Commit Graph

15 Commits

Author SHA1 Message Date
Chris Jerdonek 3f0025c18a Refs #32800 -- Avoided use of _does_token_match() in some CSRF tests. 2021-11-16 11:21:30 +01:00
Chris Jerdonek 7132341255 Refs #32800 -- Renamed _compare_masked_tokens() to _does_token_match(). 2021-08-03 07:10:31 +02:00
Jon Dufresne d6aff369ad Refs #30116 -- Simplified regex match group access with Match.__getitem__().
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
2020-05-11 12:01:28 +02:00
Ram Rachum 5b09354954
Fixed #31291 -- Renamed salt to mask for CSRF tokens. 2020-02-25 14:16:19 +01:00
Claude Paroz 4d973f5939 Refs #26601 -- Deprecated passing None as get_response arg to middleware classes.
This is the new contract since middleware refactoring in Django 1.10.

Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-18 20:03:44 +01:00
Jon Dufresne ff05de760c Fixed #29038 -- Removed closing slash from HTML void tags. 2018-01-21 02:09:10 -05:00
Tim Graham 29f607927f Fixed spelling of "nonexistent". 2017-02-03 08:01:45 -05:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Shai Berger 5112e65ef2 Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
Simon Charette ead36e8a47 Refs #24652 -- Made sure template backend tests call their super setUpClass. 2015-05-20 12:50:40 -04:00
Preston Timmons adff499e47 Fixed #24119, #24120 -- Formalized debug integration for template backends. 2015-05-06 17:33:47 -05:00
Moritz Sichert 6bff343989 Refs #24469 -- Fixed escaping of forms, fields, and media in non-Django templates. 2015-03-18 09:11:01 -04:00
Aymeric Augustin 71b7668b75 Rewrapped TemplateSyntaxError in Jinja2 backend.
Changed import style to avoid confusion between Django's and Jinja2's
APIs.
2015-01-12 21:01:34 +01:00
Aymeric Augustin 332154e726 Added basic tests for template backends. 2014-12-28 16:23:00 +01:00