From 43c2ed0eb3f9996539f03e4ad68a08534023659a Mon Sep 17 00:00:00 2001 From: Luke Plant Date: Tue, 27 Oct 2009 21:27:09 +0000 Subject: [PATCH] Fixed #12095 - login and other contrib views failing if template rendered using inclusion tag. The {% csrf_token %} tag is unable to get its value if a template is rendered using an inclusion_tag, since that creates a brand new Context, rather than using the existing one. Since this is a common pattern, and we need CSRF protection to be as simple and easy as possible, we special case the csrf_token and copy it from the parent context to the new context. A more elegant and general solution may appear in future, but this is good enough for now. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11672 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/template/__init__.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/django/template/__init__.py b/django/template/__init__.py index 5493e5bbb7..5b52d36089 100644 --- a/django/template/__init__.py +++ b/django/template/__init__.py @@ -942,8 +942,14 @@ class Library(object): else: t = get_template(file_name) self.nodelist = t.nodelist - return self.nodelist.render(context_class(dict, - autoescape=context.autoescape)) + new_context = context_class(dict, autoescape=context.autoescape) + # Copy across the CSRF token, if present, because inclusion + # tags are often used for forms, and we need instructions + # for using CSRF protection to be as simple as possible. + csrf_token = context.get('csrf_token', None) + if csrf_token is not None: + new_context['csrf_token'] = csrf_token + return self.nodelist.render(new_context) compile_func = curry(generic_tag_compiler, params, defaults, getattr(func, "_decorated_function", func).__name__, InclusionNode) compile_func.__doc__ = func.__doc__