Changeset 6672 for django/branches/gis/django/contrib/csrf
- Timestamp:
- 11/14/07 13:13:37 (1 year ago)
- Files:
-
- django/branches/gis (modified) (1 prop)
- django/branches/gis/django/contrib/csrf/middleware.py (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
django/branches/gis
- Property svnmerge-integrated changed from /django/trunk:1-6613 to /django/trunk:1-6671
django/branches/gis/django/contrib/csrf/middleware.py
r6394 r6672 8 8 from django.conf import settings 9 9 from django.http import HttpResponseForbidden 10 from django.utils.safestring import mark_safe 10 11 import md5 11 12 import re 12 13 import itertools 13 14 14 _ERROR_MSG = '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>'15 _ERROR_MSG = mark_safe('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>') 15 16 16 17 _POST_FORM_RE = \ … … 83 84 def add_csrf_field(match): 84 85 """Returns the matched <form> tag plus the added <input> element""" 85 return ma tch.group() + "<div style='display:none;'>" + \86 return mark_safe(match.group() + "<div style='display:none;'>" + \ 86 87 "<input type='hidden' " + idattributes.next() + \ 87 88 " name='csrfmiddlewaretoken' value='" + csrf_token + \ 88 "' /></div>" 89 "' /></div>") 89 90 90 91 # Modify any POST forms
