diff options
| author | abhiabhi94 <13880786+abhiabhi94@users.noreply.github.com> | 2021-05-24 22:04:48 +0530 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-05-25 09:56:09 +0200 |
| commit | 866dccb65075159c7e99e8d165e52761965f3625 (patch) | |
| tree | 52f8ee304793cccbf6fc6ed651c925972701a5f3 /django/middleware/csrf.py | |
| parent | d3d95d645fc9f36355d27598475612de43587db1 (diff) | |
Fixed #32778 -- Avoided unnecessary recompilation of token regex in _sanitize_token().
Diffstat (limited to 'django/middleware/csrf.py')
| -rw-r--r-- | django/middleware/csrf.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py index f323ffb13d..dd0d463a08 100644 --- a/django/middleware/csrf.py +++ b/django/middleware/csrf.py @@ -5,7 +5,6 @@ This module provides a middleware that implements protection against request forgeries from other sites. """ import logging -import re import string from collections import defaultdict from urllib.parse import urlparse @@ -19,8 +18,10 @@ from django.utils.deprecation import MiddlewareMixin from django.utils.functional import cached_property from django.utils.http import is_same_domain from django.utils.log import log_response +from django.utils.regex_helper import _lazy_re_compile logger = logging.getLogger('django.security.csrf') +token_re = _lazy_re_compile('[^a-zA-Z0-9]') REASON_BAD_ORIGIN = "Origin checking failed - %s does not match any trusted origins." REASON_NO_REFERER = "Referer checking failed - no Referer." @@ -107,7 +108,7 @@ def rotate_token(request): def _sanitize_token(token): # Allow only ASCII alphanumerics - if re.search('[^a-zA-Z0-9]', token): + if token_re.search(token): return _get_new_csrf_token() elif len(token) == CSRF_TOKEN_LENGTH: return token |