Page MenuHomePhabricator
Create Task
Maniphest T167900

publicpolicy@ listserv link on https://policy.wikimedia.org/ throws error "There was no hidden token in your submission or it was corrupted."; people cannot subscribe
Closed, DeclinedPublic
Actions

Description

Hello!

I'm putting this here, but please add tags/people as appropriate.

I've tried several times to sign up for the public policy list through the policy website — and I've never been taken to the confirmation email. But when I signed up for the public policy listserv through the Wikimedia listserv page, it worked!

@jrbs reports that "I can have a look in the source of the page; looks like it's trying to send something but not actually sending anything. It would probably be best to link directly to the mailman signup page. Right now it's trying to "POST" the information there which I'm not sure is something that mailman can even do."

I know the site was heavily promoted when the blog post about it went live, and I suspect there may have been a lot of people who tried to get updates, and weren't successful.

Right now it doesn't appear to be editable on Wordpress, though it might just be hiding somewhere unobvious.

Details

SubjectRepoBranchLines +/-
mailman: Redirect /mailman/subscribe/$listname URLs toooperations/puppetproduction+1 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

MelodyKramer created this task.Jun 14 2017, 5:24 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 14 2017, 5:24 PM
Framawiki triaged this task as High priority.Jun 14 2017, 5:48 PM
Framawiki added a project: WMF-General-or-Unknown.
Framawiki subscribed.

I just tried, and I've an error too from the page https://lists.wikimedia.org/mailman/subscribe/publicpolicy:

Publicpolicy Subscription results
Please take a few seconds to fill out the form before submitting it.
You must GET the form before submitting it.
Varnent added a comment.Jun 14 2017, 6:05 PM

I believe this is related to T116290.

The base code for Policy site is on Wordpress repo - so we will need to submit the file there rather than our repo.

Varnent added a project: WMF-Legal.Jun 14 2017, 6:05 PM
Slaporte claimed this task.Jun 14 2017, 6:08 PM

I believe this feature is in the Wordpress skin. I'll get in touch with designers and find the code. @Varnent, would you be able to fix it?

Varnent added a comment.Jun 14 2017, 6:10 PM

@Slaporte - I have been looking around a bit and think I can. I would just need the ability to submit the file to the Wordpress server. I cannot remember how that access is setup. Does Mule still have that access or do we have it as well now?

Slaporte added a comment.Jun 14 2017, 6:14 PM

I think it's with Mule. If there is nothing sensitive in the repo (eg no private keys, etc), then I want to transfer ownership to the Wikimedia Github org and make it open so this kind of thing is easier to solve.

Varnent added a comment.Jun 14 2017, 6:49 PM

@Slaporte - I am checking with Mule right now on if they still have access. Can we change ownership without moving it off Wordpress server? Sorry - I have not looked into any of this in like a year so playing memory catchup and do not recall where things were left in terms of access to the Wordpress hosted repo. :)

Slaporte added a comment.Jun 14 2017, 7:20 PM

I'll follow up with you via email. There are a few steps before we change ownership.

ZhouZ moved this task from Backlog to Assigned on the WMF-Legal board.Aug 23 2017, 7:03 PM
Krinkle added a project: WMF-Annual-Report (Policy site).Jul 21 2018, 8:30 AM
Krinkle removed a project: WMF-Annual-Report (Policy site).Jul 21 2018, 9:05 AM
Framawiki added a comment.Jan 6 2019, 7:38 PM

I can still reproduce the problem.
Ping @Slaporte

Framawiki added a parent task: T185222: lists.wikimedia.org reporting "You must GET the form before submitting it" for all list subscription attempts.Jan 15 2019, 8:11 PM
Aklapper removed Slaporte as the assignee of this task.Jun 19 2020, 4:17 PM

This task has been assigned to the same task owner for more than two years. Resetting task assignee due to inactivity, to decrease task cookie-licking and to get a slightly more realistic overview of plans. Please feel free to assign this task to yourself again if you still realistically work or plan to work on this task - it would be welcome!

For tips how to manage individual work in Phabricator (noisy notifications, lists of task, etc.), see https://phabricator.wikimedia.org/T228575#6237124 for available options.
(For the records, two emails were sent to assignee addresses before resetting assignees. See T228575 for more info and for potential feedback. Thanks!)

Aklapper renamed this task from Policy listserv link on https://policy.wikimedia.org/ doesn't actually sign people up for the mailing list to publicpolicy@ listserv link on https://policy.wikimedia.org/ throws error "There was no hidden token in your submission or it was corrupted."; people cannot subscribe.Nov 7 2020, 9:32 AM
Aklapper removed subscribers: Jbarbara, MelodyKramer.

On https://policy.wikimedia.org/ , entering an email address under "Keep up-to-date with Wikimedia’s policy initiatives" and clicking "Join" goes to https://lists.wikimedia.org/mailman/subscribe/publicpolicy and says:

Publicpolicy Subscription results
There was no hidden token in your submission or it was corrupted.
You must GET the form before submitting it.

(See /Mailman/Cgi/subscribe.py triggering that.)

Going to https://lists.wikimedia.org/mailman/listinfo/publicpolicy and subscribing says

Publicpolicy Subscription results
Your subscription request has been received, and will soon be acted upon.

but I receive a confirmation email as expected.

gerritbot added a comment.Sep 27 2021, 3:42 PM

Change 724087 had a related patch set uploaded (by Legoktm; author: Legoktm):

[operations/puppet@production] mailman: Redirect /mailman/subscribe/$listname URLs too

https://gerrit.wikimedia.org/r/724087

gerritbot added a project: Patch-For-Review.Sep 27 2021, 3:42 PM
Legoktm subscribed.Sep 27 2021, 4:00 PM

The problem here is:

<form method="POST" action="https://lists.wikimedia.org/mailman/subscribe/publicpolicy">
  <input type="email" name="email" size="30" value="" placeholder="email address" class="email-input">
  <input type="Submit" name="email-button" value="Join" class="email-submit button button-blue">
</form>

for a few years now, Mailman has required as CSRF token and with Mailman3 the form+URL has changed entirely. I would suggest this form just be replaced with a link to the publicpolicy postorius page.

The redirect I'm going to add will at least send people there, but it'll be a bit confusing since they entered their email to subscribe, and now they're being directed to a totally different page, and they're not subscribed yet.

Legoktm mentioned this in T185222: lists.wikimedia.org reporting "You must GET the form before submitting it" for all list subscription attempts.Sep 27 2021, 4:05 PM
gerritbot added a comment.Sep 27 2021, 4:06 PM

Change 724087 merged by Legoktm:

[operations/puppet@production] mailman: Redirect /mailman/subscribe/$listname URLs too

https://gerrit.wikimedia.org/r/724087

Maintenance_bot removed a project: Patch-For-Review.Sep 27 2021, 4:10 PM
Dzahn subscribed.EditedMay 9 2023, 4:01 AM

This ticket was about content on https://policy.wikimedia.org/ which nowadays merely redirects to https://wikimediafoundation.org/advocacy/ and I don't see any list link there.

This has been in status "Assigned" to Legal (and with High Priority) since multiple years.

Seems like there is no point in keeping it open now and we can close it as declined or resolved.

cc: @Aklapper

Aklapper closed this task as Declined.May 9 2023, 4:18 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL