Author: timo
Date: 2011-08-06 13:34:19 -0700 (Sat, 06 Aug 2011)
New Revision: 16589
Modified:
django/branches/releases/1.3.X/docs/topics/http/file-uploads.txt
Log:
[1.3.X] Fixed #16430 - Stronger wording for CSRF protection in `modifying
upload handlers on the fly`; thanks tomchristie.
Backport of r16588 from trunk.
Modified: django/branches/releases/1.3.X/docs/topics/http/file-uploads.txt
===================================================================
--- django/branches/releases/1.3.X/docs/topics/http/file-uploads.txt
2011-08-06 20:34:04 UTC (rev 16588)
+++ django/branches/releases/1.3.X/docs/topics/http/file-uploads.txt
2011-08-06 20:34:19 UTC (rev 16589)
@@ -278,13 +278,13 @@
Also, ``request.POST`` is accessed by
:class:`~django.middleware.csrf.CsrfViewMiddleware` which is enabled by
- default. This means you will probably need to use
+ default. This means you will need to use
:func:`~django.views.decorators.csrf.csrf_exempt` on your view to allow you
- to change the upload handlers. Assuming you do need CSRF protection, you
- will then need to use :func:`~django.views.decorators.csrf.csrf_protect` on
- the function that actually processes the request. Note that this means
that
- the handlers may start receiving the file upload before the CSRF checks
have
- been done. Example code:
+ to change the upload handlers. You will then need to use
+ :func:`~django.views.decorators.csrf.csrf_protect` on the function that
+ actually processes the request. Note that this means that the handlers may
+ start receiving the file upload before the CSRF checks have been done.
+ Example code:
.. code-block:: python
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
