Insufficient sanitation of emailed requests
I use Apple Mail, which has the unfortunate habit of expanding "user@example.com" to "user@example.com <user@example.com>", even in "plain text" mode. This means that when trying to subscribe a non-admin user to a list via the -request interface, the body gets mangled to:
x-subscribe: user@example.com <user@example.com> DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF
This is apparently being parsed as:
x-subscribe: user@example.com NULL TRUE
because it subscribes the user without a fingerprint and sets them to an admin:
user@example.com has been subscribed with these attributes:
Fingerprint:
Admin? true
Email-delivery enabled? true
This is dangerous behaviour. Unexpected input should always throw an error, especially where admin permissions are being assigned.
Edited by Andrew Gallagher