Commit 43c2ed0e authored by Luke Plant's avatar Luke Plant
Browse files

Fixed #12095 - login and other contrib views failing if template rendered using inclusion tag. 

The {% csrf_token %} tag is unable to get its value if a template is
rendered using an inclusion_tag, since that creates a brand new Context,
rather than using the existing one.  Since this is a common pattern, and we
need CSRF protection to be as simple and easy as possible, we special case
the csrf_token and copy it from the parent context to the new context.

A more elegant and general solution may appear in future, but this is good
enough for now.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11672 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent 4281bf3d

django/template/__init__.py

+8 −2
Original line number Diff line number Diff line
@@ -942,8 +942,14 @@ class Library(object): 
                        else:

                            t = get_template(file_name)

                        self.nodelist = t.nodelist

                    return self.nodelist.render(context_class(dict,

                            autoescape=context.autoescape))

                    new_context = context_class(dict, autoescape=context.autoescape)

                    # Copy across the CSRF token, if present, because inclusion

                    # tags are often used for forms, and we need instructions

                    # for using CSRF protection to be as simple as possible.

                    csrf_token = context.get('csrf_token', None)

                    if csrf_token is not None:

                        new_context['csrf_token'] = csrf_token

                    return self.nodelist.render(new_context)



            compile_func = curry(generic_tag_compiler, params, defaults, getattr(func, "_decorated_function", func).__name__, InclusionNode)

            compile_func.__doc__ = func.__doc__