Bug#652747: patch

Mon, 20 Dec 2021 04:51:16 -0800 

Hello.

On Sat, 14 Sep 2013 13:21:37 +0200 Frederic Peters <fpet...@debian.org> wrote:

Hi,

I discovered that bug today and wrote a patch, I tested it against
mailman 2.1.13 (as found in Squeeze); I tracked the change in Mailman
and found it to be revision 972:

  CGI/admin.py
   The email address which forms a part of the various CGI data keys
   in the admin membership list is now urllib.quote()ed. This allows
   changing options for and unsubbing an address which contains a
   double-quote character.

  -- http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/972


        Fred

--- listadmin.pl.orig   2013-09-14 13:10:33.760699371 +0200
+++ listadmin.pl        2013-09-14 13:11:54.785101152 +0200
@@ -588,7 +588,7 @@
sub url_quote_parameter { 
     my $param = shift;
-    $param =~ s/(\W)/sprintf ("%%%02x", ord ($1))/ge;
+    $param =~ s/(\W)/sprintf ("%%%02X", ord ($1))/ge;
     $param;
 }
@@ -1763,6 +1763,7 @@ 
                  user => \@addresses);
     for my $a (@addresses) {
        $params{$a . "_unsub"} = "on";                      # Mailman 2.x
+       $params{url_quote_parameter($a) . "_unsub"} = "off" # Mailman >=2.1.12
     }
     my $resp = $ua->post($url, \%params);
     return $resp->status_line unless $resp->is_success;



This seems to encode "too much" AND the parameter has to be "on".

Against mailman 2.1.15 is apparently "enough" to just encode the "@" sign.

I propose this patch:


*** ./listadmin.orig    2018-09-20 19:26:39.000000000 +0200
--- ./listadmin 2021-12-20 13:39:33.153488479 +0100
*************** sub remove_subscribers {
*** 1836,1841 ****
--- 1836,1845 ----
                  user => \@addresses);
      for my $a (@addresses) {
        $params{$a . "_unsub"} = "on";                      # Mailman 2.x
+       # mailman > 2.1.11 encodes the "@" sign
+       my $b = $a;
+       $b =~ s/@/%40/;
+       $params{$b . "_unsub"} = "on";                      # Mailman > 2.1.11
      }
      my $resp = $ua->post($url, \%params);
      return $resp->status_line unless $resp->is_success;

Regards,
S. Ziehe

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to