[Mailman-Developers] [ mailman-Bugs-566691 ] check for subscriber
fails w/ moderated
noreply@sourceforge.net
noreply@sourceforge.net
Fri, 09 Aug 2002 12:38:39 -0700
Bugs item #566691, was opened at 2002-06-10 01:09
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=566691&group_id=103
Category: security/privacy
Group: 2.0.x
>Status: Closed
Resolution: None
Priority: 5
Submitted By: Jeff Garvas (jgarvas)
Assigned to: Nobody/Anonymous (nobody)
Summary: check for subscriber fails w/ moderated
Initial Comment:
When you run a list that is non-moderated, but you limit
posts to the subscribers list, a post by a non-member
results in this error:
Reason: Post by non-member to a members-only list
If you go into "Privacy Options" and change "Must posts
be approved by an administrator?" and
maintain "Restrict posting privilege to list members" a
post by a non-subscriber results in THIS reason:
Reason: Post to moderated list
Unless I am missing a configuration option, I believe this
is a flaw in the order in which mailman is checking
posts. Even if a list is moderated, the reason this
individual post was rejected should still read
Reason: Post by non-member to a members-only list
or, a new reason should be made like this:
Reason: Post by a non-member to a members-only
AND moderated list
This may seem like a silly request, but if you run a
members only list that happens to be moderated as
well, you run into the problem of accidentally approving a
post from a non-member when the content of that post
was "on topic".
Is there a fix for this? Would this classify as a bug?
Does anyone know of any other work arounds?
When you have a few thousand people on a mailing list,
its not really easy to realize on your own that a specific
individual isn't a subscriber to the list. Especially when
you have multiple individuals help administrate the list
itself.
----------------------------------------------------------------------
>Comment By: Barry A. Warsaw (bwarsaw)
Date: 2002-08-09 15:38
Message:
Logged In: YES
user_id=12800
I'm closing this bug report, because I've commented
favorably on the patch you posted, even though (sadly) it
won't be applied to MM2.0.x and isn't applicable to MM2.1.
----------------------------------------------------------------------
Comment By: Jeff Garvas (jgarvas)
Date: 2002-06-11 00:50
Message:
Logged In: YES
user_id=560554
I've been experimenting with Mailman/Handlers/Hold.py
(playing with python for the first time ever) and after spending
some time trying to figure out how to compile it, I came up
with a simple idea.
I moved the code that checks if the list is moderated to
immediately after the code that checks if the list
is "subscriber only" and the post is coming from a subscriber
or not.
The result: Exactly what I want. However, I don't know if I've
managed to miss something obvious by doing this. Have I
possibly broken an aspect of Mailman and I'm not realizing it?
With this modification to Hold.py a post from a non-
subscriber to a moderated (and subscriber only) list ends up
in the administrative queue with a reason of "Post by non-
member to member-only list" instead of a moderated list
bounce. This seems like the logical and proper way for this
to operate.
Can someone tell me if this appears to be a safe and proper
solution? If so, I think it should be rolled into the current
version. I generated a patch file with diff -C 2, attached here,
but possibly not created properly. Beware when running it! :)
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=566691&group_id=103