1
0
mirror of https://github.com/django/django.git synced 2025-10-26 07:06:08 +00:00
Commit Graph

1173 Commits

Author SHA1 Message Date
Luke Plant
8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Luke Plant
a02a6fab66 Fixed #9163 - CsrfMiddleware needs to reset ETag header
Thanks to carljm for report and patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11650 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 10:45:58 +00:00
Jacob Kaplan-Moss
b79702b2de Fixed #11402: added a QuerySet.exists() method. Thanks, Alex Gaynor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11646 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 00:28:39 +00:00
Luke Plant
055efb2530 Fixed #9674 - documented app_label.
Thanks to andymckay for the report and jpaulett for the patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11596 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-28 21:58:21 +00:00
James Bennett
4a2a0b0e21 Fixed #11931: Removed mention of nonexistent get_sql() method for arguments to limit_choices_to. Since the correct reference involves undocumented ORM internals, this simply removes the reference entirely in favor of publicly-documented use of Q objects.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11591 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-23 23:40:12 +00:00
Luke Plant
f3af2d9883 Fixed some ReST markup in admin installation docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11580 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-14 22:49:03 +00:00
Luke Plant
95d5e450ec Fixed counting error in admin installation overview docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11579 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-14 22:36:20 +00:00
Russell Keith-Magee
dbd6f512ee Corrected spaces for tabs from r11540.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11554 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 06:18:16 +00:00
Russell Keith-Magee
ec6b9d6e63 Fixed #9236 -- Added documentation on the dependencies of the admin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11543 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 23:56:45 +00:00
Russell Keith-Magee
423b5c1e14 Fixed #6047 -- Minor correction to the documentation regarding regex field lookups. Thanks to Richard D. Worth for the suggestion, and Steve Holden for the text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11541 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 23:36:00 +00:00
Russell Keith-Magee
7cbc232909 Fixed #11359 -- Added a link to the signals topic guide in the signals reference. Thanks to tyson for the suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11540 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 23:06:22 +00:00
Russell Keith-Magee
9aef7dd9e7 Fixed #11592 -- Corrected the grammar in the queryset docs. Thanks to Shannon Bradshaw for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11539 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:59:41 +00:00
Russell Keith-Magee
baf7d3e074 Fixed #11728 -- Corrected a typo in a class name in the request/response docs. Thanks to Tommstein for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11536 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:51:16 +00:00
Russell Keith-Magee
94885bac7b Fixed #11808 -- Corrected typo in admin docs. Thanks to kratorius for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11534 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:44:51 +00:00
Russell Keith-Magee
fc7ef1c86c Fixed #11831 -- Corrected typo in comments docs. Thanks to gsf for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11533 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:43:20 +00:00
Luke Plant
49b9470dca Fixed #11071 - update is_ajax() docs.
Thanks timo.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11490 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-10 16:17:56 +00:00
Luke Plant
1387b17026 Fixed #7437: SelectDateWidget is not documented.
Thanks timo.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11488 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-10 15:45:15 +00:00
Karen Tracey
bb9cc01b13 Fixed #6674: Documented a couple of widget arguments. Thanks timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11478 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-29 12:40:47 +00:00
Ian Kelly
dcf3be7a62 Fixed #10566: Added support for cx_Oracle compiled with the WITH_UNICODE flag.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11477 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-24 15:45:48 +00:00
Karen Tracey
b82ad10f9d Fixed #11508: Adding missing word to form wizard doc. Thanks thepointer and timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11444 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-13 16:59:59 +00:00
Jacob Kaplan-Moss
d78cf61c99 BACKWARDS-INCOMPATIBLE CHANGE: Removed SetRemoteAddrFromForwardedFor middleware.
In a nutshell, it's been demonstrated that this middleware can never be made reliable enough for general-purpose use, and that (despite documentation to the contrary) its inclusion in Django may lead application developers to assume that the value of ``REMOTE_ADDR`` is "safe" or in some way reliable as a source of authentication. So it's gone.

See the Django 1.1 release notes for full details, as well as upgrade instructions.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11363 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-29 05:35:51 +00:00
Russell Keith-Magee
b2f72fc040 Fixed #11527 -- Added unit tests and documentation for the use of F() expressions in single object updates. Thanks to Zachary Voase for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11322 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-24 13:38:36 +00:00
Russell Keith-Magee
8d48eaa064 Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:16:13 +00:00
Russell Keith-Magee
93d86479e3 Fixed #11480 -- Corrected markup error in admin docs. Thank to msgre for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11240 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-15 13:57:46 +00:00
Russell Keith-Magee
6f25903a89 Fixed #11235 -- Added a missing clause from some sample SQL in the queryset docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11239 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-15 13:56:50 +00:00
Russell Keith-Magee
5727374d95 Fixed #11348 -- Trimmed the width of a screenshot image in the admin docs. Thanks to smcoll for the new image.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11238 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-15 13:55:50 +00:00
Russell Keith-Magee
75514ab7bc Fixed #11374 -- Modified the documentation for forms.BooleanField to allow for the fact that it can be rendered using widgets other than a checkbox. Thanks to lygaret for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11236 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-15 13:54:11 +00:00
Russell Keith-Magee
e992e57d3e Fixed #11416 -- Restored use of the never_cache decorator on admin views. Thanks to Ramiro Morales and Michael Newmann for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11229 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-13 13:46:31 +00:00
Russell Keith-Magee
6bf55a1abf Fixed #11450 -- Corrected markup problem in contenttype docs. Thanks to seveas for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11218 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-11 15:37:08 +00:00
Russell Keith-Magee
9515c008bb Fixed #11454 -- Corrected mismatched parenthesis in admin docs. Thanks to seveas for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11217 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-11 15:36:31 +00:00
Russell Keith-Magee
b96e55e811 Fixed #11419 -- Corrected a minor typo in the admin docs. Thanks to jspeis for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11176 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 14:10:35 +00:00
Russell Keith-Magee
36954a04b7 Fixed #9669 -- Corrected an answer in the admin FAQ that is wrong in a post-newforms-admin world. Thanks to Alex for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11175 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 14:09:04 +00:00
Russell Keith-Magee
b73319ae7b Fixed #11417 -- Corrected typo in MySQL collation notes. Thanks to vorushin for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11169 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 07:15:48 +00:00
Russell Keith-Magee
6ed0345092 Fixed #11413 -- Added notes on the cycle and firstof tag detailing that variables output by those tags will not be escaped by default. Thanks to krystal for the report and draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11163 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 05:41:36 +00:00
Russell Keith-Magee
970be97530 Fixed #8861 -- Added note on the availability of ModelForm.instance. Thanks to Ramiro Morales for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11097 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-24 14:04:18 +00:00
Russell Keith-Magee
4acf7f43e7 Fixed #10415 -- Added documentation for features added in r7627 and r7630; extensibility points for the ModelAdmin and AdminSite. Thanks to Ramiro Morales for the draft text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11095 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-24 14:02:22 +00:00
Russell Keith-Magee
bbd7b64e76 Fixed #11354 -- Remove stray whitespace in queryset docs. Thanks to flebel for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11094 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-24 14:01:36 +00:00
Russell Keith-Magee
18b29c523b Fixed #11356 -- Added links to the growing collection of 3rd party database backends that are available. Thank to Nathan Auch for the draft text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11093 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-24 14:00:53 +00:00
Russell Keith-Magee
755762e5b9 Fixed #11221 -- Replaced a reference to a non-existent URL with an actual explanation of sequences. Thanks to Rob Hudson for the report, and SmileyChris for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11053 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:37:10 +00:00
Russell Keith-Magee
97fb6cf2b3 Fixed #11141 -- Corrected a code example in the admin docs. Thanks to jodal for the report, and SmileyChris for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11049 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:35:06 +00:00
Russell Keith-Magee
7c18404a24 Fixed #11312 -- Fixed the default value given for DEFAULT_FILE_STORAGE in the docs. THanks to x00nix@gmail.com for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11046 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:33:18 +00:00
Russell Keith-Magee
457a1f9a03 Fixed #11272 -- Made some clarifications to the overview and tutorial. Thanks to jjinux for the review notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11044 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:32:12 +00:00
Russell Keith-Magee
15a908b4d1 Refs #11336 -- Another dummy commit to force refresh of some index pages by Sphinx, caused by file ommitted from [11025] and included in [11026]. Thanks to Peter Landry for the report, and Ramiro for the explanation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11032 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 00:16:48 +00:00
Russell Keith-Magee
c9d882c4b6 Fixed #11336 -- Dummy commit to force refresh of some index pages by Sphinx, caused by file ommitted from [11025] and included in [11026]. Thanks to Peter Landry for the report, and Ramiro for the explanation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11031 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-17 23:57:27 +00:00
Russell Keith-Magee
6c81952b37 Fixed #10336 -- Added improved documentation of generic views. Thanks to Jacob and Adrian for the original text (from the DjangoBook), and Ramiro for doing the work of porting the docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11025 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-17 14:09:56 +00:00
Russell Keith-Magee
992ded1ad1 Fixed #9919 -- Added note on the need to mark transactions as dirty when using raw SQL.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11022 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-17 13:47:39 +00:00
Russell Keith-Magee
6c36d4c4f8 Fixed #10981 -- Clarified documentation regarding lazy cross-application relationships. Thanks to Ramiro for the suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10971 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-10 12:45:29 +00:00
Russell Keith-Magee
74131e82eb Fixed #11056 -- Corrected reference to File class in storage docs. Thanks to wam for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10970 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-10 12:44:53 +00:00
Karen Tracey
7638651cc3 Fixed #11204 -- Corrected typo in the pluralize doc. Thanks martin and SmileyChris.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10849 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-27 16:26:56 +00:00
Adrian Holovaty
a251e0ab7e Fixed #11070 -- Removed JING_PATH setting, which was no longer used. Thanks for the patch, seanl
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10840 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-26 05:32:52 +00:00