Fixed #12933 - AdminSite.admin_view disables @csrf_view_exempt

Thanks to philomat for report and patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12619 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-27 21:08:30 +00:00 · 2010-02-27 21:08:30 +00:00 · d7abb33e70
parent 9f592ecced
commit d7abb33e70
1 changed files with 2 additions and 1 deletions
--- a/django/contrib/admin/sites.py
+++ b/django/contrib/admin/sites.py
@ -196,7 +196,8 @@ class AdminSite(object):
            inner = never_cache(inner)
        # We add csrf_protect here so this function can be used as a utility
        # function for any view, without having to repeat 'csrf_protect'.
-        inner = csrf_protect(inner)
+        if not getattr(view, 'csrf_exempt', False):
+            inner = csrf_protect(inner)
        return update_wrapper(inner, view)

    def get_urls(self):