[Mailman-Developers] We may need to escape percent signs in admin forms

Tom Neff tneff at grassyhill.org
Fri Oct 22 14:50:23 CEST 2004

I notice that on one of my lists, a moderator had been using the "Add 
(address) to a sender filter" checkbox on a lot of pending moderator 
requests, so that a substantial list of automatic-discard addresses had 
been built *without* ever using the Sender Filters admin page.

When I went to the Sender Filters page myself and tried to change something 
else, the Submit blew up with

	TypeError: not enough arguments for format string

in htmlformat.py .  I googled this and on a couple of Python forums I found 
the suggestion than an un-escaped percent sign had found its way into a 
template.  My templates are untouched but Mailman builds a lot of documents 
on the fly, so I scanned the pre-submit Sender Filters page source for 
percents and lo, there were a couple in the list of auto-discard email 
addresses.  On a whim I removed them and re-Submitted.  Instant success.

I am too swamped to hack the Mailman code right now but if someone wants to 
take a look, it may be that there is something called addError that is 
passing un-escaped text.  We might want to come in after any template 
substitution and escape what's left.  Or something.

More information about the Mailman-Developers mailing list