[Mailman-Users] What does mailman do with a POST?

Mark Sapiro mark at msapiro.net
Tue Jul 31 18:53:51 EDT 2018

On 07/30/2018 05:08 AM, Bernie Cosell wrote:
> I'm trying to submit a form or two from a program and I can't quite 
> understand Mailman's form handling, this with Mailman 2.1.23.
> What I've done is a little program that does something simple: it first 
> authenticates [and gets the appropriate cookies], then I GET the 
> mass-removal page [to get its csrf_object.  Then I do a simple POST with 
> just three form fields:
> csrf_object=>  <whatever it was in the GET of the page>
> unsubscribees  => the email address,
> 'setmemberopts_btn  => 'Submit Your Changes'
> The response I get back is the original page - no error and no success, just 
> the mass-removal page again.  It is what would happen if you clicked on 
> the submit button without giving it anything to do
> I've also tried a similar POSTing with every field from the form included, 
> and always the same: a 200 response and I get the mass-removal page back 
> again.   I'd look at the code, but I'm a perl guy -- never messed with python.
> What does Mailman do to when receiving a POST to decide if there's 
> something to do or not?  THANKS!

It looks at the POST data. In the case of the admin CGI just returning
the Mass Removals form with no errors and no changes, this means it got
the right path to LISTNAME/members/remove and it got a good csrf_token.

Given that, the only way it would return the form with no message is if
it got no non-blank values for unsubscribees or unsubscribees_upload.

You refer to csrf_token as csrf_object. If you are really submitting the
value as csrf_object, that wouldn't work, but you should get an error.

If you are using some kind of framework for submitting the post that
would receive a redirect response of some kind and transparently do the
redirection (eg http -> https) before returning the result, this could
be <https://wiki.list.org/x/4030602> so see that.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list