[Mailman-Users] Automated Subscription Bots Inundating ListOwners With Subscription Requests
mark at msapiro.net
Sun Dec 9 18:11:28 CET 2012
On 12/9/2012 8:14 AM, Ivan Fetch wrote:
> I downloaded the three modified files from this patch, and diffed them against 2.1.14 files. It looks like this patch will mostly apply to 2.1.14, but I'm not sure about the differences relating to comparing passwords, and the use of "strip." See 128,129c146,147 in the patch below for the what I am asking about.
> Here is my diff:
> < email = cgidata.getvalue('email', '')
>> email = cgidata.getvalue('email', '').strip()
The above is the fix for
<https://bugs.launchpad.net/mailman/+bug/745432>. It would be better to
include the .strip() as it fixes the bug.
> < password = cgidata.getvalue('pw')
> < confirmed = cgidata.getvalue('pw-conf')
>> password = cgidata.getvalue('pw', '').strip()
>> confirmed = cgidata.getvalue('pw-conf', '').strip()
> < if password is None and confirmed is None:
>> if not password and not confirmed:
> < elif password is None or confirmed is None:
>> elif not password or not confirmed:
The above is all part of the fix for
<https://bugs.launchpad.net/mailman/+bug/778088>. The full fix is at
It would be better to include the .strip() as that fixes the bug for the
subscribe form. The other changes at 131 and 133 are important if you
make the changes at 128,129c146,147 because the change from
cgidata.getvalue('..') to cgidata.getvalue('..', '') returns the null
string rather than None if the value is missing.
In other words, it is safe to install the patched 2.1.15 module in
2.1.14. The changes will fix bugs and not break anything.
Or you can apply just the patch to 2.1.14 and continue to live with the
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users