Stable update of dajaxice

To: debian-release@lists.debian.org
Subject: Stable update of dajaxice
From: Angel Abad <angelabad@gmail.com>
Date: Thu, 24 Feb 2011 11:16:23 +0100
Message-id: <[🔎] 4D662FF7.40700@gmail.com>

I've prepared an upload to stable for package dajaxice, since
python-django was patched for problems related with crsf cookies,
dajaxice is unusable in squeeze.

The pacth comes from upstream developer as you can see in Ubuntu bug.

Any change for this to be accepted?
--
Angel Abad
angelabad@ubuntu.com
angelabad@gmail.com

$ diffstat dajaxice_0.1.5-1squeeze1.debdiff
 changelog                     |    7 +++++++
 patches/fix_csrf_verification |   42
++++++++++++++++++++++++++++++++++++++++++
 patches/series                |    1 +
 3 files changed, 50 insertions(+)

diff -Nru dajaxice-0.1.5/debian/changelog dajaxice-0.1.5/debian/changelog
--- dajaxice-0.1.5/debian/changelog    2010-07-11 13:17:35.000000000 +0000
+++ dajaxice-0.1.5/debian/changelog    2011-02-24 09:33:02.000000000 +0000
@@ -1,3 +1,10 @@
+dajaxice (0.1.5-1squeeze1) stable; urgency=high
+
+  * debian/patches/fix_csrf_verification: (Closes: #614787)
+    - Fix bug related to CSRF verification on Django
+
+ -- Angel Abad <angelabad@gmail.com>  Thu, 24 Feb 2011 09:24:51 +0000
+
 dajaxice (0.1.5-1) unstable; urgency=low
 
   * New upstream release
diff -Nru dajaxice-0.1.5/debian/patches/fix_csrf_verification
dajaxice-0.1.5/debian/patches/fix_csrf_verification
--- dajaxice-0.1.5/debian/patches/fix_csrf_verification    1970-01-01
00:00:00.000000000 +0000
+++ dajaxice-0.1.5/debian/patches/fix_csrf_verification    2011-02-24
09:30:43.000000000 +0000
@@ -0,0 +1,42 @@
+Description: Fix bug related to CSRF verification on Django
+Author: Jorge Bastida <neo2001@gmail.com>
+From: Angel Abad <angelabad@ubuntu.com>
+Bug-Ubuntu: https://launchpad.net/bugs/723585
+Bug-Debian: http://bugs.debian.org/614787
+
+diff --git a/dajaxice/templates/dajaxice/dajaxice.core.js
b/dajaxice/templates/dajaxice/dajaxice.core.js
+index f3f1926..a052d93 100644
+--- a/dajaxice/templates/dajaxice/dajaxice.core.js
++++ b/dajaxice/templates/dajaxice/dajaxice.core.js
+@@ -3,6 +3,23 @@ var Dajaxice = {
+         {% include "dajaxice/dajaxice_core_loop.js" %}
+         {% endfor %}{% ifnotequal dajaxice_js_functions|length 0 %},{%
endifnotequal %}
+    
++    get_cookie: function(name)
++    {
++        var cookieValue = null;
++        if (document.cookie && document.cookie != '') {
++            var cookies = document.cookie.split(';');
++            for (var i = 0; i < cookies.length; i++) {
++                var cookie = cookies[i].toString().replace(/^\s+/,
"").replace(/\s+$/, "");
++                // Does this cookie string begin with the name we want?
++                if (cookie.substring(0, name.length + 1) == (name +
'=')) {
++                    cookieValue =
decodeURIComponent(cookie.substring(name.length + 1));
++                    break;
++                }
++            }
++        }
++        return cookieValue;
++    },
++       
+     call: function(dajaxice_function, dajaxice_callback, argv)
+     {
+         var send_data = [];
+@@ -12,6 +29,7 @@ var Dajaxice = {
+         var oXMLHttpRequest = new XMLHttpRequest;
+         oXMLHttpRequest.open('POST',
'/{{DAJAXICE_URL_PREFIX}}/'+dajaxice_function+'/');
+         oXMLHttpRequest.setRequestHeader("X-Requested-With",
"XMLHttpRequest");
++       
oXMLHttpRequest.setRequestHeader("X-CSRFToken",Dajaxice.get_cookie('csrftoken'));
+         oXMLHttpRequest.onreadystatechange = function() {
+             if (this.readyState == XMLHttpRequest.DONE) {
+                 eval(this.responseText);
diff -Nru dajaxice-0.1.5/debian/patches/series
dajaxice-0.1.5/debian/patches/series
--- dajaxice-0.1.5/debian/patches/series    1970-01-01
00:00:00.000000000 +0000
+++ dajaxice-0.1.5/debian/patches/series    2011-02-24
09:30:43.000000000 +0000
@@ -0,0 +1 @@
+fix_csrf_verification

diff -Nru dajaxice-0.1.5/debian/changelog dajaxice-0.1.5/debian/changelog
--- dajaxice-0.1.5/debian/changelog	2010-07-11 13:17:35.000000000 +0000
+++ dajaxice-0.1.5/debian/changelog	2011-02-24 09:33:02.000000000 +0000
@@ -1,3 +1,10 @@
+dajaxice (0.1.5-1squeeze1) stable; urgency=high
+
+  * debian/patches/fix_csrf_verification: (Closes: #614787)
+    - Fix bug related to CSRF verification on Django
+
+ -- Angel Abad <angelabad@gmail.com>  Thu, 24 Feb 2011 09:24:51 +0000
+
 dajaxice (0.1.5-1) unstable; urgency=low
 
   * New upstream release
diff -Nru dajaxice-0.1.5/debian/patches/fix_csrf_verification dajaxice-0.1.5/debian/patches/fix_csrf_verification
--- dajaxice-0.1.5/debian/patches/fix_csrf_verification	1970-01-01 00:00:00.000000000 +0000
+++ dajaxice-0.1.5/debian/patches/fix_csrf_verification	2011-02-24 09:30:43.000000000 +0000
@@ -0,0 +1,42 @@
+Description: Fix bug related to CSRF verification on Django
+Author: Jorge Bastida <neo2001@gmail.com>
+From: Angel Abad <angelabad@ubuntu.com>
+Bug-Ubuntu: https://launchpad.net/bugs/723585
+Bug-Debian: http://bugs.debian.org/614787
+
+diff --git a/dajaxice/templates/dajaxice/dajaxice.core.js b/dajaxice/templates/dajaxice/dajaxice.core.js
+index f3f1926..a052d93 100644
+--- a/dajaxice/templates/dajaxice/dajaxice.core.js
++++ b/dajaxice/templates/dajaxice/dajaxice.core.js
+@@ -3,6 +3,23 @@ var Dajaxice = {
+         {% include "dajaxice/dajaxice_core_loop.js" %}
+         {% endfor %}{% ifnotequal dajaxice_js_functions|length 0 %},{% endifnotequal %}
+     
++    get_cookie: function(name)
++    {
++        var cookieValue = null;
++        if (document.cookie && document.cookie != '') {
++            var cookies = document.cookie.split(';');
++            for (var i = 0; i < cookies.length; i++) {
++                var cookie = cookies[i].toString().replace(/^\s+/, "").replace(/\s+$/, "");
++                // Does this cookie string begin with the name we want?
++                if (cookie.substring(0, name.length + 1) == (name + '=')) {
++                    cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
++                    break;
++                }
++            }
++        }
++        return cookieValue;
++    },
++        
+     call: function(dajaxice_function, dajaxice_callback, argv)
+     {
+         var send_data = [];
+@@ -12,6 +29,7 @@ var Dajaxice = {
+         var oXMLHttpRequest = new XMLHttpRequest;
+         oXMLHttpRequest.open('POST', '/{{DAJAXICE_URL_PREFIX}}/'+dajaxice_function+'/');
+         oXMLHttpRequest.setRequestHeader("X-Requested-With", "XMLHttpRequest");
++        oXMLHttpRequest.setRequestHeader("X-CSRFToken",Dajaxice.get_cookie('csrftoken'));
+         oXMLHttpRequest.onreadystatechange = function() {
+             if (this.readyState == XMLHttpRequest.DONE) {
+                 eval(this.responseText);
diff -Nru dajaxice-0.1.5/debian/patches/series dajaxice-0.1.5/debian/patches/series
--- dajaxice-0.1.5/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ dajaxice-0.1.5/debian/patches/series	2011-02-24 09:30:43.000000000 +0000
@@ -0,0 +1 @@
+fix_csrf_verification

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Stable update of dajaxice
  - From: Angel Abad <angelabad@gmail.com>
- Re: Stable update of dajaxice
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Processed: tagging 614888
Next by Date: Re: Stable update of dajaxice
Previous by thread: Processed: tagging 614888
Next by thread: Re: Stable update of dajaxice
Index(es):
- Date
- Thread