Fixed #34830 -- Added request to bad_request/csrf_failure view template contexts.

2025-11-07 07:15:35 +00:00 · 2023-11-11 15:24:24 +08:00
parent 8fcb9f1f10
commit 14b0132e5e
4 changed files with 29 additions and 3 deletions
--- a/django/views/csrf.py
+++ b/django/views/csrf.py
@@ -67,13 +67,14 @@ def csrf_failure(request, reason="", template_name=CSRF_FAILURE_TEMPLATE_NAME):
    }
    try:
        t = loader.get_template(template_name)
+        body = t.render(request=request)
    except TemplateDoesNotExist:
        if template_name == CSRF_FAILURE_TEMPLATE_NAME:
            # If the default template doesn't exist, use the fallback template.
            with builtin_template_path("csrf_403.html").open(encoding="utf-8") as fh:
                t = Engine().from_string(fh.read())
-            c = Context(c)
+            body = t.render(Context(c))
        else:
            # Raise if a developer-specified template doesn't exist.
            raise
-    return HttpResponseForbidden(t.render(c))
+    return HttpResponseForbidden(body)
--- a/django/views/defaults.py
+++ b/django/views/defaults.py
@@ -109,6 +109,7 @@ def bad_request(request, exception, template_name=ERROR_400_TEMPLATE_NAME):
    """
    try:
        template = loader.get_template(template_name)
+        body = template.render(request=request)
    except TemplateDoesNotExist:
        if template_name != ERROR_400_TEMPLATE_NAME:
            # Reraise if it's a missing custom template.
@@ -118,7 +119,7 @@ def bad_request(request, exception, template_name=ERROR_400_TEMPLATE_NAME):
        )
    # No exception content is passed to the template, to not disclose any
    # sensitive information.
-    return HttpResponseBadRequest(template.render())
+    return HttpResponseBadRequest(body)


@requires_csrf_token