I wonder that the CSRF token send from the client didn't be validated.
Don't know if a DOS attack is possible by sending many request with very long
CSRF tokens?
IMHO it's a good idea to check the length before do anything with it.
e.g.:
------------------------------------------------------------------------------
diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py
index b5a8579..8e03635 100644
--- a/django/middleware/csrf.py
+++ b/django/middleware/csrf.py
@@ -72,7 +72,10 @@ def get_token(request):
def _sanitize_token(token):
# Allow only alphanum, and ensure we return a 'str' for the sake of the
post
# processing middleware.
- token = re.sub('[^a-zA-Z0-9]', '', str(token.decode('ascii', 'ignore')))
+ if len(token) != 32:
+ token = ""
+ else:
+ token = re.sub('[^a-zA-Z0-9]', '', str(token.decode('ascii',
'ignore')))
if token == "":
# In case the cookie has been truncated to nothing at some point.
return _get_new_csrf_key()
------------------------------------------------------------------------------
--
Mfg.
Jens Diemer
----
http://www.jensdiemer.de
--
You received this message because you are subscribed to the Google Groups "Django
developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
