Fixed #16430 - Stronger wording for CSRF protection in `modifying upload handlers on the fly`; thanks tomchristie.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16588 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-06 20:34:04 +00:00 · 2011-08-06 20:34:04 +00:00 · e3c89346d2
parent 0350d65fa4
commit e3c89346d2
1 changed files with 6 additions and 6 deletions
--- a/docs/topics/http/file-uploads.txt
+++ b/docs/topics/http/file-uploads.txt
@ -278,13 +278,13 @@ list::
    Also, ``request.POST`` is accessed by
    :class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by
-    default. This means you will probably need to use
+    default. This means you will need to use
    :func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you
-    to change the upload handlers. Assuming you do need CSRF protection, you
+    to change the upload handlers.  You will then need to use
-    will then need to use :func:`~django.views.decorators.csrf.csrf_protect` on
+    :func:`~django.views.decorators.csrf.csrf_protect` on the function that
-    the function that actually processes the request.  Note that this means that
+    actually processes the request.  Note that this means that the handlers may
-    the handlers may start receiving the file upload before the CSRF checks have
+    start receiving the file upload before the CSRF checks have been done.
-    been done. Example code:
+    Example code:
    .. code-block:: python