2009-11-14 19:13:33 +00:00
|
|
|
.. _releases-1.2:
|
2009-10-19 21:48:06 +00:00
|
|
|
|
2009-11-14 19:13:33 +00:00
|
|
|
============================================
|
|
|
|
Django 1.2 release notes — UNDER DEVELOPMENT
|
|
|
|
============================================
|
|
|
|
|
|
|
|
This page documents release notes for the as-yet-unreleased Django 1.2. As such
|
|
|
|
it is tentative and subject to change. It provides up-to-date information for
|
|
|
|
those who are following trunk.
|
|
|
|
|
2009-11-23 13:44:24 +00:00
|
|
|
Django 1.2 includes a number of nifty `new features`_, lots of bug
|
|
|
|
fixes, and an easy upgrade path from Django 1.1.
|
|
|
|
|
|
|
|
.. _new features: `What's new in Django 1.2`_
|
|
|
|
|
2009-11-14 19:13:33 +00:00
|
|
|
.. _backwards-incompatible-changes-1.2:
|
|
|
|
|
|
|
|
Backwards-incompatible changes in 1.2
|
|
|
|
=====================================
|
2009-10-19 21:48:06 +00:00
|
|
|
|
Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django. It includes:
* removing the dependency on the session framework.
* deprecating CsrfResponseMiddleware, and replacing with a core template tag.
* turning on CSRF protection by default by adding CsrfViewMiddleware to
the default value of MIDDLEWARE_CLASSES.
* protecting all contrib apps (whatever is in settings.py)
using a decorator.
For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.
Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.
Details of the rationale for these changes is found here:
http://code.djangoproject.com/wiki/CsrfProtection
As of this commit, the CSRF code is mainly in 'contrib'. The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
|
|
|
CSRF Protection
|
|
|
|
---------------
|
|
|
|
|
|
|
|
There have been large changes to the way that CSRF protection works, detailed in
|
|
|
|
:ref:`the CSRF documentaton <ref-contrib-csrf>`. The following are the major
|
|
|
|
changes that developers must be aware of:
|
|
|
|
|
|
|
|
* ``CsrfResponseMiddleware`` and ``CsrfMiddleware`` have been deprecated, and
|
2009-12-03 14:48:47 +00:00
|
|
|
will be removed completely in Django 1.4, in favor of a template tag that
|
Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django. It includes:
* removing the dependency on the session framework.
* deprecating CsrfResponseMiddleware, and replacing with a core template tag.
* turning on CSRF protection by default by adding CsrfViewMiddleware to
the default value of MIDDLEWARE_CLASSES.
* protecting all contrib apps (whatever is in settings.py)
using a decorator.
For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.
Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.
Details of the rationale for these changes is found here:
http://code.djangoproject.com/wiki/CsrfProtection
As of this commit, the CSRF code is mainly in 'contrib'. The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
|
|
|
should be inserted into forms.
|
|
|
|
|
2009-10-27 12:11:56 +00:00
|
|
|
* All contrib apps use a ``csrf_protect`` decorator to protect the view. This
|
|
|
|
requires the use of the csrf_token template tag in the template, so if you
|
2009-12-03 14:48:47 +00:00
|
|
|
have used custom templates for contrib views, you MUST READ THE :ref:`UPGRADE
|
|
|
|
INSTRUCTIONS <ref-csrf-upgrading-notes>` to fix those templates.
|
2009-10-27 12:11:56 +00:00
|
|
|
|
Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django. It includes:
* removing the dependency on the session framework.
* deprecating CsrfResponseMiddleware, and replacing with a core template tag.
* turning on CSRF protection by default by adding CsrfViewMiddleware to
the default value of MIDDLEWARE_CLASSES.
* protecting all contrib apps (whatever is in settings.py)
using a decorator.
For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.
Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.
Details of the rationale for these changes is found here:
http://code.djangoproject.com/wiki/CsrfProtection
As of this commit, the CSRF code is mainly in 'contrib'. The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
|
|
|
* ``CsrfViewMiddleware`` is included in :setting:`MIDDLEWARE_CLASSES` by
|
|
|
|
default. This turns on CSRF protection by default, so that views that accept
|
|
|
|
POST requests need to be written to work with the middleware. Instructions
|
|
|
|
on how to do this are found in the CSRF docs.
|
|
|
|
|
2009-10-27 00:36:34 +00:00
|
|
|
* All of the CSRF has moved from contrib to core (with backwards compatible
|
|
|
|
imports in the old locations, which are deprecated).
|
|
|
|
|
2009-12-09 22:40:36 +00:00
|
|
|
:ttag:`if` tag changes
|
|
|
|
----------------------
|
|
|
|
|
|
|
|
Due to new features in the :ttag:`if` template tag, it no longer accepts 'and',
|
|
|
|
'or' and 'not' as valid **variable** names. Previously that worked in some
|
|
|
|
cases even though these strings were normally treated as keywords. Now, the
|
|
|
|
keyword status is always enforced, and template code like ``{% if not %}`` or
|
|
|
|
``{% if and %}`` will throw a TemplateSyntaxError.
|
|
|
|
|
2009-12-03 14:58:58 +00:00
|
|
|
``LazyObject``
|
|
|
|
--------------
|
2009-10-19 21:48:06 +00:00
|
|
|
|
|
|
|
``LazyObject`` is an undocumented utility class used for lazily wrapping other
|
|
|
|
objects of unknown type. In Django 1.1 and earlier, it handled introspection in
|
|
|
|
a non-standard way, depending on wrapped objects implementing a public method
|
|
|
|
``get_all_members()``. Since this could easily lead to name clashes, it has been
|
|
|
|
changed to use the standard method, involving ``__members__`` and ``__dir__()``.
|
|
|
|
If you used ``LazyObject`` in your own code, and implemented the
|
|
|
|
``get_all_members()`` method for wrapped objects, you need to make the following
|
|
|
|
changes:
|
|
|
|
|
|
|
|
* If your class does not have special requirements for introspection (i.e. you
|
|
|
|
have not implemented ``__getattr__()`` or other methods that allow for
|
|
|
|
attributes not discoverable by normal mechanisms), you can simply remove the
|
|
|
|
``get_all_members()`` method. The default implementation on ``LazyObject``
|
|
|
|
will do the right thing.
|
|
|
|
|
|
|
|
* If you have more complex requirements for introspection, first rename the
|
|
|
|
``get_all_members()`` method to ``__dir__()``. This is the standard method,
|
|
|
|
from Python 2.6 onwards, for supporting introspection. If you are require
|
|
|
|
support for Python < 2.6, add the following code to the class::
|
|
|
|
|
|
|
|
__members__ = property(lambda self: self.__dir__())
|
2009-11-14 19:13:33 +00:00
|
|
|
|
2009-12-22 15:18:51 +00:00
|
|
|
Specifying databases
|
|
|
|
--------------------
|
|
|
|
|
|
|
|
Prior to Django 1.1, Django used a number of settings to control access to a
|
|
|
|
single database. Django 1.2 introduces support for multiple databases, and as
|
|
|
|
a result, the way you define database settings has changed.
|
|
|
|
|
|
|
|
Any existing Django settings file will continue to work as expected until
|
|
|
|
Django 1.4. Old-style database settings will be automatically translated to
|
|
|
|
the new-style format.
|
|
|
|
|
|
|
|
In the old-style (pre 1.2) format, there were a number of
|
|
|
|
``DATABASE_`` settings at the top level of your settings file. For
|
|
|
|
example::
|
|
|
|
|
|
|
|
DATABASE_NAME = 'test_db'
|
|
|
|
DATABASE_BACKEND = 'postgresl_psycopg2'
|
|
|
|
DATABASE_USER = 'myusername'
|
|
|
|
DATABASE_PASSWORD = 's3krit'
|
|
|
|
|
|
|
|
These settings are now contained inside a dictionary named
|
|
|
|
:setting:`DATABASES`. Each item in the dictionary corresponds to a
|
|
|
|
single database connection, with the name ``'default'`` describing the
|
|
|
|
default database connection. The setting names have also been
|
|
|
|
shortened to reflect the fact that they are stored in a dictionary.
|
|
|
|
The sample settings given previously would now be stored using::
|
|
|
|
|
|
|
|
DATABASES = {
|
|
|
|
'default': {
|
|
|
|
'NAME': 'test_db',
|
|
|
|
'BACKEND': 'django.db.backends.postgresl_psycopg2',
|
|
|
|
'USER': 'myusername',
|
|
|
|
'PASSWORD': 's3krit',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
This affects the following settings:
|
|
|
|
|
|
|
|
========================================= ==========================
|
|
|
|
Old setting New Setting
|
|
|
|
========================================= ==========================
|
|
|
|
:setting:`DATABASE_ENGINE` :setting:`ENGINE`
|
|
|
|
:setting:`DATABASE_HOST` :setting:`HOST`
|
|
|
|
:setting:`DATABASE_NAME` :setting:`NAME`
|
|
|
|
:setting:`DATABASE_OPTIONS` :setting:`OPTIONS`
|
|
|
|
:setting:`DATABASE_PASSWORD` :setting:`PASSWORD`
|
|
|
|
:setting:`DATABASE_PORT` :setting:`PORT`
|
|
|
|
:setting:`DATABASE_USER` :setting:`USER`
|
|
|
|
:setting:`TEST_DATABASE_CHARSET` :setting:`TEST_CHARSET`
|
|
|
|
:setting:`TEST_DATABASE_COLLATION` :setting:`TEST_COLLATION`
|
|
|
|
:setting:`TEST_DATABASE_NAME` :setting:`TEST_NAME`
|
|
|
|
========================================= ==========================
|
|
|
|
|
|
|
|
These changes are also required if you have manually created a database
|
|
|
|
connection using ``DatabaseWrapper()`` from your database backend of choice.
|
|
|
|
|
|
|
|
In addition to the change in structure, Django 1.2 removes the special
|
|
|
|
handling for the built-in database backends. All database backends
|
|
|
|
must now be specified by a fully qualified module name (i.e.,
|
|
|
|
``django.db.backends.postgresl_psycopg2``, rather than just
|
|
|
|
``postgresql_psycopg2``).
|
|
|
|
|
|
|
|
``__dict__`` on Model instances
|
|
|
|
-------------------------------
|
|
|
|
|
|
|
|
Historically, the ``__dict__`` attribute of a model instance has only contained
|
|
|
|
attributes corresponding to the fields on a model.
|
|
|
|
|
|
|
|
In order to support multiple database configurations, Django 1.2 has
|
|
|
|
added a ``_state`` attribute to object instances. This attribute will
|
|
|
|
appear in ``__dict__`` for a model instance. If your code relies on
|
|
|
|
iterating over __dict__ to obtain a list of fields, you must now
|
|
|
|
filter out ``_state`` attribute of out ``__dict__``.
|
|
|
|
|
|
|
|
``get_db_prep_*()`` methods on Field
|
|
|
|
------------------------------------
|
|
|
|
|
|
|
|
Prior to v1.2, a custom field had the option of defining several
|
|
|
|
functions to support conversion of Python values into
|
|
|
|
database-compatible values. A custom field might look something like::
|
|
|
|
|
|
|
|
class CustomModelField(models.Field):
|
|
|
|
# ...
|
|
|
|
|
|
|
|
def get_db_prep_save(self, value):
|
|
|
|
# ...
|
|
|
|
|
|
|
|
def get_db_prep_value(self, value):
|
|
|
|
# ...
|
|
|
|
|
|
|
|
def get_db_prep_lookup(self, lookup_type, value):
|
|
|
|
# ...
|
|
|
|
|
|
|
|
In 1.2, these three methods have undergone a change in prototype, and
|
|
|
|
two extra methods have been introduced::
|
|
|
|
|
|
|
|
class CustomModelField(models.Field):
|
|
|
|
# ...
|
|
|
|
|
|
|
|
def get_prep_value(self, value):
|
|
|
|
# ...
|
|
|
|
|
|
|
|
def get_prep_lookup(self, lookup_type, value):
|
|
|
|
# ...
|
|
|
|
|
|
|
|
def get_db_prep_save(self, value, connection):
|
|
|
|
# ...
|
|
|
|
|
|
|
|
def get_db_prep_value(self, value, connection, prepared=False):
|
|
|
|
# ...
|
|
|
|
|
|
|
|
def get_db_prep_lookup(self, lookup_type, value, connection, prepared=False):
|
|
|
|
# ...
|
|
|
|
|
|
|
|
These changes are required to support multiple databases -
|
|
|
|
``get_db_prep_*`` can no longer make any assumptions regarding the
|
|
|
|
database for which it is preparing. The ``connection`` argument now
|
|
|
|
provides the preparation methods with the specific connection for
|
|
|
|
which the value is being prepared.
|
|
|
|
|
|
|
|
The two new methods exist to differentiate general data preparation
|
|
|
|
requirements, and requirements that are database-specific. The
|
|
|
|
``prepared`` argument is used to indicate to the database preparation
|
|
|
|
methods whether generic value preparation has been performed. If
|
|
|
|
an unprepared (i.e., ``prepared=False``) value is provided to the
|
|
|
|
``get_db_prep_*()`` calls, they should invoke the corresponding
|
|
|
|
``get_prep_*()`` calls to perform generic data preparation.
|
|
|
|
|
|
|
|
Conversion functions has been provided which will transparently
|
|
|
|
convert functions adhering to the old prototype into functions
|
|
|
|
compatible with the new prototype. However, this conversion function
|
|
|
|
will be removed in Django 1.4, so you should upgrade your Field
|
|
|
|
definitions to use the new prototype.
|
|
|
|
|
|
|
|
If your ``get_db_prep_*()`` methods made no use of the database
|
|
|
|
connection, you should be able to upgrade by renaming
|
|
|
|
``get_db_prep_value()`` to ``get_prep_value()`` and
|
|
|
|
``get_db_prep_lookup()`` to ``get_prep_lookup()`. If you require
|
|
|
|
database specific conversions, then you will need to provide an
|
|
|
|
implementation ``get_db_prep_*`` that uses the ``connection``
|
|
|
|
argument to resolve database-specific values.
|
|
|
|
|
2009-12-14 12:08:23 +00:00
|
|
|
Stateful template tags
|
|
|
|
----------------------
|
|
|
|
|
|
|
|
Template tags that store rendering state on the node itself may experience
|
|
|
|
problems if they are used with the new :ref:`cached
|
|
|
|
template loader<template-loaders>`.
|
|
|
|
|
|
|
|
All of the built-in Django template tags are safe to use with the cached
|
|
|
|
loader, but if you're using custom template tags that come from third
|
|
|
|
party packages, or that you wrote yourself, you should ensure that the
|
|
|
|
``Node`` implementation for each tag is thread-safe. For more
|
|
|
|
information, see
|
|
|
|
:ref:`template tag thread safety considerations<template_tag_thread_safety>`.
|
2009-12-03 14:58:58 +00:00
|
|
|
|
2010-01-03 18:52:25 +00:00
|
|
|
Test runner exit status code
|
|
|
|
----------------------------
|
|
|
|
|
|
|
|
The exit status code of the test runners (``tests/runtests.py`` and ``python
|
|
|
|
manage.py test``) no longer represents the number of failed tests, since a
|
|
|
|
failure of 256 or more tests resulted in a wrong exit status code. The exit
|
|
|
|
status code for the test runner is now 0 for success (no failing tests) and 1
|
|
|
|
for any number of test failures. If needed, the number of test failures can be
|
|
|
|
found at the end of the test runner's output.
|
|
|
|
|
2009-11-14 19:13:33 +00:00
|
|
|
.. _deprecated-features-1.2:
|
|
|
|
|
|
|
|
Features deprecated in 1.2
|
|
|
|
==========================
|
|
|
|
|
2009-12-03 14:48:47 +00:00
|
|
|
CSRF response rewriting middleware
|
|
|
|
----------------------------------
|
|
|
|
|
|
|
|
``CsrfResponseMiddleware``, the middleware that automatically inserted CSRF
|
|
|
|
tokens into POST forms in outgoing pages, has been deprecated in favor of a
|
|
|
|
template tag method (see above), and will be removed completely in Django
|
|
|
|
1.4. ``CsrfMiddleware``, which includes the functionality of
|
|
|
|
``CsrfResponseMiddleware`` and ``CsrfViewMiddleware`` has likewise been
|
|
|
|
deprecated.
|
|
|
|
|
|
|
|
Also, the CSRF module has moved from contrib to core, and the old imports are
|
|
|
|
deprecated, as described in the :ref:`upgrading notes <ref-csrf-upgrading-notes>`.
|
|
|
|
|
|
|
|
``SMTPConnection``
|
|
|
|
------------------
|
|
|
|
|
2009-12-03 14:58:58 +00:00
|
|
|
The ``SMTPConnection`` class has been deprecated in favor of a generic
|
|
|
|
E-mail backend API. Old code that explicitly instantiated an instance
|
|
|
|
of an SMTPConnection::
|
|
|
|
|
|
|
|
from django.core.mail import SMTPConnection
|
|
|
|
connection = SMTPConnection()
|
|
|
|
messages = get_notification_email()
|
|
|
|
connection.send_messages(messages)
|
|
|
|
|
|
|
|
should now call :meth:`~django.core.mail.get_connection()` to
|
|
|
|
instantiate a generic e-mail connection::
|
|
|
|
|
|
|
|
from django.core.mail import get_connection
|
|
|
|
connection = get_connection()
|
|
|
|
messages = get_notification_email()
|
|
|
|
connection.send_messages(messages)
|
|
|
|
|
|
|
|
Depending on the value of the :setting:`EMAIL_BACKEND` setting, this
|
|
|
|
may not return an SMTP connection. If you explicitly require an SMTP
|
|
|
|
connection with which to send e-mail, you can explicitly request an
|
|
|
|
SMTP connection::
|
|
|
|
|
|
|
|
from django.core.mail import get_connection
|
2010-01-04 12:05:04 +00:00
|
|
|
connection = get_connection('django.core.mail.backends.smtp.EmailBackend')
|
2009-12-03 14:58:58 +00:00
|
|
|
messages = get_notification_email()
|
|
|
|
connection.send_messages(messages)
|
|
|
|
|
|
|
|
If your call to construct an instance of ``SMTPConnection`` required
|
|
|
|
additional arguments, those arguments can be passed to the
|
|
|
|
:meth:`~django.core.mail.get_connection()` call::
|
|
|
|
|
2010-01-04 12:05:04 +00:00
|
|
|
connection = get_connection('django.core.mail.backends.smtp.EmailBackend', hostname='localhost', port=1234)
|
2009-12-14 12:08:23 +00:00
|
|
|
|
2009-12-09 16:57:23 +00:00
|
|
|
User Messages API
|
|
|
|
-----------------
|
|
|
|
|
2009-12-14 12:08:23 +00:00
|
|
|
The API for storing messages in the user ``Message`` model (via
|
2009-12-09 16:57:23 +00:00
|
|
|
``user.message_set.create``) is now deprecated and will be removed in Django
|
|
|
|
1.4 according to the standard :ref:`release process <internals-release-process>`.
|
|
|
|
|
|
|
|
To upgrade your code, you need to replace any instances of::
|
|
|
|
|
|
|
|
user.message_set.create('a message')
|
|
|
|
|
|
|
|
with the following::
|
|
|
|
|
|
|
|
from django.contrib import messages
|
|
|
|
messages.add_message(request, messages.INFO, 'a message')
|
|
|
|
|
2009-12-14 12:08:23 +00:00
|
|
|
Additionally, if you make use of the method, you need to replace the
|
2009-12-09 16:57:23 +00:00
|
|
|
following::
|
|
|
|
|
|
|
|
for message in user.get_and_delete_messages():
|
|
|
|
...
|
2009-12-14 12:08:23 +00:00
|
|
|
|
2009-12-09 16:57:23 +00:00
|
|
|
with::
|
|
|
|
|
|
|
|
from django.contrib import messages
|
|
|
|
for message in messages.get_messages(request):
|
|
|
|
...
|
2009-12-14 12:08:23 +00:00
|
|
|
|
|
|
|
For more information, see the full
|
|
|
|
:ref:`messages documentation <ref-contrib-messages>`. You should begin to
|
2009-12-09 16:57:23 +00:00
|
|
|
update your code to use the new API immediately.
|
2009-11-23 13:44:24 +00:00
|
|
|
|
2009-12-22 17:58:49 +00:00
|
|
|
Date format helper functions
|
|
|
|
----------------------------
|
|
|
|
|
|
|
|
``django.utils.translation.get_date_formats()`` and
|
|
|
|
``django.utils.translation.get_partial_date_formats()`` have been deprecated
|
|
|
|
in favor of the appropriate calls to ``django.utils.formats.get_format()``
|
|
|
|
which is locale aware when :setting:`USE_L10N` is set to ``True``, and falls
|
|
|
|
back to default settings if set to ``False``.
|
|
|
|
|
|
|
|
To get the different date formats, instead of writing::
|
|
|
|
|
|
|
|
from django.utils.translation import get_date_formats
|
|
|
|
date_format, datetime_format, time_format = get_date_formats()
|
|
|
|
|
|
|
|
use::
|
|
|
|
|
|
|
|
from django.utils import formats
|
|
|
|
|
|
|
|
date_format = formats.get_format('DATE_FORMAT')
|
|
|
|
datetime_format = formats.get_format('DATETIME_FORMAT')
|
|
|
|
time_format = formats.get_format('TIME_FORMAT')
|
|
|
|
|
|
|
|
or, when directly formatting a date value::
|
|
|
|
|
|
|
|
from django.utils import formats
|
|
|
|
value_formatted = formats.date_format(value, 'DATETIME_FORMAT')
|
|
|
|
|
|
|
|
The same applies to the globals found in ``django.forms.fields``:
|
|
|
|
|
|
|
|
* ``DEFAULT_DATE_INPUT_FORMATS``
|
|
|
|
* ``DEFAULT_TIME_INPUT_FORMATS``
|
|
|
|
* ``DEFAULT_DATETIME_INPUT_FORMATS``
|
|
|
|
|
|
|
|
Use ``django.utils.formats.get_format()`` to get the appropriate formats.
|
|
|
|
|
2009-11-23 13:44:24 +00:00
|
|
|
What's new in Django 1.2
|
|
|
|
========================
|
|
|
|
|
|
|
|
CSRF support
|
|
|
|
------------
|
|
|
|
|
|
|
|
Django now has much improved protection against :ref:`Cross-Site
|
|
|
|
Request Forgery (CSRF) attacks<ref-contrib-csrf>`. This type of attack
|
|
|
|
occurs when a malicious Web site contains a link, a form button or
|
|
|
|
some javascript that is intended to perform some action on your Web
|
|
|
|
site, using the credentials of a logged-in user who visits the
|
|
|
|
malicious site in their browser. A related type of attack, 'login
|
|
|
|
CSRF', where an attacking site tricks a user's browser into logging
|
|
|
|
into a site with someone else's credentials, is also covered.
|
|
|
|
|
2009-12-03 14:55:28 +00:00
|
|
|
E-mail Backends
|
|
|
|
---------------
|
2009-11-23 13:44:24 +00:00
|
|
|
|
2009-12-03 14:55:28 +00:00
|
|
|
You can now :ref:`configure the way that Django sends e-mail
|
|
|
|
<topic-email-backends>`. Instead of using SMTP to send all e-mail, you
|
|
|
|
can now choose a configurable e-mail backend to send messages. If your
|
2009-11-23 13:44:24 +00:00
|
|
|
hosting provider uses a sandbox or some other non-SMTP technique for
|
2009-12-03 14:55:28 +00:00
|
|
|
sending mail, you can now construct an e-mail backend that will allow
|
2009-11-23 13:44:24 +00:00
|
|
|
Django's standard :ref:`mail sending methods<topics-email>` to use
|
|
|
|
those facilities.
|
|
|
|
|
|
|
|
This also makes it easier to debug mail sending - Django ships with
|
2009-12-03 14:55:28 +00:00
|
|
|
backend implementations that allow you to send e-mail to a
|
2009-11-23 13:44:24 +00:00
|
|
|
:ref:`file<topic-email-file-backend>`, to the
|
|
|
|
:ref:`console<topic-email-console-backend>`, or to
|
|
|
|
:ref:`memory<topic-email-memory-backend>` - you can even configure all
|
2009-12-03 14:55:28 +00:00
|
|
|
e-mail to be :ref:`thrown away<topic-email-dummy-backend>`.
|
2009-11-23 13:44:24 +00:00
|
|
|
|
2009-12-09 16:57:23 +00:00
|
|
|
Messages Framework
|
|
|
|
------------------
|
|
|
|
|
|
|
|
Django now includes a robust and configurable :ref:`messages framework
|
|
|
|
<ref-contrib-messages>` with built-in support for cookie- and session-based
|
|
|
|
messaging, for both anonymous and authenticated clients. The messages framework
|
|
|
|
replaces the deprecated user message API and allows you to temporarily store
|
|
|
|
messages in one request and retrieve them for display in a subsequent request
|
|
|
|
(usually the next one).
|
2009-12-09 22:40:36 +00:00
|
|
|
|
2009-12-22 15:18:51 +00:00
|
|
|
Support for multiple databases
|
|
|
|
------------------------------
|
|
|
|
|
|
|
|
Django 1.2 adds the ability to use :ref:`more than one database
|
|
|
|
<topics-db-multi-db>` in your Django project. Queries can be
|
|
|
|
issued at a specific database with the `using()` method on
|
|
|
|
querysets; individual objects can be saved to a specific database
|
|
|
|
by providing a ``using`` argument when you save the instance.
|
|
|
|
|
2009-12-09 22:40:36 +00:00
|
|
|
'Smart' if tag
|
|
|
|
--------------
|
|
|
|
|
|
|
|
The :ttag:`if` tag has been upgraded to be much more powerful. First, support
|
|
|
|
for comparison operators has been added. No longer will you have to type:
|
|
|
|
|
|
|
|
.. code-block:: html+django
|
|
|
|
|
|
|
|
{% ifnotequal a b %}
|
|
|
|
...
|
|
|
|
{% endifnotequal %}
|
|
|
|
|
|
|
|
...as you can now do:
|
|
|
|
|
|
|
|
.. code-block:: html+django
|
|
|
|
|
|
|
|
{% if a != b %}
|
|
|
|
...
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
The operators supported are ``==``, ``!=``, ``<``, ``>``, ``<=``, ``>=`` and
|
|
|
|
``in``, all of which work like the Python operators, in addition to ``and``,
|
|
|
|
``or`` and ``not`` which were already supported.
|
|
|
|
|
|
|
|
Also, filters may now be used in the ``if`` expression. For example:
|
|
|
|
|
|
|
|
.. code-block:: html+django
|
|
|
|
|
|
|
|
<div
|
|
|
|
{% if user.email|lower == message.recipient|lower %}
|
|
|
|
class="highlight"
|
|
|
|
{% endif %}
|
|
|
|
>{{ message }}</div>
|
2009-12-14 12:08:23 +00:00
|
|
|
|
|
|
|
Template caching
|
|
|
|
----------------
|
|
|
|
|
|
|
|
In previous versions of Django, every time you rendered a template it
|
|
|
|
would be reloaded from disk. In Django 1.2, you can use a :ref:`cached
|
|
|
|
template loader <template-loaders>` to load templates once, then use a
|
|
|
|
cached the result for every subsequent render. This can lead to a
|
|
|
|
significant performance improvement if your templates are broken into
|
|
|
|
lots of smaller subtemplates (using the ``{% extends %}`` or ``{%
|
|
|
|
include %}`` tags).
|
|
|
|
|
|
|
|
As a side effect, it is now much easier to support non-Django template
|
|
|
|
languages. For more details, see the :ref:`notes on supporting
|
|
|
|
non-Django template languages<topic-template-alternate-language>`.
|
2009-12-14 12:39:20 +00:00
|
|
|
|
|
|
|
Natural keys in fixtures
|
|
|
|
------------------------
|
|
|
|
|
|
|
|
Fixtures can refer to remote objects using
|
|
|
|
:ref:`topics-serialization-natural-keys`. This lookup scheme is an
|
|
|
|
alternative to the normal primary-key based object references in a
|
|
|
|
fixture, improving readability, and resolving problems referring to
|
|
|
|
objects whose primary key value may not be predictable or known.
|
|
|
|
|
2009-12-22 17:16:28 +00:00
|
|
|
``BigIntegerField``
|
|
|
|
-------------------
|
2009-12-22 13:41:51 +00:00
|
|
|
|
|
|
|
Models can now use a 64 bit :class:`~django.db.models.BigIntegerField` type.
|
|
|
|
|
|
|
|
Fast Failure for Tests
|
|
|
|
----------------------
|
|
|
|
|
2010-01-03 18:52:25 +00:00
|
|
|
The :djadmin:`test` subcommand of ``django-admin.py``, and the ``runtests.py``
|
2009-12-31 18:48:28 +00:00
|
|
|
script used to run Django's own test suite, support a new ``--failfast`` option.
|
2010-01-03 18:52:25 +00:00
|
|
|
When specified, this option causes the test runner to exit after encountering
|
|
|
|
a failure instead of continuing with the test run. In addition, the handling
|
|
|
|
of ``Ctrl-C`` during a test run has been improved to trigger a graceful exit
|
|
|
|
from the test run that reports details of the tests run before the interruption.
|
2009-12-22 17:58:49 +00:00
|
|
|
|
|
|
|
Improved localization
|
|
|
|
---------------------
|
|
|
|
|
|
|
|
Django's :ref:`internationalization framework <topics-i18n>` has been
|
|
|
|
expanded by locale aware formatting and form processing. That means, if
|
|
|
|
enabled, dates and numbers on templates will be displayed using the format
|
|
|
|
specified for the current locale. Django will also use localized formats
|
|
|
|
when parsing data in forms.
|
|
|
|
See :ref:`Format localization <format-localization>` for more details.
|
2009-12-22 18:29:00 +00:00
|
|
|
|
|
|
|
Added ``readonly_fields`` to ``ModelAdmin``
|
|
|
|
-------------------------------------------
|
|
|
|
|
|
|
|
:attr:`django.contrib.admin.ModelAdmin.readonly_fields` has been added to
|
|
|
|
enable non-editable fields in add/change pages for models and inlines. Field
|
|
|
|
and calculated values can be displayed along side editable fields.
|
2009-12-28 06:48:47 +00:00
|
|
|
|
|
|
|
Customizable syntax highlighting
|
|
|
|
--------------------------------
|
|
|
|
|
|
|
|
You can now use the ``DJANGO_COLORS`` environment variable to modify
|
|
|
|
or disable the colors used by ``django-admin.py`` to provide
|
|
|
|
:ref:`syntax highlighting <syntax-coloring>`.
|