[Pkg-mailman-hackers] Bug#458045: mailman: When run on SSL host: admindb form contains NON-ssl action URL
Ralf G. R. Bergs
Ralf+Debian at Bergs.BIZ
Fri Dec 28 08:59:37 UTC 2007
Package: mailman
Version: 1:2.1.9-7
Severity: important
I'm running Mailman on an SSL host. When I try to work on administrative
requests, i. e. to discard a held message, and press the "Submit All Data"
form submit button, my browser (Firefox 2.0.0.11) sends a POST request
against the non-SSL host, because the action URL constructed by
/cgi-bin/mailman/admindb starts with http://...
Moreover, my non-SSL host redirects all requests to http://... to the SSL
host, i. e. http://my.host/foobar would be redirected to
https://my.host/foobar. This also happens with the form POST request
described above. Mailmain's CGI executable /cgi-bin/mailman/admindb *does*
follow the Location header to the SSL host, BUT it doesn't send a POST
afterwards to the new location, but instead sends a GET request. That means
my changes aren't applied, but instead the current (unchanged!) status is
requested again.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable'), (650, 'testing')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-amd64
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)
Versions of packages mailman depends on:
ii adduser 3.102 Add and remove users and groups
ii apache2-mpm-prefork [h 2.2.3-4+etch3 Traditional model for Apache HTTPD
ii cron 3.0pl1-100 management of regular background p
ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy
ii exim4 4.63-17 metapackage to ease exim MTA (v4)
ii exim4-daemon-heavy [ma 4.63-17 exim MTA (v4) daemon with extended
ii libc6 2.3.6.ds1-13etch4 GNU C Library: Shared libraries
ii logrotate 3.7.1-3 Log rotation utility
ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip
ii pwgen 2.05-1 Automatic Password generation
ii python 2.4.4-2 An interactive high-level object-o
ii python-support 0.5.6 automated rebuilding support for p
ii ucf 2.0020 Update Configuration File: preserv
mailman recommends no packages.
-- debconf information:
mailman/queue_files_present:
* mailman/default_server_language: en
* mailman/gate_news: false
* mailman/site_languages: en
* mailman/used_languages: en
* mailman/create_site_list:
More information about the Pkg-mailman-hackers
mailing list