST end points which needs list_id to return 404 or in
+ worse we can have a list_id clash between ids sam#XXXXX and sam. Further
+ more if the list_id starts with a # character then the server finds
+ list_id to be empty string and therefore we get a KEY ERROR because
+ fqdn_listname is not set too. The bug highly effects postorius too. The
+ lists index template at /postorius/lists/ cannot be rendered as it uses
+ the former REST endpoint and again a 404 is given. And, until we delete
+ this list from the database, we can't do anything except of getting a
+ 404 and KEY ERROR each time.

-- 
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1429366

Title:
  Anatomy of list ids does not keep with that of urls causes some REST
  end points to return 404 always

To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1429366/+subscriptions


More information about the Mailman-coders mailing list