← Back to branch summary

~phil.pennock/mailman/dmarc-reject

~phil.pennock/mailman/dmarc-reject

« back to all changes in this revision

Viewing changes to Mailman/Cgi/admin.py

Committer: Mark Sapiro
Date: 2012-10-31 00:59:16 UTC
Revision ID: msapiro@value.net-20121031005916-9c85nrn0c0eydn86

Added 'legend' to the list of CSRF safe parameters for the admin CGI.

files modified:
Mailman/Cgi/admin.py

Show diffs side-by-side

added added

removed removed

Mailman/Cgi/admin.py

88

88

89

89

# CSRF check

90

90

safe_params = ['VARHELP', 'adminpw', 'admlogin',

91

'letter', 'chunk', 'findmember']

91

'letter', 'chunk', 'findmember',

92

'legend']

92

93

params = cgidata.keys()

93

94

if set(params) - set(safe_params):

94

95

csrf_checked = csrf_check(mlist, cgidata.getvalue('csrf_token'))

Older »