Ticket #9559: csrf.patch

File csrf.patch, 1.2 KB (added by zain, 7 years ago)
  • contrib/csrf/middleware.py

     
    99import itertools
    1010
    1111from django.conf import settings
    12 from django.http import HttpResponseForbidden
    1312from django.utils.hashcompat import md5_constructor
    1413from django.utils.safestring import mark_safe
    1514
    1615CSRF_TOKEN_NAME = 'csrfmiddlewaretoken'
    1716
    18 _ERROR_MSG = mark_safe('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>')
    19 
    2017_POST_FORM_RE = \
    2118    re.compile(r'(<form\W[^>]*\bmethod=(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE)
    2219
     
    5552            # check incoming token
    5653            try:
    5754                request_csrf_token = request.POST[CSRF_TOKEN_NAME]
     55
     56                if request_csrf_token != csrf_token:
     57                    raise KeyError
    5858            except KeyError:
    59                 return HttpResponseForbidden(_ERROR_MSG)
     59                request.POST = []
    6060
    61             if request_csrf_token != csrf_token:
    62                 return HttpResponseForbidden(_ERROR_MSG)
    63 
    6461        return None
    6562
    6663    def process_response(self, request, response):
Back to Top