Malcolm Tredinnick wrote:
> I do agree with Chris, though. It's completely unrelated to
> auto-escaping (which will land today, most likely, since I've been
> merging it and updating it yesterday and the day before).
w00t!
> Not sure if we should build it into admin or make the middleware a
> requirement for admin, but this isn't a "dismiss it with a wave of the
> hand" situation for me.
By build it into admin, do you mean build it into newforms?
Possibly changing BaseForm from:
class BaseForm(StrAndUnicode):
def __init__(self, data=None, files=None, auto_id='id_%s', prefix=None,
initial=None, error_class=ErrorList, label_suffix=':'):
to:
class BaseForm(StrAndUnicode):
def __init__(self, data=None, files=None, auto_id='id_%s', prefix=None,
initial=None, error_class=ErrorList, label_suffix=':',
request=None, csrf_token=True):
When csrf_token is True, a CSRFTokenField formfield is added to the form, and
gets displayed along with the form's other fields. The field's clean method
would ensure that the correct token came back.
The csrf middleware components could be factored out for use in both the forms
and in the middleware.
Thoughts?
Gary
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---
