1
0
mirror of https://github.com/django/django.git synced 2025-10-26 23:26:08 +00:00
Commit Graph

262 Commits

Author SHA1 Message Date
Luke Plant
8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Luke Plant
a02a6fab66 Fixed #9163 - CsrfMiddleware needs to reset ETag header
Thanks to carljm for report and patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11650 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 10:45:58 +00:00
Luke Plant
f3af2d9883 Fixed some ReST markup in admin installation docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11580 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-14 22:49:03 +00:00
Luke Plant
95d5e450ec Fixed counting error in admin installation overview docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11579 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-14 22:36:20 +00:00
Russell Keith-Magee
ec6b9d6e63 Fixed #9236 -- Added documentation on the dependencies of the admin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11543 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 23:56:45 +00:00
Russell Keith-Magee
94885bac7b Fixed #11808 -- Corrected typo in admin docs. Thanks to kratorius for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11534 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:44:51 +00:00
Russell Keith-Magee
fc7ef1c86c Fixed #11831 -- Corrected typo in comments docs. Thanks to gsf for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11533 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:43:20 +00:00
Karen Tracey
b82ad10f9d Fixed #11508: Adding missing word to form wizard doc. Thanks thepointer and timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11444 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-13 16:59:59 +00:00
Russell Keith-Magee
8d48eaa064 Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:16:13 +00:00
Russell Keith-Magee
93d86479e3 Fixed #11480 -- Corrected markup error in admin docs. Thank to msgre for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11240 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-15 13:57:46 +00:00
Russell Keith-Magee
5727374d95 Fixed #11348 -- Trimmed the width of a screenshot image in the admin docs. Thanks to smcoll for the new image.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11238 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-15 13:55:50 +00:00
Russell Keith-Magee
e992e57d3e Fixed #11416 -- Restored use of the never_cache decorator on admin views. Thanks to Ramiro Morales and Michael Newmann for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11229 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-13 13:46:31 +00:00
Russell Keith-Magee
6bf55a1abf Fixed #11450 -- Corrected markup problem in contenttype docs. Thanks to seveas for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11218 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-11 15:37:08 +00:00
Russell Keith-Magee
9515c008bb Fixed #11454 -- Corrected mismatched parenthesis in admin docs. Thanks to seveas for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11217 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-11 15:36:31 +00:00
Russell Keith-Magee
b96e55e811 Fixed #11419 -- Corrected a minor typo in the admin docs. Thanks to jspeis for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11176 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 14:10:35 +00:00
Russell Keith-Magee
36954a04b7 Fixed #9669 -- Corrected an answer in the admin FAQ that is wrong in a post-newforms-admin world. Thanks to Alex for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11175 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 14:09:04 +00:00
Russell Keith-Magee
970be97530 Fixed #8861 -- Added note on the availability of ModelForm.instance. Thanks to Ramiro Morales for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11097 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-24 14:04:18 +00:00
Russell Keith-Magee
4acf7f43e7 Fixed #10415 -- Added documentation for features added in r7627 and r7630; extensibility points for the ModelAdmin and AdminSite. Thanks to Ramiro Morales for the draft text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11095 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-24 14:02:22 +00:00
Russell Keith-Magee
97fb6cf2b3 Fixed #11141 -- Corrected a code example in the admin docs. Thanks to jodal for the report, and SmileyChris for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11049 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:35:06 +00:00
Russell Keith-Magee
457a1f9a03 Fixed #11272 -- Made some clarifications to the overview and tutorial. Thanks to jjinux for the review notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11044 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:32:12 +00:00
Karen Tracey
3465ac05a6 Fixed #11034: Corrected serialization example in admin actions doc. Thanks timo and kaikuehne.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10804 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-17 17:13:33 +00:00
Karen Tracey
50745cc31e Fixed #11066 -- Corrected 15 duplicate "the"s found in docs and code comments. Thanks kaikuehne.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10801 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-17 16:45:28 +00:00
James Bennett
bed1418034 Add a proper cross-reference to the mention of HttpRequest in the comment moderation docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10786 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-15 02:57:53 +00:00
Jacob Kaplan-Moss
d246401552 Fixed #11113: fixed a couple of issues that slipped through the cracks when comment moderation was added to django.contrib.comments.
The is a potentially backwards-incompatible change for users already relying on the internals of comment moderaration. To wit:

   * The moderation system now listens to the new `comment_will_be_posted`/`comment_was_posted` signals instead of `pre/post_save`. This means that import request-based information is available to moderation as it should be.
   * Some experimental code from `django.contrib.comments.moderation` has been removed. It was never intended to be merged into Django, and was completely untested and likely buggy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10784 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 15:20:50 +00:00
Jacob Kaplan-Moss
d987b378ce Fixed #11039: documented that aggregation and generic relations don't mix. Thanks, psmith.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10781 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 02:38:27 +00:00
Jacob Kaplan-Moss
5bdee2556e Fixed #11022: documented that the admin bulk delete action calls QuerySet.delete(), not Model.delete(). Thanks, Idan Gazit.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10780 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 02:35:16 +00:00
Jacob Kaplan-Moss
690cb616ce Fixed #10886: corrected a mistaken example in the admin docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10776 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 02:17:40 +00:00
Jacob Kaplan-Moss
d08339686b Fixed #9675: added note about upgrading the URLconf to the comment upgrade guide.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10746 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-12 17:23:43 +00:00
Russell Keith-Magee
95bcb70b56 Fixed #10367 -- Corrected an example in the documentation for GenericRelation. Thanks to George Song for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10659 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-02 14:51:54 +00:00
Jacob Kaplan-Moss
d6829782d0 Now that formsets guarentee ordering (see [10623]) we can remove the arbitrary validation of this fact added as part of [10077].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-22 22:45:23 +00:00
Russell Keith-Magee
565c190611 Fixed #10559 -- Clarified documentation on customization of comments pages. Thanks to Thejaswi Puthraya for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10566 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-16 12:48:16 +00:00
Russell Keith-Magee
e6d2b14e35 Fixed #10726 -- Added documentation on AdminSite urls. Thanks to Alex Gaynor for the initial draft.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10565 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-16 12:47:34 +00:00
Russell Keith-Magee
83623d45c7 Fixed #10776 -- Added metadata targets for the contrib.admin docs, and used one of those targets to clarify the SlugField docs. Thanks to ernop for the suggestion, and timo for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10564 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-16 12:46:58 +00:00
Jacob Kaplan-Moss
f8adf99cdb Fixed #9268: pass the "next" param through in the comment preview/post view. Also updated the docs to make this a bit clearer.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10418 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-07 19:28:13 +00:00
Simon Willison
7f7606070b Fixed a documentation typo
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10412 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-06 23:45:56 +00:00
Jacob Kaplan-Moss
07465b635d Fixed a small error in the docs that I missed from [10408].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10409 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-06 20:28:55 +00:00
Jacob Kaplan-Moss
bb15cee58a Made a bunch of improvements to admin actions. Be warned: this includes one minor but BACKWARDS-INCOMPATIBLE change.
These changes are:

    * BACKWARDS-INCOMPATIBLE CHANGE: action functions and action methods now share the same signature: `(modeladmin, request, queryset)`. Actions defined as methods stay the same, but if you've defined an action as a standalone function you'll now need to add that first `modeladmin` argument.
    * The delete selected action is now a standalone function registered site-wide; this makes disabling it easy.
    * Fixed #10596: there are now official, documented `AdminSite` APIs for dealing with actions, including a method to disable global actions. You can still re-enable globally-disabled actions on a case-by-case basis.
    * Fixed #10595: you can now disable actions for a particular `ModelAdmin` by setting `actions` to `None`.
    * Fixed #10734: actions are now sorted (by name).
    * Fixed #10618: the action is now taken from the form whose "submit" button you clicked, not arbitrarily the last form on the page.
    * All of the above is documented and tested.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10408 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-06 20:23:33 +00:00
Jacob Kaplan-Moss
c6c25adf6d Fixed a whole bunch of small docs typos, errors, and ommissions.
Fixes #8358, #8396, #8724, #9043, #9128, #9247, #9267, #9267, #9375, #9409, #9414, #9416, #9446, #9454, #9464, #9503, #9518, #9533, #9657, #9658, #9683, #9733, #9771, #9835, #9836, #9837, #9897, #9906, #9912, #9945, #9986, #9992, #10055, #10084, #10091, #10145, #10245, #10257, #10309, #10358, #10359, #10424, #10426, #10508, #10531, #10551, #10635, #10637, #10656, #10658, #10690, #10699, #19528.

Thanks to all the respective authors of those tickets.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10371 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-03 18:30:54 +00:00
Jacob Kaplan-Moss
a2dec37c41 Fixed #9908: allow individual app index templates in the admin. Thanks, arne.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10317 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-01 14:13:59 +00:00
Joseph Kocherhans
efd7141d70 Fixed #9452. InlineModelAdmin docs now mention the right default for 'form'.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10309 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-01 01:29:30 +00:00
Jacob Kaplan-Moss
516051bfd2 A whole lotta documentation fixes: Fixes #8704, #8826, #8980, #9243, #9343, #9529,
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10303 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 23:34:03 +00:00
James Bennett
131de1cf2b Fixed #10367: Added note to generic-relation docs explaining when it's necessary to pass in field names to create a reverse relation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10273 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 17:14:10 +00:00
Gary Wilson Jr
4a73b603d0 Fixed #10612 -- Removed duplicate word in docs, patch from adamfast.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10249 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 15:33:57 +00:00
Gary Wilson Jr
7372ea159a Fixed #10389, #10501, #10502, #10540, #10562, #10563, #10564, #10565, #10568, #10569, #10614, #10617, #10619 -- Fixed several typos as well as a couple minor issues in the docs, patches from timo, nih, bthomas, rduffield, UloPe, and sebleier@gmail.com.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10242 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 07:01:01 +00:00
Gary Wilson Jr
5c9d54344c Fixed #9946 -- Removed redundant mention of needing to define list_display.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10237 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-30 23:30:33 +00:00
Russell Keith-Magee
c4eb2883bc Fixed #10510 -- Added missing versionadded marker for formfield_for_foreignkey docs. Thanks to onno.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10148 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-24 11:41:37 +00:00
Jacob Kaplan-Moss
4246c832b6 Added 1.1 beta release notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10130 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 23:25:03 +00:00
Luke Plant
20f7e51493 Reverted 10094 and 10095 (in favour of solution that will hopefully land for beta 2)
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10128 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 23:02:46 +00:00
Jacob Kaplan-Moss
f22418a6be Oops, added missing file from [10122].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10123 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 21:22:31 +00:00
Jacob Kaplan-Moss
f0560dfdb2 Fixed #9282: added a generic comment moderation toolkit. See the documentation for details.
This began life as (part of) James Bennett's comment-utils app, and was adapted to be part of Django by Thejaswi Puthraya and Jannis Leidel. Thanks, all!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10122 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 21:07:02 +00:00