diff --git a/django/conf/global_settings.py b/django/conf/global_settings.py index 62c7dd90c20..a0ce96a8182 100644 --- a/django/conf/global_settings.py +++ b/django/conf/global_settings.py @@ -300,7 +300,7 @@ DEFAULT_INDEX_TABLESPACE = '' MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', - 'django.contrib.csrf.middleware.CsrfViewMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', # 'django.middleware.http.ConditionalGetMiddleware', # 'django.middleware.gzip.GZipMiddleware', @@ -381,7 +381,7 @@ PASSWORD_RESET_TIMEOUT_DAYS = 3 # Dotted path to callable to be used as view when a request is # rejected by the CSRF middleware. -CSRF_FAILURE_VIEW = 'django.contrib.csrf.views.csrf_failure' +CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure' # Name and domain for CSRF cookie. CSRF_COOKIE_NAME = 'csrftoken' diff --git a/django/conf/project_template/settings.py b/django/conf/project_template/settings.py index f83f3d505af..9b0b516c80f 100644 --- a/django/conf/project_template/settings.py +++ b/django/conf/project_template/settings.py @@ -60,7 +60,7 @@ TEMPLATE_LOADERS = ( MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', - 'django.contrib.csrf.middleware.CsrfViewMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', ) diff --git a/django/contrib/admin/options.py b/django/contrib/admin/options.py index c702e873407..0119e430b80 100644 --- a/django/contrib/admin/options.py +++ b/django/contrib/admin/options.py @@ -6,7 +6,7 @@ from django.contrib.contenttypes.models import ContentType from django.contrib.admin import widgets from django.contrib.admin import helpers from django.contrib.admin.util import unquote, flatten_fieldsets, get_deleted_objects, model_ngettext, model_format_dict -from django.contrib.csrf.decorators import csrf_protect +from django.views.decorators.csrf import csrf_protect from django.core.exceptions import PermissionDenied from django.db import models, transaction from django.db.models.fields import BLANK_CHOICE_DASH diff --git a/django/contrib/admin/sites.py b/django/contrib/admin/sites.py index d686540e560..33126999c80 100644 --- a/django/contrib/admin/sites.py +++ b/django/contrib/admin/sites.py @@ -3,8 +3,7 @@ from django import http, template from django.contrib.admin import ModelAdmin from django.contrib.admin import actions from django.contrib.auth import authenticate, login -from django.contrib.csrf.middleware import csrf_response_exempt -from django.contrib.csrf.decorators import csrf_protect +from django.views.decorators.csrf import csrf_protect, csrf_response_exempt from django.db.models.base import ModelBase from django.core.exceptions import ImproperlyConfigured from django.core.urlresolvers import reverse diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py index 9d367102116..d427874df04 100644 --- a/django/contrib/auth/views.py +++ b/django/contrib/auth/views.py @@ -4,7 +4,7 @@ from django.contrib.auth.decorators import login_required from django.contrib.auth.forms import AuthenticationForm from django.contrib.auth.forms import PasswordResetForm, SetPasswordForm, PasswordChangeForm from django.contrib.auth.tokens import default_token_generator -from django.contrib.csrf.decorators import csrf_protect +from django.views.decorators.csrf import csrf_protect from django.core.urlresolvers import reverse from django.shortcuts import render_to_response, get_object_or_404 from django.contrib.sites.models import Site, RequestSite diff --git a/django/contrib/comments/views/comments.py b/django/contrib/comments/views/comments.py index ada7e9c77e1..7fbe80eead0 100644 --- a/django/contrib/comments/views/comments.py +++ b/django/contrib/comments/views/comments.py @@ -10,7 +10,7 @@ from django.utils.html import escape from django.views.decorators.http import require_POST from django.contrib import comments from django.contrib.comments import signals -from django.contrib.csrf.decorators import csrf_protect +from django.views.decorators.csrf import csrf_protect class CommentPostBadRequest(http.HttpResponseBadRequest): """ diff --git a/django/contrib/comments/views/moderation.py b/django/contrib/comments/views/moderation.py index 76db326c316..73304ba4164 100644 --- a/django/contrib/comments/views/moderation.py +++ b/django/contrib/comments/views/moderation.py @@ -5,7 +5,7 @@ from django.contrib.auth.decorators import login_required, permission_required from utils import next_redirect, confirmation_view from django.contrib import comments from django.contrib.comments import signals -from django.contrib.csrf.decorators import csrf_protect +from django.views.decorators.csrf import csrf_protect @csrf_protect @login_required diff --git a/django/contrib/csrf/context_processors.py b/django/contrib/csrf/context_processors.py deleted file mode 100644 index b78030a0b25..00000000000 --- a/django/contrib/csrf/context_processors.py +++ /dev/null @@ -1,20 +0,0 @@ -from django.contrib.csrf.middleware import get_token -from django.utils.functional import lazy - -def csrf(request): - """ - Context processor that provides a CSRF token, or the string 'NOTPROVIDED' if - it has not been provided by either a view decorator or the middleware - """ - def _get_val(): - token = get_token(request) - if token is None: - # In order to be able to provide debugging info in the - # case of misconfiguration, we use a sentinel value - # instead of returning an empty dict. - return 'NOTPROVIDED' - else: - return token - _get_val = lazy(_get_val, str) - - return {'csrf_token': _get_val() } diff --git a/django/contrib/csrf/decorators.py b/django/contrib/csrf/decorators.py deleted file mode 100644 index 67e33bce5c9..00000000000 --- a/django/contrib/csrf/decorators.py +++ /dev/null @@ -1,10 +0,0 @@ -from django.contrib.csrf.middleware import CsrfViewMiddleware -from django.utils.decorators import decorator_from_middleware - -csrf_protect = decorator_from_middleware(CsrfViewMiddleware) -csrf_protect.__name__ = "csrf_protect" -csrf_protect.__doc__ = """ -This decorator adds CSRF protection in exactly the same way as -CsrfViewMiddleware, but it can be used on a per view basis. Using both, or -using the decorator multiple times, is harmless and efficient. -""" diff --git a/django/contrib/csrf/middleware.py b/django/contrib/csrf/middleware.py index daee12379e3..4885cfcc3e5 100644 --- a/django/contrib/csrf/middleware.py +++ b/django/contrib/csrf/middleware.py @@ -1,294 +1,7 @@ -""" -Cross Site Request Forgery Middleware. +from django.middleware.csrf import CsrfMiddleware, CsrfViewMiddleware, CsrfResponseMiddleware +from django.views.decorators.csrf import csrf_exempt, csrf_view_exempt, csrf_response_exempt -This module provides a middleware that implements protection -against request forgeries from other sites. -""" - -import itertools -import re -import random -try: - from functools import wraps -except ImportError: - from django.utils.functional import wraps # Python 2.3, 2.4 fallback. - -from django.conf import settings -from django.core.urlresolvers import get_callable -from django.utils.cache import patch_vary_headers -from django.utils.hashcompat import md5_constructor -from django.utils.safestring import mark_safe - -_POST_FORM_RE = \ - re.compile(r'(