mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-05 18:29:11 +00:00
Code Issues 32 Releases Wiki Activity

[1.3.X] Fixed #16430 - Stronger wording for CSRF protection in modifying upload handlers on the fly; thanks tomchristie.

Browse Source 
Backport of r16588 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16589 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Timo Graham 2011-08-06 20:34:19 +00:00
parent 199f10f9c0
commit 3e5fc7ebb1
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/topics/http/file-uploads.txt
View File

@ -278,13 +278,13 @@ list::
Also, ``request.POST`` is accessed by Also, ``request.POST`` is accessed by
:class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by :class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by
default. This means you will probably need to use default. This means you will need to use
:func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you :func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you
to change the upload handlers. Assuming you do need CSRF protection, you to change the upload handlers. You will then need to use
will then need to use :func:`~django.views.decorators.csrf.csrf_protect` on :func:`~django.views.decorators.csrf.csrf_protect` on the function that
the function that actually processes the request. Note that this means that actually processes the request. Note that this means that the handlers may
the handlers may start receiving the file upload before the CSRF checks have start receiving the file upload before the CSRF checks have been done.
been done. Example code: Example code:
.. code-block:: python .. code-block:: python