1
0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Commit Graph

1501 Commits

Author SHA1 Message Date
Carl Meyer
0e03a504bf Refs #15855 -- Recommended the csrf_protect decorator rather than vary_on_cookie as workaround for cache_page caching the response before it gets to middleware.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16361 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-10 16:18:40 +00:00
Luke Plant
528157ce73 Fixed #14201 - Add a "security overview" page to the docs
Thanks to davidfischer for the initial patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-10 15:14:36 +00:00
Russell Keith-Magee
046ffa483e Fixed #16185, #15675 -- Added the ability for test runners to define custom options, and to specify a custom test runner at the command line. Thanks to Dmitry Jemerov and Mikołaj Siedlarek for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16352 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-10 08:26:05 +00:00
Chris Beaven
b56ef75088 Fixes #13511 -- make regex parameter to RegexValidator to be optional. Also tidies up related docs (parameters aren't attributes). Thanks for the patch work, davidfischer.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16351 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-09 23:51:03 +00:00
Ramiro Morales
dff31de20a Fixed #16155 -- Removed Python 2.4 compatibility constructs from code and mentions from docs. Thanks Aymeric Augustin for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16349 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-09 20:01:28 +00:00
Andrew Godwin
865d684a8a Fixed #8913 - Make "must be unique" error messages customisable. Thanks to Leah Culver.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16345 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-09 15:05:13 +00:00
Luke Plant
207e3ed9d5 Fixed #14206 - dynamic list_display support in admin
Thanks to gabejackson for the suggestion, and to cyrus for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16340 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-08 22:53:55 +00:00
Luke Plant
45e55b9143 Fixed #14614 - filtering of sensitive information in 500 error reports.
This adds a flexible mechanism for filtering what request/traceback
information is shown in 500 error emails and logs. It also applies
screening to some views known to be sensitive e.g. views that handle
passwords.

Thanks to oaylanc for the report and many thanks to Julien Phalip for the
patch and the rest of the work on this.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16339 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-08 22:18:46 +00:00
Ramiro Morales
0638ba5bba Enhanced a bit the documentation and docstring for the url template tag. Also, added a test for it.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16331 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-05 23:44:34 +00:00
Luke Plant
5434ce231d Fixed #11868 - Multiple sort in admin changelist.
Many thanks to bendavis78 for the initial patch, and for input from others.

Also fixed #7309. If people were relying on the undocumented default ordering
applied by the admin before, they will need to add 'ordering = ["-pk"]' to
their ModelAdmin.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16316 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-02 16:18:47 +00:00
Jannis Leidel
9abe734b83 Fixed #16141 -- Fixed typos in new form wizard.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16309 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-01 20:14:25 +00:00
Jannis Leidel
632dfa2338 Fixed #9200 -- Added new form wizard to formtools based on class based views. Many thanks to Stephan Jäkel, ddurham and ElliottM for their work.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16307 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-01 13:47:00 +00:00
Timo Graham
caefdc8246 Fixed #16090, #16091, #16114 - Typos in docs; thanks teraom.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16300 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-31 09:42:19 +00:00
Luke Plant
0994416d3f Fixed some typos/grammar in clickjacking docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16299 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30 22:50:11 +00:00
Luke Plant
524c5fa07a Fixed #14261 - Added clickjacking protection (X-Frame-Options header)
Many thanks to rniemeyer for the patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16298 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30 22:27:47 +00:00
Jannis Leidel
49f57a5d28 Fixed #15992 -- Added more references to settings. Thanks, aaugustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16290 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-29 17:41:04 +00:00
Jannis Leidel
61da3cc47a Fixed #16120 -- Updated a few reference links in the docs after the contributing reorganization. Thanks to Julien and Ramiro.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16289 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-29 12:47:30 +00:00
Luke Plant
a482cc0ba3 Fixed #16004 - csrf_protect does not send cookie if view returns TemplateResponse
The root bug was in decorator_from_middleware, and the fix also corrects
bugs with gzip_page and other decorators.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16276 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-24 21:28:43 +00:00
Timo Graham
6443adc9a9 Fixed #16067 - Couple reST fixes in ref/templates/builtins.txt; thanks julien.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16263 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-22 16:43:50 +00:00
Jannis Leidel
fc8116cc4f Fixed #6580 -- Added default parameter to MultiValueDict.getlist method (the base class for QueryDict). Many thanks to mk and andrewebdev.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16260 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-22 15:05:29 +00:00
Timo Graham
940d17409e Fixed #16021 - Minor documentation fixes for Generic Class Views; thanks Bradley Ayers.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16256 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-22 00:08:13 +00:00
Ramiro Morales
50ad59527c Tweaked some render_to_response links in the documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16255 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-21 18:36:01 +00:00
Jannis Leidel
f60d428463 Fixed #12417 -- Added signing functionality, including signing cookies. Many thanks to Simon, Stephan, Paul and everyone else involved.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16253 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-21 14:41:14 +00:00
Jannis Leidel
a3a53e0b73 Fixed #15561 -- Extended test setting override code added in r16165 with a decorator and a signal for setting changes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16237 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-18 12:08:53 +00:00
Jannis Leidel
091c9b530e Fixed #15983 and #16032 -- Another pass over the staticfiles docs. Many thanks to Frank Wiles and EvilDMP.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16235 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-18 09:51:24 +00:00
Jannis Leidel
578a31fea3 Fixed #15921 -- Refined naturaltime filter added in r16071 to use timesince and timeuntil filters as fallbacks instead of date filter.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16233 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-17 10:16:12 +00:00
Timo Graham
ce6072aa96 Fixed #15769 - Documented FormWizard's initial argument; thanks aimaz for the suggestion; jrothenbuhler for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16229 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-15 19:11:57 +00:00
Adrian Holovaty
c2ba96d8a9 Tweaked weird wording of docs/ref/contrib/humanize.txt 'naturaltime' section from [16071]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16226 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-14 17:44:10 +00:00
Ramiro Morales
2b5730873b Added ability to describe grouping of form fields in the same row to the fields ModelAdmin attribute.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16225 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-14 16:29:39 +00:00
Ramiro Morales
5f605678f0 Removed last vestiges of references to technical messages from documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16224 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-14 12:28:36 +00:00
Simon Meers
5ecb88c146 Fixed #16014 -- numerous documentation typos -- thanks psmith.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16220 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-13 04:33:42 +00:00
Chris Beaven
014cc896bc Fixes #15963 -- Misleading FileField.save documentation. Thanks for the report and patch, ejucovy.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16207 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-10 00:26:32 +00:00
Luke Plant
396bc58889 Updated AJAX example code in CSRF docs to be consistent regarding what are safe HTTP methods
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16202 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:46:02 +00:00
Luke Plant
cb060f0f34 Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requests
Thanks to brodie for the report, and further input from tow21

This is a potentially backwards incompatible change - if you were doing
PUT/DELETE requests and relying on the lack of protection, you will need to
update your code, as noted in the releaste notes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16201 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:45:54 +00:00
Luke Plant
8cbcf1d3a6 Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF cookie
Thanks to cfattarsi for the report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:22 +00:00
Luke Plant
a75120927e Added 'settings' section to CSRF docs, eliminating the unneeded 'Subdomains' section
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16199 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:10 +00:00
Luke Plant
d3641d889b Clarified wording about use of 2 decorators in CSRF docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16198 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:02 +00:00
Luke Plant
bf7af2be15 Added clarifying note to docs for CSRF_COOKIE_DOMAIN
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 22:59:52 +00:00
Luke Plant
b6c5f8060d Fixed #15354 - provide method to ensure CSRF token is always available for AJAX requests
Thanks to sayane for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 21:35:24 +00:00
Luke Plant
e9342e9b32 Fixed #15469 - CSRF token is inserted on GET requests
Thanks to goran for report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16191 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 19:06:57 +00:00
Luke Plant
7c648ea4aa Mentioned simplification of AJAX example code in CSRF docs.
Refs #15469. Thanks to aaugustin for the suggestion

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16190 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 19:06:49 +00:00
Luke Plant
5df93d529d Documented the edge case of needing a view that is partly CSRF protected
Refs #15518.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16189 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:52 +00:00
Luke Plant
b5da093fa9 In CSRF docs, moved 'Exceptions' section to 'Edge cases', and cleaned up some associated markup
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16188 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:45 +00:00
Luke Plant
eadcbcb131 Fixed #15518 - documented requires_csrf_token
Thanks to vzima for a report that raised the issue.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16187 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:36 +00:00
Luke Plant
1d350a6c51 Changed an example in CSRF docs to use new 'render' shortcut
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16186 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:28 +00:00
Luke Plant
ae1866ddef Fixed #15869 - example AJAX code in CSRF docs fails sometimes for IE7 or absolute same origin URLs
Thanks to nick for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16183 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 15:40:01 +00:00
Jannis Leidel
c5f58f54fd Fixed #15941 -- Fixed DateField docs to no longer state that the admin calendar's week always starts on Sunday (refs FIRST_DAY_OF_WEEK setting). Thanks aaugustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16174 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-07 16:58:58 +00:00
Jannis Leidel
0322f2b653 Fixed #15263 -- Added support for format localization to the now template tag. Thanks to danielr and dmclain.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16172 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-07 16:58:45 +00:00
Jannis Leidel
8f3e1c1c63 Fixed #6392 -- Made django.contrib.humanize template tags locale aware. Thanks, Dave McLain.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16168 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-06 13:29:58 +00:00
Luke Plant
171df93170 Fixed #15954 - New IGNORABLE_404_URLS setting that allows more powerful filtering of 404s to ignore
Thanks to aaugustin for implementing this.

(Technically this doesn't fix the original report, as we've decided against
having *any* default values, but the new feature makes it possible, and the
docs have an example addressing #15954).

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-05 20:49:26 +00:00