Sorry, I haven't thought it through.
Server is running:
- Debian GNU/Linux 5.0 with 2.6.32.2 kernel
- Python 2.5.2
- Django 1.2.1
- MySQL 5.0.51 (with MySQLdb 1.2.2) - default engine InnoDB
- Apache2 with mod_python 3.3.1
Browsers are in default polish configuration and I've tested it with
Firefox 3.5.11, Safari 5.0.1, Opera 10.60, Internet Explorer 8.0.6001,
Lunascape 6.2.0, SeaMonkey 2.0.6, Google Chrome 5.0.375 (all of them
under Windows XP 32 bit PL) and Firefox 3.6 under Ubuntu 9.10 64 bit
HTML I can see when I go for "/admin/auth/user/1/password/" :
<form action="" method="post" id="user_form"><div
style='display:none'><input type='hidden' name='csrfmiddlewaretoken'
value='<value cut out>' /></div>
<p>Podaj nowe hasło dla użytkownika <strong>asp</strong>.</p>
<fieldset class="module aligned">
<div class="form-row">
<label for="id_password1" class="required">Hasło:</label> <input
type="password" name="password1" id="id_password1" />
</div>
<div class="form-row">
<label for="id_password2" class="required">Hasło (powtórz):</label>
<input type="password" name="password2" id="id_password2" />
<p class="help">Podaj powyższe hasło w celu weryfikacji.</p>
</div>
</fieldset>
<div class="submit-row">
<input type="submit" value="Zmiana hasła" class="default" />
</div>
<script type="text/
javascript">document.getElementById("id_password1").foc us();</
script>
</div>
</form>
HTML I can see when I go for "/admin/password_change/"
<form action="" method="post">
<p class="aligned wide"><label for="id_old_password">Old password:</
label><input type="password" name="old_password"
id="id_old_password" /></p>
<p class="aligned wide"><label for="id_new_password1">Nowe hasło:</
label><input type="password" name="new_password1"
id="id_new_password1" /></p>
<p class="aligned wide"><label for="id_new_password2">Potwierdź
hasło:</label><input type="password" name="new_password2"
id="id_new_password2" /></p>
<p><input type="submit" value="Zmień hasło" /></p>
</form>
It seems, that the CSRF token is somehow missing in that second case.
I hope it helps.
Best regards
On 18 Sie, 13:56, Russell Keith-Magee <russ...@keith-magee.com>
wrote:
> On Wed, Aug 18, 2010 at 3:05 PM, Aspontus <aspon...@gmail.com> wrote:
> > Hi.
> > I have run into a consistent CSRF error in admin.
> > It occurs when user tries to change his/her password.
> > Every single time it returns CSRF error.
> > My admin templates are not modified.
>
> You're going to need to provide more detail than that.
>
> Django has an extensive test suite, and it's currently passing without
> errors.
>
> We have a very large userbase that has deployed Django 1.2 and not
> reported any problems.
>
> I have personally run many dozens of manual tests, including changing
> a user's password, and have had no problems.
>
> Allow me to assure you that we have tested this. If you are
> experiencing problems, then there is something unusual going on, and
> we need as much detail as possible. "It doesn't work" doesn't help us.
> Exact browsers configurations, server configurations, minimal sample
> projects -- these are the things that will help us identify and fix
> this problem. We can't help you until we can duplication your problem.
>
> Yours,
> Russ Magee %-)
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
