Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
9,354 Commits 26 Branches 382 Tags
Commit Graph

8 Commits

Author SHA1 Message Date
Alex Gaynor
818e70344e [1.2.X] Fixed a security issue in the CSRF componenent. Disclosure and new release forthcoming. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15465 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-09 02:07:05 +00:00
Luke Plant
36dd744460 [1.2.X] Fixed #14565 - No csrf_token on 404 page. 
This solution doesn't have the negative side-effects of [14356].

Backport of [14377] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@14380 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-10-28 11:58:51 +00:00
Luke Plant
260eff5684 [1.2.X] Fixed a test so that it actually tests what it's supposed to test. 
Previously it passed whether or not the view was 'csrf_exempt'ed.

Backport of [13735] from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@13736 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-09-10 23:58:52 +00:00
Luke Plant
890b0b6234 [1.2.X] Fixed #14235 - UnicodeDecodeError in CSRF middleware 
Thanks to jbg for the report.
  
This changeset essentially backs out [13698] in favour of a method that
sanitizes the token rather than escaping it.

Backport of [13732] from trunk.




git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@13733 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-09-10 23:11:24 +00:00
James Bennett
7f84657b6b [1.2.X] Patch CSRF-protection system to deal with reported security issue. Announcement and details to follow. Backport of [13698] from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@13699 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-09-09 00:36:08 +00:00
Luke Plant
ac8b7ff021 Fixed #13716 - the CSRF get_token function stopped working for views with csrf_view_exempt 
This was a regression caused by the the CSRF changes in 1.2.

Thanks to edevil for the report.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13336 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-06-08 14:35:48 +00:00
Luke Plant
48edb177ed Fixed #12053 - form examples don't validate according to w3c 
Thanks to skyl for the report.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@12086 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-01-04 21:55:52 +00:00
Luke Plant
7230a995ce Moved contrib.csrf.* to core code. 
There is stub code for backwards compatiblity with Django 1.1 imports.

The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-27 00:36:34 +00:00