1
0
mirror of https://github.com/django/django.git synced 2025-10-24 22:26:08 +00:00
Commit Graph

12 Commits

Author SHA1 Message Date
Ram Rachum
5b09354954 Fixed #31291 -- Renamed salt to mask for CSRF tokens. 2020-02-25 14:16:19 +01:00
Claude Paroz
4d973f5939 Refs #26601 -- Deprecated passing None as get_response arg to middleware classes.
This is the new contract since middleware refactoring in Django 1.10.

Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-18 20:03:44 +01:00
Jon Dufresne
ff05de760c Fixed #29038 -- Removed closing slash from HTML void tags. 2018-01-21 02:09:10 -05:00
Tim Graham
29f607927f Fixed spelling of "nonexistent". 2017-02-03 08:01:45 -05:00
chillaranand
d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Claude Paroz
d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Shai Berger
5112e65ef2 Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
Simon Charette
ead36e8a47 Refs #24652 -- Made sure template backend tests call their super setUpClass. 2015-05-20 12:50:40 -04:00
Preston Timmons
adff499e47 Fixed #24119, #24120 -- Formalized debug integration for template backends. 2015-05-06 17:33:47 -05:00
Moritz Sichert
6bff343989 Refs #24469 -- Fixed escaping of forms, fields, and media in non-Django templates. 2015-03-18 09:11:01 -04:00
Aymeric Augustin
71b7668b75 Rewrapped TemplateSyntaxError in Jinja2 backend.
Changed import style to avoid confusion between Django's and Jinja2's
APIs.
2015-01-12 21:01:34 +01:00
Aymeric Augustin
332154e726 Added basic tests for template backends. 2014-12-28 16:23:00 +01:00