1
0
mirror of https://github.com/django/django.git synced 2025-01-26 10:09:42 +00:00

25 Commits

Author SHA1 Message Date
Jannis Leidel
9b7be918ed Fixed #12325 -- Allows zero values for moderate_after and close_after fields of comment moderators. Thanks, Gabriel Hurley.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14556 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-13 18:42:56 +00:00
Luke Plant
45c7f427ce Fixed #14445 - Use HMAC and constant-time comparison functions where needed.
All adhoc MAC applications have been updated to use HMAC, using SHA1 to
generate unique keys for each application based on the SECRET_KEY, which is
common practice for this situation. In all cases, backwards compatibility
with existing hashes has been maintained, aiming to phase this out as per
the normal deprecation process. In this way, under most normal
circumstances the old hashes will have expired (e.g. by session expiration
etc.) before they become invalid.

In the case of the messages framework and the cookie backend, which was
already using HMAC, there is the possibility of a backwards incompatibility
if the SECRET_KEY is shorter than the default 50 bytes, but the low
likelihood and low impact meant compatibility code was not worth it.

All known instances where tokens/hashes were compared using simple string
equality, which could potentially open timing based attacks, have also been
fixed using a constant-time comparison function.

There are no known practical attacks against the existing implementations,
so these security improvements will not be backported.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14218 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 20:54:30 +00:00
Alex Gaynor
41551a0274 Fixed a typo in the comments tests, as well as a dependency on CPython's reference counting semantics.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14098 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 23:04:49 +00:00
Jannis Leidel
1df1378f9e Fixed #13827 -- Cleaned up a few unnecessary function calls.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13876 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-26 21:36:22 +00:00
Russell Keith-Magee
861baecd84 Fixed #13509 -- Modified the comment tests so that signal cleanup doesn't rely on garbage collection. Thanks to Alex Gaynor for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13204 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-10 12:39:53 +00:00
Karen Tracey
e434573ef1 Changed the comments post view code to avoid raising an exception if handed invalid data for the object pk. Thanks to Leo for the test.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12800 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-16 22:37:45 +00:00
Karen Tracey
80545c3685 Fixed #12151: Ensured the comments code does not cause a server error when a request comes in for a comment specifying an invalid primary key value. Thanks thejaswi_puthraya.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12681 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-05 20:17:52 +00:00
Karen Tracey
59cccd1474 Fixed #12724: Fixed new comment tests to not hardcode comment primary key values. Thanks carljm.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12345 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-28 19:23:54 +00:00
Jannis Leidel
b9d698e9f2 Fixed #10285 - Added render_comment_list template tag to comments app. Thanks Kyle Fuller for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12082 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-04 02:29:12 +00:00
Jannis Leidel
abcf997713 Fixed #11100 - Added get_comment_permalink template tag to comments app to be able to customize the anchor pattern of a comment from the template. Thanks to Idan Gazit for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12080 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-04 02:28:09 +00:00
Jacob Kaplan-Moss
9f70783b14 Fixed a couple of test-ordering-dependant failures introduced in [11639] that caused test failures when running the whole test suite.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11645 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 00:23:47 +00:00
Jacob Kaplan-Moss
8be1bb2268 Fixed #11625: added comment moderation via admin actions.
This is BACKWARDS INCOMPATIBLE if you were using the completely undocumented moderation view from 1.1. That view's been removed in favor of the admin actions.

Thanks, Thejaswi Puthraya.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11639 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-23 19:22:31 +00:00
James Bennett
bcb0d124b4 Corrected tests from [10784]; instead of retrieving two comments, it was retrieving one comment twice.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10785 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-15 02:54:55 +00:00
Jacob Kaplan-Moss
d246401552 Fixed #11113: fixed a couple of issues that slipped through the cracks when comment moderation was added to django.contrib.comments.
The is a potentially backwards-incompatible change for users already relying on the internals of comment moderaration. To wit:

   * The moderation system now listens to the new `comment_will_be_posted`/`comment_was_posted` signals instead of `pre/post_save`. This means that import request-based information is available to moderation as it should be.
   * Some experimental code from `django.contrib.comments.moderation` has been removed. It was never intended to be merged into Django, and was completely untested and likely buggy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10784 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 15:20:50 +00:00
Jacob Kaplan-Moss
6319470f88 Fixed #10585: comment redirects built from the next parameter now work correctly when next already contains a query string.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10424 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-07 19:49:07 +00:00
Jacob Kaplan-Moss
f0560dfdb2 Fixed #9282: added a generic comment moderation toolkit. See the documentation for details.
This began life as (part of) James Bennett's comment-utils app, and was adapted to be part of Django by Thejaswi Puthraya and Jannis Leidel. Thanks, all!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10122 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 21:07:02 +00:00
Malcolm Tredinnick
cf3071242a Factor out some common pieces of django.conf.LazySettings.
This is in preparation for some reuse elsewhere in the core code.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@9945 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-02 04:48:22 +00:00
Jacob Kaplan-Moss
63d85a684a Fixed #8630: finished the custom comment app API that was left out of 1.0. This means it's now possible to override any of the models, forms, or views used by the comment app; see the new custom comment app docs for details and an example. Thanks to Thejaswi Puthraya for the original patch, and to carljm for docs and tests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9890 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-23 22:16:26 +00:00
Karen Tracey
344f16e220 Fixed #8138 -- Changed django.test.TestCase to rollback tests (when the database supports it) instead of flushing and reloading the database. This can substantially reduce the time it takes to run large test suites.
This change may be slightly backwards incompatible, if existing tests need to test transactional behavior, or if they rely on invalid assumptions or a specific test case ordering.  For the first case, django.test.TransactionTestCase should be used.  TransactionTestCase is also a quick fix to get around test case errors revealed by the new rollback approach, but a better long-term fix is to correct the test case.  See the testing doc for full details.

Many thanks to:
* Marc Remolt for the initial proposal and implementation.
* Luke Plant for initial testing and improving the implementation.
* Ramiro Morales for feedback and help with tracking down a mysterious PostgreSQL issue.
* Eric Holscher for feedback regarding the effect of the change on the Ellington testsuite.
* Russell Keith-Magee for guidance and feedback from beginning to end.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9756 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-16 02:30:22 +00:00
Malcolm Tredinnick
8524089769 Add internationalisation support to the comment templates. Fixed #8868, #8905
Thanks to zgoda for a patch that did most of the internationalisation part.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9119 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-05 05:09:21 +00:00
Malcolm Tredinnick
227a93b64f Fixed #8803 -- Allow authenticated users without first_name/last_name values set to post comments.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9118 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-05 05:07:32 +00:00
Jacob Kaplan-Moss
ae72e25b35 Fixed #8716: correctly handle name and email in comments from authenticated users.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8751 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-30 21:30:02 +00:00
Jacob Kaplan-Moss
5f396193fb Updated comment tests to hook up URLs in the correct manner. This fixes a bunch of silly test failures.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8600 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-26 21:30:15 +00:00
Jacob Kaplan-Moss
378f5ddb5a Updated comment signals to provide enough information to actually act on. This was uncovered when working on the documentation, which'll be committed shortly.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8589 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-26 18:53:52 +00:00
Jacob Kaplan-Moss
cba91997a2 Refactored Django's comment system.
Much of this work was done by Thejaswi Puthraya as part of Google's Summer of Code project; much thanks to him for the work, and to them for the program.

This is a backwards-incompatible change; see the upgrading guide in docs/ref/contrib/comments/upgrade.txt for instructions if you were using the old comments system.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8557 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 22:14:22 +00:00