------------------------------------------------------------
revno: 1366
committer: Mark Sapiro <msap...@value.net>
branch nick: 2.1
timestamp: Tue 2012-10-30 17:59:16 -0700
message:
Added 'legend' to the list of CSRF safe parameters for the admin CGI.
modified:
Mailman/Cgi/admin.py
--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1
Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to
https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription
=== modified file 'Mailman/Cgi/admin.py'
--- Mailman/Cgi/admin.py 2012-08-23 03:58:18 +0000
+++ Mailman/Cgi/admin.py 2012-10-31 00:59:16 +0000
@@ -88,7 +88,8 @@
# CSRF check
safe_params = ['VARHELP', 'adminpw', 'admlogin',
- 'letter', 'chunk', 'findmember']
+ 'letter', 'chunk', 'findmember',
+ 'legend']
params = cgidata.keys()
if set(params) - set(safe_params):
csrf_checked = csrf_check(mlist, cgidata.getvalue('csrf_token'))
_______________________________________________
Mailman-checkins mailing list
Mailman-checkins@python.org
Unsubscribe:
http://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org
