Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[py3] Made csrf context processor return Unicode

  • Loading branch information...
commit d774ad752d9844cb7a28fe338d4d711c8576ee6f 1 parent 5e958b9
@claudep claudep authored
View
11 django/core/context_processors.py
@@ -6,12 +6,15 @@
These are referenced from the setting TEMPLATE_CONTEXT_PROCESSORS and used by
RequestContext.
"""
+from __future__ import unicode_literals
from django.conf import settings
from django.middleware.csrf import get_token
-from django.utils.encoding import smart_bytes
+from django.utils import six
+from django.utils.encoding import smart_text
from django.utils.functional import lazy
+
def csrf(request):
"""
Context processor that provides a CSRF token, or the string 'NOTPROVIDED' if
@@ -23,10 +26,10 @@ def _get_val():
# In order to be able to provide debugging info in the
# case of misconfiguration, we use a sentinel value
# instead of returning an empty dict.
- return b'NOTPROVIDED'
+ return 'NOTPROVIDED'
else:
- return smart_bytes(token)
- _get_val = lazy(_get_val, str)
+ return smart_text(token)
+ _get_val = lazy(_get_val, six.text_type)
return {'csrf_token': _get_val() }
View
7 django/middleware/csrf.py
@@ -4,6 +4,7 @@
This module provides a middleware that implements protection
against request forgeries from other sites.
"""
+from __future__ import unicode_literals
import hashlib
import re
@@ -12,6 +13,7 @@
from django.conf import settings
from django.core.urlresolvers import get_callable
from django.utils.cache import patch_vary_headers
+from django.utils.encoding import force_text
from django.utils.http import same_origin
from django.utils.log import getLogger
from django.utils.crypto import constant_time_compare, get_random_string
@@ -51,11 +53,10 @@ def get_token(request):
def _sanitize_token(token):
- # Allow only alphanum, and ensure we return a 'str' for the sake
- # of the post processing middleware.
+ # Allow only alphanum
if len(token) > CSRF_KEY_LENGTH:
return _get_new_csrf_key()
- token = re.sub('[^a-zA-Z0-9]+', '', str(token.decode('ascii', 'ignore')))
+ token = re.sub('[^a-zA-Z0-9]+', '', force_text(token))
if token == "":
# In case the cookie has been truncated to nothing at some point.
return _get_new_csrf_key()
View
2  tests/regressiontests/csrf_tests/tests.py
@@ -216,7 +216,7 @@ def test_token_node_no_csrf_cookie(self):
"""
req = self._get_GET_no_csrf_cookie_request()
resp = token_view(req)
- self.assertEqual("", resp.content)
+ self.assertEqual(resp.content, b'')
def test_token_node_empty_csrf_cookie(self):
"""
Please sign in to comment.
Something went wrong with that request. Please try again.