mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-28 08:06:09 +00:00
Code Issues 32 Releases Wiki Activity
10,887 Commits 30 Branches 460 Tags
e63fa0ff832e4a6c18aa9f427b643b3445c5abb0
Commit Graph

22 Commits

Author SHA1 Message Date
Jannis Leidel
24f4764a48 Fixed #16225 -- Removed unused imports. Many thanks to Aymeric Augustin for the work on the patch and Alex for reviewing. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16539 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-07-13 09:35:51 +00:00
Luke Plant
73721912e2 Fixed #16002 - test failure due to missing from __future__ import with_statement 
Thanks to julien for the report

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16213 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-05-11 08:58:58 +00:00
Luke Plant
cb060f0f34 Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requests 
Thanks to brodie for the report, and further input from tow21

This is a potentially backwards incompatible change - if you were doing
PUT/DELETE requests and relying on the lack of protection, you will need to
update your code, as noted in the releaste notes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16201 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-05-09 23:45:54 +00:00
Luke Plant
8cbcf1d3a6 Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF cookie 
Thanks to cfattarsi for the report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-05-09 23:00:22 +00:00
Luke Plant
b6c5f8060d Fixed #15354 - provide method to ensure CSRF token is always available for AJAX requests 
Thanks to sayane for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-05-09 21:35:24 +00:00
Russell Keith-Magee
4c468800ee Updates to the test suite to allow for newly deprecated and removed features 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15990 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-04-02 08:44:47 +00:00
Luke Plant
4a6cb38722 Cleaned up some test code. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15957 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-30 17:35:50 +00:00
Luke Plant
16f6acdb89 Deprecated csrf_response_exempt and csrf_view_exempt decorators 
With the removal of CsrfResponseMiddleware, csrf_response_exempt serves no
purposes, and csrf_exempt and csrf_view_exempt perform the same function.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15956 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-30 17:35:41 +00:00
Luke Plant
8823021625 Removed deprecated CsrfResponseMiddleware, and corresponding tests and docs 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15949 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-30 17:34:26 +00:00
Luke Plant
21ef64e34c Removed Django 1.1 fallback for CSRF checks. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15948 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-30 17:34:14 +00:00
Luke Plant
243d0bec19 Fixed #15617 - CSRF referer checking too strict 
Thanks to adam for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15840 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-15 20:37:09 +00:00
Russell Keith-Magee
afd040d4d3 Updated test assertions that have been deprecated by the move to unittest2. In summary, this means: 
assert_ -> assertTrue
 assertEquals -> assertEqual
 failUnless -> assertTrue

For full details, see http://www.voidspace.org.uk/python/articles/unittest2.shtml#deprecations

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15728 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-03 15:04:39 +00:00
Alex Gaynor
208630aa4b Fixed a security issue in the CSRF component. Disclosure and new release forthcoming. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15464 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-09 02:06:27 +00:00
Luke Plant
02fc6276d7 Fixed #14508 - test suite silences warnings. 
Utility functions get_warnings_state and save_warnings_state have been added
to django.test.utils, and methods to django.test.TestCase for convenience.

The implementation is based on the catch_warnings context manager from
Python 2.6.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14526 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-11-11 15:06:20 +00:00
Luke Plant
90ac02300e Fixed #14565 - No csrf_token on 404 page. 
This solution doesn't have the negative side-effects of [14356].

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14377 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-10-28 11:47:15 +00:00
Russell Keith-Magee
1070c57b83 Fixed #14436 -- Escalated 1.2 PendingDeprecationWarnings to DeprecationWarnings, and removed 1.1 deprecated code. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14138 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-10-11 12:20:07 +00:00
Luke Plant
568b9cdf37 Fixed a test so that it actually tests what it's supposed to test. 
Previously it passed whether or not the view was 'csrf_exempt'ed.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13735 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-09-10 23:56:10 +00:00
Luke Plant
364583b894 Fixed #14235 - UnicodeDecodeError in CSRF middleware 
Thanks to jbg for the report.

This changeset essentially backs out [13698] in favour of a method that
sanitizes the token rather than escaping it.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13732 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-09-10 22:56:56 +00:00
James Bennett
9e3b327aca Patch CSRF-protection system to deal with reported security issue. Announcement and details to follow. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13698 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-09-09 00:34:54 +00:00
Luke Plant
ac8b7ff021 Fixed #13716 - the CSRF get_token function stopped working for views with csrf_view_exempt 
This was a regression caused by the the CSRF changes in 1.2.

Thanks to edevil for the report.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13336 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-06-08 14:35:48 +00:00
Luke Plant
48edb177ed Fixed #12053 - form examples don't validate according to w3c 
Thanks to skyl for the report.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@12086 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2010-01-04 21:55:52 +00:00
Luke Plant
7230a995ce Moved contrib.csrf.* to core code. 
There is stub code for backwards compatiblity with Django 1.1 imports.

The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-27 00:36:34 +00:00