1 files changed, 11 insertions, 2 deletions

diff --git a/Mailman/htmlformat.py b/Mailman/htmlformat.py
index 7152e1f0..5d70ad28 100644
--- a/Mailman/htmlformat.py
+++ b/Mailman/htmlformat.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2007 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2012 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -34,6 +34,8 @@ from Mailman import mm_cfg
 from Mailman import Utils
 from Mailman.i18n import _
 
+from Mailman.CSRFcheck import csrf_token
+
 SPACE = ' '
 EMPTYSTRING = ''
 NL = '\n'
@@ -402,11 +404,14 @@ class Center(StdContainer):
     tag = 'center'
 
 class Form(Container):
-    def __init__(self, action='', method='POST', encoding=None, *items):
+    def __init__(self, action='', method='POST', encoding=None, 
+                       mlist=None, contexts=None, *items):
         apply(Container.__init__, (self,) +  items)
         self.action = action
         self.method = method
         self.encoding = encoding
+        self.mlist = mlist
+        self.contexts = contexts
 
     def set_action(self, action):
         self.action = action
@@ -418,6 +423,10 @@ class Form(Container):
             encoding = 'enctype="%s"' % self.encoding
         output = '\n%s<FORM action="%s" method="%s" %s>\n' % (
             spaces, self.action, self.method, encoding)
+        if self.mlist:
+            output = output + \
+                '<input type="hidden" name="csrf_token" value="%s">\n' \
+                % csrf_token(self.mlist, self.contexts)
         output = output + Container.Format(self, indent+2)
         output = '%s\n%s</FORM>\n' % (output, spaces)
         return output