Commit Graph

281 Commits

Author SHA1 Message Date
Luke Plant 5a0aab41ee Allow CsrfResponseMiddleware to be used if templates cannot be updated.
For the case where someone is using contrib views with custom templates that
they cannot update to use the template tag, it should be possible to use
CsrfResponseMiddleware.  This requires that 'csrf_response_exempt' is not
used for the admin views.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-30 00:17:29 +00:00
Luke Plant e6f0c10e77 Fixed typo in docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11677 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 22:26:54 +00:00
Luke Plant 9dc9770736 Documented the presence of {% csrf_token %} in Django 1.1.2 in trunk docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 21:52:25 +00:00
Luke Plant b32a187296 Fixed some typos
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11668 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 13:13:40 +00:00
Luke Plant f00ad4168e Added explicit notes about the need to update any customised templates for contrib apps for CSRF changes
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11667 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 12:11:56 +00:00
Luke Plant 2ddf1364c4 Added 'version added' info to CSRF_* settings.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11665 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 01:10:20 +00:00
Luke Plant 64b4ab18b4 Use decorator syntax for csrf_exempt example.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11663 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:43:16 +00:00
Luke Plant 7230a995ce Moved contrib.csrf.* to core code.
There is stub code for backwards compatiblity with Django 1.1 imports.

The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:36:34 +00:00
Luke Plant 8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Luke Plant a02a6fab66 Fixed #9163 - CsrfMiddleware needs to reset ETag header
Thanks to carljm for report and patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11650 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 10:45:58 +00:00
Jacob Kaplan-Moss b79702b2de Fixed #11402: added a `QuerySet.exists()` method. Thanks, Alex Gaynor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11646 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 00:28:39 +00:00
Luke Plant 055efb2530 Fixed #9674 - documented app_label.
Thanks to andymckay for the report and jpaulett for the patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11596 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-28 21:58:21 +00:00
James Bennett 4a2a0b0e21 Fixed #11931: Removed mention of nonexistent get_sql() method for arguments to limit_choices_to. Since the correct reference involves undocumented ORM internals, this simply removes the reference entirely in favor of publicly-documented use of Q objects.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11591 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-23 23:40:12 +00:00
Luke Plant f3af2d9883 Fixed some ReST markup in admin installation docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11580 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-14 22:49:03 +00:00
Luke Plant 95d5e450ec Fixed counting error in admin installation overview docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11579 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-14 22:36:20 +00:00
Russell Keith-Magee dbd6f512ee Corrected spaces for tabs from r11540.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11554 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 06:18:16 +00:00
Russell Keith-Magee ec6b9d6e63 Fixed #9236 -- Added documentation on the dependencies of the admin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11543 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 23:56:45 +00:00
Russell Keith-Magee 423b5c1e14 Fixed #6047 -- Minor correction to the documentation regarding regex field lookups. Thanks to Richard D. Worth for the suggestion, and Steve Holden for the text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11541 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 23:36:00 +00:00
Russell Keith-Magee 7cbc232909 Fixed #11359 -- Added a link to the signals topic guide in the signals reference. Thanks to tyson for the suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11540 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 23:06:22 +00:00
Russell Keith-Magee 9aef7dd9e7 Fixed #11592 -- Corrected the grammar in the queryset docs. Thanks to Shannon Bradshaw for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11539 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:59:41 +00:00
Russell Keith-Magee baf7d3e074 Fixed #11728 -- Corrected a typo in a class name in the request/response docs. Thanks to Tommstein for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11536 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:51:16 +00:00
Russell Keith-Magee 94885bac7b Fixed #11808 -- Corrected typo in admin docs. Thanks to kratorius for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11534 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:44:51 +00:00
Russell Keith-Magee fc7ef1c86c Fixed #11831 -- Corrected typo in comments docs. Thanks to gsf for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11533 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:43:20 +00:00
Luke Plant 49b9470dca Fixed #11071 - update is_ajax() docs.
Thanks timo.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11490 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-10 16:17:56 +00:00
Luke Plant 1387b17026 Fixed #7437: SelectDateWidget is not documented.
Thanks timo.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11488 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-10 15:45:15 +00:00
Karen Tracey bb9cc01b13 Fixed #6674: Documented a couple of widget arguments. Thanks timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11478 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-29 12:40:47 +00:00
Ian Kelly dcf3be7a62 Fixed #10566: Added support for cx_Oracle compiled with the WITH_UNICODE flag.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11477 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-24 15:45:48 +00:00
Karen Tracey b82ad10f9d Fixed #11508: Adding missing word to form wizard doc. Thanks thepointer and timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11444 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-13 16:59:59 +00:00
Jacob Kaplan-Moss d78cf61c99 BACKWARDS-INCOMPATIBLE CHANGE: Removed SetRemoteAddrFromForwardedFor middleware.
In a nutshell, it's been demonstrated that this middleware can never be made reliable enough for general-purpose use, and that (despite documentation to the contrary) its inclusion in Django may lead application developers to assume that the value of ``REMOTE_ADDR`` is "safe" or in some way reliable as a source of authentication. So it's gone.

See the Django 1.1 release notes for full details, as well as upgrade instructions.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11363 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-29 05:35:51 +00:00
Russell Keith-Magee b2f72fc040 Fixed #11527 -- Added unit tests and documentation for the use of F() expressions in single object updates. Thanks to Zachary Voase for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11322 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-24 13:38:36 +00:00
Russell Keith-Magee 8d48eaa064 Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:16:13 +00:00
Russell Keith-Magee 93d86479e3 Fixed #11480 -- Corrected markup error in admin docs. Thank to msgre for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11240 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-15 13:57:46 +00:00
Russell Keith-Magee 6f25903a89 Fixed #11235 -- Added a missing clause from some sample SQL in the queryset docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11239 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-15 13:56:50 +00:00
Russell Keith-Magee 5727374d95 Fixed #11348 -- Trimmed the width of a screenshot image in the admin docs. Thanks to smcoll for the new image.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11238 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-15 13:55:50 +00:00
Russell Keith-Magee 75514ab7bc Fixed #11374 -- Modified the documentation for forms.BooleanField to allow for the fact that it can be rendered using widgets other than a checkbox. Thanks to lygaret for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11236 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-15 13:54:11 +00:00
Russell Keith-Magee e992e57d3e Fixed #11416 -- Restored use of the never_cache decorator on admin views. Thanks to Ramiro Morales and Michael Newmann for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11229 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-13 13:46:31 +00:00
Russell Keith-Magee 6bf55a1abf Fixed #11450 -- Corrected markup problem in contenttype docs. Thanks to seveas for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11218 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-11 15:37:08 +00:00
Russell Keith-Magee 9515c008bb Fixed #11454 -- Corrected mismatched parenthesis in admin docs. Thanks to seveas for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11217 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-11 15:36:31 +00:00
Russell Keith-Magee b96e55e811 Fixed #11419 -- Corrected a minor typo in the admin docs. Thanks to jspeis for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11176 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 14:10:35 +00:00
Russell Keith-Magee 36954a04b7 Fixed #9669 -- Corrected an answer in the admin FAQ that is wrong in a post-newforms-admin world. Thanks to Alex for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11175 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 14:09:04 +00:00
Russell Keith-Magee b73319ae7b Fixed #11417 -- Corrected typo in MySQL collation notes. Thanks to vorushin for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11169 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 07:15:48 +00:00
Russell Keith-Magee 6ed0345092 Fixed #11413 -- Added notes on the cycle and firstof tag detailing that variables output by those tags will not be escaped by default. Thanks to krystal for the report and draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11163 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 05:41:36 +00:00
Russell Keith-Magee 970be97530 Fixed #8861 -- Added note on the availability of ModelForm.instance. Thanks to Ramiro Morales for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11097 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-24 14:04:18 +00:00
Russell Keith-Magee 4acf7f43e7 Fixed #10415 -- Added documentation for features added in r7627 and r7630; extensibility points for the ModelAdmin and AdminSite. Thanks to Ramiro Morales for the draft text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11095 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-24 14:02:22 +00:00
Russell Keith-Magee bbd7b64e76 Fixed #11354 -- Remove stray whitespace in queryset docs. Thanks to flebel for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11094 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-24 14:01:36 +00:00
Russell Keith-Magee 18b29c523b Fixed #11356 -- Added links to the growing collection of 3rd party database backends that are available. Thank to Nathan Auch for the draft text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11093 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-24 14:00:53 +00:00
Russell Keith-Magee 755762e5b9 Fixed #11221 -- Replaced a reference to a non-existent URL with an actual explanation of sequences. Thanks to Rob Hudson for the report, and SmileyChris for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11053 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:37:10 +00:00
Russell Keith-Magee 97fb6cf2b3 Fixed #11141 -- Corrected a code example in the admin docs. Thanks to jodal for the report, and SmileyChris for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11049 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:35:06 +00:00
Russell Keith-Magee 7c18404a24 Fixed #11312 -- Fixed the default value given for DEFAULT_FILE_STORAGE in the docs. THanks to x00nix@gmail.com for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11046 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:33:18 +00:00
Russell Keith-Magee 457a1f9a03 Fixed #11272 -- Made some clarifications to the overview and tutorial. Thanks to jjinux for the review notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11044 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:32:12 +00:00