From bd5880b6524853dd7f6d5d347bee8dc2468db7a6 Mon Sep 17 00:00:00 2001 From: Parnell Springmeyer Date: Fri, 15 Mar 2013 19:01:36 -0500 Subject: [PATCH 1/2] Making CSRF work properly with python3 --- pyramid_deform/__init__.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/pyramid_deform/__init__.py b/pyramid_deform/__init__.py index 675ea02..c97d39d 100644 --- a/pyramid_deform/__init__.py +++ b/pyramid_deform/__init__.py @@ -386,12 +386,21 @@ def get_summary(self, request): @colander.deferred def deferred_csrf_value(node, kw): - return kw['request'].session.get_csrf_token() + if PY3: + return kw['request'].session.get_csrf_token() + else: + return kw['request'].session.get_csrf_token() @colander.deferred def deferred_csrf_validator(node, kw): def csrf_validate(node, value): - if value != kw['request'].session.get_csrf_token(): + + if PY3: + token = kw['request'].session.get_csrf_token().decode() + else: + token = kw['request'].session.get_csrf_token() + + if value != token: raise colander.Invalid(node, _('Invalid cross-site scripting token')) return csrf_validate From 9941214d3ae06335014b2755b615f5dccd8f2bb6 Mon Sep 17 00:00:00 2001 From: Parnell Springmeyer Date: Fri, 15 Mar 2013 19:04:38 -0500 Subject: [PATCH 2/2] Another fix --- pyramid_deform/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyramid_deform/__init__.py b/pyramid_deform/__init__.py index c97d39d..ea00616 100644 --- a/pyramid_deform/__init__.py +++ b/pyramid_deform/__init__.py @@ -387,7 +387,7 @@ def get_summary(self, request): @colander.deferred def deferred_csrf_value(node, kw): if PY3: - return kw['request'].session.get_csrf_token() + return kw['request'].session.get_csrf_token().decode() else: return kw['request'].session.get_csrf_token()