1
0
mirror of https://github.com/django/django.git synced 2025-10-25 22:56:12 +00:00
Commit Graph

130 Commits

Author SHA1 Message Date
Luke Plant
0a8a6b92b2 [1.4.x] Noted that SECURE_PROXY_SSL_HEADER is needed by CSRF protection.
Both false positives and false negatives of HttpRequest.is_secure can be
dangerous.

Backport of 840ffd80ba from master
2012-06-04 21:49:42 +01:00
Claude Paroz
456d4db251 [1.4.X] Fixed #18045 -- Corrected the documented default value of SESSION_COOKIE_HTTPONLY setting. Missing bit of r17135.
Backport of r17862 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17863 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-01 17:17:21 +00:00
Claude Paroz
277661c2af [1.4.X] Fixed #17733 -- Discouraged setting TIME_ZONE to None when USE_TZ is True. Thanks berdario for the report.
Backport of r17809 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17818 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-29 15:09:52 +00:00
Claude Paroz
78638a9a51 Replaced http by https in djangoproject.com links
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17703 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-13 17:53:31 +00:00
Adrian Holovaty
2ade1e916f Edited stuff from [17543] to [17629]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17630 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-02 17:16:52 +00:00
Jannis Leidel
d93a2ef887 Fixed #17568 -- Mentioned `reverse_lazy in the LOGIN_REDIRECT_URL` settings docs. Thanks, zsiciarz.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17626 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-02 16:56:04 +00:00
Timo Graham
d2988ce0f4 Fixed #17767 - Added signed cookie session backed to session engine settings docs; thanks Preston Holmes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17606 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-01 01:06:22 +00:00
Aymeric Augustin
6daad896fb Reverted r17577 because it's actually possible to use a time zone that isn't the system time zone without pytz, thanks to the TZ environment variable.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17578 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-22 21:42:50 +00:00
Aymeric Augustin
8842183448 Noted that TIME_ZONE must be the server time zone when time zone support is enabled and pytz isn't installed.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17577 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-22 21:13:36 +00:00
Timo Graham
7d7d2d354c Fixed #16758 - Added a warning regarding overriding default settings; thanks cyclops for the suggestion & Aymeric Augustin for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17566 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-20 19:08:22 +00:00
Aymeric Augustin
1d78897c5d Fixed #17166 -- Documented how FIXTURE_DIRS works in the inital data how-to, and edited related bits in the settings reference.
Performed minor edits for consistency while I was there.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@17558 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-19 09:02:52 +00:00
Aymeric Augustin
7a7ec73efe Fixed #16452 -- Clarified that the DATE/DATETIME/TIME_INPUT_FORMATS settings have no effect when USE_L10N is True. Thanks Travis Brooks.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17554 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-19 08:00:06 +00:00
Adrian Holovaty
7981efe04f Documentation (and some small source code) edits from [17432] - [17537]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17540 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-17 20:04:11 +00:00
Jannis Leidel
ec5e2f0ccc Fixed #17460 -- Extended the HIDDEN_SETTINGS constant in with a few more sensible names of settings to hide in the debug view. Many thanks to chomik, lpiatek and tomaszrybak.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17481 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-09 18:58:45 +00:00
Adrian Holovaty
d4f11eb776 Fixed incorrect 'setting::' prefix in settings.txt
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17312 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-30 21:13:08 +00:00
Adrian Holovaty
61f0aff811 Fixed #14597 -- Added a SECURE_PROXY_SSL_HEADER setting for cases when you're behind a proxy that 'swallows' the fact that a request is HTTPS
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17209 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-16 22:06:06 +00:00
Jannis Leidel
6f66b55108 Fixed #17255 -- Removed "as" prefix from new timezone template filter names for the sake of clarity. Cheers to Aymeric Augustin for bearing with me.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17107 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-18 15:00:08 +00:00
Aymeric Augustin
9b1cb755a2 Added support for time zones. Thanks Luke Plant for the review. Fixed #2626.
For more information on this project, see this thread:
http://groups.google.com/group/django-developers/browse_thread/thread/cf0423bbb85b1bbf



git-svn-id: http://code.djangoproject.com/svn/django/trunk@17106 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-18 13:01:06 +00:00
Luke Plant
3b7a4c6adc Fixed #17117 - ADMIN_MEDIA_PREFIX should still be visible in docs
Thanks to claudep for the report and patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17063 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-01 21:37:12 +00:00
Aymeric Augustin
67e6e0fcf3 Fixed #17087 -- Re-organized the i18n docs to reduce confusion between USE_I18N/USE_L10N and the concepts of internationalization/localisation. Re
moved some duplicate content.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@17026 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-22 17:17:57 +00:00
Carl Meyer
145a77edc9 Fixed #16360 -- Added WSGI entrypoint to startproject layout, and enabled internal servers (runserver and runfcgi) to use an externally-defined WSGI application. Thanks to Armin Ronacher, Jannis Leidel, Alex Gaynor, ptone, and Jacob Kaplan-Moss.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17022 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-22 04:30:10 +00:00
Aymeric Augustin
246580573d Fixed #12308 -- Added tablespace support to the PostgreSQL backend.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16987 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-14 21:49:43 +00:00
Luke Plant
d1e5c55258 Fixed many more ReST indentation errors, somehow accidentally missed from [16955]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16983 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-14 00:12:01 +00:00
Aymeric Augustin
846fc7260a Fixed typo in r16935. Refs #17012.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16936 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-07 15:33:55 +00:00
Aymeric Augustin
510ea906f7 Fixed #17012 - Removed references to the 'hasNoProfanities' validator. Refs #8794.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16935 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-07 08:35:20 +00:00
Julien Phalip
fc06ec0daf Fixed #16876 -- Fixed a cross reference in the settings reference doc. Thanks to Gumnos for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16855 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-19 07:33:32 +00:00
Julien Phalip
357910c1c6 Rectified the settings reference documentation to indicate that USE_L10N (and not USE_I18N) controls the activation of locale-dictated formats.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16850 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-18 07:50:50 +00:00
Carl Meyer
00678334aa Fixed #16863 -- Corrected ReST markup to avoid errors building docs.
Although directives such as "note" and "warning" will accept content
immediately following the directive, this is technically where arguments to the
directive should go (see http://sphinx.pocoo.org/rest.html#directives). Putting
the content there means that any lines beginning with an inline text role
(e.g. ":setting:`DEBUG`") will be mis-interpreted as an option block for the
directive. To avoid this error, there should always be a blank line between the
directive start and the directive content.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16842 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-16 18:06:42 +00:00
Carl Meyer
d1d6109229 Added release note and updated TEMPLATE_DEBUG documentation for r16833. Thanks jezdez for the reminder.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16841 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-16 17:07:19 +00:00
Russell Keith-Magee
5f287f75f2 Altered the behavior of URLField to avoid a potential DOS vector, and to avoid potential leakage of local filesystem data. A security announcement will be made shortly.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16760 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 00:47:00 +00:00
Russell Keith-Magee
893cea211a Added protection against spoofing of X_FORWARDED_HOST headers. A security announcement will be made shortly.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16758 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 00:46:38 +00:00
Alex Gaynor
d036b87126 Remove no-longer-valid references to the DATABASE_* settings, the legacy code for them was already removed.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16733 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-09 17:14:47 +00:00
Jannis Leidel
6819312c98 Fixed #15918 -- Refined documentation of the various localization settings, especially with regard to the thousand separator. Thanks, Aymeric Augustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16727 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-08 13:25:17 +00:00
Ramiro Morales
932b1b8d6d Converted links to external topics so they use intersphinx extension markup.
This allows to make these links more resilent to changes in the target URLs.
Thanks Jannis for the report and Aymeric Augustin for the patch.

Fixes #16586.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16720 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-04 21:17:30 +00:00
Julien Phalip
5c1b4ab75b Fixed #16729 -- Fixed a small typo in the settings reference doc. Thanks to simon.cruanes.2007@m4x.org for the report and to Aymeric Augustin for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16716 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-02 03:47:49 +00:00
Malcolm Tredinnick
f77666a4af Documented some Oracle-specific test settings.
Patch from aaugustin that should help people with specific testing
requirements for Oracle set things up in their preferred way. The
settings have always existed, but now they are documented.

Fixes #16478.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16646 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-22 06:35:52 +00:00
Jannis Leidel
566b3295fa Fixed #16621 -- Fixed lots of typos in the docs. Thanks, Bernhard Essl.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16615 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-13 11:58:19 +00:00
Chris Beaven
956da729d1 Add a note to USE_L10N settings documentation that startproject sets USE_L10N = True
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16538 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-12 00:08:37 +00:00
Jannis Leidel
38a2444277 Fixed #16050 -- BACKWARDS-INCOMPATIBLE CHANGE: Moved static files of the admin to conventional file system location.
This also removes the need for ADMIN_MEDIA_PREFIX and replaces it with the convention to find admin's static files at STATIC_URL + 'admin/'.

Thanks to Jacob for the review and general help.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16487 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-30 09:06:19 +00:00
Luke Plant
45e55b9143 Fixed #14614 - filtering of sensitive information in 500 error reports.
This adds a flexible mechanism for filtering what request/traceback
information is shown in 500 error emails and logs. It also applies
screening to some views known to be sensitive e.g. views that handle
passwords.

Thanks to oaylanc for the report and many thanks to Julien Phalip for the
patch and the rest of the work on this.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16339 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-08 22:18:46 +00:00
Luke Plant
524c5fa07a Fixed #14261 - Added clickjacking protection (X-Frame-Options header)
Many thanks to rniemeyer for the patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16298 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30 22:27:47 +00:00
Jannis Leidel
49f57a5d28 Fixed #15992 -- Added more references to settings. Thanks, aaugustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16290 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-29 17:41:04 +00:00
Jannis Leidel
f60d428463 Fixed #12417 -- Added signing functionality, including signing cookies. Many thanks to Simon, Stephan, Paul and everyone else involved.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16253 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-21 14:41:14 +00:00
Luke Plant
8cbcf1d3a6 Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF cookie
Thanks to cfattarsi for the report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:22 +00:00
Luke Plant
bf7af2be15 Added clarifying note to docs for CSRF_COOKIE_DOMAIN
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 22:59:52 +00:00
Luke Plant
171df93170 Fixed #15954 - New IGNORABLE_404_URLS setting that allows more powerful filtering of 404s to ignore
Thanks to aaugustin for implementing this.

(Technically this doesn't fix the original report, as we've decided against
having *any* default values, but the new feature makes it possible, and the
docs have an example addressing #15954).

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-05 20:49:26 +00:00
Timo Graham
449e84a2f1 Fixed #15801 - Incorrect external link for dictConfig; thanks David Niergarth for the report; jonash for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16100 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-24 23:53:24 +00:00
Adrian Holovaty
f8495d2371 Fixed #15822 -- Removed references to the v1 postgresql backend (which has been removed). Thanks for the patch, aaugustin
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16034 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-17 20:45:06 +00:00
Adrian Holovaty
94af19c43f Changed e-mail to email throughout documentation and codebase. The one exception is translation strings, which I didn't want to disrupt
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15967 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-01 16:10:22 +00:00
Ramiro Morales
f6e38f3800 Fixed #5494, #10765, #14924 -- Modified the order in which translations are read when composing the final translation to offer at runtime.
This is slightly backward-incompatible (could result in changed final translations for literals appearing multiple times in different .po files but with different translations).

Translations are now read in the following order (from lower to higher priority):

For the 'django' gettext domain:

 * Django translations
 * INSTALLED_APPS apps translations (with the ones listed first having higher priority)
 * settings/project path translations (deprecated, see below)
 * LOCALE_PATHS translations (with the ones listed first having higher priority)

For the 'djangojs' gettext domain:

 * Python modules whose names are passed to the javascript_catalog view
 * LOCALE_PATHS translations (with the ones listed first having higher priority, previously they weren't included)

Also, automatic loading of translations from the 'locale' subdir of the settings/project path is now deprecated.

Thanks to vanschelven, vbmendes and an anonymous user for reporting issues, to vanschelven, Claude Paroz and an anonymous contributor for their initial work on fixes and to Jannis  Leidel and Claude for review and discussion.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15441 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-07 18:48:40 +00:00