From e3c89346d217fca92b62a6d11df6b4b6d5be28a2 Mon Sep 17 00:00:00 2001 From: Timo Graham Date: Sat, 6 Aug 2011 20:34:04 +0000 Subject: [PATCH] Fixed #16430 - Stronger wording for CSRF protection in `modifying upload handlers on the fly`; thanks tomchristie. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16588 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- docs/topics/http/file-uploads.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/topics/http/file-uploads.txt b/docs/topics/http/file-uploads.txt index 532695334a..b845772e97 100644 --- a/docs/topics/http/file-uploads.txt +++ b/docs/topics/http/file-uploads.txt @@ -278,13 +278,13 @@ list:: Also, ``request.POST`` is accessed by :class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by - default. This means you will probably need to use + default. This means you will need to use :func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you - to change the upload handlers. Assuming you do need CSRF protection, you - will then need to use :func:`~django.views.decorators.csrf.csrf_protect` on - the function that actually processes the request. Note that this means that - the handlers may start receiving the file upload before the CSRF checks have - been done. Example code: + to change the upload handlers. You will then need to use + :func:`~django.views.decorators.csrf.csrf_protect` on the function that + actually processes the request. Note that this means that the handlers may + start receiving the file upload before the CSRF checks have been done. + Example code: .. code-block:: python