1
0
mirror of https://github.com/django/django.git synced 2025-10-23 21:59:11 +00:00
Commit Graph

226 Commits

Author SHA1 Message Date
Luke Plant
8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Russell Keith-Magee
8d48eaa064 Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:16:13 +00:00
Russell Keith-Magee
6ed0345092 Fixed #11413 -- Added notes on the cycle and firstof tag detailing that variables output by those tags will not be escaped by default. Thanks to krystal for the report and draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11163 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 05:41:36 +00:00
Karen Tracey
7638651cc3 Fixed #11204 -- Corrected typo in the pluralize doc. Thanks martin and SmileyChris.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10849 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-27 16:26:56 +00:00
Jacob Kaplan-Moss
66ff7db385 Fixed #11046: fixed a use of the deprecated cycle tag syntax in the template documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10768 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 01:53:57 +00:00
Jacob Kaplan-Moss
2af75b485d Fixed #10825: fixed the 'U' format code to dateformat (and the date/now filter/tag). Thanks to gsong and mir.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10716 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-08 13:39:37 +00:00
Russell Keith-Magee
f3c3aa232c Fixed #10704 -- Resurrected documentation for {% else %} clause on {% ifchanged %}, lost during docs refactor. Thanks to Tarken for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10563 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-16 12:46:15 +00:00
Jacob Kaplan-Moss
c6c25adf6d Fixed a whole bunch of small docs typos, errors, and ommissions.
Fixes #8358, #8396, #8724, #9043, #9128, #9247, #9267, #9267, #9375, #9409, #9414, #9416, #9446, #9454, #9464, #9503, #9518, #9533, #9657, #9658, #9683, #9733, #9771, #9835, #9836, #9837, #9897, #9906, #9912, #9945, #9986, #9992, #10055, #10084, #10091, #10145, #10245, #10257, #10309, #10358, #10359, #10424, #10426, #10508, #10531, #10551, #10635, #10637, #10656, #10658, #10690, #10699, #19528.

Thanks to all the respective authors of those tickets.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10371 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-03 18:30:54 +00:00
Gary Wilson Jr
d8bffb3969 Fixed #10375 -- Added documentation about the default format strings used for the date and time filters when no format string is passed to the filter, based on patch from kgrandis.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10259 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 16:34:24 +00:00
Malcolm Tredinnick
dfddf129f0 Fixed #9701 -- Added a "safeseq" template filter.
This is like "safe", except it operates on the individual elements of a
sequence, rather than treating the whole argument as a string.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@9952 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-02 08:16:33 +00:00
Russell Keith-Magee
af346081e3 Fixed #10007 -- Corrected (and narrowed) a reference to the Python standard library documentation. Thanks to d00gs for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9863 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-22 06:09:28 +00:00
Adrian Holovaty
641853331d Fixed #10177 -- Fixed typo in docs/ref/templates/builtins.txt. Thanks, bmjames
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9852 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-21 08:43:35 +00:00
Malcolm Tredinnick
4bdbd1401d Fixed #9735 -- Documentation typo fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9558 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-03 05:50:46 +00:00
Jacob Kaplan-Moss
4aa97f5c18 Fixed #6398: added an optional {% empty %} clause to the {% for %} template tag. The contents of this clause are rendered if the list iterated over turns out to be empty. Thanks, Jannis Leidel.
Astute readers will notice that the patch originally called this `default`; after consideration I decided that `empty` is a very slightly better color for this particular bikeshed.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@9530 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-24 22:01:48 +00:00
Jacob Kaplan-Moss
136c4f8549 Fixed a small reST header glitch in docs/ref/templates/builtins.txt
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9529 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-24 22:01:24 +00:00
Karen Tracey
c483583023 Fixed #9497 - Doc typos. Many thanks ramiro.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9330 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-02 20:43:20 +00:00
Karen Tracey
d4f4ab8535 Fixed #9487 -- Corrected several links into the Python docs that were broken by the recent Python docs refactor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9312 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-01 19:02:09 +00:00
Adrian Holovaty
97087962b1 Rewrote bits of the cycle tag documentation, which was confusing -- it implied 'rowvar' was required
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9101 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-30 17:45:58 +00:00
Malcolm Tredinnick
edabc4aca1 Fied #9169 -- Fixed a typo in a docs example. Thanks, jeremyb.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9085 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-27 03:25:42 +00:00
Adrian Holovaty
74f386dba2 Fixed #8979 -- Made a bunch of typo/formatting fixes to the docs. Thanks, ramiro
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8987 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-09 01:54:20 +00:00
Jacob Kaplan-Moss
64a9469127 Fixed #8753: converted "new in ..." callouts to proper Sphinx "versionadded/versionchanged" directives. Thanks to Marc Fargas for all the heavy lifting here.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8843 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 03:40:42 +00:00
Jacob Kaplan-Moss
c068bc184c Merge branch 'url-tag-asvar'
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8716 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-29 19:28:03 +00:00
Russell Keith-Magee
3442821836 Fixed #8595: Removed a note about possible changes to the syntax of the {% url %} template tag. Thanks to julien for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8651 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-28 11:29:00 +00:00
Malcolm Tredinnick
3111d7f60b Fixed #7201 -- Fixed the timeuntil filter to work correctly with timezone-aware
times. Patch from Jeremy Carbaugh.

This is backwards incompatible in the sense that previously, if you tried to
compare timezone-aware and timezone-naive values, you got an incorrect result.
Now you get an empty string. So your previously incorrect code returns a
different incorrect result.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8579 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-26 08:08:55 +00:00
Russell Keith-Magee
06d49768bd Fixed #7743: Reverted [8483], which was itself a reversion of [8481], after confirmation from Malcolm. Corrected a long standing mistake in the timesince/timeuntil filters when using a parameter for 'now'. Thanks to Andrew Shearer <ashearerw@shearersoftware.com> for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8535 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 12:31:10 +00:00
Jacob Kaplan-Moss
97cb07c3a1 Massive reorganization of the docs. See the new docs online at http://docs.djangoproject.com/.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8506 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 22:25:40 +00:00