diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2009-04-21 23:31:01 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2009-04-21 23:31:01 +0000 |
| commit | 71233bcdf3c90098531901da4e380165ed0059d4 (patch) | |
| tree | 9b0427db815560e03f11d25c17141ffa66207bc9 | |
| parent | 037ce4318b1ea1b99a946d3a70ae2796731ecb1a (diff) | |
Fixed #10884 - more lenient regexp for matching forms in CSRF post-processing
Thanks to Ryszard Szopa for the report and fix
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10617 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | django/contrib/csrf/middleware.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/django/contrib/csrf/middleware.py b/django/contrib/csrf/middleware.py index f9c4ef7241..0d0a8eca9e 100644 --- a/django/contrib/csrf/middleware.py +++ b/django/contrib/csrf/middleware.py @@ -20,7 +20,7 @@ from django.utils.safestring import mark_safe _ERROR_MSG = mark_safe('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>') _POST_FORM_RE = \ - re.compile(r'(<form\W[^>]*\bmethod=(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE) + re.compile(r'(<form\W[^>]*\bmethod\s*=\s*(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE) _HTML_TYPES = ('text/html', 'application/xhtml+xml') |
