| Age | Commit message (Collapse) | Author |
|
Backport of 4f336f66523001b009ab038b10848508fd208b3b from master
|
|
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).
While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).
Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
|
|
Thanks Aymeric for the initial patch and Carl for review.
|
|
Per deprecation timeline; refs a3e783fe11dd25bbf84bfb6201186566ed473506.
|
|
Forwardport of ae1d663b7913f6da233c55409c4973248372d302
from stable/1.8.x plus more.
|
|
* Converted the ``libraries`` and ``builtins`` globals of
``django.template.base`` into properties of the Engine class.
* Added a public API for explicit registration of libraries and builtins.
|
|
|
|
|
|
Thanks Preston Timmons for the report.
|
|
|
|
Rendering a Jinja template with self in the context threw an error.
While self is a reserved variable in Jinja, including self in the
context is not an error, so Django should respect that.
|
|
templates.
|
|
|
|
If importing or initializing a template backend fails, attempting to
access this template backend again must raise the same exception.
|
|
|
|
A deprecation path is required because the return type of
django.template.loader.get_template changed during the
multiple template engines refactor.
test_csrf_token_in_404 was incorrect: it tested the case when the
hardcoded template was rendered, and that template doesn't depend on the
CSRF token. This commit makes it test the case when a custom template is
rendered.
|
|
Changed import style to avoid confusion between Django's and Jinja2's
APIs.
|
|
This is the expected behavior, but given RequestContext's tortuous
implementation, a straightforward use of its API results in the
opposite.
This commits fixes a regression that must have happened at different
points in the multiple templates engine refactor for different features.
|
|
|
|
|