Debian Bug report logs - #551490
lists.debian.org: spam button submits over http even when archive loaded over https

Package: lists.debian.org; Maintainer for lists.debian.org is Debian Listmaster Team <listmaster@lists.debian.org>;

Reported by: Paul Wise <pabs@debian.org>

Date: Sun, 18 Oct 2009 15:54:01 UTC

Severity: minor

Tags: patch

Done: Martin Zobel-Helas <zobel@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Listmaster Team <listmaster@lists.debian.org>:
Bug#551490; Package lists.debian.org. (Sun, 18 Oct 2009 15:54:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Paul Wise <pabs@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Listmaster Team <listmaster@lists.debian.org>. (Sun, 18 Oct 2009 15:54:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Paul Wise <pabs@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: lists.debian.org: spam button submits over http even when archive loaded over https
Date: Sun, 18 Oct 2009 23:40:38 +0800
[Message part 1 (text/plain, inline)]
Package: lists.debian.org
Severity: minor

The HTML for the spam button begins with this:

<form method="POST" action="http://lists.debian.org/cgi-bin/spam-report.pl">

It should be this instead:

<form method="POST" action="/cgi-bin/spam-report.pl">

The latter prevents browser warnings about sending information over
insecure connections when the HTML for the message has been loaded over
HTTPS instead of HTTP.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise
[signature.asc (application/pgp-signature, inline)]

Added tag(s) patch. Request was from Cord Beermann <cord@debian.org> to control@bugs.debian.org. (Fri, 11 Jun 2010 21:09:09 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Listmaster Team <listmaster@lists.debian.org>:
Bug#551490; Package lists.debian.org. (Sat, 07 Apr 2012 08:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Paul Wise <pabs3@bonedaddy.net>:
Extra info received and forwarded to list. Copy sent to Debian Listmaster Team <listmaster@lists.debian.org>. (Sat, 07 Apr 2012 08:30:03 GMT) Full text and rfc822 format available.

Message #12 received at 551490@bugs.debian.org (full text, mbox):

From: Paul Wise <pabs3@bonedaddy.net>
To: 551490@bugs.debian.org
Subject: Re: lists.debian.org: spam button submits over http even when archive loaded over https
Date: Sat, 07 Apr 2012 08:02:18 +0000
[Message part 1 (text/plain, inline)]
On Sun, 2009-10-18 at 23:40 +0800, Paul Wise wrote:

> The HTML for the spam button begins with this:
> 
> <form method="POST" action="http://lists.debian.org/cgi-bin/spam-report.pl">
> 
> It should be this instead:
> 
> <form method="POST" action="/cgi-bin/spam-report.pl">
> 
> The latter prevents browser warnings about sending information over
> insecure connections when the HTML for the message has been loaded over
> HTTPS instead of HTTP.

Based on a quick review of a few lists, this bug appears to be fixed,
should it be closed?

-- 
bye,
pabs

http://bonedaddy.net/pabs3/
[signature.asc (application/pgp-signature, inline)]

Reply sent to Martin Zobel-Helas <zobel@debian.org>:
You have taken responsibility. (Sat, 07 Apr 2012 12:27:02 GMT) Full text and rfc822 format available.

Notification sent to Paul Wise <pabs@debian.org>:
Bug acknowledged by developer. (Sat, 07 Apr 2012 12:27:10 GMT) Full text and rfc822 format available.

Message #17 received at 551490-done@bugs.debian.org (full text, mbox):

From: Martin Zobel-Helas <zobel@debian.org>
To: 551490-done@bugs.debian.org
Subject: fixed
Date: Sat, 7 Apr 2012 13:51:46 +0200
i fixed that a while ago.

-- 
 Martin Zobel-Helas <zobel@debian.org>  | Debian System Administrator
 Debian & GNU/Linux Developer           |           Debian Listmaster
 GPG key http://go.debian.net/B11B627B  | 
 GPG Fingerprint:  6B18 5642 8E41 EC89 3D5D  BDBB 53B1 AC6D B11B 627B 




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 06 May 2012 07:43:31 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 20:53:31 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.