Commit Graph

524 Commits

Author SHA1 Message Date
Gary Wilson Jr 38d972b9ec Fixed #5880 -- Fixed an XSS hole in the admin interface.
* Escaped text that gets sent after saving the admin foreignkey popup form.
 * Added quotes around the second argument passed to `opener.dismissAddAnotherPopup` to make the function also work when a text field is used as the primary key.
 * Added a `html_unescape` javascript function to unescape the strings passed in to the `dismissAddAnotherPopup` function so that the added choice displays correctly in the dropdown box.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-18 06:51:20 +00:00
Malcolm Tredinnick b58c55fc80 Fixed #5944 -- Added safe string markings to admin error messages in one place
that was missed.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 22:58:24 +00:00
Malcolm Tredinnick 356662cf74 Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359
See documentation in templates.txt and templates_python.txt for how everything
works.

Backwards incompatible if you're inserting raw HTML output via template variables.

Based on an original design from Simon Willison and with debugging help from Michael Radziej.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 12:58:53 +00:00
Luke Plant 8c9b65429a Fixed bug in /admin/doc/views/ caused by [6658]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6659 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-09 15:27:49 +00:00
Luke Plant 8eeb9feab0 Fixed #4376 -- login_required now works with bound methods. Thanks, Steven Bethard.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6658 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-07 22:45:07 +00:00
Gary Wilson Jr 8c442f21dc Fixed #5816 -- Fixed a regression from [6333] that generates incorrect cookie "expires" dates when using a locale other than English. Introduced `http_date` and `cookie_date` utility functions. Thanks for the report Michael Lemaire. Thanks for the patch Karen Tracey and `SmileyChris`.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6634 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-31 03:59:40 +00:00
Gary Wilson Jr a7a6a1b75d Fixed imports, indention, and a long line.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-29 23:55:08 +00:00
Malcolm Tredinnick 212aa32e2a Fixed #5798 -- Added a missing translation marker. Thanks, maru.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6617 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-27 04:34:50 +00:00
Malcolm Tredinnick 8a3cf46e60 Fixed #3502 -- Added TTL support for RSS (not Atom) feeds. Patch from
jason.sidabras@gmail.com and Thomas Kerpe.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6570 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-20 14:54:38 +00:00
Malcolm Tredinnick 4c0d8d882d Fixed #4729 -- Restored functionality to the Session class so that popping a
value marks it as modified. This was accidentally lost in the changes in
[6333]. Thanks, __hawkeye__.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6558 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-20 10:12:59 +00:00
Malcolm Tredinnick 4362d154fb Fixed #4902 -- Added some missing Czech uppercase characters to urlify.js.
Thanks, michal@plovarna.cz.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6557 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-20 09:27:12 +00:00
Malcolm Tredinnick 8db11840d3 Fixed #5200 -- Added some more functionality to the Polish localflavor. Thanks,
Slawek Mikula.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6556 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-20 09:24:19 +00:00
Malcolm Tredinnick aac5555f2f Fixed #4036 -- Added Spanish localflavor. Thanks, ricardojbarrios@gmail.com and
oggie_rob.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6555 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-20 09:16:54 +00:00
Malcolm Tredinnick e172e7be57 Fixed #4724 -- Added support for configurable session cookie paths. Helps with
multiple Django installs under the same hostname. Thanks, frej and Graham
Dumpleton.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6545 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-20 05:13:56 +00:00
Malcolm Tredinnick dc9def7859 Fixed #5678 -- Added Polish transliteration to urlify.js. Thanks,
regexbot@gmail.com.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6541 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-20 04:42:30 +00:00
Gary Wilson Jr 409ba6038d Fixed docstring style.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6529 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-19 01:42:21 +00:00
Russell Keith-Magee d95c0fd017 Fixed #5636 -- Added missing Set import for Python2.3 support. Thanks, wangchun@exoweb.net.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6438 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-30 04:11:29 +00:00
Gary Wilson Jr e8c9e3a853 Fixed #5598 -- Restored needed imports that were removed in [6333]. Thanks, gav.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6425 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-25 23:16:11 +00:00
Jacob Kaplan-Moss 2570954a9a Fixed #3453: introduced a new template variable resolution system by Brian Harring (thanks!). The upshot is that variable resolution is about 25% faster, and you should see a measurable performance increase any time you've got long or deeply nested loops.
Variable resolution has changed behind the scenes -- see the note in templates_python.txt -- but template.resolve_variable() still exists. This should be fully backwards-compatible.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6399 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-21 04:00:32 +00:00
Gary Wilson Jr 04a110836d Fixed #3491 -- Fixed links in `user-tools` section of admin's `base.html` template to use the `url` template tag. This also removes the need for child templates to override the block just to adjust the relative path. Thanks, saintsjd@gmail.com.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6391 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-20 06:59:13 +00:00
Adrian Holovaty 79dead9a24 Removed trailing whitespace in django/contrib/sessions/backends/base.py
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6388 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-20 04:35:03 +00:00
Adrian Holovaty 3db846cdb5 Fixed #5548 -- Reintroduced Jython workaround for os.getpid(), which was lost in [6270]. Thanks, leosoto
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6386 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-20 02:19:48 +00:00
Jacob Kaplan-Moss f857e37776 Fixed $5457 - the auth system now delegates permission checking to auth backend(s). As an added bonus, the auth backends now have some unit tests! Thanks, Florian Apolloner.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6375 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-19 16:50:30 +00:00
Jacob Kaplan-Moss 771481695f Refs #5513: improved session performance after [6333]'s session refactoring. Thanks, msaelices.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6365 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-16 20:11:14 +00:00
Malcolm Tredinnick e9656180ea Fixed #1394 -- Fixed an admin crash when saving models with pk db column != pk attname.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-16 12:14:48 +00:00
Malcolm Tredinnick ae75958820 Fixed #5501 -- Fixed Python 2.3 and 2.4 incompatibility. Thanks, brosner.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6348 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-16 02:03:46 +00:00
Jacob Kaplan-Moss bcf7e9a9fe Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15 21:29:14 +00:00
Adrian Holovaty bcfaa73514 Fixed #3604 -- django.contrib.auth password checking now uses hashlib if it's available. Thanks, Rob Hudson
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6318 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15 19:45:33 +00:00
Jacob Kaplan-Moss 40702fe2f0 Small change to modpython auth handler to support Apache 2.2
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6305 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15 18:36:31 +00:00
Malcolm Tredinnick 388182b622 Fixed #3032 -- Added some useful methods and attributes so that AnonymousUser can proxy for a User a bit more logically. Patch from semenov.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6299 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15 18:01:29 +00:00
Malcolm Tredinnick 4b610f42d3 Added a get_host() method to HttpRequest. There is still an http.get_host() version in place, so this is fully backwards compatible.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6296 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15 17:46:03 +00:00
Malcolm Tredinnick 7c27f3e7ba Fixed #5177 -- Changed content type creation to also remove the types for any orphaned entries (so it's now an "update" feature). Thanks, Rob Hudson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6287 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15 15:06:32 +00:00
Malcolm Tredinnick b2f92dfcc5 Fixed #5462 -- Added Peruvian localflavor. Thanks, xbito.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6283 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15 12:20:35 +00:00
Malcolm Tredinnick cd8959c82a Fixed #5486 -- Worked around the lack of os.getpid() in Jython, whilst still using it for CPython. Patch from Leo Soto.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6270 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15 09:51:41 +00:00
Adrian Holovaty 5c3905cf48 Fixed #1888 -- Fixed small interface inaccuracy when using filter_interface=models.VERTICAL. Thanks, ryankanno, wnielson and SmileyChris
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6262 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15 05:01:58 +00:00
Adrian Holovaty 92e55fe8b1 Fixed #5432 -- Added docs/form_preview.txt. Thanks, ryankanno
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6247 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 23:15:40 +00:00
Adrian Holovaty 03652c7f2b Fixed #3091 -- django.contrib.comments views now accept extra_context and context_processors arguments. Thanks, Eric Floehr and __hawkeye__
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6236 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 22:36:15 +00:00
Adrian Holovaty 59964c2c3f Fixed #5478 -- Fixed bug in lorem template tag. Thanks, racter
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6228 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 22:03:47 +00:00
Adrian Holovaty ddd3d7c71f Fixed #5308 -- Redirect from pages that need login and have Unicode URL no longer causes error. Thanks, webjunkie
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6226 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 21:53:15 +00:00
Jacob Kaplan-Moss 66e4541101 Fixed #4448: the calendar widget now refreshes if the date field is changed. THanks, gkelly.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6214 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 21:04:45 +00:00
Wilson Miner 1ea702dd23 Fixed 3136: Set .clockbox admin widget to auto width to allow for longer headers in other languages.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6210 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 19:49:51 +00:00
Jacob Kaplan-Moss 525af7d580 Fixed #4542: added a generic localflavor DateField. Thanks, Nick Lane.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6208 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 19:28:26 +00:00
Adrian Holovaty 55d6aebfec Fixed #5394 -- REDIRECT_FIELD_NAME is now configurable. Thanks, Petr Marhoun, DavidReynolds and effbot
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6206 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 19:25:37 +00:00
Jacob Kaplan-Moss 725716b5f5 Added missing files from [6202] - sorry.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6203 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 19:08:19 +00:00
Wilson Miner 55d34c6cb3 Fixes #2086: Added null.css file to avoid spurious 404s due to the "high pass filter" which hides admin CSS from IE5/Win.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 18:26:05 +00:00
Malcolm Tredinnick ea3e89cb1d Fixed a bunch of Python 2.3 issues. Two tests still fail, but this fixes the bulk of things.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6183 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 09:55:17 +00:00
Malcolm Tredinnick 36396fb430 Fixed #3766 -- Added in-memory caching for the sites framework. Will speed up all the "current site" lookups. Thanks, Matt Riggott.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6180 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 08:37:09 +00:00
Malcolm Tredinnick 5188a18dbe Fixed #4964 -- Added Brazilian state field to localflavors. Thanks, William Alves de Souza.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6176 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 07:19:38 +00:00
Malcolm Tredinnick 0863a634f3 Fixed #4951 -- Improved host retrieval in sites.models.RequestSite. Thanks, Caleb.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6174 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 07:12:47 +00:00
Russell Keith-Magee 3358e2fec7 Fixed #5067 -- Fixed a problem with javascript popup widgets appearing in the wrong place if they were in a overflow=scroll block. Thanks to Erich Schmid for the original fix, and Robert Coup for the updated patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6172 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-14 06:43:46 +00:00