Ticket #9559: csrf.patch
| File csrf.patch, 1.2 KB (added by , 16 years ago) |
|---|
-
contrib/csrf/middleware.py
9 9 import itertools 10 10 11 11 from django.conf import settings 12 from django.http import HttpResponseForbidden13 12 from django.utils.hashcompat import md5_constructor 14 13 from django.utils.safestring import mark_safe 15 14 16 15 CSRF_TOKEN_NAME = 'csrfmiddlewaretoken' 17 16 18 _ERROR_MSG = mark_safe('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>')19 20 17 _POST_FORM_RE = \ 21 18 re.compile(r'(<form\W[^>]*\bmethod=(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE) 22 19 … … 55 52 # check incoming token 56 53 try: 57 54 request_csrf_token = request.POST[CSRF_TOKEN_NAME] 55 56 if request_csrf_token != csrf_token: 57 raise KeyError 58 58 except KeyError: 59 re turn HttpResponseForbidden(_ERROR_MSG)59 request.POST = [] 60 60 61 if request_csrf_token != csrf_token:62 return HttpResponseForbidden(_ERROR_MSG)63 64 61 return None 65 62 66 63 def process_response(self, request, response):