I've prepared an upload to stable for package dajaxice, since python-django was patched for problems related with crsf cookies, dajaxice is unusable in squeeze. The pacth comes from upstream developer as you can see in Ubuntu bug. Any change for this to be accepted? -- Angel Abad angelabad@ubuntu.com angelabad@gmail.com $ diffstat dajaxice_0.1.5-1squeeze1.debdiff changelog | 7 +++++++ patches/fix_csrf_verification | 42 ++++++++++++++++++++++++++++++++++++++++++ patches/series | 1 + 3 files changed, 50 insertions(+) diff -Nru dajaxice-0.1.5/debian/changelog dajaxice-0.1.5/debian/changelog --- dajaxice-0.1.5/debian/changelog 2010-07-11 13:17:35.000000000 +0000 +++ dajaxice-0.1.5/debian/changelog 2011-02-24 09:33:02.000000000 +0000 @@ -1,3 +1,10 @@ +dajaxice (0.1.5-1squeeze1) stable; urgency=high + + * debian/patches/fix_csrf_verification: (Closes: #614787) + - Fix bug related to CSRF verification on Django + + -- Angel Abad <angelabad@gmail.com> Thu, 24 Feb 2011 09:24:51 +0000 + dajaxice (0.1.5-1) unstable; urgency=low * New upstream release diff -Nru dajaxice-0.1.5/debian/patches/fix_csrf_verification dajaxice-0.1.5/debian/patches/fix_csrf_verification --- dajaxice-0.1.5/debian/patches/fix_csrf_verification 1970-01-01 00:00:00.000000000 +0000 +++ dajaxice-0.1.5/debian/patches/fix_csrf_verification 2011-02-24 09:30:43.000000000 +0000 @@ -0,0 +1,42 @@ +Description: Fix bug related to CSRF verification on Django +Author: Jorge Bastida <neo2001@gmail.com> +From: Angel Abad <angelabad@ubuntu.com> +Bug-Ubuntu: https://launchpad.net/bugs/723585 +Bug-Debian: http://bugs.debian.org/614787 + +diff --git a/dajaxice/templates/dajaxice/dajaxice.core.js b/dajaxice/templates/dajaxice/dajaxice.core.js +index f3f1926..a052d93 100644 +--- a/dajaxice/templates/dajaxice/dajaxice.core.js ++++ b/dajaxice/templates/dajaxice/dajaxice.core.js +@@ -3,6 +3,23 @@ var Dajaxice = { + {% include "dajaxice/dajaxice_core_loop.js" %} + {% endfor %}{% ifnotequal dajaxice_js_functions|length 0 %},{% endifnotequal %} + ++ get_cookie: function(name) ++ { ++ var cookieValue = null; ++ if (document.cookie && document.cookie != '') { ++ var cookies = document.cookie.split(';'); ++ for (var i = 0; i < cookies.length; i++) { ++ var cookie = cookies[i].toString().replace(/^\s+/, "").replace(/\s+$/, ""); ++ // Does this cookie string begin with the name we want? ++ if (cookie.substring(0, name.length + 1) == (name + '=')) { ++ cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); ++ break; ++ } ++ } ++ } ++ return cookieValue; ++ }, ++ + call: function(dajaxice_function, dajaxice_callback, argv) + { + var send_data = []; +@@ -12,6 +29,7 @@ var Dajaxice = { + var oXMLHttpRequest = new XMLHttpRequest; + oXMLHttpRequest.open('POST', '/{{DAJAXICE_URL_PREFIX}}/'+dajaxice_function+'/'); + oXMLHttpRequest.setRequestHeader("X-Requested-With", "XMLHttpRequest"); ++ oXMLHttpRequest.setRequestHeader("X-CSRFToken",Dajaxice.get_cookie('csrftoken')); + oXMLHttpRequest.onreadystatechange = function() { + if (this.readyState == XMLHttpRequest.DONE) { + eval(this.responseText); diff -Nru dajaxice-0.1.5/debian/patches/series dajaxice-0.1.5/debian/patches/series --- dajaxice-0.1.5/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ dajaxice-0.1.5/debian/patches/series 2011-02-24 09:30:43.000000000 +0000 @@ -0,0 +1 @@ +fix_csrf_verification
diff -Nru dajaxice-0.1.5/debian/changelog dajaxice-0.1.5/debian/changelog --- dajaxice-0.1.5/debian/changelog 2010-07-11 13:17:35.000000000 +0000 +++ dajaxice-0.1.5/debian/changelog 2011-02-24 09:33:02.000000000 +0000 @@ -1,3 +1,10 @@ +dajaxice (0.1.5-1squeeze1) stable; urgency=high + + * debian/patches/fix_csrf_verification: (Closes: #614787) + - Fix bug related to CSRF verification on Django + + -- Angel Abad <angelabad@gmail.com> Thu, 24 Feb 2011 09:24:51 +0000 + dajaxice (0.1.5-1) unstable; urgency=low * New upstream release diff -Nru dajaxice-0.1.5/debian/patches/fix_csrf_verification dajaxice-0.1.5/debian/patches/fix_csrf_verification --- dajaxice-0.1.5/debian/patches/fix_csrf_verification 1970-01-01 00:00:00.000000000 +0000 +++ dajaxice-0.1.5/debian/patches/fix_csrf_verification 2011-02-24 09:30:43.000000000 +0000 @@ -0,0 +1,42 @@ +Description: Fix bug related to CSRF verification on Django +Author: Jorge Bastida <neo2001@gmail.com> +From: Angel Abad <angelabad@ubuntu.com> +Bug-Ubuntu: https://launchpad.net/bugs/723585 +Bug-Debian: http://bugs.debian.org/614787 + +diff --git a/dajaxice/templates/dajaxice/dajaxice.core.js b/dajaxice/templates/dajaxice/dajaxice.core.js +index f3f1926..a052d93 100644 +--- a/dajaxice/templates/dajaxice/dajaxice.core.js ++++ b/dajaxice/templates/dajaxice/dajaxice.core.js +@@ -3,6 +3,23 @@ var Dajaxice = { + {% include "dajaxice/dajaxice_core_loop.js" %} + {% endfor %}{% ifnotequal dajaxice_js_functions|length 0 %},{% endifnotequal %} + ++ get_cookie: function(name) ++ { ++ var cookieValue = null; ++ if (document.cookie && document.cookie != '') { ++ var cookies = document.cookie.split(';'); ++ for (var i = 0; i < cookies.length; i++) { ++ var cookie = cookies[i].toString().replace(/^\s+/, "").replace(/\s+$/, ""); ++ // Does this cookie string begin with the name we want? ++ if (cookie.substring(0, name.length + 1) == (name + '=')) { ++ cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); ++ break; ++ } ++ } ++ } ++ return cookieValue; ++ }, ++ + call: function(dajaxice_function, dajaxice_callback, argv) + { + var send_data = []; +@@ -12,6 +29,7 @@ var Dajaxice = { + var oXMLHttpRequest = new XMLHttpRequest; + oXMLHttpRequest.open('POST', '/{{DAJAXICE_URL_PREFIX}}/'+dajaxice_function+'/'); + oXMLHttpRequest.setRequestHeader("X-Requested-With", "XMLHttpRequest"); ++ oXMLHttpRequest.setRequestHeader("X-CSRFToken",Dajaxice.get_cookie('csrftoken')); + oXMLHttpRequest.onreadystatechange = function() { + if (this.readyState == XMLHttpRequest.DONE) { + eval(this.responseText); diff -Nru dajaxice-0.1.5/debian/patches/series dajaxice-0.1.5/debian/patches/series --- dajaxice-0.1.5/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ dajaxice-0.1.5/debian/patches/series 2011-02-24 09:30:43.000000000 +0000 @@ -0,0 +1 @@ +fix_csrf_verification
Attachment:
signature.asc
Description: OpenPGP digital signature