GNU Mailman

"#" in mail address confuses mailman

Bug #265809 reported by Effbot
2
Affects Status Importance Assigned to Milestone
GNU Mailman
Fix Released
Medium
Unassigned
GNU Mailman mailman-2.1

Bug Description

someone recently managed to subscribe himself to
the python.org image-sig mailing list, using an add-
ress looking a bit like this one:

    prefix#<email address hidden>

unfortunately, the web interface doesn't escape the
"#" character, so the web pages for this user cannot
be accessed:

    http://mail.python.org/mailman/options/image-
sig/prefix#user--at--some.com

(the browser strips off the "#" and everything after
it before sending the URL to mailman...).

I'm not sure what version python.org is running,
but I suspect that the Barry person might be able
to figure that out.

cheers /F

[http://sourceforge.net/tracker/index.php?func=detail&aid=649112&group_id=103&atid=100103]

Tags: web-cgi
Revision history for this message
Effbot (effbot) wrote :

(if this has been fixed, feel free to close this report)

Revision history for this message
Pavan Koli (pskoli93) wrote :

Tried to replicate the bug on Mailman 3, was able to subscribe an e-mail id with abcd#<email address hidden>.
The webpages related to the user were found to be accessible.

Changed in mailman:
status: New → Fix Released
Revision history for this message
Mark Sapiro (msapiro) wrote :

This is a Mailman 2.1 bug, not a Mailman 3 or Postorius bug. While it is the case coincidently that this bug was fixed in Mailman 2.1.10, that fix did not specifically target this bug and its status was not updated. It happens that 'Fix Released' is the correct status for this bug, but that is just a coincidence.

Changed in mailman:
milestone: none → mailman-2.1
Revision history for this message
Ankush Sharma (black-perl) wrote :

I have done a good amount of work regarding this, the work summary is here : https://bugs.launchpad.net/mailman.client/+bug/1429366 .

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.