1
0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Commit Graph

146 Commits

Author SHA1 Message Date
Luke Plant
8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Russell Keith-Magee
8b6a2c11e4 Fixed #11073 -- Added documentation for SESSION_COOKIE_PATH. Thanks to liling for the report, and gsong for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11545 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 00:17:35 +00:00
Russell Keith-Magee
1ed9d29db8 Modified r11531 to use the original suggested text from the patch (which was better).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11532 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:41:12 +00:00
Russell Keith-Magee
15f3610747 Fixed #11589 -- Corrected an argument in the shortcuts documentation. Thanks to tsaylor for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11531 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:32:07 +00:00
Russell Keith-Magee
42ff5b3c12 Cleanup of some minor markup problems in URL documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11275 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-21 01:48:59 +00:00
Russell Keith-Magee
0c9d0bf7d6 Fixed #11492 -- Corrected some typos, and added some extra markup for the URLs documentation. Thanks to Ramiro Morales for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11258 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-17 00:55:21 +00:00
Russell Keith-Magee
3469f4b819 Fixed #11491 -- Corrected minor typo in new namespace URL docs. Thanks to Carl Meyer for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11253 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 23:45:36 +00:00
Russell Keith-Magee
8d48eaa064 Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:16:13 +00:00
Russell Keith-Magee
ebce1b9a2b Fixed #11439 -- Added docs on including URL patterns as an iterable. Thanks to Ramiro Morales for the draft text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11221 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-11 15:38:47 +00:00
Russell Keith-Magee
d71097111a Fixed #11322 -- Clarified docs regarding middleware processing. Thanks the Michael Malone for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11048 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:34:27 +00:00
Russell Keith-Magee
457a1f9a03 Fixed #11272 -- Made some clarifications to the overview and tutorial. Thanks to jjinux for the review notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11044 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:32:12 +00:00
Adrian Holovaty
9848f888ba Made some small improvements to docs/topics/http/sessions.txt
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10839 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-26 05:29:28 +00:00
Karen Tracey
a6a0b29318 Fixed #10400: Added a note in the file uploads doc about the correct form type needed for file uploads to work. Thanks claudep and timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10816 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-17 18:45:25 +00:00
Jacob Kaplan-Moss
c6c25adf6d Fixed a whole bunch of small docs typos, errors, and ommissions.
Fixes #8358, #8396, #8724, #9043, #9128, #9247, #9267, #9267, #9375, #9409, #9414, #9416, #9446, #9454, #9464, #9503, #9518, #9533, #9657, #9658, #9683, #9733, #9771, #9835, #9836, #9837, #9897, #9906, #9912, #9945, #9986, #9992, #10055, #10084, #10091, #10145, #10245, #10257, #10309, #10358, #10359, #10424, #10426, #10508, #10531, #10551, #10635, #10637, #10656, #10658, #10690, #10699, #19528.

Thanks to all the respective authors of those tickets.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10371 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-03 18:30:54 +00:00
Jacob Kaplan-Moss
516051bfd2 A whole lotta documentation fixes: Fixes #8704, #8826, #8980, #9243, #9343, #9529,
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10303 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 23:34:03 +00:00
Gary Wilson Jr
86d772bb2a Fixed #10120 -- Added a return to a doc example, patch from andrews.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10265 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 16:49:54 +00:00
Gary Wilson Jr
b4f5655c86 Fixed #10553 -- Corrected several uses of URLconf in documentation and comments, according to the Django style guide. Based on patch from rduffield.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10256 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 16:07:07 +00:00
Luke Plant
cdc8c61bc3 Made default MIDDLEWARE_CLASSES same as in project_template.
And updated docs, and also corrected them about middleware by removing
'XViewMiddleware'



git-svn-id: http://code.djangoproject.com/svn/django/trunk@10129 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 23:20:40 +00:00
Luke Plant
20f7e51493 Reverted 10094 and 10095 (in favour of solution that will hopefully land for beta 2)
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10128 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 23:02:46 +00:00
Gary Wilson Jr
e389234201 Added a versionadded directive to new redirect shortcut (refs #10194).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10111 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-21 15:26:56 +00:00
Jacob Kaplan-Moss
d7e8127524 Fixed #10194: added django.shortcuts.redirect, a do-what-I-mean redirect shortcut. See the docs at topics/http/shortcuts for details.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10108 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-21 13:09:13 +00:00
Luke Plant
4e7a4eda3d Updated all refs to default middleware in docs.
(adding CSRF, removing XView which is no longer a default)



git-svn-id: http://code.djangoproject.com/svn/django/trunk@10095 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-19 23:28:16 +00:00
Russell Keith-Magee
16d67a11ac Fixed #10298 -- Corrected the example for the get_list_or_404 shortcut. Thanks to Dagur for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9857 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-22 06:06:56 +00:00
Gary Wilson Jr
88837875f2 Auth-related doc cleanups:
* Added to documentation of missing characters from `allowed_chars` in `make_random_password`.
  * Fixed several long lines and word wraps.
  * Added a reference link to the "How to log a user in" section and made a later reference to this section an actual link using the `:ref:` directive.
  * Turned a command line code example into a code block.
  * Added attribute reference link for a ``request.META`` mention.
  * Added `code-block:: html` directives for HTML examples.
  * Corrected reference links for all the `auth.views` functions.
  * Added a few function signatures and documentation of optional parameters that were missing for some of the the `auth.views` functions (refs #10272).


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9835 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-16 05:10:31 +00:00
Gary Wilson Jr
f76cb41251 A few minor wording, whitespace, punctuation, and link changes for the middleware documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9833 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-15 05:46:00 +00:00
Gary Wilson Jr
11d382c6c4 Fixed a long line, a typo, and a few misspellings from [9727].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9729 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-11 05:47:06 +00:00
Jacob Kaplan-Moss
299e1e814f Fixed #6791: added a write-through cache session backend: session data is written through the cache to the database, but read from the cache for speed. Thanks to jhenry, mcroydon, and jdunck.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9727 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-10 22:18:14 +00:00
Adrian Holovaty
0cfcc72f88 Renamed file-uploads.txt from 'topics-file-uploads' to 'topics-http-file-uploads' to be consistent with directory structure
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9489 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-18 07:32:38 +00:00
Adrian Holovaty
e37e57f44a Removed 'Most Web sites wouldn't be complete without a way to upload files' sentence from file-uploads.txt in docs. I beg to differ.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9487 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-18 06:35:05 +00:00
Malcolm Tredinnick
a573f4c029 Fixed #9472 -- Fixed a couple of URL patterns to be more consistent (and remove
a misleading initial slash). Thanks, daveyjoe.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9471 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-16 09:35:30 +00:00
Karen Tracey
c483583023 Fixed #9497 - Doc typos. Many thanks ramiro.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9330 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-02 20:43:20 +00:00
Karen Tracey
8a5f2ee912 Fixed #9495 -- Corrected typo in urls doc. Thanks seemant.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9328 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-02 04:17:59 +00:00
Karen Tracey
dd9fd80561 Fixed #9441 -- Corrected typo in file upload settings doc. Thanks gsf.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9316 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-01 19:45:03 +00:00
Karen Tracey
d4f4ab8535 Fixed #9487 -- Corrected several links into the Python docs that were broken by the recent Python docs refactor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9312 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-01 19:02:09 +00:00
Malcolm Tredinnick
cbe11c1982 Fixed #9430 -- Fixed documentation references to the HttpResponse classes for
returning HTTP status codes other than 200.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9266 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-24 09:24:42 +00:00
Malcolm Tredinnick
fa63f1642d Fixed #8975 -- Added a note to the documentation for reverse() that all views
must be importable for URL reversing to work correctly.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9167 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-06 08:31:32 +00:00
Malcolm Tredinnick
a011a49457 Fixed #9047 -- Marked up django.core.urlresolvers.reverse() properly in the
docs. It now appears in the index.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9163 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-06 08:27:24 +00:00
Russell Keith-Magee
c9f0dd1ed6 Fixed #9075: Added a call to close() in the example file upload handler. Thanks to Brendan (bmsleight) for the suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9027 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-14 10:32:04 +00:00
Adrian Holovaty
74f386dba2 Fixed #8979 -- Made a bunch of typo/formatting fixes to the docs. Thanks, ramiro
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8987 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-09 01:54:20 +00:00
Jacob Kaplan-Moss
64a9469127 Fixed #8753: converted "new in ..." callouts to proper Sphinx "versionadded/versionchanged" directives. Thanks to Marc Fargas for all the heavy lifting here.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8843 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 03:40:42 +00:00
Malcolm Tredinnick
a63a83e5d8 A rewrite of the reverse URL parsing: the reverse() call and the "url" template tag.
This is fully backwards compatible, but it fixes a bunch of little bugs. Thanks
to SmileyChris and Ilya Semenov for some early patches in this area that were
incorporated into this change.

Fixed #2977, #4915, #6934, #7206.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8760 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-31 11:11:20 +00:00
James Bennett
ce24a1f81d Fixed #7654: Documented the fact that file upload handlers must be modified before reading request.POST
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8758 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-31 10:23:36 +00:00
Jacob Kaplan-Moss
52914fbf5a Fixed #8656: added a note about iterating over UploadedFile only understanding \n.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8685 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-28 21:39:17 +00:00
Russell Keith-Magee
f1ab8b4342 Fixed #8600: Corrected example URLConf to match new comments framework. Thanks to julien for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8650 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-28 11:27:17 +00:00
Jacob Kaplan-Moss
ff420b4364 Fixed #8454: added a FILE_UPLOAD_PERMISSIONS setting to control the permissoin of files uploaded by the built-in file storage system. Thanks, dcwatson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8640 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-27 22:21:14 +00:00
Jacob Kaplan-Moss
97cb07c3a1 Massive reorganization of the docs. See the new docs online at http://docs.djangoproject.com/.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8506 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 22:25:40 +00:00