1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00
django/tests/regressiontests
Luke Plant 8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
..
admin_changelist Fixed #10348: ChangeList no longer overwrites a select_related provided by ModelAdmin.queryset(). 2009-05-14 15:09:33 +00:00
admin_inlines Fixed #9362 -- Prevented inline forms from overwriting the content_type_id attribute on objets being inlined. Thanks to carljm for the report and patch. 2009-05-03 13:38:36 +00:00
admin_ordering
admin_registration
admin_scripts Fixed a few Python 2.3 incompatibilities that were causing test failures. 2009-05-29 05:23:50 +00:00
admin_validation Moved the call to _get_foreign_key to run in all cases catching incorrect inline setup sooner. 2009-10-19 19:17:20 +00:00
admin_views Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default. 2009-10-26 23:23:07 +00:00
admin_widgets Fixed #11532 -- Corrected the link used for edit_inline foreign keys in admin when the admin is deployed using the old style admin.root approach. Thanks to JP for the report. 2009-07-23 14:31:33 +00:00
aggregation_regress Fixed #10906 -- Added a check for PostgreSQL pre 8.2 when using StdDev/Variance aggregates. Thanks to Richard Davies for the report and patch. 2009-05-10 09:22:53 +00:00
app_loading
auth_backends
backends Fixed #10566: Added support for cx_Oracle compiled with the WITH_UNICODE flag. 2009-08-24 15:45:48 +00:00
bug639 Made a set of small test changes to avoid leaving temp files hanging around after running the test suite. First, fixed a couple of places where temp dirs were (or could be) created without later being deleted. Second, added a missing close() before unlink() since Windows raises an error on an attempt to remove an open file. Finally, in the file_uploads tests, avoided opening-by-name temporary files that we already have a descriptor for. Doing additional opens seems to run afoul of the Windows issue with deleting open files, so it generally works better to just seek back to 0 instead of calling open multiple times. 2009-04-05 20:59:20 +00:00
bug8245
builtin_server Fixed #9659: fixed wsgi.file_wrapper in the builtin server. Thanks, mitsuhiko. 2009-05-07 15:39:06 +00:00
cache
comment_tests Fixed a couple of test-ordering-dependant failures introduced in [11639] that caused test failures when running the whole test suite. 2009-10-24 00:23:47 +00:00
conditional_processing
context_processors Fixed #12060 - equality tests between User and SimpleLazyObject-wrapped User failed. 2009-10-20 14:11:08 +00:00
custom_columns_regress
custom_managers_regress
datastructures
datatypes
dateformat Fixed #10825: fixed the 'U' format code to dateformat (and the date/now filter/tag). Thanks to gsong and mir. 2009-05-08 13:39:37 +00:00
datetime_safe
db_typecasts
decorators Added 'key_prefix' keyword argument to cache_page() 2009-09-28 21:54:54 +00:00
defaultfilters Fixed #10675 -- Added unicode paragraph and line-sep handling to escapejs. 2009-04-12 04:55:41 +00:00
defer_regress Fixed #10733 -- Added a regression test for queries with multiple references to multiple foreign keys in only() clauses. Thanks to mrts for the report. 2009-06-06 12:16:06 +00:00
delete_regress Fixed #9479 -- Corrected an edge case in bulk queryset deletion that could cause an infinite loop when using MySQL InnoDB. 2009-06-03 13:23:19 +00:00
dispatch Fixed #10753 -- Fixed regression in dispatcher after [10398]. Thanks for the patch and tests, minmax 2009-04-10 18:58:32 +00:00
expressions_regress
extra_regress Fixed #10847 -- Modified handling of extra() to use a masking strategy, rather than last-minute trimming. Thanks to Tai Lee for the report, and Alex Gaynor for his work on the patch. 2009-04-30 15:40:09 +00:00
file_storage Fixed a few Python 2.3 incompatibilities that were causing test failures. 2009-05-29 05:23:50 +00:00
file_uploads Fixed #10687: fixed request parsing when upload_handlers is empty. Thanks, Armin Ronacher. 2009-05-08 17:22:34 +00:00
fixtures_regress Fixed #11428 -- Ensured that SQL generating commands and dumpdata don't include proxy models in their output. Thanks to Anssi Kaariainen for the report. 2009-07-27 14:32:30 +00:00
forms SECURITY ALERT: Corrected regular expressions for URL and email fields. 2009-10-09 20:57:59 +00:00
formwizard
generic_inline_admin Fixed the tests from [9438] to work consistantly across databases. In particular, it was failing on newer versions of PostgreSQL after [10586]. 2009-04-22 22:38:14 +00:00
generic_relations_regress
get_or_create_regress
httpwrappers Fixed #10188: prevent newlines in HTTP headers. Thanks, bthomas. 2009-05-08 11:15:23 +00:00
humanize
i18n
initial_sql_regress
inline_formsets Fixed #10750: respect comment=False in inline formsets. Thanks, Koen Biermans. 2009-05-08 09:59:46 +00:00
introspection Fixed #11049: introspection on Oracle now identifies IntegerFields correctly. 2009-08-21 21:42:39 +00:00
m2m_regress Fixed #11311 -- Reverted [10952], Refs #10785. Changeset [10952] caused problems with m2m relations between models that had non-integer primary keys. Thanks to Ronny for the report and test case. 2009-06-15 11:47:01 +00:00
m2m_through_regress Fixed #11107 -- Corrected the generation of sequence reset SQL for m2m fields with an intermediate model. Thanks to J Clifford Dyer for the report and fix. 2009-07-11 14:22:52 +00:00
mail Fixed #11546 -- Modified the mail regression test to avoid getting hung up on 32/64 bit differences. Thanks to Richard Davies for the report. 2009-07-25 05:14:46 +00:00
managers_regress
many_to_one_regress
max_lengths Make sure that all uses of max_length in the test suite use values smaller than 255. If we use max_length > 255 the test suite can't be run on MySQL 4. 2009-05-07 18:06:22 +00:00
middleware
model_fields Added test for pickling of a model with an ImageField, refs #11103. 2009-05-29 04:06:09 +00:00
model_forms_regress Fixed #11149 -- Don't call save_form_data on file-type fields multiple times when saving a model form. 2009-05-19 23:13:33 +00:00
model_formsets_regress Modified a test from r10787 so that the comparison order is reliable. Thanks to Alex Gaynor and Tom Tobin for the report via IRC. 2009-05-20 00:19:13 +00:00
model_inheritance_regress
model_inheritance_select_related
model_regress Fixed #10153: foreign key gte and lte lookups now work. Thanks, joelhooks and adurdin. 2009-05-07 16:12:08 +00:00
modeladmin Fixed #10208: ModelAdmin now respects the exclude and field atributes of custom ModelForms. Thanks, Alex Gaynor. 2009-04-22 15:48:51 +00:00
null_fk Fixed #11392 -- Enforced a predictable result order for a couple of test cases. Thanks to Nathan Auch for the report and patch. 2009-06-29 12:29:48 +00:00
null_fk_ordering
null_queries
one_to_one_regress Fixed #9023 -- Corrected a problem where cached attribute values would cause a delete to cascade to a related object even when the relationship had been set to None. Thanks to TheShark for the report and test case, and to juriejan and Jacob for their work on the patch. 2009-06-15 14:30:51 +00:00
pagination_regress
queries Fixed an assumed ordering in the queries regression tests by making it explicit. 2009-08-20 16:05:25 +00:00
requests
reverse_single_related
select_related_regress
serializers_regress Fixed #11392 -- Enforced a predictable result order for a couple of test cases. Thanks to Nathan Auch for the report and patch. 2009-06-29 12:29:48 +00:00
servers SECURITY ALERT: Corrected a problem with the Admin media handler that could lead to the exposure of system files. Thanks to Gary Wilson for the patch. 2009-07-29 02:40:14 +00:00
string_lookup
syndication Fixed #9957: feeds now respect time zone information provided by the pub date. 2009-04-07 21:20:14 +00:00
templates Fixed #11833: name conflict in filter test. 2009-09-10 16:35:23 +00:00
test_client_regress Fixed #11371: Made django.test.Client.put() work for non-form-data PUT (i.e. JSON, etc.). Thanks, phyfus. 2009-10-26 15:02:54 +00:00
test_utils
text Fixed #9315 -- Handle spaces in URL tag arguments. 2009-04-10 04:13:27 +00:00
urlpatterns_reverse Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch. 2009-07-16 16:16:13 +00:00
utils Fixed #12060 - equality tests between User and SimpleLazyObject-wrapped User failed. 2009-10-20 14:11:08 +00:00
views Fixed #10458 -- Corrected the next_month and previous_month context variables provided with the generic month_archive view. The value returned now matches the docstring and the generic views documentation. Thanks to fperetti for the report and initial patch. 2009-04-13 13:23:03 +00:00
__init__.py