id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 5292,CsrfMiddleware does not protect from forged POST request with no data,Jakub Wilk ,Adrian Holovaty,django.contrib.csrf.!CrsfMiddleware permits any POST request with no data. This is entirely wrong.,,closed,Contrib apps,dev,,fixed,,,Ready for checkin,1,0,0,0,0,0