On Thu, Aug 19, 2010 at 5:33 AM, Aspontus <aspon...@gmail.com> wrote:
> It seems I haven't expressed myself clearly enough. > The template django/contrib/admin/templates/admin/auth/user/ > change_password.html You point me to is rendered when I use the > password change form from user change form. > The one that seems to be missing CSRF token is rendered when I try to > change password from the link in the upper right corner of admin > screen. > I think that it is some other template, as the form's fields ids are > different - namely id_old_password, id_new_password1 and > id_new_password_2, while in the aforementioned template the form's > fields ids are id_password1 and id_password2. > I think that the template rendered in this case is django/contrib/ > admin/templates/registration/password_change_form.html > Is this something I can change and if so then how? > Note that template in the 1.2 release: http://code.djangoproject.com/browser/django/tags/releases/1.2/django/contrib/admin/templates/registration/password_change_form.html does have the {% csrf_token %} tag in the form (on line 11). So check the copy of that template in your install -- if it does not have {% csrf_token %} on line 11 then somehow your installed files differ from the release files. If it does, then for your project some other template is being used to override that one in the install, and you need to find that override and fix it to include the csrf token. Karen -- http://tracey.org/kmt/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
