admindb POST fails due to absolute addressing
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
New
|
Undecided
|
Unassigned |
Bug Description
The shared server I use employs re-directs from my domain name to their local server domain name. This is causing form submission POSTs to fail in the ADMINDB pages used to moderate user posts, but not in the ADMIN pages used to manage the Mailman list. A review of the server code reveals why -
The ADMIN pages use relative addressing in the form POST, so redirects are not an issue.
Whereas the ADMINDB pages use absolute addressing in the form POST. See examples below from my website -
THIS WORKS - From http://
<FORM action=
THIS DOESN'T WORK - From http://
<FORM action="http://
This hasn't been an issue for the 12 years I've used Mailman to manage user posts, but all of a sudden user post management is non-functional. I can't tell if this is a change in my shared server setup, or an update to Mailman 2.1.20 causing this.
There are probably Apache server settings I could change to solve this, but I can't access the folders needed to do so on a shared server. Is there a reason why the ADMINDB code couldn't be changed to use relative addressing like the code in ADMIN?
The underlying issue is redirects lose POST data. Most mainstream browsers when receiving a 301 or 302 in response to a POST will issue a GET of the new URI. HTTP 1.1 defined 307 and 308 redirects to specifically say that the browser should use the same request method for the new URI, but if the server is issuing a 301 or 302 redirect rather than a 307 or 308, the POST data is lost.
Your issue is not due to a Mailman change as the only change in this area was in Mailman 2.1.12 and that change made more URLs relative, not fewer. However, Your Mailman installation is cPanel, and this could be a cPanel issue. See http:// wiki.list. org/DOC/ Mailman% 20and%20CPanel , but http:// noonway. com/mailman/ admindb/ humor_noonway. com is definitely being redirected to http:// just63. justhost. com/mailman/ admindb/ humor_noonway. com with a 301 redirect. Many other cPanel Mailman hosts don't do this redirection as it breaks other things too.
Depending on how much access you have to the actual Mailman installation on the server, you may be able to change things. At around line 204 in Mailman/ Cgi/admindb. py you'll see
# Now print the results and we're done. Short circuit for when there URL('admindb' , absolute=1)
# are no pending requests, but be sure to save the results!
admindburl = mlist.GetScript
if you remove the ", absolute=1" from the last of those to make it
admindburl = mlist.GetScript URL('admindb' )
that should make the form action URL relative.
As for changing this in the upstream code, there are several places where absolute URLs are generated in this way. I don't know the historical reasons for this or what the unintended consequences might be if they were changed, so I'm reluctant to do so.
It definitely appears that just63.justhost.com has made mods to the basic cPanel Mailman, e.g. the "delegated access" on the admin(db) login pages and the lack of a link in the footer to "Overview of all noonway.com mailing lists" (which is another thing that wouldn't work because of the redirect), so they ought to fix this too.