mirror of https://github.com/django/django.git
[py3] Made csrf context processor return Unicode
This commit is contained in:
parent
5e958b958b
commit
d774ad752d
|
@ -6,12 +6,15 @@ and returns a dictionary to add to the context.
|
|||
These are referenced from the setting TEMPLATE_CONTEXT_PROCESSORS and used by
|
||||
RequestContext.
|
||||
"""
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.conf import settings
|
||||
from django.middleware.csrf import get_token
|
||||
from django.utils.encoding import smart_bytes
|
||||
from django.utils import six
|
||||
from django.utils.encoding import smart_text
|
||||
from django.utils.functional import lazy
|
||||
|
||||
|
||||
def csrf(request):
|
||||
"""
|
||||
Context processor that provides a CSRF token, or the string 'NOTPROVIDED' if
|
||||
|
@ -23,10 +26,10 @@ def csrf(request):
|
|||
# In order to be able to provide debugging info in the
|
||||
# case of misconfiguration, we use a sentinel value
|
||||
# instead of returning an empty dict.
|
||||
return b'NOTPROVIDED'
|
||||
return 'NOTPROVIDED'
|
||||
else:
|
||||
return smart_bytes(token)
|
||||
_get_val = lazy(_get_val, str)
|
||||
return smart_text(token)
|
||||
_get_val = lazy(_get_val, six.text_type)
|
||||
|
||||
return {'csrf_token': _get_val() }
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@ Cross Site Request Forgery Middleware.
|
|||
This module provides a middleware that implements protection
|
||||
against request forgeries from other sites.
|
||||
"""
|
||||
from __future__ import unicode_literals
|
||||
|
||||
import hashlib
|
||||
import re
|
||||
|
@ -12,6 +13,7 @@ import random
|
|||
from django.conf import settings
|
||||
from django.core.urlresolvers import get_callable
|
||||
from django.utils.cache import patch_vary_headers
|
||||
from django.utils.encoding import force_text
|
||||
from django.utils.http import same_origin
|
||||
from django.utils.log import getLogger
|
||||
from django.utils.crypto import constant_time_compare, get_random_string
|
||||
|
@ -51,11 +53,10 @@ def get_token(request):
|
|||
|
||||
|
||||
def _sanitize_token(token):
|
||||
# Allow only alphanum, and ensure we return a 'str' for the sake
|
||||
# of the post processing middleware.
|
||||
# Allow only alphanum
|
||||
if len(token) > CSRF_KEY_LENGTH:
|
||||
return _get_new_csrf_key()
|
||||
token = re.sub('[^a-zA-Z0-9]+', '', str(token.decode('ascii', 'ignore')))
|
||||
token = re.sub('[^a-zA-Z0-9]+', '', force_text(token))
|
||||
if token == "":
|
||||
# In case the cookie has been truncated to nothing at some point.
|
||||
return _get_new_csrf_key()
|
||||
|
|
|
@ -216,7 +216,7 @@ class CsrfViewMiddlewareTest(TestCase):
|
|||
"""
|
||||
req = self._get_GET_no_csrf_cookie_request()
|
||||
resp = token_view(req)
|
||||
self.assertEqual("", resp.content)
|
||||
self.assertEqual(resp.content, b'')
|
||||
|
||||
def test_token_node_empty_csrf_cookie(self):
|
||||
"""
|
||||
|
|
Loading…
Reference in New Issue