The mailing list for listmasters using Sympa

[Steve Shipway <address@concealed>]

OK, here is a tested way to work around the 'one time ticket link' problem
in Sympa that occurs when a mail client prefetches embedded URLs, triggering
the ticket.  This does not require any modification of Sympa code, only
templates, and works with 6.1.14

FIRST, edit the moderate.tt2 template.  Copy it into your
/etc/sympa/mail_tt2 directory from the default/mail_tt2/moderate.tt2 if
necessary (your paths may be different)

In this file, seek out the two (or more) lines like this:

[%|loc%]To browse the awaiting messages, you should click on the following
link:[%END%] <[% conf.wwsympa_url %]/ticket/[% one_time_ticket %]>

Change these to be like this:

[%|loc%]To browse the awaiting messages, you should click on the following
link:[%END%] <[% conf.wwsympa_url %]/ca/confirm_ticket/[% one_time_ticket
%]>

This makes the embedded links point to a new Custom Action page instead of
the inbuilt Ticket handling function.

NEXT, you have to do the same thing for the listmaster_notification.tt2,
listowner_notification.tt2, and user_notification.tt2 mail templates

In all these files, look for:

[% conf.wwsympa_url %]/ticket/[% one_time_ticket %]

and replace it with

[% conf.wwsympa_url %]/ca/confirm_ticket/[% one_time_ticket %]

NEXT, create the new /etc/sympa/web_tt2/confirm_ticket.tt2 template.

The confirm_ticket.tt2 defines the new custom action.  It should hold the
following:

<div class="block">
<h2>[%|loc%]Confirm Ticket Activation[%END%]</h2><br />
<!-- calculate ticket number -->
[%  SET one_time_ticket = cap.shift %]
[% IF one_time_ticket %]
<P>To activate the one time ticket, and perform the requested action, please
click below:</P>
<P><a class="actionMenuLinks" href="[% path_cgi %]/ticket/[% one_time_ticket
%]">Activate ticket and perform action</a>
</P>
[% ELSE %]<P>No ticket ID specified.</P>[% END %]
</div>

Of course, this is a bit minimalist, and you could easily add a bit more to
make it look better.

HOW DOES THIS WORK?

The moderate.tt2 template holds the email sent to moderators informing them
of a queued message, and it contains the URL for the one time ticket.  This
URL is changed to point to a Custom Action page ( ca/confirm_ticket )
passing the ticket ID as a parameter.  The Custom Action simply provides a
button to go to the real Ticket URL.  This adds a second step, so that mail
clients performing a prefetch will only get the Custom Action page, which
does not result in the ticket being cancelled.  Problem solved!

If you want to be really clever, you could pass a second parameter to the
confirm_ticket custom action, indicating the type of action (moderation,
unsubscription, etc) and have the confirm_ticket.tt2 check for this
parameter and give different text.   I could do that now but thought it
better to keep this example simple.

Steve


Steve Shipway
University of Auckland ITS
UNIX Systems Design Lead
address@concealed
Ph: +64 9 373 7599 ext 86487

Attachment: smime.p7s
Description: S/MIME cryptographic signature