summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Plant <L.Plant.98@cantab.net>2009-04-21 23:44:28 +0000
committerLuke Plant <L.Plant.98@cantab.net>2009-04-21 23:44:28 +0000
commitcb92893598a31bf3af697d65e257a33f6686d6a2 (patch)
tree92496e87bd0363c1827c24869ed2f795cdb5aef2
parent725ffa57bb33c45956ec11f14eae997cf9607bc2 (diff)
[1.0.X] Fixed #10884 - more lenient regexp for matching forms in CSRF post-processing
Thanks to Ryszard Szopa for the report and fix Backport of r10617 git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10618 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/contrib/csrf/middleware.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/django/contrib/csrf/middleware.py b/django/contrib/csrf/middleware.py
index 24c1511c91..2c8d97b2e6 100644
--- a/django/contrib/csrf/middleware.py
+++ b/django/contrib/csrf/middleware.py
@@ -16,7 +16,7 @@ from django.utils.safestring import mark_safe
_ERROR_MSG = mark_safe('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>')
_POST_FORM_RE = \
- re.compile(r'(<form\W[^>]*\bmethod=(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE)
+ re.compile(r'(<form\W[^>]*\bmethod\s*=\s*(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE)
_HTML_TYPES = ('text/html', 'application/xhtml+xml')