[Bug 1160647] [NEW] request forgery check displayed when only viewing admin pages
Phil Sutter
p.launchpad at nwl.cc
Wed Mar 27 01:13:48 CET 2013
Public bug reported:
CSRf checking in admin.py is buggy. Logging into the admin interface
succeeds fine, but when clicking any of the links on the page top, the
request forgery error message is displayed on the resulting page.
The problem is basically that Cgi/admin.py is called with only a single
param in cgidata, namely 'admin' (which is empty). Since this param is
not part of the safe_params list, csrf_check() is called with 'None' as
second parameter.
Since submitting forms is working fine, this bug is merely a cosmetic
one but still very confusing.
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1160647
Title:
request forgery check displayed when only viewing admin pages
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1160647/+subscriptions
More information about the Mailman-coders
mailing list