Member options page broken
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
High
|
Barry Warsaw |
Bug Description
My list URL is http://
When I go there, and enter my address in the
'scr Subscribers' box, I get sent to
http://
and the form has an ACTION= set to
../../<email address hidden>
This is incorrect; there's one too many '..' on that
path.
I think the problem is that Utils.GetNestin
uses PATH_INFO to set the nesting level (counting
'/' after prepending '/' if necessary). PATH_INFO
for the submission from listinfo/scr is set to
"<email address hidden>", which ends up with
_nesting_level set to 2; however, that assumes
that <email address hidden> is an actual script name, and
it's not; it's another argument to listinfo.
I think the problem is the hack inside subscribe.py,
which sets PATH_INFO to <email address hidden>;
that confuses GetNestingLevel into doing the wrong
URL.
I think setting PATH_INFO like that is wrong.
[http://
Actually, what's wrong is that PATH_INFO is used
to infer anything about script level; it's completely
arbitrary. I think GetNestingLevel should be doing
something like:
1) take SCRIPT_NAME and remove any base_url from
it
2) resolve any ../ stuff
3) count path elements in the result