From d774ad752d9844cb7a28fe338d4d711c8576ee6f Mon Sep 17 00:00:00 2001 From: Claude Paroz Date: Mon, 13 Aug 2012 11:34:40 +0200 Subject: [PATCH] [py3] Made csrf context processor return Unicode --- django/core/context_processors.py | 11 +++++++---- django/middleware/csrf.py | 7 ++++--- tests/regressiontests/csrf_tests/tests.py | 2 +- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/django/core/context_processors.py b/django/core/context_processors.py index a503270cf4..ca1ac68f55 100644 --- a/django/core/context_processors.py +++ b/django/core/context_processors.py @@ -6,12 +6,15 @@ and returns a dictionary to add to the context. These are referenced from the setting TEMPLATE_CONTEXT_PROCESSORS and used by RequestContext. """ +from __future__ import unicode_literals from django.conf import settings from django.middleware.csrf import get_token -from django.utils.encoding import smart_bytes +from django.utils import six +from django.utils.encoding import smart_text from django.utils.functional import lazy + def csrf(request): """ Context processor that provides a CSRF token, or the string 'NOTPROVIDED' if @@ -23,10 +26,10 @@ def csrf(request): # In order to be able to provide debugging info in the # case of misconfiguration, we use a sentinel value # instead of returning an empty dict. - return b'NOTPROVIDED' + return 'NOTPROVIDED' else: - return smart_bytes(token) - _get_val = lazy(_get_val, str) + return smart_text(token) + _get_val = lazy(_get_val, six.text_type) return {'csrf_token': _get_val() } diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py index fd8ff30303..305b20e1c4 100644 --- a/django/middleware/csrf.py +++ b/django/middleware/csrf.py @@ -4,6 +4,7 @@ Cross Site Request Forgery Middleware. This module provides a middleware that implements protection against request forgeries from other sites. """ +from __future__ import unicode_literals import hashlib import re @@ -12,6 +13,7 @@ import random from django.conf import settings from django.core.urlresolvers import get_callable from django.utils.cache import patch_vary_headers +from django.utils.encoding import force_text from django.utils.http import same_origin from django.utils.log import getLogger from django.utils.crypto import constant_time_compare, get_random_string @@ -51,11 +53,10 @@ def get_token(request): def _sanitize_token(token): - # Allow only alphanum, and ensure we return a 'str' for the sake - # of the post processing middleware. + # Allow only alphanum if len(token) > CSRF_KEY_LENGTH: return _get_new_csrf_key() - token = re.sub('[^a-zA-Z0-9]+', '', str(token.decode('ascii', 'ignore'))) + token = re.sub('[^a-zA-Z0-9]+', '', force_text(token)) if token == "": # In case the cookie has been truncated to nothing at some point. return _get_new_csrf_key() diff --git a/tests/regressiontests/csrf_tests/tests.py b/tests/regressiontests/csrf_tests/tests.py index 52fd3ea1c7..c5b66a31d1 100644 --- a/tests/regressiontests/csrf_tests/tests.py +++ b/tests/regressiontests/csrf_tests/tests.py @@ -216,7 +216,7 @@ class CsrfViewMiddlewareTest(TestCase): """ req = self._get_GET_no_csrf_cookie_request() resp = token_view(req) - self.assertEqual("", resp.content) + self.assertEqual(resp.content, b'') def test_token_node_empty_csrf_cookie(self): """