Commit Graph

25 Commits

Author SHA1 Message Date
Luke Plant 25020ddb05 Fixed #4604 - Configurable message passing system, supporting anonymous users
This deprecates User.message_set in favour of a configurable messaging
system, with backends provided for cookie storage, session storage and
backward compatibility.

Many thanks to Tobias McNulty for the bulk of the work here, with
contributions from Chris Beaven (SmileyChris) and lots of code review from
Russell Keith-Magee, and input from many others.  Also credit to the authors
of various messaging systems for Django whose ideas may have been pinched
:-)



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11804 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-09 16:57:23 +00:00
Luke Plant 7230a995ce Moved contrib.csrf.* to core code.
There is stub code for backwards compatiblity with Django 1.1 imports.

The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:36:34 +00:00
Luke Plant 8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Luke Plant 20f7e51493 Reverted 10094 and 10095 (in favour of solution that will hopefully land for beta 2)
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10128 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 23:02:46 +00:00
Luke Plant 2d28724730 Added CSRF middleware to default settings and updated docs.
Updated docs to reflect the change, and the fact that using the
two separate middleware is preferred to using the combined one.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@10094 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-19 23:14:20 +00:00
Jacob Kaplan-Moss e206eabc68 Fixed #7317: the x-view middleware is no longer enabled by default.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8537 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 12:57:24 +00:00
Gary Wilson Jr 9fcaf3504c Fixed #6431 -- Fixed misspelling in projects template settings file, thanks Daniel Lindsley.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7041 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-01-28 05:40:57 +00:00
Adrian Holovaty 863ee0ef89 Fixed #5395 -- Changed URL of all language codes in project_template/settings.py. Thanks, Jarek Zgoda and mikkel@hoegh.org
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6123 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-13 14:37:22 +00:00
Malcolm Tredinnick 4d42dc3846 Changed the URL reference for timezone specifications. It looks like PostgreSQL is removing that list from their docs (in 8.2) and this might also help avoid problems with people not noticing there are multiple entries per line in the current PostgreSQL docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5941 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-08-19 10:24:35 +00:00
Malcolm Tredinnick 501448e3f2 Fixed #4863 -- Removed comment references to a no-longer present link. Pointed
out by Thomas Güttler.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5693 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-14 12:48:24 +00:00
Malcolm Tredinnick fedcabea9e Added Oracle to the list of permitted DATABASE_ENGINE settings (and removed
ado_msql, since we don't have a working backend for that at the moment).


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5543 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-06-26 12:58:42 +00:00
Malcolm Tredinnick dcc090e457 Fixed #4290 -- Added a warning about trailing slashes to the project settings
file. Thanks, mw@agami.at.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5404 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-06-01 10:00:00 +00:00
Malcolm Tredinnick acc9a95b63 Fixed #2315 -- Clarified that the available PostgreSQL timezone options may
provide more options than are strictly available. This is probably the best we
can do for such a varied area of standardisation.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@4678 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-03-08 03:41:04 +00:00
Jacob Kaplan-Moss 8930f3d027 Fixed #3589: settings templates and default settings now mention psycopg2 instead of psycopg1. Thanks (again), Mark Fargas.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4631 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-27 00:02:40 +00:00
Malcolm Tredinnick 80e58b3211 Fixed #2315 -- added work around for Windows timezone setting (i.e. we can't do
it). This will work until somebody wants to write some full Win32 timezone changing code for us. Thanks to Marc Fargas and SmileyChris for the combined patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@4487 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-12 00:10:09 +00:00
Adrian Holovaty 06a5370e6a Fixed #1977 -- Changed postgresql.org URL in global_settings.py and project_template/settings.py. Thanks, regexbot@gmail.com
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4207 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-15 15:56:42 +00:00
Adrian Holovaty 53348672c9 Added USE_I18N setting to default settings.py created for startproject command
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3607 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-08-18 03:42:28 +00:00
Adrian Holovaty 320c10cb19 Fixed #2485 -- Added comment to project_template/settings.py that says to use absolute paths, not relative paths
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3525 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-08-05 01:48:33 +00:00
Adrian Holovaty be25b661b1 Fixed #1998 -- Changed double quotes to single quotes
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2980 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-26 04:05:02 +00:00
Adrian Holovaty f69cf70ed8 MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-02 01:31:56 +00:00
Adrian Holovaty 4596b1bbfd Changed project_template/settings.py to add helpful comment about forward slashes. Thanks, Michael Hipp
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-12-31 04:03:40 +00:00
Adrian Holovaty 5d863f1fbd Fixed #603 -- Added template debugging errors to pretty error-page output, if TEMPLATE_DEBUG setting is True. Also refactored FilterParser for a significant speed increase and changed the template_loader interface so that it returns information about the loader. Taken from new-admin. Thanks rjwittams and crew
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1379 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-11-23 23:10:17 +00:00
Adrian Holovaty 9de01b157f Removed duplicate LANGUAGE_CODE from project_template/settings. Thanks, EspenG
git-svn-id: http://code.djangoproject.com/svn/django/trunk@958 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-10-19 16:10:31 +00:00
Adrian Holovaty 56022ea314 Added TIME_ZONE and LANGUAGE_CODE to stock settings file created by 'django-admin startproject
git-svn-id: http://code.djangoproject.com/svn/django/trunk@957 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-10-19 16:03:24 +00:00
Adrian Holovaty f07e5d4f5d Fixed #627 -- BACKWARDS-INCOMPATIBLE CHANGE. Admin is now an app, not a middleware. See BackwardsIncompatibleChanges for a full list of changes and information on how to update your code.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@948 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-10-19 01:09:05 +00:00