1
0
mirror of https://github.com/django/django.git synced 2025-10-26 07:06:08 +00:00
Commit Graph

621 Commits

Author SHA1 Message Date
Luke Plant
53b2c3867b Fixed #12130 - documented need for csrf_protect on views that don't accept POST
Includes:
   
 * proper documentation for csrf_protect
 * notes in comments app.
 * specific upgrade notes for comments app

Thanks to carljm for report and debugging.




git-svn-id: http://code.djangoproject.com/svn/django/trunk@11711 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-03 14:40:37 +00:00
Brian Rosner
8812060d77 Fixed #12115 -- Corrected typo in admin documentation. Thanks encinas.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11686 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-30 08:48:48 +00:00
Luke Plant
5a0aab41ee Allow CsrfResponseMiddleware to be used if templates cannot be updated.
For the case where someone is using contrib views with custom templates that
they cannot update to use the template tag, it should be possible to use
CsrfResponseMiddleware.  This requires that 'csrf_response_exempt' is not
used for the admin views.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-30 00:17:29 +00:00
Luke Plant
e6f0c10e77 Fixed typo in docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11677 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 22:26:54 +00:00
Luke Plant
9dc9770736 Documented the presence of {% csrf_token %} in Django 1.1.2 in trunk docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 21:52:25 +00:00
Luke Plant
b32a187296 Fixed some typos
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11668 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 13:13:40 +00:00
Luke Plant
f00ad4168e Added explicit notes about the need to update any customised templates for contrib apps for CSRF changes
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11667 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 12:11:56 +00:00
Luke Plant
64b4ab18b4 Use decorator syntax for csrf_exempt example.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11663 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:43:16 +00:00
Luke Plant
7230a995ce Moved contrib.csrf.* to core code.
There is stub code for backwards compatiblity with Django 1.1 imports.

The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:36:34 +00:00
Luke Plant
8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Luke Plant
a02a6fab66 Fixed #9163 - CsrfMiddleware needs to reset ETag header
Thanks to carljm for report and patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11650 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 10:45:58 +00:00
Luke Plant
f3af2d9883 Fixed some ReST markup in admin installation docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11580 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-14 22:49:03 +00:00
Luke Plant
95d5e450ec Fixed counting error in admin installation overview docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11579 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-14 22:36:20 +00:00
Russell Keith-Magee
ec6b9d6e63 Fixed #9236 -- Added documentation on the dependencies of the admin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11543 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 23:56:45 +00:00
Russell Keith-Magee
94885bac7b Fixed #11808 -- Corrected typo in admin docs. Thanks to kratorius for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11534 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:44:51 +00:00
Russell Keith-Magee
fc7ef1c86c Fixed #11831 -- Corrected typo in comments docs. Thanks to gsf for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11533 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:43:20 +00:00
Karen Tracey
b82ad10f9d Fixed #11508: Adding missing word to form wizard doc. Thanks thepointer and timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11444 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-13 16:59:59 +00:00
Russell Keith-Magee
8d48eaa064 Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:16:13 +00:00
Russell Keith-Magee
93d86479e3 Fixed #11480 -- Corrected markup error in admin docs. Thank to msgre for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11240 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-15 13:57:46 +00:00
Russell Keith-Magee
5727374d95 Fixed #11348 -- Trimmed the width of a screenshot image in the admin docs. Thanks to smcoll for the new image.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11238 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-15 13:55:50 +00:00
Russell Keith-Magee
e992e57d3e Fixed #11416 -- Restored use of the never_cache decorator on admin views. Thanks to Ramiro Morales and Michael Newmann for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11229 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-13 13:46:31 +00:00
Russell Keith-Magee
6bf55a1abf Fixed #11450 -- Corrected markup problem in contenttype docs. Thanks to seveas for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11218 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-11 15:37:08 +00:00
Russell Keith-Magee
9515c008bb Fixed #11454 -- Corrected mismatched parenthesis in admin docs. Thanks to seveas for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11217 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-11 15:36:31 +00:00
Russell Keith-Magee
b96e55e811 Fixed #11419 -- Corrected a minor typo in the admin docs. Thanks to jspeis for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11176 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 14:10:35 +00:00
Russell Keith-Magee
36954a04b7 Fixed #9669 -- Corrected an answer in the admin FAQ that is wrong in a post-newforms-admin world. Thanks to Alex for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11175 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 14:09:04 +00:00
Russell Keith-Magee
970be97530 Fixed #8861 -- Added note on the availability of ModelForm.instance. Thanks to Ramiro Morales for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11097 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-24 14:04:18 +00:00
Russell Keith-Magee
4acf7f43e7 Fixed #10415 -- Added documentation for features added in r7627 and r7630; extensibility points for the ModelAdmin and AdminSite. Thanks to Ramiro Morales for the draft text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11095 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-24 14:02:22 +00:00
Russell Keith-Magee
97fb6cf2b3 Fixed #11141 -- Corrected a code example in the admin docs. Thanks to jodal for the report, and SmileyChris for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11049 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:35:06 +00:00
Russell Keith-Magee
457a1f9a03 Fixed #11272 -- Made some clarifications to the overview and tutorial. Thanks to jjinux for the review notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11044 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:32:12 +00:00
Karen Tracey
3465ac05a6 Fixed #11034: Corrected serialization example in admin actions doc. Thanks timo and kaikuehne.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10804 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-17 17:13:33 +00:00
Karen Tracey
50745cc31e Fixed #11066 -- Corrected 15 duplicate "the"s found in docs and code comments. Thanks kaikuehne.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10801 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-17 16:45:28 +00:00
James Bennett
bed1418034 Add a proper cross-reference to the mention of HttpRequest in the comment moderation docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10786 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-15 02:57:53 +00:00
Jacob Kaplan-Moss
d246401552 Fixed #11113: fixed a couple of issues that slipped through the cracks when comment moderation was added to django.contrib.comments.
The is a potentially backwards-incompatible change for users already relying on the internals of comment moderaration. To wit:

   * The moderation system now listens to the new `comment_will_be_posted`/`comment_was_posted` signals instead of `pre/post_save`. This means that import request-based information is available to moderation as it should be.
   * Some experimental code from `django.contrib.comments.moderation` has been removed. It was never intended to be merged into Django, and was completely untested and likely buggy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10784 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 15:20:50 +00:00
Jacob Kaplan-Moss
d987b378ce Fixed #11039: documented that aggregation and generic relations don't mix. Thanks, psmith.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10781 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 02:38:27 +00:00
Jacob Kaplan-Moss
5bdee2556e Fixed #11022: documented that the admin bulk delete action calls QuerySet.delete(), not Model.delete(). Thanks, Idan Gazit.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10780 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 02:35:16 +00:00
Jacob Kaplan-Moss
690cb616ce Fixed #10886: corrected a mistaken example in the admin docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10776 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 02:17:40 +00:00
Jacob Kaplan-Moss
d08339686b Fixed #9675: added note about upgrading the URLconf to the comment upgrade guide.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10746 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-12 17:23:43 +00:00
Russell Keith-Magee
95bcb70b56 Fixed #10367 -- Corrected an example in the documentation for GenericRelation. Thanks to George Song for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10659 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-02 14:51:54 +00:00
Jacob Kaplan-Moss
d6829782d0 Now that formsets guarentee ordering (see [10623]) we can remove the arbitrary validation of this fact added as part of [10077].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-22 22:45:23 +00:00
Russell Keith-Magee
565c190611 Fixed #10559 -- Clarified documentation on customization of comments pages. Thanks to Thejaswi Puthraya for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10566 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-16 12:48:16 +00:00
Russell Keith-Magee
e6d2b14e35 Fixed #10726 -- Added documentation on AdminSite urls. Thanks to Alex Gaynor for the initial draft.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10565 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-16 12:47:34 +00:00
Russell Keith-Magee
83623d45c7 Fixed #10776 -- Added metadata targets for the contrib.admin docs, and used one of those targets to clarify the SlugField docs. Thanks to ernop for the suggestion, and timo for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10564 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-16 12:46:58 +00:00
Jacob Kaplan-Moss
f8adf99cdb Fixed #9268: pass the "next" param through in the comment preview/post view. Also updated the docs to make this a bit clearer.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10418 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-07 19:28:13 +00:00
Simon Willison
7f7606070b Fixed a documentation typo
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10412 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-06 23:45:56 +00:00
Jacob Kaplan-Moss
07465b635d Fixed a small error in the docs that I missed from [10408].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10409 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-06 20:28:55 +00:00
Jacob Kaplan-Moss
bb15cee58a Made a bunch of improvements to admin actions. Be warned: this includes one minor but BACKWARDS-INCOMPATIBLE change.
These changes are:

    * BACKWARDS-INCOMPATIBLE CHANGE: action functions and action methods now share the same signature: `(modeladmin, request, queryset)`. Actions defined as methods stay the same, but if you've defined an action as a standalone function you'll now need to add that first `modeladmin` argument.
    * The delete selected action is now a standalone function registered site-wide; this makes disabling it easy.
    * Fixed #10596: there are now official, documented `AdminSite` APIs for dealing with actions, including a method to disable global actions. You can still re-enable globally-disabled actions on a case-by-case basis.
    * Fixed #10595: you can now disable actions for a particular `ModelAdmin` by setting `actions` to `None`.
    * Fixed #10734: actions are now sorted (by name).
    * Fixed #10618: the action is now taken from the form whose "submit" button you clicked, not arbitrarily the last form on the page.
    * All of the above is documented and tested.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10408 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-06 20:23:33 +00:00
Jacob Kaplan-Moss
c6c25adf6d Fixed a whole bunch of small docs typos, errors, and ommissions.
Fixes #8358, #8396, #8724, #9043, #9128, #9247, #9267, #9267, #9375, #9409, #9414, #9416, #9446, #9454, #9464, #9503, #9518, #9533, #9657, #9658, #9683, #9733, #9771, #9835, #9836, #9837, #9897, #9906, #9912, #9945, #9986, #9992, #10055, #10084, #10091, #10145, #10245, #10257, #10309, #10358, #10359, #10424, #10426, #10508, #10531, #10551, #10635, #10637, #10656, #10658, #10690, #10699, #19528.

Thanks to all the respective authors of those tickets.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10371 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-03 18:30:54 +00:00
Jacob Kaplan-Moss
a2dec37c41 Fixed #9908: allow individual app index templates in the admin. Thanks, arne.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10317 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-01 14:13:59 +00:00
Joseph Kocherhans
efd7141d70 Fixed #9452. InlineModelAdmin docs now mention the right default for 'form'.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10309 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-01 01:29:30 +00:00
Jacob Kaplan-Moss
516051bfd2 A whole lotta documentation fixes: Fixes #8704, #8826, #8980, #9243, #9343, #9529,
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10303 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 23:34:03 +00:00