Following the app-loading refactor, these objects must live outside of
django.contrib.sites.models because they must be available without
importing the django.contrib.sites.models module when
django.contrib.sites isn't installed.
Refs #21680. Thanks Carl and Loic for reporting this issue.
This adds a flexible mechanism for filtering what request/traceback
information is shown in 500 error emails and logs. It also applies
screening to some views known to be sensitive e.g. views that handle
passwords.
Thanks to oaylanc for the report and many thanks to Julien Phalip for the
patch and the rest of the work on this.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16339 bcc190cf-cafb-0310-a4f2-bffc1f526a37
With the removal of CsrfResponseMiddleware, csrf_response_exempt serves no
purposes, and csrf_exempt and csrf_view_exempt perform the same function.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15956 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Thanks to Maniac for the report, julienb for the initial patch, and
especially to aaugustin for the final patch and tests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15696 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This is a BACKWARDS INCOMPATIBLE change, because it removes the flawed
'auto_adapt_to_methods' decorator, and replaces it with 'method_decorator'
which must be applied manually when necessary, as described in the 1.2
release notes.
For users of 1.1 and 1.0, this affects the decorators:
* login_required
* permission_required
* user_passes_test
For those following trunk, this also affects:
* csrf_protect
* anything created with decorator_from_middleware
If a decorator does not depend on the signature of the function it is
supposed to decorate (for example if it only does post-processing of the
result), it will not be affected.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12399 bcc190cf-cafb-0310-a4f2-bffc1f526a37
There is stub code for backwards compatiblity with Django 1.1 imports.
The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This was available before r11586, but undocumented. It has now been
re-added with documentation and explicit support, as it seems like a useful
feature and people were using it before.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11595 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This involved changing the way the internal function
decorator_from_middleware works slightly, breaking some code that relied on
the old behaviour. As a result, it is much simpler, but cache_page has been
made slightly more complex to cope with the change.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11586 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This is a hack to work around problems in the Real World. Apparently, Opera
9.64 has been observed sending malformed headers. We now compromise our high
principles and simply ignore such bad behaviour.
Patch from Ivan Sagalaev.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10370 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Fixed some typos in the code (fixed#10586). Added more tests. Made the
tests compatible with Python 2.3. Improved the documentation by putting
the good news and common use-case right up front.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10134 bcc190cf-cafb-0310-a4f2-bffc1f526a37
The conditional processing decorator from r10114 wasn't parsing ETags
from an If-Match header correctly. Patch from Ivan Sagalaev (who also
did most of the work in r10114, before I rewrote parts of it and added
bonus bugs, although I forgot to thank him there).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10116 bcc190cf-cafb-0310-a4f2-bffc1f526a37