aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/htmlformat.py
diff options
context:
space:
mode:
authorMark Sapiro <mark@msapiro.net>2016-08-26 20:47:49 -0700
committerMark Sapiro <mark@msapiro.net>2016-08-26 20:47:49 -0700
commit97991cac52b604276f8751828d291c1b2002d9f7 (patch)
treec6d8e4c94644797b7ac1839a6e9c11a101358606 /Mailman/htmlformat.py
parent62d0aee0c31a90669bb053c5abeb9228c5a35996 (diff)
downloadmailman2-97991cac52b604276f8751828d291c1b2002d9f7.tar.gz
mailman2-97991cac52b604276f8751828d291c1b2002d9f7.tar.xz
mailman2-97991cac52b604276f8751828d291c1b2002d9f7.zip
Fixes for CVE-2016-6893 and more.
Diffstat (limited to '')
-rwxr-xr-xMailman/htmlformat.py5
1 files changed, 3 insertions, 2 deletions
diff --git a/Mailman/htmlformat.py b/Mailman/htmlformat.py
index 2770eb60..f144c069 100755
--- a/Mailman/htmlformat.py
+++ b/Mailman/htmlformat.py
@@ -407,13 +407,14 @@ class Center(StdContainer):
class Form(Container):
def __init__(self, action='', method='POST', encoding=None,
- mlist=None, contexts=None, *items):
+ mlist=None, contexts=None, user=None, *items):
apply(Container.__init__, (self,) + items)
self.action = action
self.method = method
self.encoding = encoding
self.mlist = mlist
self.contexts = contexts
+ self.user = user
def set_action(self, action):
self.action = action
@@ -428,7 +429,7 @@ class Form(Container):
if self.mlist:
output = output + \
'<input type="hidden" name="csrf_token" value="%s">\n' \
- % csrf_token(self.mlist, self.contexts)
+ % csrf_token(self.mlist, self.contexts, self.user)
output = output + Container.Format(self, indent+2)
output = '%s\n%s</FORM>\n' % (output, spaces)
return output
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-05 05:38:24 +0000