id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
510	[patch] Defend admin against CSRF attacks	Simon Willison	Adrian Holovaty	"Django's admin pages are curently vulnerable to CSRF attacks, as described here:

http://www.squarefree.com/securitytips/web-developers.html#CSRF

All POST forms in the admin should contain a hidden field with a shared secret that can be used to confirm the origin of the form."	enhancement	closed	contrib.admin		major	fixed		gdub@…	Unreviewed	1	0	0	0	0	0