Well, I found a workaround that may have completely obviated this. I found instructions for individually handling outstanding moderator requests from the command line using withlist, and went through and flushed the 7 spammy requests that were in there. (I'd forgotten to include that this traceback was triggered from a single list's admindb URL.) With request.pck down to 20 bytes, we're back to normal.
I'm going to presume that there were requests in there that were somehow corrupted by the upgrade process?
On 11/12/2021 4:06 PM, Joel Lord wrote:
I'm not sure if this is a bug or something about the new CSRF fix doesn't get along with something I have (mis)configured, but this definitely seems to be related. Sadly the script I use to backup mailman before upgrading I recently stopped backing up the lists themselves, so going back to 2.1.35 doesn't seem to be an option due to the .pck file version bump. Here's the trace I get:
Traceback (most recent call last): File "/mailman/mailman-${domainslug}/scripts/driver", line 117, in run_main main() File "/mailman/mailman-${domainslug}/Mailman/Cgi/admindb.py", line 342, in main print doc.Format() File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 352, in Format output.append(Container.Format(self, indent)) File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 267, in Format output.append(HTMLFormatObject(item, indent)) File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 53, in HTMLFormatObject return item.Format(indent) File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 445, in Format % csrf_token(self.mlist, self.contexts, self.user) File "/mailman/mailman-${domainslug}/Mailman/CSRFcheck.py", line 53, in csrf_token mac = sha_new(secret +
issued
).hexdigest() TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'Running Python 2.7.5 .
-- Joel Lord