Added 'legend' to the list of CSRF safe parameters for the admin CGI.

author: Mark Sapiro <msapiro@value.net> 2012-10-30 17:59:16 -0700
committer: Mark Sapiro <msapiro@value.net> 2012-10-30 17:59:16 -0700
commit: eee8403942a0bdaf70d955c1571684e2e479dfef (patch)
tree: 3e1b2ed801a9a0ed6cd262152331832b55e0ce6a /Mailman/Cgi/admin.py
parent: 8e985f8b33f1c2be0f226547387cf157ff267052 (diff)
download: mailman2-eee8403942a0bdaf70d955c1571684e2e479dfef.tar.gz
mailman2-eee8403942a0bdaf70d955c1571684e2e479dfef.tar.xz
mailman2-eee8403942a0bdaf70d955c1571684e2e479dfef.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/Mailman/Cgi/admin.py b/Mailman/Cgi/admin.py
index a1bc8606..b5c19544 100644
--- a/Mailman/Cgi/admin.py
+++ b/Mailman/Cgi/admin.py
@@ -88,7 +88,8 @@ def main():
 
     # CSRF check
     safe_params = ['VARHELP', 'adminpw', 'admlogin',
-                   'letter', 'chunk', 'findmember']
+                   'letter', 'chunk', 'findmember',
+                   'legend']
     params = cgidata.keys()
     if set(params) - set(safe_params):
         csrf_checked = csrf_check(mlist, cgidata.getvalue('csrf_token'))
author	Mark Sapiro <msapiro@value.net>	2012-10-30 17:59:16 -0700
committer	Mark Sapiro <msapiro@value.net>	2012-10-30 17:59:16 -0700
commit	eee8403942a0bdaf70d955c1571684e2e479dfef (patch)
tree	3e1b2ed801a9a0ed6cd262152331832b55e0ce6a /Mailman/Cgi/admin.py
parent	8e985f8b33f1c2be0f226547387cf157ff267052 (diff)
download	mailman2-eee8403942a0bdaf70d955c1571684e2e479dfef.tar.gz mailman2-eee8403942a0bdaf70d955c1571684e2e479dfef.tar.xz mailman2-eee8403942a0bdaf70d955c1571684e2e479dfef.zip