Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Added a no-op {% csrf_token %} tag to 1.1.X, to ease transition of ap…

…ps to 1.2

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.1.X@11674 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit ebe540528269edde89365cf9330f98ebcad29fea 1 parent 1ab0b23
@spookylukey spookylukey authored
View
7 django/contrib/csrf/tests.py
@@ -4,6 +4,7 @@
from django.http import HttpRequest, HttpResponse, HttpResponseForbidden
from django.contrib.csrf.middleware import CsrfMiddleware, _make_token, csrf_exempt
from django.conf import settings
+from django.template import Template
def post_form_response():
@@ -142,3 +143,9 @@ def test_ajax_exemption(self):
req.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
req2 = CsrfMiddleware().process_view(req, self.get_view(), (), {})
self.assertEquals(None, req2)
+
+ def test_template_tag_noop(self):
+ """
+ Check that the {% csrf_token %} works in 1.1.2 and later
+ """
+ self.assertEquals(u"", Template("{% csrf_token %}").render({}))
View
10 django/template/defaulttags.py
@@ -37,6 +37,11 @@ class CommentNode(Node):
def render(self, context):
return ''
+class CsrfTokenNode(Node):
+ # This no-op tag exists to allow 1.1.X code to be compatible with Django 1.2
+ def render(self, context):
+ return u''
+
class CycleNode(Node):
def __init__(self, cyclevars, variable_name=None):
self.cycle_iter = itertools_cycle(cyclevars)
@@ -523,6 +528,11 @@ def cycle(parser, token):
return node
cycle = register.tag(cycle)
+def csrf_token(parser, token):
+ # This no-op tag exists to allow 1.1.X code to be compatible with Django 1.2
+ return CsrfTokenNode()
+register.tag(csrf_token)
+
def debug(parser, token):
"""
Outputs a whole load of debugging information, including the current
View
9 docs/ref/templates/builtins.txt
@@ -53,6 +53,15 @@ Ignore everything between ``{% comment %}`` and ``{% endcomment %}``
.. templatetag:: cycle
+csrf_token
+~~~~~~~~~~
+
+.. versionadded:: 1.1.2
+
+In the Django 1.1.X series, this is a no-op tag that returns an empty string.
+It exists to ease the transition to Django 1.2, in which it is used for CSRF
+protection.
+
cycle
~~~~~
Please sign in to comment.
Something went wrong with that request. Please try again.