1
0
mirror of https://github.com/django/django.git synced 2025-10-23 21:59:11 +00:00
Commit Graph

363 Commits

Author SHA1 Message Date
Luke Plant
45c7f427ce Fixed #14445 - Use HMAC and constant-time comparison functions where needed.
All adhoc MAC applications have been updated to use HMAC, using SHA1 to
generate unique keys for each application based on the SECRET_KEY, which is
common practice for this situation. In all cases, backwards compatibility
with existing hashes has been maintained, aiming to phase this out as per
the normal deprecation process. In this way, under most normal
circumstances the old hashes will have expired (e.g. by session expiration
etc.) before they become invalid.

In the case of the messages framework and the cookie backend, which was
already using HMAC, there is the possibility of a backwards incompatibility
if the SECRET_KEY is shorter than the default 50 bytes, but the low
likelihood and low impact meant compatibility code was not worth it.

All known instances where tokens/hashes were compared using simple string
equality, which could potentially open timing based attacks, have also been
fixed using a constant-time comparison function.

There are no known practical attacks against the existing implementations,
so these security improvements will not be backported.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14218 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 20:54:30 +00:00
Justin Bronn
120aae2209 Enabled area calculations for geography columns.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14189 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 17:13:27 +00:00
Jannis Leidel
6ddfe26932 Fixed #14349 -- Added Belgium localflavor. Thanks for the report and patch, Laurent Luce.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 23:35:23 +00:00
Justin Bronn
c4cbbb25a2 Updated version of PostGIS in GeoDjango install docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14150 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 19:48:15 +00:00
Russell Keith-Magee
a904e55859 Fixed #11509 -- Modified usage of "Web" to match our style guide in various documentation, comments and code. Thanks to timo and Simon Meers for the work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14069 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 08:12:50 +00:00
Russell Keith-Magee
127a25ac27 Fixed #14383 -- Corrected the capitalization of reStructuredText. Thanks to timo for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14017 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-08 15:37:16 +00:00
Russell Keith-Magee
060701a26a Fixed #14221 -- Cleaned up some text in the GIS tutorial. Thanks to Grant <renderbox@gmail.com> for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14006 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-08 14:13:44 +00:00
Luke Plant
667d832e90 Fixed #14386, #8960, #10235, #10909, #10608, #13845, #14377 - standardize Site/RequestSite usage in various places.
Many thanks to gabrielhurley for putting most of this together.  Also to
bmihelac, arthurk, qingfeng, hvendelbo, petr.pulc@s-cape.cz, Hraban for
reports and some initial patches.

The patch also contains some whitespace/PEP8 fixes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13980 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-04 14:20:47 +00:00
Karen Tracey
5912903852 Fixed #11358: Don't include private flatpages in sitemap. Thanks dburke and mlavin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13734 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-10 23:30:46 +00:00
Russell Keith-Magee
e1e2726957 Fixed #6932 -- Added a template tag that gives a list of available flatpages for a given user. Thanks to Dmitri Fedortchenko for the suggestion, and to Mnewman, faldridge and Simon Meers for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13654 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-28 11:59:14 +00:00
Russell Keith-Magee
f611ffaab3 Fixed #13820 -- Started the deprecation process for mod_python. Thanks to Robert Coup for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13648 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-28 02:40:57 +00:00
Russell Keith-Magee
23e85ef25f Refactored markup documentation to give it it's own home.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13647 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-28 02:40:17 +00:00
Russell Keith-Magee
8ce4a1991a Fixed #14116 -- Added a flag to enable CSRF checks in the test client. Thanks to jon@licq.org for the suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13640 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-27 13:54:13 +00:00
Karen Tracey
88e83ee472 Fixed #14172: Corrected misspelling of explicitly. Thanks 3point2.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13638 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-26 11:08:12 +00:00
Russell Keith-Magee
a323fd3c5e Fixed #14112 -- Various Markup fixes for the docs. Thanks to ramiro for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-23 08:07:35 +00:00
Jacob Kaplan-Moss
728effcfbd Fixed #14141: docs now use the :doc: construct for links between documents.
Thanks, Ramiro Morales.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13608 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-19 19:27:44 +00:00
Karen Tracey
d69cdc6d70 Fixed #14100: Corrected spelling error in description of user_email. Thanks tom_simpson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13574 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-12 10:48:24 +00:00
Russell Keith-Magee
103f7f83eb Fixed #11047 -- Clarified the explanation of arguments to GenericForeignKey. Thanks to psmith and timo for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13554 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-07 14:56:59 +00:00
Russell Keith-Magee
6ac4aba918 Fixed #11882 -- Added documentation for formfield_for_manytomany. Thanks to Rob Hudson, timo and Simon Meers for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13552 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-07 14:56:16 +00:00
Russell Keith-Magee
1a9e0f70ea Fixed #11748 -- Clarified the ways that search_field can be used. Thanks to Michael Richardson for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13550 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-07 14:55:31 +00:00
Russell Keith-Magee
2dc2ed87e5 Fixed #11800 -- Updated Sphinx metadata in queryset docs. Thanks to timo for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13548 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-07 14:26:07 +00:00
Russell Keith-Magee
5d1627ff6e Fixed #8567 -- Clarified the process of instantiating FormWizards. Thanks to ClaesBas for the suggestion, and ElliotM and timo for draft text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13543 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-07 07:57:35 +00:00
Russell Keith-Magee
bafe9fdef2 Fixed #7284 -- Provided an example for the use of the search_fields clause on ModelAdmin. Thanks to rbell01824@earthlink.net for the suggestion, and Simon Meers for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13542 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-07 07:57:15 +00:00
Russell Keith-Magee
88f2f0b39d Fixed #13740 -- Added documentation for the can_delete InlineModelAdmin option. Thanks to Alex Gaynor for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13458 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-07-30 04:15:16 +00:00
Justin Bronn
7773a92c7f Fixed #13671, #13748 -- Fixed errata and minor updates to GeoDjango docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13398 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-06-23 17:34:57 +00:00
Jacob Kaplan-Moss
1b04cb2348 Fixed #13597, a small typo in the admin docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13312 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-28 15:03:12 +00:00
Jacob Kaplan-Moss
747e8dfe5f Fixed #13563, a typo in the GeoDjango tutorial.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13293 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-19 03:25:42 +00:00
Karen Tracey
111d361d61 Fixed doc markup error that resulted in no anchor tag for the model admin queryset method.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13245 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-12 13:34:05 +00:00
Russell Keith-Magee
0e2f215625 Fixed #13529 -- Corrected ModelAdmin example. Thanks to stephane@actinetwork.com for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13242 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-12 13:24:38 +00:00
Russell Keith-Magee
d0d3e6792d Fixed #13524 -- Added backwards compatibility and feature notes regarding admin inlines and formsets. Thanks to Ramiro Morales and Gabriel Hurley.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13241 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-12 11:56:42 +00:00
Russell Keith-Magee
efa495f4f0 Fixed #13002 -- Corrected description of the default form base class in InlineModelAdmin classes. Thanks to stijn@typograaf.be for the report, and timo for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13209 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-10 13:11:09 +00:00
Russell Keith-Magee
f6e7a3aee5 Fixed #6039 -- Modified Atom example to be standard compliant. Thanks to ion.morega@gmail.com for the report, and arien for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13179 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-09 07:44:39 +00:00
Russell Keith-Magee
f9b75db90f Fixed #10712 -- Added documentation for the queryset() method on ModelAdmin. Thanks to mrts for the report, and timo for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13170 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-09 06:44:52 +00:00
Russell Keith-Magee
1b16a03dba Fixed #12040 -- Cleaned up the documentation describing how CurrentSiteManager works. Thanks to elpaso66 for the report, and Gabriel Hurley for the draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13168 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-09 06:43:18 +00:00
Russell Keith-Magee
ed33513988 Corrected typo from r13154.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13157 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-09 05:12:00 +00:00
Russell Keith-Magee
5b28f8a07b Fixed #13310 -- Documented the RESTRUCTUREDTEXT_FORMAT_SETTINGS setting. Thanks to Wraithan for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13154 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-09 04:49:11 +00:00
Russell Keith-Magee
663d17897e Fixed #13497 -- Corrected various typos and markup problems in docs. Thanks to Ramiro Morales for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13144 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-09 04:23:43 +00:00
Justin Bronn
7ebf105388 Fixed #13458 -- Corrected typo in GeoIP docs. Thanks, Paul McMillan for report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13098 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-04 21:49:27 +00:00
Justin Bronn
402f8cede5 Fixed #13315, #13430 -- Recreated django.contrib.gis.db.backend module with SpatialBackend alias and added Adaptor alias for backwards-compatibility purposes; added GeoDjango 1.2 backwards-incompatibility documentation and release notes; added a section in the docs about how MySQL is a crippled spatial database; updated versions in install docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13097 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-04 21:43:40 +00:00
Jannis Leidel
c3dbe9d509 Fixed #13361 - Made sure jQuery is always included in the admin changelist and changeform. Thanks to Carl Meyer for report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12997 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-04-19 10:16:25 +00:00
Justin Bronn
1ad9c36fb8 Fixed #11810 -- Fixed typo and errors that prevented modifiable from working in the geographic admin. Thanks to Rob Coup for the bug report. Refs #12504.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12995 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-04-16 16:34:42 +00:00
Justin Bronn
f4eac3d87f Minor documentation tweaks for GeoDjango, including addition of link to main index, and removal of unsupported :download: directives.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12942 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-04-09 20:51:01 +00:00
Russell Keith-Magee
c421a4fd92 Fixed #11949 -- Added a hook to allow ModelAdmin customization of the delete selected template. Thanks to bendavis78 for the report and patch, and Ramiro Morales for his cleanup work.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12916 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-04-05 12:02:27 +00:00
Justin Bronn
7bdb9a90d0 PostGIS 1.5 allows distance queries on non-point geographic geometry columns with ST_Distance_Sphere, enabled this functionality.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12890 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-30 23:15:43 +00:00
Gary Wilson Jr
2a6f14b930 Fixed #13103 -- A bit of re-organization to the custom template ModelAdmin options documentation section to remove some duplication and fix some confusing wording.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12868 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-27 21:12:56 +00:00
Gary Wilson Jr
2881da949f Fixed #13202 -- Documented required libraries for markup template tags, based on patch from steveed.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12860 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-27 00:07:31 +00:00
Justin Bronn
459c71e332 Fixed #12930, #12832, #11538 -- Refactored and merged the GeoDjango documentation into the rest of the Django docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12856 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-26 20:14:53 +00:00
Malcolm Tredinnick
ff2d0ebdb8 Fixed three small doc markup errors.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12741 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-10 00:58:05 +00:00
James Bennett
795e3235ff Fixed #12217: Documented the fact that serving flatpages from the flatpage middleware does not apply view middleware methods.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-03 08:51:46 +00:00
James Bennett
1f56ed7319 Fixed #11883: Documented how to set a custom template name on a flatpage.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12667 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-03 08:34:31 +00:00