From 183c290b8324e256865940c20b32cbceff927e61 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 1 Jul 2010 01:45:44 +0000 Subject: [PATCH] [soc2010/query-refactor] Merged up to trunk r13405. git-svn-id: http://code.djangoproject.com/svn/django/branches/soc2010/query-refactor@13407 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/contrib/admin/media/css/base.css | 8 ++++++++ django/contrib/admin/templates/admin/base.html | 4 +++- django/contrib/gis/gdal/libgdal.py | 4 ++-- django/middleware/csrf.py | 18 ++++++++++++++++-- .../contrib/gis/create_template_postgis-1.4.sh | 2 +- docs/ref/contrib/gis/install.txt | 17 +++++++---------- docs/topics/auth.txt | 2 -- .../m2m_through_regress/tests.py | 18 ++++++++++-------- 8 files changed, 47 insertions(+), 26 deletions(-) diff --git a/django/contrib/admin/media/css/base.css b/django/contrib/admin/media/css/base.css index da502f357a..645f1725b5 100644 --- a/django/contrib/admin/media/css/base.css +++ b/django/contrib/admin/media/css/base.css @@ -445,6 +445,14 @@ ul.messagelist li { background: #ffc url(../img/admin/icon_success.gif) 5px .3em no-repeat; } +ul.messagelist li.warning{ + background-image: url(../img/admin/icon_alert.gif); +} + +ul.messagelist li.error{ + background-image: url(../img/admin/icon_error.gif); +} + .errornote { font-size: 12px !important; display: block; diff --git a/django/contrib/admin/templates/admin/base.html b/django/contrib/admin/templates/admin/base.html index 3fd9eb3770..4221e2d1a7 100644 --- a/django/contrib/admin/templates/admin/base.html +++ b/django/contrib/admin/templates/admin/base.html @@ -56,7 +56,9 @@ {% endif %} {% if messages %} - + {% endif %} diff --git a/django/contrib/gis/gdal/libgdal.py b/django/contrib/gis/gdal/libgdal.py index 6589c5647c..a7a5658c49 100644 --- a/django/contrib/gis/gdal/libgdal.py +++ b/django/contrib/gis/gdal/libgdal.py @@ -14,10 +14,10 @@ if lib_path: lib_names = None elif os.name == 'nt': # Windows NT shared library - lib_names = ['gdal16', 'gdal15'] + lib_names = ['gdal17', 'gdal16', 'gdal15'] elif os.name == 'posix': # *NIX library names. - lib_names = ['gdal', 'GDAL', 'gdal1.6.0', 'gdal1.5.0', 'gdal1.4.0'] + lib_names = ['gdal', 'GDAL', 'gdal1.7.0', 'gdal1.6.0', 'gdal1.5.0', 'gdal1.4.0'] else: raise OGRException('Unsupported OS "%s"' % os.name) diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py index 10fab290c9..2fdfdbc9e3 100644 --- a/django/middleware/csrf.py +++ b/django/middleware/csrf.py @@ -126,13 +126,27 @@ class CsrfViewMiddleware(object): return accept() if request.is_secure(): - # Strict referer checking for HTTPS + # Suppose user visits http://example.com/ + # An active network attacker,(man-in-the-middle, MITM) sends a + # POST form which targets https://example.com/detonate-bomb/ and + # submits it via javascript. + # + # The attacker will need to provide a CSRF cookie and token, but + # that is no problem for a MITM and the session independent + # nonce we are using. So the MITM can circumvent the CSRF + # protection. This is true for any HTTP connection, but anyone + # using HTTPS expects better! For this reason, for + # https://example.com/ we need additional protection that treats + # http://example.com/ as completely untrusted. Under HTTPS, + # Barth et al. found that the Referer header is missing for + # same-domain requests in only about 0.2% of cases or less, so + # we can use strict Referer checking. referer = request.META.get('HTTP_REFERER') if referer is None: return reject("Referer checking failed - no Referer.") # The following check ensures that the referer is HTTPS, - # the domains match and the ports match. This might be too strict. + # the domains match and the ports match - the same origin policy. good_referer = 'https://%s/' % request.get_host() if not referer.startswith(good_referer): return reject("Referer checking failed - %s does not match %s." % diff --git a/docs/ref/contrib/gis/create_template_postgis-1.4.sh b/docs/ref/contrib/gis/create_template_postgis-1.4.sh index 74a6ef98d2..57a1373f96 100755 --- a/docs/ref/contrib/gis/create_template_postgis-1.4.sh +++ b/docs/ref/contrib/gis/create_template_postgis-1.4.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -POSTGIS_SQL_PATH=`pg_config --sharedir`/contrib/postgis-1.4 +POSTGIS_SQL_PATH=`pg_config --sharedir`/contrib createdb -E UTF8 template_postgis # Create the template spatial database. createlang -d template_postgis plpgsql # Adding PLPGSQL language support. psql -d postgres -c "UPDATE pg_database SET datistemplate='true' WHERE datname='template_postgis';" diff --git a/docs/ref/contrib/gis/install.txt b/docs/ref/contrib/gis/install.txt index 00d4e62e9f..0b7954336c 100644 --- a/docs/ref/contrib/gis/install.txt +++ b/docs/ref/contrib/gis/install.txt @@ -383,9 +383,9 @@ Typically, SQLite packages are not compiled to include the `R*Tree module`__ -- thus it must be compiled from source. First download the latest amalgamation source archive from the `SQLite download page`__, and extract:: - $ wget http://www.sqlite.org/sqlite-amalgamation-3.6.22.tar.gz - $ tar xzf sqlite-amalgamation-3.6.22.tar.gz - $ cd sqlite-3.6.22 + $ wget http://sqlite.org/sqlite-amalgamation-3.6.23.1.tar.gz + $ tar xzf sqlite-amalgamation-3.6.23.1.tar.gz + $ cd sqlite-3.6.23.1 Next, run the ``configure`` script -- however the ``CFLAGS`` environment variable needs to be customized so that SQLite knows to build the R*Tree module:: @@ -449,12 +449,9 @@ Finally, do the same for the SpatiaLite tools:: .. note:: For Mac OS X users building from source, the SpatiaLite library *and* tools - need to be linked into the existing ``iconv`` library. While this happens - automatically on Linux, the ``configure`` scripts need to know about the - specific location on Mac OS X (via modification of the ``CFLAGS`` and - ``LDFLAGS`` environment variables prior to configuration):: + need to have their ``target`` configured:: - $ CFLAGS=-I/usr/include LDFLAGS="-L/usr/lib -liconv" ./configure + $ ./configure --target=macosx __ http://www.gaia-gis.it/spatialite/sources.html @@ -804,8 +801,8 @@ your ``.profile`` to be able to run the package programs from the command-line:: export PATH=/Library/Frameworks/GDAL.framework/Programs:$PATH export PATH=/usr/local/pgsql/bin:$PATH -__ http://www.kyngchaos.com/wiki/software:frameworks -__ http://www.kyngchaos.com/wiki/software:postgres +__ http://www.kyngchaos.com/software/frameworks +__ http://www.kyngchaos.com/software/postgres .. note:: diff --git a/docs/topics/auth.txt b/docs/topics/auth.txt index 4e07f73190..eae07ed717 100644 --- a/docs/topics/auth.txt +++ b/docs/topics/auth.txt @@ -435,8 +435,6 @@ Anonymous users instead of ``False``. * :meth:`~django.contrib.auth.models.User.is_authenticated()` returns ``False`` instead of ``True``. - * :meth:`~django.contrib.auth.models.User.has_perm()` always returns - ``False``. * :meth:`~django.contrib.auth.models.User.set_password()`, :meth:`~django.contrib.auth.models.User.check_password()`, :meth:`~django.contrib.auth.models.User.save()`, diff --git a/tests/regressiontests/m2m_through_regress/tests.py b/tests/regressiontests/m2m_through_regress/tests.py index ff1d95020e..406851acfd 100644 --- a/tests/regressiontests/m2m_through_regress/tests.py +++ b/tests/regressiontests/m2m_through_regress/tests.py @@ -66,11 +66,13 @@ class M2MThroughTestCase(TestCase): p = Person.objects.create(name="Bob") g = Group.objects.create(name="Roll") - Membership.objects.create(person=p, group=g) + m =Membership.objects.create(person=p, group=g) + + pks = {"p_pk": p.pk, "g_pk": g.pk, "m_pk": m.pk} out = StringIO() management.call_command("dumpdata", "m2m_through_regress", format="json", stdout=out) - self.assertEqual(out.getvalue().strip(), """[{"pk": 1, "model": "m2m_through_regress.membership", "fields": {"person": 1, "price": 100, "group": 1}}, {"pk": 1, "model": "m2m_through_regress.person", "fields": {"name": "Bob"}}, {"pk": 1, "model": "m2m_through_regress.group", "fields": {"name": "Roll"}}]""") + self.assertEqual(out.getvalue().strip(), """[{"pk": %(m_pk)s, "model": "m2m_through_regress.membership", "fields": {"person": %(p_pk)s, "price": 100, "group": %(g_pk)s}}, {"pk": %(p_pk)s, "model": "m2m_through_regress.person", "fields": {"name": "Bob"}}, {"pk": %(g_pk)s, "model": "m2m_through_regress.group", "fields": {"name": "Roll"}}]""" % pks) out = StringIO() management.call_command("dumpdata", "m2m_through_regress", format="xml", @@ -78,19 +80,19 @@ class M2MThroughTestCase(TestCase): self.assertEqual(out.getvalue().strip(), """ - - 1 - 1 + + %(p_pk)s + %(g_pk)s 100 - + Bob - + Roll - """.strip()) + """.strip() % pks) def test_join_trimming(self): "Check that we don't involve too many copies of the intermediate table when doing a join. Refs #8046, #8254"