diff --git a/django/contrib/csrf/middleware.py b/django/contrib/csrf/middleware.py index 24c1511..8a9fac5 100644 --- a/django/contrib/csrf/middleware.py +++ b/django/contrib/csrf/middleware.py @@ -13,6 +13,8 @@ from django.http import HttpResponseForbidden from django.utils.hashcompat import md5_constructor from django.utils.safestring import mark_safe +CSRF_TOKEN_NAME = 'csrfmiddlewaretoken' + _ERROR_MSG = mark_safe('
Cross Site Request Forgery detected. Request aborted.
') _POST_FORM_RE = \ @@ -52,7 +54,7 @@ class CsrfMiddleware(object): csrf_token = _make_token(session_id) # check incoming token try: - request_csrf_token = request.POST['csrfmiddlewaretoken'] + request_csrf_token = request.POST[CSRF_TOKEN_NAME] except KeyError: return HttpResponseForbidden(_ERROR_MSG) @@ -80,13 +82,13 @@ class CsrfMiddleware(object): response['Content-Type'].split(';')[0] in _HTML_TYPES: # ensure we don't add the 'id' attribute twice (HTML validity) - idattributes = itertools.chain(("id='csrfmiddlewaretoken'",), + idattributes = itertools.chain(("id='%s'" % (CSRF_TOKEN_NAME,),), itertools.repeat('')) def add_csrf_field(match): """Returns the matched