1
0
mirror of https://github.com/django/django.git synced 2025-10-26 15:16:09 +00:00

Removed gender-based pronouns per [c0a2daad78].

This commit is contained in:
Tim Graham
2013-11-30 08:37:15 -05:00
parent c0a2daad78
commit f3e7ab366c
12 changed files with 19 additions and 20 deletions

View File

@@ -133,7 +133,7 @@ class AuthenticationFormTest(TestCase):
[force_text(form.error_messages['inactive'])]) [force_text(form.error_messages['inactive'])])
def test_custom_login_allowed_policy(self): def test_custom_login_allowed_policy(self):
# The user is inactive, but our custom form policy allows him to log in. # The user is inactive, but our custom form policy allows them to log in.
data = { data = {
'username': 'inactive', 'username': 'inactive',
'password': 'password', 'password': 'password',

View File

@@ -20,8 +20,8 @@ purchase an item. A user has chosen to stay logged into the store all the time
for convenience. An attacker site might create an "I Like Ponies" button on one for convenience. An attacker site might create an "I Like Ponies" button on one
of their own pages, and load the store's page in a transparent iframe such that of their own pages, and load the store's page in a transparent iframe such that
the "Buy Now" button is invisibly overlaid on the "I Like Ponies" button. If the the "Buy Now" button is invisibly overlaid on the "I Like Ponies" button. If the
user visits the attacker site and clicks "I Like Ponies" he or she will inadvertently user visits the attacker's site, clicking "I Like Ponies" will cause an
click on the online store's "Buy Now" button and unknowingly purchase the item. inadvertent click on the "Buy Now" button and an unknowing purchase of the item.
.. _clickjacking-prevention: .. _clickjacking-prevention:

View File

@@ -172,7 +172,7 @@ Getting the current domain for display
LJWorld.com and Lawrence.com both have email alert functionality, which lets LJWorld.com and Lawrence.com both have email alert functionality, which lets
readers sign up to get notifications when news happens. It's pretty basic: A readers sign up to get notifications when news happens. It's pretty basic: A
reader signs up on a Web form, and he or she immediately gets an email saying, reader signs up on a Web form and immediately gets an email saying,
"Thanks for your subscription." "Thanks for your subscription."
It'd be inefficient and redundant to implement this signup-processing code It'd be inefficient and redundant to implement this signup-processing code

View File

@@ -2468,7 +2468,7 @@ SESSION_EXPIRE_AT_BROWSER_CLOSE
Default: ``False`` Default: ``False``
Whether to expire the session when the user closes his or her browser. See Whether to expire the session when the user closes their browser. See
:ref:`browser-length-vs-persistent-sessions`. :ref:`browser-length-vs-persistent-sessions`.
.. setting:: SESSION_FILE_PATH .. setting:: SESSION_FILE_PATH

View File

@@ -73,8 +73,7 @@ The Django admin has long had an undocumented "feature" allowing savvy
users to manipulate the query string of changelist pages to filter the users to manipulate the query string of changelist pages to filter the
list of objects displayed. However, this also creates a security list of objects displayed. However, this also creates a security
issue, as a staff user with sufficient knowledge of model structure issue, as a staff user with sufficient knowledge of model structure
could use this "feature" to gain access to information he or she would could use this "feature" to gain access to information not normally accessible.
not normally have.
As a result, changelist filtering now explicitly validates all lookup As a result, changelist filtering now explicitly validates all lookup
arguments in the query string, and permits only fields which are arguments in the query string, and permits only fields which are

View File

@@ -19,7 +19,7 @@ The security checks for these redirects (namely
``django.util.http.is_safe_url()``) didn't check if the scheme is ``http(s)`` ``django.util.http.is_safe_url()``) didn't check if the scheme is ``http(s)``
and as such allowed ``javascript:...`` URLs to be entered. If a developer and as such allowed ``javascript:...`` URLs to be entered. If a developer
relied on ``is_safe_url()`` to provide safe redirect targets and put such a relied on ``is_safe_url()`` to provide safe redirect targets and put such a
URL into a link, he or she could suffer from a XSS attack. This bug doesn't affect URL into a link, they could suffer from a XSS attack. This bug doesn't affect
Django currently, since we only put this URL into the ``Location`` response Django currently, since we only put this URL into the ``Location`` response
header and browsers seem to ignore JavaScript there. header and browsers seem to ignore JavaScript there.

View File

@@ -811,7 +811,7 @@ instance:
* Consequences: The user will see an error about the form having expired * Consequences: The user will see an error about the form having expired
and will be sent back to the first page of the wizard, losing the data and will be sent back to the first page of the wizard, losing the data
he or she has entered so far. entered so far.
* Time period: The amount of time you expect users to take filling out the * Time period: The amount of time you expect users to take filling out the
affected forms. affected forms.

View File

@@ -16,7 +16,7 @@ The security checks for these redirects (namely
``django.util.http.is_safe_url()``) didn't check if the scheme is ``http(s)`` ``django.util.http.is_safe_url()``) didn't check if the scheme is ``http(s)``
and as such allowed ``javascript:...`` URLs to be entered. If a developer and as such allowed ``javascript:...`` URLs to be entered. If a developer
relied on ``is_safe_url()`` to provide safe redirect targets and put such a relied on ``is_safe_url()`` to provide safe redirect targets and put such a
URL into a link, he or she could suffer from a XSS attack. This bug doesn't affect URL into a link, they could suffer from a XSS attack. This bug doesn't affect
Django currently, since we only put this URL into the ``Location`` response Django currently, since we only put this URL into the ``Location`` response
header and browsers seem to ignore JavaScript there. header and browsers seem to ignore JavaScript there.

View File

@@ -1123,10 +1123,10 @@ Controlling cache: Using other headers
Other problems with caching are the privacy of data and the question of where Other problems with caching are the privacy of data and the question of where
data should be stored in a cascade of caches. data should be stored in a cascade of caches.
A user usually faces two kinds of caches: his or her own browser cache (a A user usually faces two kinds of caches: their own browser cache (a private
private cache) and his or her provider's cache (a public cache). A public cache cache) and their provider's cache (a public cache). A public cache is used by
is used by multiple users and controlled by someone else. This poses problems multiple users and controlled by someone else. This poses problems with
with sensitive data--you don't want, say, your bank account number stored in a sensitive data--you don't want, say, your bank account number stored in a
public cache. So Web applications need a way to tell caches which data is public cache. So Web applications need a way to tell caches which data is
private and which is public. private and which is public.

View File

@@ -241,7 +241,7 @@ such alias were specified, it would be the rather long ``'book__pubdate__min'``.
This doesn't apply just to foreign keys. It also works with many-to-many This doesn't apply just to foreign keys. It also works with many-to-many
relations. For example, we can ask for every author, annotated with the total relations. For example, we can ask for every author, annotated with the total
number of pages considering all the books he/she has (co-)authored (note how we number of pages considering all the books the author has (co-)authored (note how we
use ``'book'`` to specify the ``Author`` -> ``Book`` reverse many-to-many hop):: use ``'book'`` to specify the ``Author`` -> ``Book`` reverse many-to-many hop)::
>>> Author.objects.annotate(total_pages=Sum('book__pages')) >>> Author.objects.annotate(total_pages=Sum('book__pages'))

View File

@@ -166,7 +166,7 @@ and the :setting:`SECRET_KEY` setting.
cookie backend might open you up to `replay attacks`_. Unlike other session cookie backend might open you up to `replay attacks`_. Unlike other session
backends which keep a server-side record of each session and invalidate it backends which keep a server-side record of each session and invalidate it
when a user logs out, cookie-based sessions are not invalidated when a user when a user logs out, cookie-based sessions are not invalidated when a user
logs out. Thus if an attacker steals a user's cookie, he or she can use that logs out. Thus if an attacker steals a user's cookie, they can use that
cookie to login as that user even if the user logs out. Cookies will only cookie to login as that user even if the user logs out. Cookies will only
be detected as 'stale' if they are older than your be detected as 'stale' if they are older than your
:setting:`SESSION_COOKIE_AGE`. :setting:`SESSION_COOKIE_AGE`.
@@ -590,8 +590,8 @@ log in every time they open a browser.
If :setting:`SESSION_EXPIRE_AT_BROWSER_CLOSE` is set to ``True``, Django will If :setting:`SESSION_EXPIRE_AT_BROWSER_CLOSE` is set to ``True``, Django will
use browser-length cookies -- cookies that expire as soon as the user closes use browser-length cookies -- cookies that expire as soon as the user closes
his or her browser. Use this if you want people to have to log in every time their browser. Use this if you want people to have to log in every time they
they open a browser. open a browser.
This setting is a global default and can be overwritten at a per-session level This setting is a global default and can be overwritten at a per-session level
by explicitly calling the :meth:`~backends.base.SessionBase.set_expiry` method by explicitly calling the :meth:`~backends.base.SessionBase.set_expiry` method

View File

@@ -1579,8 +1579,8 @@ If all you want is to run Django with your native language all you need to do
is set :setting:`LANGUAGE_CODE` and make sure the corresponding :term:`message is set :setting:`LANGUAGE_CODE` and make sure the corresponding :term:`message
files <message file>` and their compiled versions (``.mo``) exist. files <message file>` and their compiled versions (``.mo``) exist.
If you want to let each individual user specify which language he or she If you want to let each individual user specify which language they
prefers, then you also need to use use the ``LocaleMiddleware``. prefer, then you also need to use use the ``LocaleMiddleware``.
``LocaleMiddleware`` enables language selection based on data from the request. ``LocaleMiddleware`` enables language selection based on data from the request.
It customizes content for each user. It customizes content for each user.