From fc7237e150b5c4307bc74a43d797807f02742427 Mon Sep 17 00:00:00 2001
From: Michael Ziegler <diese-addy@funzt-halt.net>
Date: Sun, 20 Jun 2010 11:38:01 +0200
Subject: [PATCH] remove CsrfResponseMiddleware and use csrf_tokens in the
 templates

---
 pyweb/mumble/templates/mumble/mumble.html | 8 ++++----
 pyweb/settings.py                         | 1 -
 pyweb/templates/registration/login.html   | 2 +-
 3 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/pyweb/mumble/templates/mumble/mumble.html b/pyweb/mumble/templates/mumble/mumble.html
index 20db2b3..30b0596 100644
--- a/pyweb/mumble/templates/mumble/mumble.html
+++ b/pyweb/mumble/templates/mumble/mumble.html
@@ -41,7 +41,7 @@
     <div id="mumble_registration" class="mumble-ext">
   {% if user.is_authenticated %}
       <h2>{% trans "Server registration" %}</h2>
-      <form action="{% url mumble.views.show DBaseObject.id %}" method="post">
+      <form action="{% url mumble.views.show DBaseObject.id %}" method="post">{% csrf_token %}
         {% if Registered %}
           {% trans "You are registered on this server" %}.<br />
         {% else %}
@@ -93,7 +93,7 @@
             {% endblocktrans %}
           {% endif %}
         </p>
-        <form action="{% url mumble.views.show DBaseObject.id %}" method="post" enctype="multipart/form-data">
+        <form action="{% url mumble.views.show DBaseObject.id %}" method="post" enctype="multipart/form-data">{% csrf_token %}
           <table>
             {{ TextureForm }}
           </table>
@@ -107,7 +107,7 @@
   {% if CurrentUserIsAdmin %}
     <div id="mumble_admin" class="mumble-ext">
       <h2>{% trans "Server administration" %}</h2>
-      <form action="{% url mumble.views.show DBaseObject.id %}" method="post">
+      <form action="{% url mumble.views.show DBaseObject.id %}" method="post">{% csrf_token %}
         <table>
           {{ AdminForm }}
         </table>
@@ -164,7 +164,7 @@
       {% if CurrentUserIsAdmin or user.is_staff %}
         <fieldset>
           <legend>{% trans "Kick user" %}</legend>
-          <form action="{% url mumble.views.show DBaseObject.id %}" method="POST">
+          <form action="{% url mumble.views.show DBaseObject.id %}" method="POST">{% csrf_token %}
             <input type="hidden" name="mode"    value="kick" />
             <input type="hidden" name="session" value="{{ item.session }}" />
             <ul>
diff --git a/pyweb/settings.py b/pyweb/settings.py
index bf543b9..5a78ddf 100644
--- a/pyweb/settings.py
+++ b/pyweb/settings.py
@@ -209,7 +209,6 @@ MIDDLEWARE_CLASSES = (
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
-    'django.middleware.csrf.CsrfResponseMiddleware',
     'django.middleware.locale.LocaleMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
 )
diff --git a/pyweb/templates/registration/login.html b/pyweb/templates/registration/login.html
index 250f25b..8fbea65 100644
--- a/pyweb/templates/registration/login.html
+++ b/pyweb/templates/registration/login.html
@@ -19,7 +19,7 @@
 <p>Username or password don't exist or are not correct. Please try again.</p>
 {% endif %}
 
-<form method="post" action=".">
+<form method="post" action=".">{% csrf_token %}
 <table>
 <tr><td>{{ form.username.label_tag }}</td><td>{{ form.username }}</td></tr>
 <tr><td>{{ form.password.label_tag }}</td><td>{{ form.password }}</td></tr>

{{ form.username.label_tag }}	{{ form.username }}
{{ form.password.label_tag }}	{{ form.password }}