From bad2825fab9f45f468414ed551bad9d987923600 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Sat, 5 Jun 2010 12:58:31 -0500 Subject: Updates for CSRF protection in Django 1.2.X Signed-off-by: Dan McGee --- packages/views.py | 2 +- settings.py | 1 + templates/devel/index.html | 2 +- templates/devel/profile.html | 2 +- templates/general_form.html | 2 +- templates/mirrors/index.html | 2 +- templates/news/add.html | 2 +- templates/news/delete.html | 2 +- templates/packages/details.html | 2 +- templates/packages/flag.html | 2 +- templates/packages/search.html | 2 +- templates/registration/login.html | 2 +- templates/todolists/todolist_confirm_delete.html | 2 +- 13 files changed, 13 insertions(+), 12 deletions(-) diff --git a/packages/views.py b/packages/views.py index 6838de03..9053906b 100644 --- a/packages/views.py +++ b/packages/views.py @@ -316,7 +316,7 @@ def flag(request, name='', repo='', arch=''): context['form'] = form - return render_to_response('packages/flag.html', context) + return render_to_response('packages/flag.html', RequestContext(request, context)) def download(request, name='', repo='', arch=''): pkg = get_object_or_404(Package, diff --git a/settings.py b/settings.py index 30f594e6..6c9a1183 100644 --- a/settings.py +++ b/settings.py @@ -46,6 +46,7 @@ MIDDLEWARE_CLASSES = ( 'main.middleware.UpdateCacheMiddleware', "django.contrib.sessions.middleware.SessionMiddleware", + 'django.middleware.csrf.CsrfViewMiddleware', "django.contrib.auth.middleware.AuthenticationMiddleware", 'django.middleware.http.ConditionalGetMiddleware', "django.middleware.common.CommonMiddleware", diff --git a/templates/devel/index.html b/templates/devel/index.html index 662e8246..25429ecf 100644 --- a/templates/devel/index.html +++ b/templates/devel/index.html @@ -60,7 +60,7 @@

My Flagged Packages

-
+ {% csrf_token %}

diff --git a/templates/devel/profile.html b/templates/devel/profile.html index 178a59aa..2c1c658d 100644 --- a/templates/devel/profile.html +++ b/templates/devel/profile.html @@ -6,7 +6,7 @@

Developer Profile

- + {% csrf_token %}
Username: {{ user.username }} {{ form.as_p }} diff --git a/templates/general_form.html b/templates/general_form.html index d499919a..93e73aca 100644 --- a/templates/general_form.html +++ b/templates/general_form.html @@ -8,7 +8,7 @@

{{title}}

{% if description %}{{description}}{% endif %} - + {% csrf_token %}
{% for field in form %}


diff --git a/templates/mirrors/index.html b/templates/mirrors/index.html index b347a086..55c172d7 100644 --- a/templates/mirrors/index.html +++ b/templates/mirrors/index.html @@ -13,7 +13,7 @@

Pacman Mirrorlist Generator

Simply replace the contents of /etc/pacman.d/mirrorlist with the generated code.

- + {% csrf_token %} {{ mirrorlist_form.as_p }}

diff --git a/templates/news/add.html b/templates/news/add.html index 38b5b21d..04a55689 100644 --- a/templates/news/add.html +++ b/templates/news/add.html @@ -10,7 +10,7 @@

News: Edit Article

News: Add Article

{% endif %} -
+ {% csrf_token %}
{{ form.as_p }}
diff --git a/templates/news/delete.html b/templates/news/delete.html index 6a2fa1e8..3e3ba95e 100644 --- a/templates/news/delete.html +++ b/templates/news/delete.html @@ -14,7 +14,7 @@

News: Delete Entry Confirmation

Are you sure?

- + {% csrf_token %}

diff --git a/templates/packages/details.html b/templates/packages/details.html index f60324e8..247b6344 100644 --- a/templates/packages/details.html +++ b/templates/packages/details.html @@ -32,7 +32,7 @@

Package Details: {{ pkg.pkgname }} {{ pkg.pkgver }}-{{ pkg.pkgrel }}

{% if user.is_authenticated %} -
+ {% csrf_token %}

  

diff --git a/templates/packages/flag.html b/templates/packages/flag.html index 71d84982..9a5b123b 100644 --- a/templates/packages/flag.html +++ b/templates/packages/flag.html @@ -31,7 +31,7 @@

Flag Package: {{ pkg.pkgname }}

Please confirm your flag request for {{pkg.pkgname}}:

- + {% csrf_token %}
{{ form.as_p }}
diff --git a/templates/packages/search.html b/templates/packages/search.html index 6a22b7d8..6ed7f95f 100644 --- a/templates/packages/search.html +++ b/templates/packages/search.html @@ -69,7 +69,7 @@

Package Search

{% endif %} - + {% csrf_token %} diff --git a/templates/registration/login.html b/templates/registration/login.html index 2f626566..867910ba 100644 --- a/templates/registration/login.html +++ b/templates/registration/login.html @@ -10,7 +10,7 @@

Developer Login

{% endif %} - + {% csrf_token %}
Enter login credentials {{ form.as_p }} diff --git a/templates/todolists/todolist_confirm_delete.html b/templates/todolists/todolist_confirm_delete.html index c1e87834..39c9f0da 100644 --- a/templates/todolists/todolist_confirm_delete.html +++ b/templates/todolists/todolist_confirm_delete.html @@ -14,7 +14,7 @@

Delete Todo List: {{object.name}}

Are you sure?

- + {% csrf_token %}

-- cgit v1.2.3-54-g00ecf