1
0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Commit Graph

376 Commits

Author SHA1 Message Date
Luke Plant
cb060f0f34 Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requests
Thanks to brodie for the report, and further input from tow21

This is a potentially backwards incompatible change - if you were doing
PUT/DELETE requests and relying on the lack of protection, you will need to
update your code, as noted in the releaste notes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16201 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:45:54 +00:00
Luke Plant
8cbcf1d3a6 Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF cookie
Thanks to cfattarsi for the report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:22 +00:00
Luke Plant
a75120927e Added 'settings' section to CSRF docs, eliminating the unneeded 'Subdomains' section
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16199 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:10 +00:00
Luke Plant
d3641d889b Clarified wording about use of 2 decorators in CSRF docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16198 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:02 +00:00
Luke Plant
bf7af2be15 Added clarifying note to docs for CSRF_COOKIE_DOMAIN
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 22:59:52 +00:00
Luke Plant
b6c5f8060d Fixed #15354 - provide method to ensure CSRF token is always available for AJAX requests
Thanks to sayane for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 21:35:24 +00:00
Luke Plant
e9342e9b32 Fixed #15469 - CSRF token is inserted on GET requests
Thanks to goran for report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16191 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 19:06:57 +00:00
Luke Plant
7c648ea4aa Mentioned simplification of AJAX example code in CSRF docs.
Refs #15469. Thanks to aaugustin for the suggestion

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16190 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 19:06:49 +00:00
Luke Plant
5df93d529d Documented the edge case of needing a view that is partly CSRF protected
Refs #15518.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16189 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:52 +00:00
Luke Plant
b5da093fa9 In CSRF docs, moved 'Exceptions' section to 'Edge cases', and cleaned up some associated markup
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16188 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:45 +00:00
Luke Plant
eadcbcb131 Fixed #15518 - documented requires_csrf_token
Thanks to vzima for a report that raised the issue.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16187 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:36 +00:00
Luke Plant
1d350a6c51 Changed an example in CSRF docs to use new 'render' shortcut
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16186 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:28 +00:00
Luke Plant
ae1866ddef Fixed #15869 - example AJAX code in CSRF docs fails sometimes for IE7 or absolute same origin URLs
Thanks to nick for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16183 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 15:40:01 +00:00
Jannis Leidel
8f3e1c1c63 Fixed #6392 -- Made django.contrib.humanize template tags locale aware. Thanks, Dave McLain.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16168 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-06 13:29:58 +00:00
Jannis Leidel
95dc7c7486 Fixed #15960 -- Extended list filer API added in r16144 slightly to pass the current model admin to the SimpleListFilter.lookups method to support finer grained control over what is filtered over. Many thanks to Carl Meyer and Julien Phalip for the suggestion and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16152 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-04 22:52:04 +00:00
Jannis Leidel
05b4f2ebc2 Corrected the behavior of the SimpleFilter.lookups method to also be able to return None. Also modified example in documentation to be a bite more realistic. Refs #5833. Thanks for the hint, Martin Mahner.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16150 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-03 13:52:39 +00:00
Jannis Leidel
f4860448dd Fixed #13729 -- Renamed UK localflavor to GB to correctly follow ISO 3166. Thanks, Claude Paroz.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16147 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-03 11:52:20 +00:00
Jannis Leidel
18d2f4a816 Fixed #5833 -- Modified the admin list filters to be easier to customize. Many thanks to Honza Král, Tom X. Tobin, gerdemb, eandre, sciyoshi, bendavis78 and Julien Phalip for working on this.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16144 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-03 10:44:23 +00:00
Jannis Leidel
07854d1c44 Fixed #15713 -- Added a form field for validating Polish National ID Card numbers. Thanks, xtrqt.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16116 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-28 13:20:33 +00:00
Simon Meers
013ce8aca2 Fixed #15865 -- correct class name for BaseGenericInlineFormset. Thanks leonelfreire for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16113 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-28 01:46:46 +00:00
Simon Meers
fe7695533d Fix heading formatting in localflavor docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16112 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-28 00:28:42 +00:00
Simon Meers
6d98cda03c Fixed #15830 -- Add documentation regarding localflavor i18n. Thanks framos.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16109 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-28 00:20:10 +00:00
Jannis Leidel
c8092b840b Fixed #15008 -- Replaced all calls in the admin to render_to_response with TemplateResponses for easier customization. Thanks to Chris Adams for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16087 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-22 18:17:16 +00:00
Ramiro Morales
13cfdb0d8b Fixed a couple of small documentation typos.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16086 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-22 14:08:31 +00:00
Jannis Leidel
7478aeb0a7 Fixed #15705 -- Added Croatian (hr) localflavor. Thanks, Zlatko Mašek and Julien Phalip.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16077 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-22 12:03:42 +00:00
Jannis Leidel
e1f7bc0a41 Fixed #15013 -- Added Russian (ru) localflavor package. Thanks, blackraven and Julien Phalip.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16076 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-22 12:03:30 +00:00
Jannis Leidel
ea248f0107 Fixed #12771 -- Added naturaltime filter to humanize contrib app. Thanks, phinpho, djansoft and xtrqt.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16071 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-22 12:02:47 +00:00
Jannis Leidel
8b588747ed Fixed #12379 -- Added Chinese (cn) localflavor package. Thanks, Xia Kai, Daniel Duan, DaNmarner and Łukasz Rekucki.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16070 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-22 12:02:38 +00:00
Jannis Leidel
6c17190bf8 Fixed #11639, #13618 -- Added get_prepopulated_fields method to ModelAdmin and InlineModelAdmin to be able to handle prepopulated fields on a case-by-case basis. Thanks, leanmeandonothingmachine.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16069 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-22 12:02:25 +00:00
Jannis Leidel
59d1f82634 Fixed #11251 -- Extended Australian localflavor to ship a few model fields additionally. Thanks, Simon Meers and Julien Phalip.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16066 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-22 12:01:59 +00:00
Luke Plant
26cda43012 Switched to HTML5 doctype in all Django supplied templates.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16050 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-20 17:40:53 +00:00
Jannis Leidel
196ac8f8b3 Fixed #6213 -- Updated the flatpages app to only append a slash if the flatpage actually exist.
The FlatpageFallbackMiddleware (and the view) now only add a trailing slash and redirect if the resulting URL refers to an existing flatpage. Previously requesting /notaflatpageoravalidurl would redirect to /notaflatpageoravalidurl/, which would then raise a 404. Requesting /notaflatpageoravalidurl now will immediately raise a 404. Also, Redirects returned by flatpages are now permanent (301 status code) to match the behaviour of the CommonMiddleware.

Thanks to Steve Losh for the initial work on the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16048 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-20 14:41:47 +00:00
Luke Plant
96520e87bd Corrected factual error regarding logging in the CSRF docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16047 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-20 11:39:10 +00:00
Luke Plant
8d4b414760 Fixed #15757 - removed remaining instances of get_and_delete_messages
Thanks to void for the report, and julien for the bulk of the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16022 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-07 22:01:23 +00:00
Simon Meers
e301899392 Fixed #15746. Clarified updated list_filter documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16010 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-03 23:08:48 +00:00
Russell Keith-Magee
5d5149cd18 Advanced deprecation of user-based messages and the LegacyFallbackStorage in contrib.messages.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15975 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-02 08:36:04 +00:00
Adrian Holovaty
94af19c43f Changed e-mail to email throughout documentation and codebase. The one exception is translation strings, which I didn't want to disrupt
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15967 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-01 16:10:22 +00:00
Luke Plant
8823021625 Removed deprecated CsrfResponseMiddleware, and corresponding tests and docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15949 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-30 17:34:26 +00:00
Justin Bronn
c70bdad8b4 Fixed #14133 -- Updated Windows installation instructions for GeoDjango, now recommend the OSGeo4W installer for spatial libraries.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15872 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-17 20:06:19 +00:00
Justin Bronn
127331041e Use Sphinx :download: directives for spatial database template creation scripts instead of linking to geodjango.org.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15854 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-16 16:21:16 +00:00
Adrian Holovaty
ccc972e750 Fixed #15618 -- CookieStorage storage in messages framework now honors SESSION_COOKIE_DOMAIN. Thanks for the report and patch, lamby
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15848 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-16 03:50:51 +00:00
Gabriel Hurley
3349b95db6 Fixed #15592 -- corrected an missing backtick in the syndication docs. Thanks to bradley.ayers for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15793 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-10 17:21:16 +00:00
Gabriel Hurley
4e76f0f793 Fixed #15504 -- Cleaned up contrib.syndication and contrib.utils.feedgenerator docs. Corrected numerous reST problems, removed duplicate method declarations, corrected method signatures, etc. Thanks to slinkp for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15739 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-03 22:20:54 +00:00
Gabriel Hurley
13838fb233 Fixed #15365 -- Added a warning to the contrib.markup docs reminding users that the marked up output will not be escaped.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15673 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-28 05:39:44 +00:00
Simon Meers
6ce03dd888 Fixed #15375 -- clarified apparent contradiction in Form Wizard documentation. Thanks to codysomerville for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15633 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-23 09:41:38 +00:00
Luke Plant
37343bac8a Removed example CSRF jQuery code from release notes, replacing with link to improved code in the CSRF docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-22 11:27:58 +00:00
Luke Plant
fdf9602961 Fixed #11058 - list_display_links doesn't allow callables not defined in the model
Thanks to dvine for the report and julien for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15619 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 19:15:02 +00:00
Gabriel Hurley
fe1110018a Fixed #15335 -- Improved Sphinx crossref targets and metadata for the sites and flatpages reference docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15562 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-18 00:58:34 +00:00
Gabriel Hurley
319de16ff0 Fixed #15233 -- reST/Sphinx markup corrections in numerous areas, mostly centering around bad crossref targets. Thanks to Aryeh Leib Taurog for the draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15549 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-16 01:56:53 +00:00
Gabriel Hurley
9323f81dc0 Fixed #14820 -- Added more information to the generic relation docs regarding different choices for storing PK references for a GenericForeignKey. Thanks to mrmachine for the all the work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15545 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-16 00:18:09 +00:00