[Mailman-Users] Controlling Mailman 2.1.x remotely
mark at msapiro.net
Sun Aug 10 23:01:02 CEST 2014
On 08/10/2014 01:07 PM, S. Patrick Eaton wrote:
> ... has
> been providing a homegrown administrative interface that uses PHP and curl
> to simulate user interactions via POST.
> When a recent update to Mailman introduced CSRF tokens, however, this
> approach broke down and the organization has been struggling to figure out
> how to manage the lists ever since.
If you are authenticating to the admin interface via a cookie from a
preceding login, you can modify the PHP scripts to first GET the page,
parse the page for the value of csrf_token and submit csrf_token=<value>
along with the POST data.
On the other hand, if you authenticate by including
adminpw=<adminpassword> in the POST data, the CSRF token is not required
as it is only checked if authentication is not via password.
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users