Fixed #34830 -- Added request to bad_request/csrf_failure view template contexts.

2024-12-22 17:16:24 +00:00 · 2023-11-11 15:24:24 +08:00 · 2023-11-11 15:24:24 +08:00 · 14b0132e5e
commit 14b0132e5e
parent 8fcb9f1f10
4 changed files with 29 additions and 3 deletions
--- a/django/views/csrf.py
+++ b/django/views/csrf.py
@ -67,13 +67,14 @@ def csrf_failure(request, reason="", template_name=CSRF_FAILURE_TEMPLATE_NAME):
    }
    try:
        t = loader.get_template(template_name)
+        body = t.render(request=request)
    except TemplateDoesNotExist:
        if template_name == CSRF_FAILURE_TEMPLATE_NAME:
            # If the default template doesn't exist, use the fallback template.
            with builtin_template_path("csrf_403.html").open(encoding="utf-8") as fh:
                t = Engine().from_string(fh.read())
-            c = Context(c)
+            body = t.render(Context(c))
        else:
            # Raise if a developer-specified template doesn't exist.
            raise
-    return HttpResponseForbidden(t.render(c))
+    return HttpResponseForbidden(body)
--- a/django/views/defaults.py
+++ b/django/views/defaults.py
@ -109,6 +109,7 @@ def bad_request(request, exception, template_name=ERROR_400_TEMPLATE_NAME):
    """
    try:
        template = loader.get_template(template_name)
+        body = template.render(request=request)
    except TemplateDoesNotExist:
        if template_name != ERROR_400_TEMPLATE_NAME:
            # Reraise if it's a missing custom template.
@ -118,7 +119,7 @@ def bad_request(request, exception, template_name=ERROR_400_TEMPLATE_NAME):
        )
    # No exception content is passed to the template, to not disclose any
    # sensitive information.
-    return HttpResponseBadRequest(template.render())
+    return HttpResponseBadRequest(body)


@requires_csrf_token
--- a/tests/view_tests/tests/test_csrf.py
+++ b/tests/view_tests/tests/test_csrf.py
@ -112,6 +112,7 @@ class CsrfViewTests(SimpleTestCase):
        """A custom CSRF_FAILURE_TEMPLATE_NAME is used."""
        response = self.client.post("/")
        self.assertContains(response, "Test template for CSRF failure", status_code=403)
+        self.assertIs(response.wsgi_request, response.context.request)

    def test_custom_template_does_not_exist(self):
        """An exception is raised if a nonexistent template is supplied."""
--- a/tests/view_tests/tests/test_defaults.py
+++ b/tests/view_tests/tests/test_defaults.py
@ -102,6 +102,29 @@ class DefaultsTests(TestCase):
        response = bad_request(request, Exception())
        self.assertContains(response, b"<h1>Bad Request (400)</h1>", status_code=400)

+    @override_settings(
+        TEMPLATES=[
+            {
+                "BACKEND": "django.template.backends.django.DjangoTemplates",
+                "OPTIONS": {
+                    "loaders": [
+                        (
+                            "django.template.loaders.locmem.Loader",
+                            {
+                                "400.html": (
+                                    "This is a test template for a 400 error "
+                                ),
+                            },
+                        ),
+                    ],
+                },
+            }
+        ]
+    )
+    def test_custom_bad_request_template(self):
+        response = self.client.get("/raises400/")
+        self.assertIs(response.wsgi_request, response.context[-1].request)
+
    @override_settings(
        TEMPLATES=[
            {