------------------------------------------------------------
revno: 1340
committer: Mark Sapiro <[email protected]>
branch nick: 2.1
timestamp: Thu 2012-02-23 08:22:11 -0800
message:
Added a few more safe_params to the CSRF check.
modified:
Mailman/Cgi/admin.py
--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1
Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to
https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription
=== modified file 'Mailman/Cgi/admin.py'
--- Mailman/Cgi/admin.py 2012-02-05 21:19:39 +0000
+++ Mailman/Cgi/admin.py 2012-02-23 16:22:11 +0000
@@ -87,7 +87,8 @@
cgidata = cgi.FieldStorage(keep_blank_values=1)
# CSRF check
- safe_params = ['VARHELP', 'adminpw', 'admlogin']
+ safe_params = ['VARHELP', 'adminpw', 'admlogin',
+ 'letter', 'chunk', 'findmember']
params = cgidata.keys()
if set(params) - set(safe_params):
csrf_checked = csrf_check(mlist, cgidata.getvalue('csrf_token'))
_______________________________________________
Mailman-checkins mailing list
[email protected]
Unsubscribe:
http://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org
