From 985dcdb4b228fe4e5a535ca0ae7bb07e18c637b1 Mon Sep 17 00:00:00 2001 From: Adrian Holovaty Date: Sun, 10 Jan 2010 17:55:46 +0000 Subject: [PATCH] Fixed #12350 -- Fixed typo in tutorial04. Thanks, mortense git-svn-id: http://code.djangoproject.com/svn/django/trunk@12173 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- docs/intro/tutorial04.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/intro/tutorial04.txt b/docs/intro/tutorial04.txt index 110b1ec671..70e012e7af 100644 --- a/docs/intro/tutorial04.txt +++ b/docs/intro/tutorial04.txt @@ -47,15 +47,15 @@ A quick rundown: * ``forloop.counter`` indicates how many times the :ttag:`for` tag has gone through its loop - * Since we are creating a POST form (which can have the effect of modifying - data), we unfortunately need to worry about Cross Site Request Forgeries. + * Since we're creating a POST form (which can have the effect of modifying + data), we need to worry about Cross Site Request Forgeries. Thankfully, you don't have to worry too hard, because Django comes with - very easy-to-use system for protecting against it. In short, all POST - forms that are targetted at internal URLs need the ``{% csrf_token %}`` - template tag adding. + a very easy-to-use system for protecting against it. In short, all POST + forms that are targeted at internal URLs should use the ``{% csrf_token %}`` + template tag. The ``{% csrf_token %}`` tag requires information from the request object, which -is not normally accessible from within the template context. To fix this, a +is not normally accessible from within the template context. To fix this, a small adjustment needs to be made to the ``detail`` view, so that it looks like the following::