[Mailman-Users] What does mailman do with a POST?

Richard Damon Richard at Damon-Family.org
Tue Jul 31 21:57:18 EDT 2018 

On 7/31/18 9:32 PM, Bernie Cosell wrote:
> On 31 Jul 2018 at 21:25, Richard Damon wrote:
>
>> On 7/31/18 9:15 PM, Bernie Cosell wrote:
>>> Here's the request I just sent:
>>>
>>> 'setmemberopts-btn' => 'Submit Your Changes',
>>>  'cookie' => 
>>>  'unsubscribees' => 'bernie'
>>> ----------------------------------------
>>>  '_method' => 'POST',
>>>                                         '_uri' => 
>>>
>>> Do I have to do something special with the data for the
>> 'unsubscribees' ?  I 
>>> know it is a TEXTAREA -- but I just assumed I could pass it a string
>> and 
>>> that'd be OK.
>> With Mailman2, submitting a non-subscribed email address to the
>> unsubscribe link doesn't give an error message.
> Hmm.  the server is running  2.1.23 and I just tried unsubscribing "bernie" 
> again from my web browser [and I'm still not on the list..:o)]  and I got:
> -------------------
> Cannot unsubscribe non-members:
>
>     bernie 
> -------------------------
> in bold red letters at the top and then it is followed by the rest of the HTML 
> for the mass-removal page.
>
>   /B\
>  If you read the text
>> sent back, it says something like IF you were subscribed, and email
>> will
>> be set to your email address to confirm the unsubscription. I presume
>> this is part of Mailmans privacy policy to not let people find out if
>> someone is subscribed to a list (assuming the list doesn't post the
>> subscriber list).
>>
>>
>> -- 
>> Richard Damon
>>
>> ------------------------------------------------------
>> Mailman-Users mailing list Mailman-Users at python.org
>> https://mail.python.org/mailman/listinfo/mailman-users
>> Mailman FAQ: http://wiki.list.org/x/AgA3
>> Security Policy: http://wiki.list.org/x/QIA9
>> Searchable Archives:
>> http://www.mail-archive.com/mailman-users%40python.org/
>> Unsubscribe:
>> https://mail.python.org/mailman/options/mailman-users/bernie%40fantasyfa
>> rm.com
>
>             Bernie Cosell
>        bernie at fantasyfarm.com
> -- Too many people; too few sheep --
>    
Sorry, I was thinking of the member unsubscribed page, not the admin page.
The admin does know who is subscribed so no hiding is needed.

One thought is could the anti-robot code be affecting you here, and you
need to add a pause between getting the token and submitting the form to
look like a human (it really shouldn't need to be active on admin pages,
but I don't know if it makes the distinction.)

-- 
Richard Damon

More information about the Mailman-Users mailing list