innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Fixed #16384: warn against accessing request.POST/REQUEST in middleware. 

Thanks, Tom Christie.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16734 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Jacob Kaplan-Moss 2011-09-09 17:20:16 +00:00
parent d036b87126
commit 0b174ccf0e
3 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
AUTHORS
View File

@ -120,6 +120,7 @@ answer newbie questions, and generally made Django that much better:
Sengtha Chay <sengtha@e-khmer.com> Sengtha Chay <sengtha@e-khmer.com>
ivan.chelubeev@gmail.com ivan.chelubeev@gmail.com
Bryan Chow <bryan at verdjn dot com> Bryan Chow <bryan at verdjn dot com>
Tom Christie <tom@tomchristie.com>
Antonis Christofides <anthony@itia.ntua.gr> Antonis Christofides <anthony@itia.ntua.gr>
Michal Chruszcz <troll@pld-linux.org> Michal Chruszcz <troll@pld-linux.org>
Can Burak Çilingir <canburak@cs.bilgi.edu.tr> Can Burak Çilingir <canburak@cs.bilgi.edu.tr>

2
docs/topics/http/file-uploads.txt
View File

@ -238,6 +238,8 @@ could, for example, use custom handlers to enforce user-level quotas, compress
data on the fly, render progress bars, and even send data to another storage data on the fly, render progress bars, and even send data to another storage
location directly without storing it locally. location directly without storing it locally.
.. _modifying_upload_handlers_on_the_fly:
Modifying upload handlers on the fly Modifying upload handlers on the fly
------------------------------------ ------------------------------------

15
docs/topics/http/middleware.txt
View File

@ -97,6 +97,21 @@ calling ANY other request, view or exception middleware, or the appropriate
view; it'll return that :class:`~django.http.HttpResponse`. Response view; it'll return that :class:`~django.http.HttpResponse`. Response
middleware is always called on every response. middleware is always called on every response.
.. note::
Accessing :attr:`request.POST <django.http.HttpRequest.POST>` or
:attr:`request.REQUEST <django.http.HttpRequest.REQUEST>` inside
middleware from ``process_request`` or ``process_view`` will prevent any
view running after the middleware from being able to
:ref:`modify the upload handlers for the
request <modifying_upload_handlers_on_the_fly>`, and should normally be
avoided.
The :class:`~django.middleware.csrf.CsrfViewMiddleware` class can be
considered an exception, as it provides the
:func:`~django.views.decorators.csrf.csrf_exempt` and
:func:`~django.views.decorators.csrf.csrf_protect` decorators which allow
views to explicitly control at what point the CSRF validation should occur.
.. _template-response-middleware: .. _template-response-middleware:
``process_template_response`` ``process_template_response``