innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
8,778 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

9 Commits

Author SHA1 Message Date
Luke Plant 364583b894 Fixed #14235 - UnicodeDecodeError in CSRF middleware 
Thanks to jbg for the report.

This changeset essentially backs out [13698] in favour of a method that
sanitizes the token rather than escaping it.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13732 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-09-10 22:56:56 +00:00
James Bennett 9e3b327aca Patch CSRF-protection system to deal with reported security issue. Announcement and details to follow. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13698 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-09-09 00:34:54 +00:00
Luke Plant e8cff0b8f3 Added explanatory note on CSRF failure page for the case of a missing Referer header. 
This is intended to help power users who have disabled Referer headers, or
installed add-ons which have done so, and to help web site administrators
with debugging, since this problem will be browser specific and not a
programming error.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13680 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-09-03 16:28:10 +00:00
Luke Plant f92a21daa7 Added proper code comments for the HTTPS CSRF protection. 
Refs #13489 which noticed a vague comment - thanks pmclanahan



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13405 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-06-30 22:30:37 +00:00
Luke Plant ac8b7ff021 Fixed #13716 - the CSRF get_token function stopped working for views with csrf_view_exempt 
This was a regression caused by the the CSRF changes in 1.2.

Thanks to edevil for the report.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13336 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-06-08 14:35:48 +00:00
Luke Plant 905dba3694 Misc clarifications in csrf middleware comments 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11673 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-27 21:31:20 +00:00
Luke Plant d0b900e6f5 Slight change to CSRF error messages to make debugging easier. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-27 14:04:21 +00:00
Luke Plant c2ffe94d9a Removed unused import. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11664 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-27 00:49:33 +00:00
Luke Plant 7230a995ce Moved contrib.csrf.* to core code. 
There is stub code for backwards compatiblity with Django 1.1 imports.

The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-27 00:36:34 +00:00