Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

hotfix for Django 1.2.5 (csrf changes for AJAX)

  • Loading branch information...
commit 6d67c465f1505a953af466c71aa80491ccfa792f 1 parent 6ec0673
@ojii ojii authored
View
19 cms/forms/widgets.py
@@ -1,15 +1,16 @@
# -*- coding: utf-8 -*-
-from django.utils.safestring import mark_safe
-from django.utils.encoding import force_unicode
-from django.contrib.sites.models import Site
-from django.conf import settings
-from django.utils.translation import ugettext as _
-from django.template.loader import render_to_string
-from django.forms.widgets import Select, MultiWidget, Widget
+from cms.forms.utils import get_site_choices, get_page_choices
from cms.models import Page, PageUser, Placeholder
from cms.plugin_pool import plugin_pool
-from cms.forms.utils import get_site_choices, get_page_choices
from cms.utils import get_language_from_request
+from django.conf import settings
+from django.contrib.sites.models import Site
+from django.forms.widgets import Select, MultiWidget, Widget
+from django.template.context import RequestContext
+from django.template.loader import render_to_string
+from django.utils.encoding import force_unicode
+from django.utils.safestring import mark_safe
+from django.utils.translation import ugettext as _
from os.path import join
import copy
@@ -216,4 +217,4 @@ def render(self, name, value, attrs=None):
#return mark_safe(render_to_string(
# 'admin/cms/page/widgets/plugin_editor.html', context))
return mark_safe(render_to_string(
- 'admin/cms/page/widgets/placeholder_editor.html', context))
+ 'admin/cms/page/widgets/placeholder_editor.html', context, RequestContext(self.request)))
View
3  cms/media/cms/js/change_list.js
@@ -92,7 +92,8 @@
tree.init($("div.tree"), options);
};
- $(document).ready(function() {
+ $(document).ready(function() {
+ patchCsrf($);
var selected_page = false;
var action = false;
View
1  cms/media/cms/js/plugin_editor.js
@@ -1,6 +1,7 @@
(function($) {
$(document).ready(function() {
// Add Plugin Handler
+ patchCsrf(jQuery);
$('span.add-plugin').click(function(){
var select = $(this).parent().children("select[name=plugins]");
var pluginvalue = select.attr('value');
View
2  cms/media/cms/js/toolbar.js
@@ -11,6 +11,8 @@ function hide_iframe(){
}
jQuery(document).ready(function($) {
+
+ patchCsrf(jQuery)
jQuery.fn.swapWith = function(to) {
return this.each(function() {
View
1  cms/templates/admin/cms/page/change_form.html
@@ -4,6 +4,7 @@
{% block extrahead %}
{{ block.super }}
+{% include "cms/inc/csrf_js.html" %}
<script type="text/javascript" src="{% url admin:jsi18n %}"></script>
{% if not add %}
View
1  cms/templates/admin/cms/page/change_list.html
@@ -12,6 +12,7 @@
{% block coltype %}flex{% endblock %}
{% block extrahead %}
+{% include "cms/inc/csrf_js.html" %}
<link rel="stylesheet" type="text/css" href="{{ CMS_MEDIA_URL }}css/pages.css"/>
<link rel="stylesheet" type="text/css" href="{{ CMS_MEDIA_URL }}jstree/tree_component.css" />
<link rel="stylesheet" type="text/css" href="{{ CMS_MEDIA_URL }}css/jquery.dialog.css" />
View
1  cms/templates/admin/cms/page/widgets/plugin_editor.html
@@ -18,6 +18,7 @@
{% endif %}
{% endif %}
</div>
+{% include "cms/inc/csrf_js.html" %}
<script type="text/javascript">
jQuery(document).ready(function(){
var placeholder_element = jQuery('#placeholder-{{ placeholder.pk }}');
View
18 cms/templates/cms/inc/csrf_js.html
@@ -0,0 +1,18 @@
+<script type="text/javascript">
+if ("{{ csrf_token }}" && !window.patchCsrf){
+ window.patchCsrf = function(jquery){
+ if (window.cmsCsrfPatched){
+ return;
+ }
+ jquery.ajaxSetup({
+ beforeSend: function(xhr, settings) {
+ if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
+ xhr.setRequestHeader("X-CSRFToken", "{{ csrf_token }}");
+ }
+ }
+ });
+ window.cmsCsrfPatched = true;
+ }
+}
+
+</script>
View
1  cms/templates/cms/toolbar/toolbar.html
@@ -1,4 +1,5 @@
{% load i18n adminmedia %}
+{% include "cms/inc/csrf_js.html" %}
<script type="text/javascript" src="{% admin_media_prefix %}js/jquery.min.js"></script>
<script type="text/javascript">
//<![CDATA[
Please sign in to comment.
Something went wrong with that request. Please try again.