gis: Merged revisions 7981-8001,8003-8011,8013-8033,8035-8036,8038-8039,8041-8063,8065-8076,8078-8139,8141-8154,8156-8214 via svnmerge from trunk.archive/attic/gis attic/gis

git-svn-id: http://code.djangoproject.com/svn/django/branches/gis@8215 bcc190cf-cafb-0310-a4f2-bffc1f526a37
author: Justin Bronn <jbronn@gmail.com> 2008-08-05 17:15:33 +0000
committer: Justin Bronn <jbronn@gmail.com> 2008-08-05 17:15:33 +0000
commit: aa239e3e5405933af6a29dac3cf587b59a099927 (patch)
tree: ea2cbd139c9a8cf84c09e0b2008bff70e05927ef /django/contrib/csrf/middleware.py
parent: 45b73c9a4685809236f84046cc7ffd32a50db958 (diff)
download: django-attic/gis.tar.gz
1 files changed, 27 insertions, 26 deletions
diff --git a/django/contrib/csrf/middleware.py b/django/contrib/csrf/middleware.py
index 1a75a5d6ab..24c1511c91 100644
--- a/django/contrib/csrf/middleware.py
+++ b/django/contrib/csrf/middleware.py
@@ -2,44 +2,45 @@
 Cross Site Request Forgery Middleware.
 
 This module provides a middleware that implements protection
-against request forgeries from other sites. 
-
+against request forgeries from other sites.
 """
+
+import re
+import itertools
+
 from django.conf import settings
 from django.http import HttpResponseForbidden
+from django.utils.hashcompat import md5_constructor
 from django.utils.safestring import mark_safe
-import md5
-import re
-import itertools
 
 _ERROR_MSG = mark_safe('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>')
 
 _POST_FORM_RE = \
     re.compile(r'(<form\W[^>]*\bmethod=(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE)
-    
-_HTML_TYPES = ('text/html', 'application/xhtml+xml')    
+
+_HTML_TYPES = ('text/html', 'application/xhtml+xml')
 
 def _make_token(session_id):
-    return md5.new(settings.SECRET_KEY + session_id).hexdigest()
+    return md5_constructor(settings.SECRET_KEY + session_id).hexdigest()
 
 class CsrfMiddleware(object):
     """Django middleware that adds protection against Cross Site
-    Request Forgeries by adding hidden form fields to POST forms and 
-    checking requests for the correct value.  
-    
-    In the list of middlewares, SessionMiddleware is required, and must come 
-    after this middleware.  CsrfMiddleWare must come after compression 
+    Request Forgeries by adding hidden form fields to POST forms and
+    checking requests for the correct value.
+
+    In the list of middlewares, SessionMiddleware is required, and must come
+    after this middleware.  CsrfMiddleWare must come after compression
     middleware.
-   
-    If a session ID cookie is present, it is hashed with the SECRET_KEY 
-    setting to create an authentication token.  This token is added to all 
-    outgoing POST forms and is expected on all incoming POST requests that 
+
+    If a session ID cookie is present, it is hashed with the SECRET_KEY
+    setting to create an authentication token.  This token is added to all
+    outgoing POST forms and is expected on all incoming POST requests that
     have a session ID cookie.
-    
-    If you are setting cookies directly, instead of using Django's session 
+
+    If you are setting cookies directly, instead of using Django's session
     framework, this middleware will not work.
     """
-    
+
     def process_request(self, request):
         if request.method == 'POST':
             try:
@@ -54,10 +55,10 @@ class CsrfMiddleware(object):
                 request_csrf_token = request.POST['csrfmiddlewaretoken']
             except KeyError:
                 return HttpResponseForbidden(_ERROR_MSG)
-            
+
             if request_csrf_token != csrf_token:
                 return HttpResponseForbidden(_ERROR_MSG)
-                
+
         return None
 
     def process_response(self, request, response):
@@ -66,7 +67,7 @@ class CsrfMiddleware(object):
             cookie = response.cookies[settings.SESSION_COOKIE_NAME]
             csrf_token = _make_token(cookie.value)
         except KeyError:
-            # No outgoing cookie to set session, but 
+            # No outgoing cookie to set session, but
             # a session might already exist.
             try:
                 session_id = request.COOKIES[settings.SESSION_COOKIE_NAME]
@@ -74,12 +75,12 @@ class CsrfMiddleware(object):
             except KeyError:
                 # no incoming or outgoing cookie
                 pass
-            
+
         if csrf_token is not None and \
                 response['Content-Type'].split(';')[0] in _HTML_TYPES:
-            
+
             # ensure we don't add the 'id' attribute twice (HTML validity)
-            idattributes = itertools.chain(("id='csrfmiddlewaretoken'",), 
+            idattributes = itertools.chain(("id='csrfmiddlewaretoken'",),
                                             itertools.repeat(''))
             def add_csrf_field(match):
                 """Returns the matched <form> tag plus the added <input> element"""
author	Justin Bronn <jbronn@gmail.com>	2008-08-05 17:15:33 +0000
committer	Justin Bronn <jbronn@gmail.com>	2008-08-05 17:15:33 +0000
commit	aa239e3e5405933af6a29dac3cf587b59a099927 (patch)
tree	ea2cbd139c9a8cf84c09e0b2008bff70e05927ef /django/contrib/csrf/middleware.py
parent	45b73c9a4685809236f84046cc7ffd32a50db958 (diff)
download	django-attic/gis.tar.gz