Fixed #9977 - CsrfMiddleware gets template tag added, session dependency...

    Gasper Zejn <zejn@kiberpipa.org>

    Jarek Zgoda <jarek.zgoda@gmail.com>

    Cheng Zhang

    Glenn

    bthomas

A big THANK YOU goes to:

MIDDLEWARE_CLASSES = (

    'django.middleware.common.CommonMiddleware',

    'django.contrib.sessions.middleware.SessionMiddleware',

    'django.contrib.csrf.middleware.CsrfViewMiddleware',

    'django.contrib.auth.middleware.AuthenticationMiddleware',

#     'django.middleware.http.ConditionalGetMiddleware',

#     'django.middleware.gzip.GZipMiddleware',

# The number of days a password reset link is valid for

PASSWORD_RESET_TIMEOUT_DAYS = 3

########

# CSRF #

########

# Dotted path to callable to be used as view when a request is

# rejected by the CSRF middleware.

CSRF_FAILURE_VIEW = 'django.contrib.csrf.views.csrf_failure'

# Name and domain for CSRF cookie.

CSRF_COOKIE_NAME = 'csrftoken'

CSRF_COOKIE_DOMAIN = None

###########

# TESTING #

###########

MIDDLEWARE_CLASSES = (

    'django.middleware.common.CommonMiddleware',

    'django.contrib.sessions.middleware.SessionMiddleware',

    'django.contrib.csrf.middleware.CsrfViewMiddleware',

    'django.contrib.auth.middleware.AuthenticationMiddleware',

)

from django.contrib.admin import widgets

from django.contrib.admin import helpers

from django.contrib.admin.util import unquote, flatten_fieldsets, get_deleted_objects, model_ngettext, model_format_dict

from django.contrib.csrf.decorators import csrf_protect

from django.core.exceptions import PermissionDenied

from django.db import models, transaction

from django.db.models.fields import BLANK_CHOICE_DASH

            else:

                return HttpResponseRedirect(".")

    @csrf_protect

    @transaction.commit_on_success

    def add_view(self, request, form_url='', extra_context=None):

        "The 'add' admin view for this model."

        model = self.model

        }

        context.update(extra_context or {})

        return self.render_change_form(request, context, form_url=form_url, add=True)

    add_view = transaction.commit_on_success(add_view)

    @csrf_protect

    @transaction.commit_on_success

    def change_view(self, request, object_id, extra_context=None):

        "The 'change' admin view for this model."

        model = self.model

        }

        context.update(extra_context or {})

        return self.render_change_form(request, context, change=True, obj=obj)

    change_view = transaction.commit_on_success(change_view)

    @csrf_protect

    def changelist_view(self, request, extra_context=None):

        "The 'change list' admin view for this model."

        from django.contrib.admin.views.main import ChangeList, ERROR_FLAG

            'admin/change_list.html'

        ], context, context_instance=context_instance)

    @csrf_protect

    def delete_view(self, request, object_id, extra_context=None):

        "The 'delete' admin view for this model."

        opts = self.model._meta

from django.contrib.admin import ModelAdmin

from django.contrib.admin import actions

from django.contrib.auth import authenticate, login

from django.contrib.csrf.middleware import csrf_response_exempt

from django.contrib.csrf.decorators import csrf_protect

from django.db.models.base import ModelBase

from django.core.exceptions import ImproperlyConfigured

from django.core.urlresolvers import reverse

            return view(request, *args, **kwargs)

        if not cacheable:

            inner = never_cache(inner)

        # We add csrf_protect here so this function can be used as a utility

        # function for any view, without having to repeat 'csrf_protect'.

        inner = csrf_response_exempt(csrf_protect(inner))

        return update_wrapper(inner, view)

    def get_urls(self):