Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 231594 - mailman input data validation bug- redhat affected too
Summary: mailman input data validation bug- redhat affected too
Alias: None
Product: Red Hat Web Site
Classification: Red Hat
Component: Other
Version: current
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Web Development
QA Contact: Web Development
Depends On:
TreeView+ depends on / blocked
Reported: 2007-03-09 07:05 UTC by Adrian
Modified: 2007-10-17 16:34 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-10-17 16:34:14 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Adrian 2007-03-09 07:05:32 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20070219 Firefox/

Description of problem:
mailman goes amnesic if you subscribe with a mail address ending in ":". You cannot unsubscribe/change options.

more details:
I think I might have triggered a bug in the list manager. ooops.

I subscribed to the fedora-package-announce list but somehow my mail address went through as "my_address@my_host:"

Yes, that is a ":" character at the end of the address. I think it went in there because I used the clipboard and pasted the address instead of typing it manually. I got some extra data in this way. ouch.

I did not notice the ":" character at first because the list manager interface did not show any error message (input data validation should have caught this), and also because the confirmation mail arrived correctly. 

I used the http link in the message to confirm, but when i tried to go to the interface to set the list options i got this message:

Bug in Mailman version 2.1.5

We're sorry, we hit a bug!

Please inform the webmaster for this site of this problem. Printing of
traceback and other system information has been explicitly inhibited,
but the webmaster can find this information in the Mailman error logs.

I can't even set the options now, i cannot even unsubscribe.

when i go to the page
(taken from the mailing list reminder i received)

and when I click the UNSUBSCRIBE button, everything works, i get an unsubscribe confirmation request message.

i click it to confirm, get to a page 
Hit the Unsubscribe button below to complete the confirmation process.
Or hit Cancel and discard to cancel this unsubscibe request.

BUT when i click the unsubscribe button i get this:
Bad confirmation string
Invalid confirmation string. It is possible that you are attempting to confirm a request for an address that has already been unsubscribed.

I already contacted the list managers (fedora-package-announce-owner, notting at_, and jkeating, but i have not received any reply yet.

Version-Release number of selected component (if applicable):
(the current one used by redhat for the list manager interface)

How reproducible:

Steps to Reproduce:
1. subscribe with an email address which has the character ":" added at the end
2. wait for confirmation mail to arrive, click the confirmation link
3. now try to change subscription options in the web interface, or even to unsubscribe. you can't.

Actual Results:
mailman errors that corrupt the subscribers list database format.

Expected Results:
normal subscription options editing or normal unsubscription

Additional info:

Comment 1 Adrian 2007-06-25 17:48:39 UTC
hmm, seems this is another instance of this bug, from april 2005 on fourceforge:

[ 1180872 ] subscriber with colon in address can't be removed

Comment 2 Max Spevack 2007-06-25 17:49:50 UTC
I solved this guy's issue related to Fedora, but doesn't change the fact that
there is a bug in mailman that prevents the mailman administration tools from
handling an email address that contains a colon.

Comment 3 manoj 2007-10-17 16:34:14 UTC
Assigned to appropriate group

Note You need to log in before you can comment on or make changes to this bug.