summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Plant <L.Plant.98@cantab.net>2009-10-27 21:50:58 +0000
committerLuke Plant <L.Plant.98@cantab.net>2009-10-27 21:50:58 +0000
commitebe540528269edde89365cf9330f98ebcad29fea (patch)
tree0c6f38b2e4c17d6b41ad22a13d2ec323ea3c2aaa
parent1ab0b23df6bfe91c214ccae740287af3151d5a95 (diff)
Added a no-op {% csrf_token %} tag to 1.1.X, to ease transition of apps to 1.2
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.1.X@11674 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/contrib/csrf/tests.py7
-rw-r--r--django/template/defaulttags.py10
-rw-r--r--docs/ref/templates/builtins.txt9
3 files changed, 26 insertions, 0 deletions
diff --git a/django/contrib/csrf/tests.py b/django/contrib/csrf/tests.py
index 3c533a01e6..f9b958149d 100644
--- a/django/contrib/csrf/tests.py
+++ b/django/contrib/csrf/tests.py
@@ -4,6 +4,7 @@ from django.test import TestCase
from django.http import HttpRequest, HttpResponse, HttpResponseForbidden
from django.contrib.csrf.middleware import CsrfMiddleware, _make_token, csrf_exempt
from django.conf import settings
+from django.template import Template
def post_form_response():
@@ -142,3 +143,9 @@ class CsrfMiddlewareTest(TestCase):
req.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
req2 = CsrfMiddleware().process_view(req, self.get_view(), (), {})
self.assertEquals(None, req2)
+
+ def test_template_tag_noop(self):
+ """
+ Check that the {% csrf_token %} works in 1.1.2 and later
+ """
+ self.assertEquals(u"", Template("{% csrf_token %}").render({}))
diff --git a/django/template/defaulttags.py b/django/template/defaulttags.py
index de746997ab..300e249e35 100644
--- a/django/template/defaulttags.py
+++ b/django/template/defaulttags.py
@@ -37,6 +37,11 @@ class CommentNode(Node):
def render(self, context):
return ''
+class CsrfTokenNode(Node):
+ # This no-op tag exists to allow 1.1.X code to be compatible with Django 1.2
+ def render(self, context):
+ return u''
+
class CycleNode(Node):
def __init__(self, cyclevars, variable_name=None):
self.cycle_iter = itertools_cycle(cyclevars)
@@ -523,6 +528,11 @@ def cycle(parser, token):
return node
cycle = register.tag(cycle)
+def csrf_token(parser, token):
+ # This no-op tag exists to allow 1.1.X code to be compatible with Django 1.2
+ return CsrfTokenNode()
+register.tag(csrf_token)
+
def debug(parser, token):
"""
Outputs a whole load of debugging information, including the current
diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt
index a2f8b9f8b3..d98e5055ed 100644
--- a/docs/ref/templates/builtins.txt
+++ b/docs/ref/templates/builtins.txt
@@ -53,6 +53,15 @@ Ignore everything between ``{% comment %}`` and ``{% endcomment %}``
.. templatetag:: cycle
+csrf_token
+~~~~~~~~~~
+
+.. versionadded:: 1.1.2
+
+In the Django 1.1.X series, this is a no-op tag that returns an empty string.
+It exists to ease the transition to Django 1.2, in which it is used for CSRF
+protection.
+
cycle
~~~~~