mirror of
https://github.com/django/django.git
synced 2024-12-23 09:36:06 +00:00
Fixed #12095 - login and other contrib views failing if template rendered using inclusion tag.
The {% csrf_token %} tag is unable to get its value if a template is rendered using an inclusion_tag, since that creates a brand new Context, rather than using the existing one. Since this is a common pattern, and we need CSRF protection to be as simple and easy as possible, we special case the csrf_token and copy it from the parent context to the new context. A more elegant and general solution may appear in future, but this is good enough for now. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11672 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
4281bf3db0
commit
43c2ed0eb3
@ -942,8 +942,14 @@ class Library(object):
|
|||||||
else:
|
else:
|
||||||
t = get_template(file_name)
|
t = get_template(file_name)
|
||||||
self.nodelist = t.nodelist
|
self.nodelist = t.nodelist
|
||||||
return self.nodelist.render(context_class(dict,
|
new_context = context_class(dict, autoescape=context.autoescape)
|
||||||
autoescape=context.autoescape))
|
# Copy across the CSRF token, if present, because inclusion
|
||||||
|
# tags are often used for forms, and we need instructions
|
||||||
|
# for using CSRF protection to be as simple as possible.
|
||||||
|
csrf_token = context.get('csrf_token', None)
|
||||||
|
if csrf_token is not None:
|
||||||
|
new_context['csrf_token'] = csrf_token
|
||||||
|
return self.nodelist.render(new_context)
|
||||||
|
|
||||||
compile_func = curry(generic_tag_compiler, params, defaults, getattr(func, "_decorated_function", func).__name__, InclusionNode)
|
compile_func = curry(generic_tag_compiler, params, defaults, getattr(func, "_decorated_function", func).__name__, InclusionNode)
|
||||||
compile_func.__doc__ = func.__doc__
|
compile_func.__doc__ = func.__doc__
|
||||||
|
Loading…
Reference in New Issue
Block a user