admindb POST fails due to absolute addressing

Bug #1568547 reported by Rob Button
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNU Mailman
New
Undecided
Unassigned

Bug Description

The shared server I use employs re-directs from my domain name to their local server domain name. This is causing form submission POSTs to fail in the ADMINDB pages used to moderate user posts, but not in the ADMIN pages used to manage the Mailman list. A review of the server code reveals why -

The ADMIN pages use relative addressing in the form POST, so redirects are not an issue.
Whereas the ADMINDB pages use absolute addressing in the form POST. See examples below from my website -

THIS WORKS - From http://just63.justhost.com/mailman/admin/humor_noonway.com
<FORM action="../admin/humor_noonway.com/general" method="POST" >

THIS DOESN'T WORK - From http://just63.justhost.com/mailman/admindb/humor_noonway.com
<FORM action="http://noonway.com/mailman/admindb/humor_noonway.com" method="POST" >

This hasn't been an issue for the 12 years I've used Mailman to manage user posts, but all of a sudden user post management is non-functional. I can't tell if this is a change in my shared server setup, or an update to Mailman 2.1.20 causing this.

There are probably Apache server settings I could change to solve this, but I can't access the folders needed to do so on a shared server. Is there a reason why the ADMINDB code couldn't be changed to use relative addressing like the code in ADMIN?

Revision history for this message
Mark Sapiro (msapiro) wrote :

The underlying issue is redirects lose POST data. Most mainstream browsers when receiving a 301 or 302 in response to a POST will issue a GET of the new URI. HTTP 1.1 defined 307 and 308 redirects to specifically say that the browser should use the same request method for the new URI, but if the server is issuing a 301 or 302 redirect rather than a 307 or 308, the POST data is lost.

Your issue is not due to a Mailman change as the only change in this area was in Mailman 2.1.12 and that change made more URLs relative, not fewer. However, Your Mailman installation is cPanel, and this could be a cPanel issue. See http://wiki.list.org/DOC/Mailman%20and%20CPanel , but http://noonway.com/mailman/admindb/humor_noonway.com is definitely being redirected to http://just63.justhost.com/mailman/admindb/humor_noonway.com with a 301 redirect. Many other cPanel Mailman hosts don't do this redirection as it breaks other things too.

Depending on how much access you have to the actual Mailman installation on the server, you may be able to change things. At around line 204 in Mailman/Cgi/admindb.py you'll see

        # Now print the results and we're done. Short circuit for when there
        # are no pending requests, but be sure to save the results!
        admindburl = mlist.GetScriptURL('admindb', absolute=1)

if you remove the ", absolute=1" from the last of those to make it

        admindburl = mlist.GetScriptURL('admindb')

that should make the form action URL relative.

As for changing this in the upstream code, there are several places where absolute URLs are generated in this way. I don't know the historical reasons for this or what the unintended consequences might be if they were changed, so I'm reluctant to do so.

It definitely appears that just63.justhost.com has made mods to the basic cPanel Mailman, e.g. the "delegated access" on the admin(db) login pages and the lack of a link in the footer to "Overview of all noonway.com mailing lists" (which is another thing that wouldn't work because of the redirect), so they ought to fix this too.

Revision history for this message
Rob Button (q-rob-m) wrote : Re: [Bug 1568547] Re: admindb POST fails due to absolute addressing
Download full text (4.2 KiB)

Mark,

I greatly appreciate the detailed reply. I’ll see if I can get JustHost to fix this for me, although they haven’t been at all responsive which is why I posted a bug report.
Maybe another fix would be for me to install Mailman into a directory I can access.

Thanks again,
Rob.

> On Apr 10, 2016, at 1:40 PM, Mark Sapiro <email address hidden> wrote:
>
> The underlying issue is redirects lose POST data. Most mainstream
> browsers when receiving a 301 or 302 in response to a POST will issue a
> GET of the new URI. HTTP 1.1 defined 307 and 308 redirects to
> specifically say that the browser should use the same request method for
> the new URI, but if the server is issuing a 301 or 302 redirect rather
> than a 307 or 308, the POST data is lost.
>
> Your issue is not due to a Mailman change as the only change in this
> area was in Mailman 2.1.12 and that change made more URLs relative, not
> fewer. However, Your Mailman installation is cPanel, and this could be a
> cPanel issue. See http://wiki.list.org/DOC/Mailman%20and%20CPanel , but
> http://noonway.com/mailman/admindb/humor_noonway.com is definitely being
> redirected to
> http://just63.justhost.com/mailman/admindb/humor_noonway.com with a 301
> redirect. Many other cPanel Mailman hosts don't do this redirection as
> it breaks other things too.
>
> Depending on how much access you have to the actual Mailman installation
> on the server, you may be able to change things. At around line 204 in
> Mailman/Cgi/admindb.py you'll see
>
> # Now print the results and we're done. Short circuit for when there
> # are no pending requests, but be sure to save the results!
> admindburl = mlist.GetScriptURL('admindb', absolute=1)
>
> if you remove the ", absolute=1" from the last of those to make it
>
> admindburl = mlist.GetScriptURL('admindb')
>
> that should make the form action URL relative.
>
> As for changing this in the upstream code, there are several places
> where absolute URLs are generated in this way. I don't know the
> historical reasons for this or what the unintended consequences might be
> if they were changed, so I'm reluctant to do so.
>
> It definitely appears that just63.justhost.com has made mods to the
> basic cPanel Mailman, e.g. the "delegated access" on the admin(db) login
> pages and the lack of a link in the footer to "Overview of all
> noonway.com mailing lists" (which is another thing that wouldn't work
> because of the redirect), so they ought to fix this too.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1568547
>
> Title:
> admindb POST fails due to absolute addressing
>
> Status in GNU Mailman:
> New
>
> Bug description:
> The shared server I use employs re-directs from my domain name to
> their local server domain name. This is causing form submission POSTs
> to fail in the ADMINDB pages used to moderate user posts, but not in
> the ADMIN pages used to manage the Mailman list. A review of the
> server code reveals why -
>
> The ADMIN pages use relative addressing in the form POST, so redirects are not an issue.
> Whereas the ADMINDB pag...

Read more...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers