尝试上传ImageField时CSRF失败

I have a django template with an ImageField form to allow users to upload pictures on the site.

我有一个带有ImageField表单的django模板,允许用户在网站上传图片。

1) The form contains {% csfr_token %} 2) I render a template with render variables.

1)表单包含{%csfr_token%} 2)我使用渲染变量渲染模板。

Also, I have set enctype="multipart/form-data" in the form in the template?

另外,我在模板中的表单中设置了enctype =“multipart / form-data”?

Still I get a CSFR verif. fail. Can anyone help?

我仍然得到CSFR证明。失败。有人可以帮忙吗?

Code from the template.html

来自template.html的代码

<form enctype="multipart/form-data" action='{% url photo username %}' method="post">
            {% csrf_token %}
              <p>{{ form.non_field_errors }}</p>
              <p>{{ form.profile_picture.label_tag }} {{ form.profile_picture.help_text }}</p>
              <p>
              {{ form.profile_picture.errors }}
              {{ form.profile_picture }}
              </p>
              <p><input type="submit" value="Upload" /></p>
            </form>

The view:

def upload_photo(request, nick):
#c = {}
#c.update(csrf(request))
if request.method == 'POST':
    form = PictureForm(request.POST, request.FILES)
    if form.is_valid():
        newpic = Picture(profile_picture = request.FILES['profile_picture'])
        newpic.save()

        # Redirect to the document list after POST
        return HttpResponseRedirect(reverse('profiles.views.upload_photo', args=[nick]))
else:
    form = PictureForm() # A empty, unbound form

# Load documents for the list page
pictures = Picture.objects.all()

# Render list page with the documents and the form
return render_to_response(
    'profile.html',
             #various render variables here
             })

UPDATE:traceback

Environment:


Request Method: POST
Request URL: localhost/hello/john/

Django Version: 1.4.2
Python Version: 2.7.2
Installed Applications:
('django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.sites',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.admin',
 'django.contrib.admindocs',
 'friendship',
 'search',
 'tour',
 'profiles')
Installed Middleware:
('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware')


Traceback:
File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py" in get_response
  111.                         response = callback(request, *callback_args, **callback_kwargs)
File "/home/mike/Documents/ics/django/ics/profiles/views.py" in upload_photo
  18.           newpic.save()
File "/usr/local/lib/python2.7/dist-packages/django/db/models/base.py" in save
  463.         self.save_base(using=using, force_insert=force_insert, force_update=force_update)
File "/usr/local/lib/python2.7/dist-packages/django/db/models/base.py" in save_base
  551.                 result = manager._insert([self], fields=fields, return_id=update_pk, using=using, raw=raw)
File "/usr/local/lib/python2.7/dist-packages/django/db/models/manager.py" in _insert
  203.         return insert_query(self.model, objs, fields, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/django/db/models/query.py" in insert_query
  1593.     return query.get_compiler(using=using).execute_sql(return_id)
File "/usr/local/lib/python2.7/dist-packages/django/db/models/sql/compiler.py" in execute_sql
  909.         for sql, params in self.as_sql():
File "/usr/local/lib/python2.7/dist-packages/django/db/models/sql/compiler.py" in as_sql
  872.                 for obj in self.query.objs
File "/usr/local/lib/python2.7/dist-packages/django/db/models/fields/files.py" in pre_save
  249.             file.save(file.name, file, save=False)
File "/usr/local/lib/python2.7/dist-packages/django/db/models/fields/files.py" in save
  85.         name = self.field.generate_filename(self.instance, name)
File "/home/mike/Documents/ics/django/ics/profiles/models.py" in get_image_name
  8.    name =  str(instance.user_id) + ".jpg"
File "/usr/local/lib/python2.7/dist-packages/django/db/models/fields/related.py" in __get__
  343.                 raise self.field.rel.to.DoesNotExist

I found that the error is here (models.py):

我发现错误在这里(models.py):

def get_image_name(instance, filename):
    return  str(instance.user_id) + ".jpg"
    #str(____) + ".jpg" causes the exception

class Picture(models.Model):
    user_id = models.ForeignKey(User)
    profile_picture = models.ImageField(storage=OverwriteStorage(), upload_to=get_image_name)

Any thoughts why this happens?

有没有想过为什么会这样?

What I'm trying to do is save the image the user uploads with their username. But how can I get the user's username within the models.py?

我要做的是保存用户使用其用户名上传的图像。但是如何在models.py中获取用户的用户名?

1 个解决方案

#1

Since you are not manually updating your context with the csrf token you must use a RequestContext in your render to response method

由于您没有使用csrf令牌手动更新上下文,因此必须在render to response方法中使用RequestContext

return render_to_response('profile.html', { 
   ..your data dict.. }, context_instance=RequestContext(request))

Please see https://docs.djangoproject.com/en/1.2/ref/templates/api/#subclassing-context-requestcontext as well (I link to an old version of django since you still use function-style views)

请参阅https://docs.djangoproject.com/en/1.2/ref/templates/api/#subclassing-context-requestcontext(我链接到旧版本的django,因为你仍然使用函数式视图)

EDIT:

Now that the csrf problem is fixed, you're dealing with a separate, new error. Try changing 'user_id' to 'user' (for consistency) in your Picture model and use str(instance.user.username) in your get_image_name. Even if this does not work (which it normally should), please post a new question as the original request has been answered. People could search for csrf and end up here, reading for an unrelated problem.

既然修复了csrf问题,那么你正在处理一个单独的新错误。尝试在Picture模型中将'user_id'更改为'user'(为了保持一致性),并在get_image_name中使用str(instance.user.username)。即使这不起作用(通常应该这样),请在原始请求得到解答后发布新问题。人们可以搜索csrf并最终到达这里,阅读一个无关的问题。

#1