mirror of
https://github.com/django/django.git
synced 2024-12-01 15:42:04 +01:00
5112e65ef2
Note that the cookie is not changed every request, just the token retrieved by the `get_token()` method (used also by the `{% csrf_token %}` tag). While at it, made token validation strict: Where, before, any length was accepted and non-ASCII chars were ignored, we now treat anything other than `[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for backwards-compatibility, are accepted and replaced by 64-char ones). Thanks Trac user patrys for reporting, github user adambrenecki for initial patch, Tim Graham for help, and Curtis Maloney, Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne for reviews. |
||
---|---|---|
.. | ||
apps | ||
forbidden/template_backends | ||
jinja2/template_backends | ||
template_strings/template_backends | ||
templates/template_backends | ||
__init__.py | ||
test_django.py | ||
test_dummy.py | ||
test_jinja2.py | ||
test_utils.py |