Commit Graph

16 Commits

Author SHA1 Message Date
Luke Plant 71233bcdf3 Fixed #10884 - more lenient regexp for matching forms in CSRF post-processing
Thanks to Ryszard Szopa for the report and fix


git-svn-id: http://code.djangoproject.com/svn/django/trunk@10617 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-21 23:31:01 +00:00
Luke Plant 0326574d0e Fixed tabs in source, stupid emacs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9817 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-07 19:32:37 +00:00
Luke Plant 95ed07e888 Fixed some function name errors in code doc.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9816 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-07 18:06:32 +00:00
Luke Plant 9a2e338107 Made CSRF middleware skip post-processing for 'csrf_exempt' decorated views.
This commit also decomposes the decorator into two decorators which can be
used separately, adds some tests, updates docs and fixes some code comments.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@9815 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-07 17:47:02 +00:00
Luke Plant 9c33d74f1d Added some explanatory comments in CsrfMiddleware
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9561 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-03 13:23:23 +00:00
Luke Plant 9eedc7bd0b New CsrfMiddleware features: automatic exceptions for known AJAX and decorator for manual exceptions
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9554 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-03 00:34:18 +00:00
Luke Plant c0f9e85fbe Split CsrfMiddleware into two to make it more reusable.
Also converted it to be a view middleware instead of request,
as this allows more options.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9553 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-03 00:31:31 +00:00
Luke Plant 01ec6d0085 More tests for the other half of CsrfMiddleware
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9552 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-02 23:00:06 +00:00
Luke Plant f7242bb778 Added tests for CsrfMiddleware.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9551 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-02 22:40:00 +00:00
Gary Wilson Jr c85c8f8891 Fixed #7919 -- md5 and sha modules are deprecated since Python 2.5, use hashlib module when available. Patch from Karen Tracey.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8193 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-02 05:56:57 +00:00
Malcolm Tredinnick 356662cf74 Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359
See documentation in templates.txt and templates_python.txt for how everything
works.

Backwards incompatible if you're inserting raw HTML output via template variables.

Based on an original design from Simon Willison and with debugging help from Michael Radziej.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 12:58:53 +00:00
Adrian Holovaty afc6985267 Fixed #5292 -- Changed CSRF middleware to check for request.method == 'POST' instead of request.POST dictionary not being empty. Thanks, Jakub Wilk
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6038 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-03 06:18:48 +00:00
Adrian Holovaty d9ce900e13 Fixed #3157 -- Made error message XHTML-friendly in CSRF middleware. Thanks, mir@noris.de
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4225 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-18 15:37:52 +00:00
Luke Plant 5c0e4f3908 Fixed CsrfMiddleware post processing so that it in the presence of multiple
POST <form>s, only one <input> tag is added with an id, for HTML validity.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@2900 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-11 22:32:47 +00:00
Luke Plant c26553c4f9 Fixed #1827 - added 'id' attribute to generated CSRF hidden field. Good call, Ian Holsman.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2899 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-11 21:55:53 +00:00
Luke Plant 8eecb95ec8 Added CsrfMiddleware to contrib, and documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2868 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-08 23:03:08 +00:00