diff options
author | Aymeric Augustin <aymeric.augustin@m4x.org> | 2015-02-22 15:40:04 +0100 |
---|---|---|
committer | Aymeric Augustin <aymeric.augustin@m4x.org> | 2015-02-22 15:46:35 +0100 |
commit | 88a5f17d25a25dbd2ebcf905dcecc45ce78a1615 (patch) | |
tree | 2721d7feef75dc48cc354cc28aecab50a6b2444f /django/views/csrf.py | |
parent | eba6dff581aa8bd6a1c08456e83e68ad09ae4ec3 (diff) | |
download | django-88a5f17d25a25dbd2ebcf905dcecc45ce78a1615.tar.gz |
Fixed #24389 -- Isolated the CSRF view from the TEMPLATES setting.
Thanks uranusjr for the report and analysis.
Diffstat (limited to 'django/views/csrf.py')
-rw-r--r-- | django/views/csrf.py | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/django/views/csrf.py b/django/views/csrf.py index aa227d3b6e..9ab9c44171 100644 --- a/django/views/csrf.py +++ b/django/views/csrf.py @@ -1,6 +1,6 @@ from django.conf import settings from django.http import HttpResponseForbidden -from django.template import Context, Template +from django.template import Context, Engine from django.utils.translation import ugettext as _ from django.utils.version import get_docs_version @@ -67,9 +67,9 @@ CSRF_FAILURE_TEMPLATE = """ <ul> <li>Your browser is accepting cookies.</li> - <li>The view function uses <a - href="https://docs.djangoproject.com/en/{{ docs_version }}/ref/templates/api/#subclassing-context-requestcontext"><code>RequestContext</code></a> - for the template, instead of <code>Context</code>.</li> + <li>The view function passes a <code>request</code> to the template's <a + href="https://docs.djangoproject.com/en/dev/topics/templates/#django.template.backends.base.Template.render"><code>render</code></a> + method.</li> <li>In the template, there is a <code>{% templatetag openblock %} csrf_token {% templatetag closeblock %}</code> template tag inside each POST form that @@ -102,7 +102,7 @@ def csrf_failure(request, reason=""): Default view used when request fails CSRF protection """ from django.middleware.csrf import REASON_NO_REFERER, REASON_NO_CSRF_COOKIE - t = Template(CSRF_FAILURE_TEMPLATE) + t = Engine().from_string(CSRF_FAILURE_TEMPLATE) c = Context({ 'title': _("Forbidden"), 'main': _("CSRF verification failed. Request aborted."), |