Comment 1 for bug 1079204

I have checked in CSRF protection for the ZODBUserManager,
ZODBRoleManager, ZODBGroupManager, and DynamicGroupsPlugin
plugins:

 http://svn.zope.org/Products.PluggableAuthService/trunk/?rev=128301&view=rev

 http://svn.zope.org/Products.PluggableAuthService/trunk/?rev=128302&view=rev

 http://svn.zope.org/Products.PluggableAuthService/trunk/?rev=128303&view=rev

 http://svn.zope.org/Products.PluggableAuthService/trunk/?rev=128304&view=rev

 http://svn.zope.org/Products.PluggableAuthService/trunk/?rev=128305&view=rev

I have verified that your exploit is now blocked.