Re: CSRFmiddlewaretoken issue ?

2013-01-15 Thread Travis J 
{% csrf_token %} introduces a hidden field into your form that will be 
posted.  Second, request.raw_post_data is going to be form-encoded, so it 
will look like "csrf_token=adsjadsf=" 
(generally you would only use raw_post_data for binary files and the like).

To get it working quickly, use request.POST['body'] instead (you'll need to 
think about sanitizing; what happens on display if a user has included 
Javascript in the message). 

tj

On Monday, January 14, 2013 11:08:22 AM UTC-7, Rahul Gaur wrote:
>
> Hi, 
>   I am working on a Project which implements micro blogging(river flow) 
> like twitter.
>
> I made a django app for this and here is the snippet of the models.py 
>
> I registered the app with 'admin'
>
>  class uPost(models.Model):
> body = models.TextField(max_length=150)
> author = models.ForeignKey(auth.User)
> pub_date = models.DateTimeField('Date')
> 
> def __unicode__(self):
> return (self.body)
>
> def get_author_url(self):
> return "/u/%s/p/0" % (self.author)
> 
> class Meta:
>
> ordering = ['-pub_date']
>
>
> here is snippet from  post.html page 
>
> 
> {% csrf_token %}
> 
> 
> Report a Story:  rows="2" cols="40" name="body">
> 
> 
> 
> 
>  
> # I use this to post the tweet  and below is the 
>
> #views.py function 
>
> def tweet(request):
> assert(request.method=='POST')
> body = smart_unicode(request.raw_post_data)
> topic = uPost(body=body, author=request.user)
> topic.pub_date = datetime.datetime.today()
> topic.save()
> return HttpResponseRedirect("/riverflow") # calls the function views 
> function that list all post in the timeline
>
>
> When I use the post.html 
>
>
> OutPut I get when I post any tweet with the above FORM and Views func def 
> tweet
>
>  
>
> csrfmiddlewaretoken=eTqlKTZe9AyMiudycqENAJxoLn9WXjA9=hmm+just+check+ing+%21
>
> @aregee Jan. 14, 2013, 11:33 a.m.
>
>
> It has to do something with the CSRF middleware token right ?
>
> I tried to use @csrf_exempt decorator in my views function,that does 
> remove  csrfmiddlewaretoken =*& post the following on the timeline  
> "body=MESSAGEPOSTED "
>  
> What am I doing wrong here .?
>
>
>
>
> ---
> *Rahul Gaur*
> *irc : iamaregee2*
> *web: *http://www.rahulgaur.info*
> *
> *blogs : *aregee.wordpress.com , 
> http://sanencynicalwriter.wordpress.com/
> *fb:* http://facebook.com/iamaregee 
> *github: *https://github.com/aregee
>
>  

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/django-users/-/4fWZdPC1GUUJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

CSRFmiddlewaretoken issue ?

2013-01-14 Thread Rahul Gaur 
Hi,
  I am working on a Project which implements micro blogging(river flow)
like twitter.

I made a django app for this and here is the snippet of the models.py

I registered the app with 'admin'

 class uPost(models.Model):
body = models.TextField(max_length=150)
author = models.ForeignKey(auth.User)
pub_date = models.DateTimeField('Date')

def __unicode__(self):
return (self.body)

def get_author_url(self):
return "/u/%s/p/0" % (self.author)

class Meta:

ordering = ['-pub_date']


here is snippet from  post.html page


{% csrf_token %}


Report a Story: 





# I use this to post the tweet  and below is the

#views.py function

def tweet(request):
assert(request.method=='POST')
body = smart_unicode(request.raw_post_data)
topic = uPost(body=body, author=request.user)
topic.pub_date = datetime.datetime.today()
topic.save()
return HttpResponseRedirect("/riverflow") # calls the function views
function that list all post in the timeline


When I use the post.html


OutPut I get when I post any tweet with the above FORM and Views func def tweet



csrfmiddlewaretoken=eTqlKTZe9AyMiudycqENAJxoLn9WXjA9=hmm+just+check+ing+%21

@aregee Jan. 14, 2013, 11:33 a.m.


It has to do something with the CSRF middleware token right ?

I tried to use @csrf_exempt decorator in my views function,that does
remove  csrfmiddlewaretoken =*& post the following on the timeline
"body=MESSAGEPOSTED "

What am I doing wrong here .?



---
*Rahul Gaur*
*irc : iamaregee2*
*web: *http://www.rahulgaur.info*
*
*blogs : *aregee.wordpress.com ,  
http://sanencynicalwriter.wordpress.com/
*fb:* http://facebook.com/iamaregee
*github: *https://github.com/aregee

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.