diff options
| -rw-r--r-- | registration/views.py | 17 | ||||
| -rw-r--r-- | settings.py | 7 | ||||
| -rw-r--r-- | templates/registration/registration_form.html | 2 |
3 files changed, 16 insertions, 10 deletions
diff --git a/registration/views.py b/registration/views.py index 2d4373a..5df17b4 100644 --- a/registration/views.py +++ b/registration/views.py @@ -7,6 +7,7 @@ from django.contrib.auth import authenticate from django.conf import settings from django.core.urlresolvers import reverse +from django.core.context_processors import csrf from django.http import HttpResponseRedirect from django.shortcuts import render_to_response from django.template import RequestContext @@ -64,6 +65,10 @@ def activate(request, activation_key, """ + # Generate CSRF token + c = {} + c.update(csrf(request)) + activation_key = activation_key.lower() # Normalize before trying anything with it. account = RegistrationProfile.objects.activate_user(activation_key) @@ -76,9 +81,10 @@ def activate(request, activation_key, context = RequestContext(request) for key, value in extra_context.items(): context[key] = callable(value) and value() or value + # merge local settings dict with csrf token dict and render. (could use render()from django 1.34 onwards) return render_to_response(template_name, - { 'account': account, - 'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS, 'settings':settings}, + c.update({ 'account': account, + 'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS, 'settings':settings, }), context_instance=context) @@ -140,6 +146,10 @@ def register(request, success_url=None, argument. """ + # Generate CSRF token + c = {} + c.update(csrf(request)) + if request.method == 'POST': form = form_class(data=request.POST, files=request.FILES) if form.is_valid(): @@ -158,6 +168,7 @@ def register(request, success_url=None, context = RequestContext(request) for key, value in extra_context.items(): context[key] = callable(value) and value() or value + # merge local settings dict with csrf token dict and render. (could use render()from django 1.34 onwards) return render_to_response(template_name, - { 'form': form,'settings':settings }, + c.update({ 'form': form,'settings':settings }), context_instance=context) diff --git a/settings.py b/settings.py index 5e8ba64..1d2d423 100644 --- a/settings.py +++ b/settings.py @@ -61,17 +61,12 @@ TEMPLATE_CONTEXT_PROCESSORS = ( "django.core.context_processors.auth", "core.con LOGIN_REDIRECT_URL = '/' -if django.VERSION[0] >=1 and django.VERSION[1] > 1: - csrfmiddleware = 'django.middleware.csrf.CsrfViewMiddleware' -else: - csrfmiddleware = 'django.contrib.csrf.middleware.CsrfMiddleware' - MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.redirects.middleware.RedirectFallbackMiddleware', - csrfmiddleware, + 'django.middleware.csrf.CsrfViewMiddleware', 'troggle.middleware.SmartAppendSlashMiddleware' ) diff --git a/templates/registration/registration_form.html b/templates/registration/registration_form.html index 5720a8b..6c82abe 100644 --- a/templates/registration/registration_form.html +++ b/templates/registration/registration_form.html @@ -9,7 +9,7 @@ registration_form.html | {{ block.super }} {% endblock %} {% block content %} -<form action="{% url registration_register %}" method="POST"> +<form action="{% url registration_register %}" method="POST">{% csrf_token %} {% for error in form.non_field_errors %} <span style="color:red">{{ error }}</span> {% endfor %} |