mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-19 00:59:17 +00:00
Code Issues 32 Releases Wiki Activity

[1.0.X] Fixed #10884 - more lenient regexp for matching forms in CSRF post-processing

Browse Source 
Thanks to Ryszard Szopa for the report and fix

Backport of r10617


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10618 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2009-04-21 23:44:28 +00:00
parent 725ffa57bb
commit cb92893598
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
django/contrib/csrf/middleware.py
View File

@ -16,7 +16,7 @@ from django.utils.safestring import mark_safe
_ERROR_MSG = mark_safe('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>') _ERROR_MSG = mark_safe('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>')
_POST_FORM_RE = \ _POST_FORM_RE = \
re.compile(r'(<form\W[^>]*\bmethod=(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE) re.compile(r'(<form\W[^>]*\bmethod\s*=\s*(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE)
_HTML_TYPES = ('text/html', 'application/xhtml+xml') _HTML_TYPES = ('text/html', 'application/xhtml+xml')