test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[py3] Made csrf context processor return Unicode

This commit is contained in:
Claude Paroz 2012-08-13 11:34:40 +02:00
parent 5e958b958b
commit d774ad752d
3 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
django/core/context_processors.py
View File

@ -6,12 +6,15 @@ and returns a dictionary to add to the context.
These are referenced from the setting TEMPLATE_CONTEXT_PROCESSORS and used by These are referenced from the setting TEMPLATE_CONTEXT_PROCESSORS and used by
RequestContext. RequestContext.
""" """
from __future__ import unicode_literals
from django.conf import settings from django.conf import settings
from django.middleware.csrf import get_token from django.middleware.csrf import get_token
from django.utils.encoding import smart_bytes from django.utils import six
from django.utils.encoding import smart_text
from django.utils.functional import lazy from django.utils.functional import lazy
def csrf(request): def csrf(request):
""" """
Context processor that provides a CSRF token, or the string 'NOTPROVIDED' if Context processor that provides a CSRF token, or the string 'NOTPROVIDED' if
@ -23,10 +26,10 @@ def csrf(request):
# In order to be able to provide debugging info in the # In order to be able to provide debugging info in the
# case of misconfiguration, we use a sentinel value # case of misconfiguration, we use a sentinel value
# instead of returning an empty dict. # instead of returning an empty dict.
return b'NOTPROVIDED' return 'NOTPROVIDED'
else: else:
return smart_bytes(token) return smart_text(token)
_get_val = lazy(_get_val, str) _get_val = lazy(_get_val, six.text_type)
return {'csrf_token': _get_val() } return {'csrf_token': _get_val() }

7
django/middleware/csrf.py
View File

@ -4,6 +4,7 @@ Cross Site Request Forgery Middleware.
This module provides a middleware that implements protection This module provides a middleware that implements protection
against request forgeries from other sites. against request forgeries from other sites.
""" """
from __future__ import unicode_literals
import hashlib import hashlib
import re import re
@ -12,6 +13,7 @@ import random
from django.conf import settings from django.conf import settings
from django.core.urlresolvers import get_callable from django.core.urlresolvers import get_callable
from django.utils.cache import patch_vary_headers from django.utils.cache import patch_vary_headers
from django.utils.encoding import force_text
from django.utils.http import same_origin from django.utils.http import same_origin
from django.utils.log import getLogger from django.utils.log import getLogger
from django.utils.crypto import constant_time_compare, get_random_string from django.utils.crypto import constant_time_compare, get_random_string
@ -51,11 +53,10 @@ def get_token(request):
def _sanitize_token(token): def _sanitize_token(token):
# Allow only alphanum, and ensure we return a 'str' for the sake # Allow only alphanum
# of the post processing middleware.
if len(token) > CSRF_KEY_LENGTH: if len(token) > CSRF_KEY_LENGTH:
return _get_new_csrf_key() return _get_new_csrf_key()
token = re.sub('[^a-zA-Z0-9]+', '', str(token.decode('ascii', 'ignore'))) token = re.sub('[^a-zA-Z0-9]+', '', force_text(token))
if token == "": if token == "":
# In case the cookie has been truncated to nothing at some point. # In case the cookie has been truncated to nothing at some point.
return _get_new_csrf_key() return _get_new_csrf_key()

2
tests/regressiontests/csrf_tests/tests.py
View File

@ -216,7 +216,7 @@ class CsrfViewMiddlewareTest(TestCase):
""" """
req = self._get_GET_no_csrf_cookie_request() req = self._get_GET_no_csrf_cookie_request()
resp = token_view(req) resp = token_view(req)
self.assertEqual("", resp.content) self.assertEqual(resp.content, b'')
def test_token_node_empty_csrf_cookie(self): def test_token_node_empty_csrf_cookie(self):
""" """