Added a no-op {% csrf_token %} tag to 1.1.X, to ease transition of apps to 1.2

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.1.X@11674 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 21:50:58 +00:00 · 2009-10-27 21:50:58 +00:00 · ebe5405282
commit ebe5405282
parent 1ab0b23df6
3 changed files with 26 additions and 0 deletions
--- a/django/contrib/csrf/tests.py
+++ b/django/contrib/csrf/tests.py
@ -4,6 +4,7 @@ from django.test import TestCase
 from django.http import HttpRequest, HttpResponse, HttpResponseForbidden
 from django.contrib.csrf.middleware import CsrfMiddleware, _make_token, csrf_exempt
 from django.conf import settings
+from django.template import Template


 def post_form_response():
@ -142,3 +143,9 @@ class CsrfMiddlewareTest(TestCase):
        req.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
        req2 = CsrfMiddleware().process_view(req, self.get_view(), (), {})
        self.assertEquals(None, req2)
+
+    def test_template_tag_noop(self):
+        """
+        Check that the {% csrf_token %} works in 1.1.2 and later
+        """
+        self.assertEquals(u"", Template("{% csrf_token %}").render({}))
--- a/django/template/defaulttags.py
+++ b/django/template/defaulttags.py
@ -37,6 +37,11 @@ class CommentNode(Node):
    def render(self, context):
        return ''

+class CsrfTokenNode(Node):
+    # This no-op tag exists to allow 1.1.X code to be compatible with Django 1.2
+    def render(self, context):
+        return u''
+
 class CycleNode(Node):
    def __init__(self, cyclevars, variable_name=None):
        self.cycle_iter = itertools_cycle(cyclevars)
@ -523,6 +528,11 @@ def cycle(parser, token):
    return node
 cycle = register.tag(cycle)

+def csrf_token(parser, token):
+    # This no-op tag exists to allow 1.1.X code to be compatible with Django 1.2
+    return CsrfTokenNode()
+register.tag(csrf_token)
+
 def debug(parser, token):
    """
    Outputs a whole load of debugging information, including the current
--- a/docs/ref/templates/builtins.txt
+++ b/docs/ref/templates/builtins.txt
@ -53,6 +53,15 @@ Ignore everything between ``{% comment %}`` and ``{% endcomment %}``

 .. templatetag:: cycle

+csrf_token
+~~~~~~~~~~
+
+.. versionadded:: 1.1.2
+
+In the Django 1.1.X series, this is a no-op tag that returns an empty string.
+It exists to ease the transition to Django 1.2, in which it is used for CSRF
+protection.
+
 cycle
 ~~~~~