Added csrf support. Closes issue #34.

dpaste/disable.py

@@ -1,3 +0,0 @@
-class DisableCSRF(object):
-    def process_request(self, request):
-        setattr(request, '_dont_enforce_csrf_checks', True)

dpaste/settings/__init__.py

@@ -83,7 +83,7 @@ LOGIN_REDIRECT_URL = '/'
 #==============================================================================
 
 MIDDLEWARE_CLASSES = (
-    'dpaste.disable.DisableCSRF',
+    'django.middleware.csrf.CsrfViewMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',

dpaste/templates/dpaste/about.html

@@ -72,6 +72,7 @@
     </p>
 
     <form method="POST" action="{% url "snippet_delete" %}">
+        {% csrf_token %}
         <input name="snippet_id"> <input type="Submit" value="Submit"/>
     </form>
 

dpaste/views.py

@@ -14,6 +14,7 @@ from django.core.urlresolvers import reverse
 from django.db.models import Count
 from django.views.defaults import (page_not_found as django_page_not_found,
     server_error as django_server_error)
+from django.views.decorators.csrf import csrf_exempt
 
 from dpaste.forms import SnippetForm
 from dpaste.models import Snippet
@@ -265,6 +266,7 @@ FORMAT_MAPPING = {
     'json': _format_json,
 }
 
+@csrf_exempt
 def snippet_api(request):
     content = request.POST.get('content', '').strip()
     lexer = request.POST.get('lexer', LEXER_DEFAULT).strip()