[Mailman-Users] ModSecurity false positive on list options pages

Mark Sapiro mark at msapiro.net
Tue Oct 10 22:23:30 EDT 2017

On 10/10/2017 11:54 AM, Russell Clemings wrote:
> I'm posting this mostly for the sake of anyone else who runs into this
> problem. If there's a simple fix on the Mailman side, though, so much the
> better. Maybe substitute another character for the dot?

It would be fairly simple to modify Mailman.Utils.ObscureEmail and
Mailman.Utils.UnobscureEmail to in addition to replacing @ with --at--
replace the final dot with say an = and vice versa. It could even be
done in a way that would allow a URL with --at-- and no = in the domain
to still work.

However, it's more complex than that because a list can be configured
with Privacy options... -> Subscription rules -> obscure_addresses = No
and Mailman.Utils.ObscureEmail won't be called to munge the address(es).

For this and other reasons having to do with simply wanting to dial way
back on MM 2.1 in favor of MM 3, I'm not inclined to do this, at least
for 2.1.25.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list