Fixed #16384: warn against accessing request.POST/REQUEST in middleware. (0b174ccf) · Commits · Dom Sekotill / django

AUTHORS

+1 −0

Original line number	Diff line number	Diff line
		@@ -120,6 +120,7 @@ answer newbie questions, and generally made Django that much better:
		Sengtha Chay <sengtha@e-khmer.com>
		ivan.chelubeev@gmail.com
		Bryan Chow <bryan at verdjn dot com>
		Tom Christie <tom@tomchristie.com>
		Antonis Christofides <anthony@itia.ntua.gr>
		Michal Chruszcz <troll@pld-linux.org>
		Can Burak Çilingir <canburak@cs.bilgi.edu.tr>

+2 −0

Original line number	Diff line number	Diff line
		@@ -238,6 +238,8 @@ could, for example, use custom handlers to enforce user-level quotas, compress
		data on the fly, render progress bars, and even send data to another storage
		location directly without storing it locally.

		.. _modifying_upload_handlers_on_the_fly:

		Modifying upload handlers on the fly
		------------------------------------

+15 −0

Original line number	Diff line number	Diff line
		@@ -97,6 +97,21 @@ calling ANY other request, view or exception middleware, or the appropriate
		view; it'll return that :class:`~django.http.HttpResponse`. Response
		middleware is always called on every response.

		.. note::
		Accessing :attr:`request.POST <django.http.HttpRequest.POST>` or
		:attr:`request.REQUEST <django.http.HttpRequest.REQUEST>` inside
		middleware from ``process_request`` or ``process_view`` will prevent any
		view running after the middleware from being able to
		:ref:`modify the upload handlers for the
		request <modifying_upload_handlers_on_the_fly>`, and should normally be
		avoided.

		The :class:`~django.middleware.csrf.CsrfViewMiddleware` class can be
		considered an exception, as it provides the
		:func:`~django.views.decorators.csrf.csrf_exempt` and
		:func:`~django.views.decorators.csrf.csrf_protect` decorators which allow
		views to explicitly control at what point the CSRF validation should occur.

		.. _template-response-middleware:

		``process_template_response``