Fixed #10884 - more lenient regexp for matching forms in CSRF post-processing
Thanks to Ryszard Szopa for the report and fix git-svn-id: http://code.djangoproject.com/svn/django/trunk@10617 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
037ce4318b
commit
71233bcdf3
|
@ -20,7 +20,7 @@ from django.utils.safestring import mark_safe
|
||||||
_ERROR_MSG = mark_safe('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>')
|
_ERROR_MSG = mark_safe('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>')
|
||||||
|
|
||||||
_POST_FORM_RE = \
|
_POST_FORM_RE = \
|
||||||
re.compile(r'(<form\W[^>]*\bmethod=(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE)
|
re.compile(r'(<form\W[^>]*\bmethod\s*=\s*(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE)
|
||||||
|
|
||||||
_HTML_TYPES = ('text/html', 'application/xhtml+xml')
|
_HTML_TYPES = ('text/html', 'application/xhtml+xml')
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue