diff options
Diffstat (limited to 'Mailman/HTMLFormatter.py')
| -rw-r--r-- | Mailman/HTMLFormatter.py | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/Mailman/HTMLFormatter.py b/Mailman/HTMLFormatter.py index 901e7e58..5fcce75b 100644 --- a/Mailman/HTMLFormatter.py +++ b/Mailman/HTMLFormatter.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2015 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2016 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -28,6 +28,8 @@ from Mailman.htmlformat import * from Mailman.i18n import _ +from Mailman.CSRFcheck import csrf_token + EMPTYSTRING = '' BR = '<br>' @@ -317,12 +319,17 @@ class HTMLFormatter: container.AddItem("</center>") return container - def FormatFormStart(self, name, extra=''): + def FormatFormStart(self, name, extra='', + mlist=None, contexts=None, user=None): base_url = self.GetScriptURL(name) if extra: full_url = "%s/%s" % (base_url, extra) else: full_url = base_url + if mlist: + return ("""<form method="POST" action="%s"> +<input type="hidden" name="csrf_token" value="%s">""" + % (full_url, csrf_token(mlist, contexts, user))) return ('<FORM Method=POST ACTION="%s">' % full_url) def FormatArchiveAnchor(self): |