1
0
mirror of https://github.com/django/django.git synced 2025-10-24 22:26:08 +00:00
Commit Graph

498 Commits

Author SHA1 Message Date
Luke Plant
8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Jacob Kaplan-Moss
7770c70007 Fixed a silly typo left over from removing Python 2.3 references.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11641 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-23 19:43:58 +00:00
Jacob Kaplan-Moss
7098664940 Removed mentions of Python 2.3 support from the docs -- Django 1.2 drops support for Python 2.3 -- and added a quick FAQ about that dropping of support.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11640 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-23 19:30:23 +00:00
Luke Plant
c46ddbf1fc Fixed #8274 - allow custom forms for auth 'login' and 'password_change' views
Thanks to julien for the suggestion and patch, and SmileyChris for work on the patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11618 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-12 15:32:24 +00:00
James Bennett
ca9d0136df Fixed #11961: Corrected a few typos in docs/testing.txt. Thanks to timo for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11599 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-30 06:40:34 +00:00
Luke Plant
6e3a72585a Added 'key_prefix' keyword argument to cache_page()
This was available before r11586, but undocumented.  It has now been
re-added with documentation and explicit support, as it seems like a useful
feature and people were using it before.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11595 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-28 21:54:54 +00:00
James Bennett
4a2a0b0e21 Fixed #11931: Removed mention of nonexistent get_sql() method for arguments to limit_choices_to. Since the correct reference involves undocumented ORM internals, this simply removes the reference entirely in favor of publicly-documented use of Q objects.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11591 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-23 23:40:12 +00:00
Russell Keith-Magee
f8077919b5 Fixed #11755 -- Added documentation for an edge case of FormSet usage. Thanks to ffualo for the suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11549 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 03:01:04 +00:00
Russell Keith-Magee
38e78da95e Fixed #11740 -- Added extra detail on the behavior of ModelForms. Thanks to severian for the suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11548 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 01:35:18 +00:00
Russell Keith-Magee
0e07f80cf4 Fixed #9414 -- Clarified the documentation on the permission decorators. Thanks to timo for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11547 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 01:13:40 +00:00
Russell Keith-Magee
d0c6e9cf63 Fixed #11873 -- Corrected typo in generic views docs. Thanks to Brett Cannon for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11546 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 00:25:53 +00:00
Russell Keith-Magee
8b6a2c11e4 Fixed #11073 -- Added documentation for SESSION_COOKIE_PATH. Thanks to liling for the report, and gsong for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11545 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 00:17:35 +00:00
Russell Keith-Magee
7dfd7cb836 Fixed #10864 -- Clarified the role played by redirect_to_field in the login_required auth decorator. Thanks to trigeek38 for the suggestion, and SmileyChris for the draft.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11544 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 00:12:26 +00:00
Russell Keith-Magee
1ed9d29db8 Modified r11531 to use the original suggested text from the patch (which was better).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11532 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:41:12 +00:00
Russell Keith-Magee
15f3610747 Fixed #11589 -- Corrected an argument in the shortcuts documentation. Thanks to tsaylor for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11531 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:32:07 +00:00
Luke Plant
8da58e51ff Fixed #11554: Several errors in Generic Views Documentation.
Thanks Ramiro. 
Refs #11477 - that ticket should have been marked a duplicate of #11554



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11499 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-11 13:46:56 +00:00
Luke Plant
404a82e156 Fixed #7376: auth docs don't say they depend on contenttypes.
Thanks arien


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11487 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-10 15:41:00 +00:00
Luke Plant
de5e768557 Fixed #11477: Generic views docs point out bug with wrong queryset
Thanks SmileyChris



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11484 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-10 15:21:16 +00:00
Russell Keith-Magee
42ff5b3c12 Cleanup of some minor markup problems in URL documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11275 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-21 01:48:59 +00:00
Russell Keith-Magee
0c9d0bf7d6 Fixed #11492 -- Corrected some typos, and added some extra markup for the URLs documentation. Thanks to Ramiro Morales for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11258 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-17 00:55:21 +00:00
Russell Keith-Magee
3469f4b819 Fixed #11491 -- Corrected minor typo in new namespace URL docs. Thanks to Carl Meyer for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11253 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 23:45:36 +00:00
Russell Keith-Magee
8d48eaa064 Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:16:13 +00:00
Russell Keith-Magee
49f0a4bb5b Fixed #10908 -- Clarified the procedure for creating test users in the testing docs. Thanks to gruszczy and timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11248 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:06:53 +00:00
Russell Keith-Magee
3c6036a5b4 Fixed #11364 -- Modified the jsi18n example to use the {% url %} tag rather than a placeholder. Thanks to jcassee for the suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11237 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-15 13:54:45 +00:00
Russell Keith-Magee
b1e645b6cd Fixed #10287 -- Added better examples in the docs of formset validation. Thanks to Andrew Badr for the text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11234 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-15 13:52:39 +00:00
Russell Keith-Magee
ebce1b9a2b Fixed #11439 -- Added docs on including URL patterns as an iterable. Thanks to Ramiro Morales for the draft text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11221 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-11 15:38:47 +00:00
Russell Keith-Magee
87285078f0 Fixed #9607 -- Added documentation for the `extra` argument in test client methods. Thanks to jroes for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11173 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 07:40:45 +00:00
Russell Keith-Magee
037b833f2e Fixed #10604 -- Added note on the limitation of ungettext, especially as relating to the {% blocktrans %} tag. Thanks to bartTC for the report, and Ramiro Morales for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11164 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 05:42:09 +00:00
Karen Tracey
fe2747d1e0 Fixed #10741: Updated instructions on the best gettext package to get for Windows. Thanks Ramiro.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11103 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-24 23:33:17 +00:00
Russell Keith-Magee
970be97530 Fixed #8861 -- Added note on the availability of ModelForm.instance. Thanks to Ramiro Morales for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11097 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-24 14:04:18 +00:00
Russell Keith-Magee
18b29c523b Fixed #11356 -- Added links to the growing collection of 3rd party database backends that are available. Thank to Nathan Auch for the draft text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11093 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-24 14:00:53 +00:00
Russell Keith-Magee
b836ed4666 Made correction to documentation change from [11045].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11054 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:44:26 +00:00
Russell Keith-Magee
3894ba853d Fixed #11253 -- Normalized the way the docs refer to TestCase.assert* methods. Thanks to SmileyChris for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11051 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:36:11 +00:00
Russell Keith-Magee
d71097111a Fixed #11322 -- Clarified docs regarding middleware processing. Thanks the Michael Malone for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11048 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:34:27 +00:00
Russell Keith-Magee
4086167ba6 Fixed #11318 -- Grammar correction in modelform docs. Thanks to seemant for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11047 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:33:52 +00:00
Russell Keith-Magee
3db96017ba Fixed #11278 -- Clarified query documentation regarding bulk assignment of m2m values. Thanks to zgoda for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11045 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:32:48 +00:00
Russell Keith-Magee
457a1f9a03 Fixed #11272 -- Made some clarifications to the overview and tutorial. Thanks to jjinux for the review notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11044 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:32:12 +00:00
Russell Keith-Magee
15a908b4d1 Refs #11336 -- Another dummy commit to force refresh of some index pages by Sphinx, caused by file ommitted from [11025] and included in [11026]. Thanks to Peter Landry for the report, and Ramiro for the explanation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11032 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 00:16:48 +00:00
Karen Tracey
80c0ee0be7 Fixed #11335 -- Corrected model reference in generic views doc. Thanks oyvind.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11028 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-17 19:59:50 +00:00
Russell Keith-Magee
ec1baddbb7 Update to [11025]. This time, actually include the new generic views documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11026 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-17 14:16:27 +00:00
Russell Keith-Magee
6c81952b37 Fixed #10336 -- Added improved documentation of generic views. Thanks to Jacob and Adrian for the original text (from the DjangoBook), and Ramiro for doing the work of porting the docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11025 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-17 14:09:56 +00:00
Russell Keith-Magee
992ded1ad1 Fixed #9919 -- Added note on the need to mark transactions as dirty when using raw SQL.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11022 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-17 13:47:39 +00:00
Russell Keith-Magee
6ad26e6acc Fixed #10845 -- Clarified the examples for using ModelForms with fields or exclude specified. Thanks to Andrew Durdin for the suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10972 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-10 12:46:04 +00:00
Karen Tracey
bdf33b37da Fixed #11215 -- Replaced erroneous catch with except in testing doc.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10845 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-27 16:03:51 +00:00
Adrian Holovaty
9848f888ba Made some small improvements to docs/topics/http/sessions.txt
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10839 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-26 05:29:28 +00:00
Brian Rosner
5d9983d084 Fixed #8857 -- Corrected ref in modelforms documentation and added ref to file upload documentation in form documentation. Thanks Kyle Fox and prairiedogg.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10837 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-24 06:46:02 +00:00
Karen Tracey
e258961e4f Fixed #11188 -- Removed incorrect doc note about step being unsupported when slicing query sets.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10835 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-23 12:58:31 +00:00
Karen Tracey
ae95edf91d Fixed #11138 -- Corrected the description of behavior related to the max_num parameter for model formsets.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10819 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-18 16:00:29 +00:00
Karen Tracey
5a5842ccf2 Fixed #11137 -- Add missing base class in proxy model extra managers doc. Thanks ekarulf.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10818 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-18 15:36:18 +00:00
Karen Tracey
a6a0b29318 Fixed #10400: Added a note in the file uploads doc about the correct form type needed for file uploads to work. Thanks claudep and timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10816 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-17 18:45:25 +00:00