mirror of
https://github.com/django/django.git
synced 2024-11-29 14:46:18 +01:00
5112e65ef2
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).
While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).
Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
|
||
|---|---|---|
| .. | ||
| apps | ||
| bin | ||
| conf | ||
| contrib | ||
| core | ||
| db | ||
| dispatch | ||
| forms | ||
| http | ||
| middleware | ||
| template | ||
| templatetags | ||
| test | ||
| urls | ||
| utils | ||
| views | ||
| __init__.py | ||
| __main__.py | ||
| shortcuts.py | ||