django

Commit Graph

Author	SHA1	Message	Date
Claude Paroz	2366100872	Removed unneeded force_text calls in the test suite	2017-01-24 18:45:54 +01:00
Shai Berger	5112e65ef2	Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them Note that the cookie is not changed every request, just the token retrieved by the `get_token()` method (used also by the `{% csrf_token %}` tag). While at it, made token validation strict: Where, before, any length was accepted and non-ASCII chars were ignored, we now treat anything other than `[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for backwards-compatibility, are accepted and replaced by 64-char ones). Thanks Trac user patrys for reporting, github user adambrenecki for initial patch, Tim Graham for help, and Curtis Maloney, Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne for reviews.	2016-05-19 05:02:19 +03:00
Tim Graham	70be31bba7	Fixed #24836 -- Made force_text() resolve lazy objects.	2015-05-27 09:48:53 -04:00

Author

SHA1

Message

Date

Claude Paroz

2366100872

Removed unneeded force_text calls in the test suite

2017-01-24 18:45:54 +01:00

Shai Berger

5112e65ef2

Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them

Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.

2016-05-19 05:02:19 +03:00

Tim Graham

70be31bba7

Fixed #24836 -- Made force_text() resolve lazy objects.

2015-05-27 09:48:53 -04:00

3 Commits