I wonder that the CSRF token send from the client didn't be validated.
Don't know if a DOS attack is possible by sending many request with very long CSRF tokens?
IMHO it's a good idea to check the length before do anything with it. e.g.: ------------------------------------------------------------------------------ diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py index b5a8579..8e03635 100644 --- a/django/middleware/csrf.py +++ b/django/middleware/csrf.py @@ -72,7 +72,10 @@ def get_token(request): def _sanitize_token(token): # Allow only alphanum, and ensure we return a 'str' for the sake of the post # processing middleware. - token = re.sub('[^a-zA-Z0-9]', '', str(token.decode('ascii', 'ignore'))) + if len(token) != 32: + token = "" + else: + token = re.sub('[^a-zA-Z0-9]', '', str(token.decode('ascii', 'ignore'))) if token == "": # In case the cookie has been truncated to nothing at some point. return _get_new_csrf_key() ------------------------------------------------------------------------------ -- Mfg. Jens Diemer ---- http://www.jensdiemer.de -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.