Added a few more safe_params to the CSRF check.

author: Mark Sapiro <msapiro@value.net> 2012-02-23 08:22:11 -0800
committer: Mark Sapiro <msapiro@value.net> 2012-02-23 08:22:11 -0800
commit: b3610954779fbd5a97876bebee4734829106537d (patch)
tree: cba925f6633c7cfc3d015a8ee5620d26dd5a2268 /Mailman
parent: ce7998b41a4d3980a0d4ac23207ad286678e1c95 (diff)
download: mailman2-b3610954779fbd5a97876bebee4734829106537d.tar.gz
mailman2-b3610954779fbd5a97876bebee4734829106537d.tar.xz
mailman2-b3610954779fbd5a97876bebee4734829106537d.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/Mailman/Cgi/admin.py b/Mailman/Cgi/admin.py
index d881241c..f3284e17 100644
--- a/Mailman/Cgi/admin.py
+++ b/Mailman/Cgi/admin.py
@@ -87,7 +87,8 @@ def main():
     cgidata = cgi.FieldStorage(keep_blank_values=1)
 
     # CSRF check
-    safe_params = ['VARHELP', 'adminpw', 'admlogin']
+    safe_params = ['VARHELP', 'adminpw', 'admlogin',
+                   'letter', 'chunk', 'findmember']
     params = cgidata.keys()
     if set(params) - set(safe_params):
         csrf_checked = csrf_check(mlist, cgidata.getvalue('csrf_token'))
author	Mark Sapiro <msapiro@value.net>	2012-02-23 08:22:11 -0800
committer	Mark Sapiro <msapiro@value.net>	2012-02-23 08:22:11 -0800
commit	b3610954779fbd5a97876bebee4734829106537d (patch)
tree	cba925f6633c7cfc3d015a8ee5620d26dd5a2268 /Mailman
parent	ce7998b41a4d3980a0d4ac23207ad286678e1c95 (diff)
download	mailman2-b3610954779fbd5a97876bebee4734829106537d.tar.gz mailman2-b3610954779fbd5a97876bebee4734829106537d.tar.xz mailman2-b3610954779fbd5a97876bebee4734829106537d.zip