← Back to branch summary

~ubuntu-branches/ubuntu/natty/python-django/natty-security

« back to all changes in this revision

Viewing changes to django/views/decorators/csrf.py

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2011-02-17 13:34:07 UTC
  • mfrom: (1.1.13 upstream) (4.4.12 sid)
  • Revision ID: james.westby@ubuntu.com-20110217133407-rwr88elhhq6j7ba0
Tags: 1.2.5-1ubuntu1
https://launchpad.net/bugs/719031
* Merge from Debian for security fixes (LP: #719031). Remaining changes:
  - debian/control: don't Build-Depends on locales-all, which doesn't exist
    in natty
* Drop the following patches, now included upstream:
  - debian/patches/07_security_admin_infoleak.diff
  - debian/patches/08_security_pasword_reset_dos.diff

Show diffs side-by-side

added added

removed removed

Lines of Context:
django/views/decorators/csrf.py
14
14
using the decorator multiple times, is harmless and efficient.
15
15
"""
16
16
 
 
17
 
 
18
class _EnsureCsrfToken(CsrfViewMiddleware):
 
19
    # We need this to behave just like the CsrfViewMiddleware, but not reject
 
20
    # requests.
 
21
    def _reject(self, request, reason):
 
22
        return None
 
23
 
 
24
 
 
25
requires_csrf_token = decorator_from_middleware(_EnsureCsrfToken)
 
26
requires_csrf_token.__name__ = 'requires_csrf_token'
 
27
csrf_protect.__doc__ = """
 
28
Use this decorator on views that need a correct csrf_token available to
 
29
RequestContext, but without the CSRF protection that csrf_protect
 
30
enforces.
 
31
"""
 
32
 
17
33
def csrf_response_exempt(view_func):
18
34
    """
19
35
    Modifies a view function so that its response is exempt