summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Plant <L.Plant.98@cantab.net>2010-02-04 21:47:19 +0000
committerLuke Plant <L.Plant.98@cantab.net>2010-02-04 21:47:19 +0000
commitdef34da85c22fecc03bf9d640c54664231a219f6 (patch)
tree2b3cdd13ef87f0c66f0de9b4255d5d049efb864a
parent96a10094e8e7095e1c818231031d7bcbf9dac95a (diff)
Fixed #12358 - csrf_token template tag does not work with flatpages.
Thanks to phretor for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12381 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/contrib/flatpages/views.py6
1 files changed, 6 insertions, 0 deletions
diff --git a/django/contrib/flatpages/views.py b/django/contrib/flatpages/views.py
index 37d12c93a3..336600328d 100644
--- a/django/contrib/flatpages/views.py
+++ b/django/contrib/flatpages/views.py
@@ -5,9 +5,15 @@ from django.http import HttpResponse, HttpResponseRedirect
from django.conf import settings
from django.core.xheaders import populate_xheaders
from django.utils.safestring import mark_safe
+from django.views.decorators.csrf import csrf_protect
DEFAULT_TEMPLATE = 'flatpages/default.html'
+# This view is called from FlatpageFallbackMiddleware.process_response
+# when a 404 is raised, which often means CsrfViewMiddleware.process_view
+# has not been called even if CsrfViewMiddleware is installed. So we need
+# to use @csrf_protect, in case the template needs {% csrf_token %}.
+@csrf_protect
def flatpage(request, url):
"""
Flat page view.