From eee8403942a0bdaf70d955c1571684e2e479dfef Mon Sep 17 00:00:00 2001
From: Mark Sapiro <msapiro@value.net>
Date: Tue, 30 Oct 2012 17:59:16 -0700
Subject: Added 'legend' to the list of CSRF safe parameters for the admin CGI.

---
 Mailman/Cgi/admin.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Mailman/Cgi/admin.py b/Mailman/Cgi/admin.py
index a1bc8606..b5c19544 100644
--- a/Mailman/Cgi/admin.py
+++ b/Mailman/Cgi/admin.py
@@ -88,7 +88,8 @@ def main():
 
     # CSRF check
     safe_params = ['VARHELP', 'adminpw', 'admlogin',
-                   'letter', 'chunk', 'findmember']
+                   'letter', 'chunk', 'findmember',
+                   'legend']
     params = cgidata.keys()
     if set(params) - set(safe_params):
         csrf_checked = csrf_check(mlist, cgidata.getvalue('csrf_token'))
-- 
cgit v1.2.3