71233bcdf3
Fixed #10884 - more lenient regexp for matching forms in CSRF post-processing
...
Thanks to Ryszard Szopa for the report and fix
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10617 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-21 23:31:01 +00:00
0326574d0e
Fixed tabs in source, stupid emacs.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9817 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-07 19:32:37 +00:00
95ed07e888
Fixed some function name errors in code doc.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9816 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-07 18:06:32 +00:00
9a2e338107
Made CSRF middleware skip post-processing for 'csrf_exempt' decorated views.
...
This commit also decomposes the decorator into two decorators which can be
used separately, adds some tests, updates docs and fixes some code comments.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9815 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-07 17:47:02 +00:00
9c33d74f1d
Added some explanatory comments in CsrfMiddleware
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9561 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-03 13:23:23 +00:00
9eedc7bd0b
New CsrfMiddleware features: automatic exceptions for known AJAX and decorator for manual exceptions
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9554 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-03 00:34:18 +00:00
c0f9e85fbe
Split CsrfMiddleware into two to make it more reusable.
...
Also converted it to be a view middleware instead of request,
as this allows more options.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9553 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-03 00:31:31 +00:00
c85c8f8891
Fixed #7919 -- md5 and sha modules are deprecated since Python 2.5, use hashlib module when available. Patch from Karen Tracey.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8193 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-02 05:56:57 +00:00
356662cf74
Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359
...
See documentation in templates.txt and templates_python.txt for how everything
works.
Backwards incompatible if you're inserting raw HTML output via template variables.
Based on an original design from Simon Willison and with debugging help from Michael Radziej.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 12:58:53 +00:00
afc6985267
Fixed #5292 -- Changed CSRF middleware to check for request.method == 'POST' instead of request.POST dictionary not being empty. Thanks, Jakub Wilk
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6038 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-03 06:18:48 +00:00
d9ce900e13
Fixed #3157 -- Made error message XHTML-friendly in CSRF middleware. Thanks, mir@noris.de
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4225 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-18 15:37:52 +00:00
5c0e4f3908
Fixed CsrfMiddleware post processing so that it in the presence of multiple
...
POST <form>s, only one <input> tag is added with an id, for HTML validity.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2900 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-11 22:32:47 +00:00
c26553c4f9
Fixed #1827 - added 'id' attribute to generated CSRF hidden field. Good call, Ian Holsman.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2899 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-11 21:55:53 +00:00
8eecb95ec8
Added CsrfMiddleware to contrib, and documentation.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2868 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-08 23:03:08 +00:00
Luke Plant
Gary Wilson Jr
Malcolm Tredinnick
Adrian Holovaty