Commit Graph

540 Commits

Author SHA1 Message Date
Luke Plant 45c7f427ce Fixed #14445 - Use HMAC and constant-time comparison functions where needed.
All adhoc MAC applications have been updated to use HMAC, using SHA1 to
generate unique keys for each application based on the SECRET_KEY, which is
common practice for this situation. In all cases, backwards compatibility
with existing hashes has been maintained, aiming to phase this out as per
the normal deprecation process. In this way, under most normal
circumstances the old hashes will have expired (e.g. by session expiration
etc.) before they become invalid.

In the case of the messages framework and the cookie backend, which was
already using HMAC, there is the possibility of a backwards incompatibility
if the SECRET_KEY is shorter than the default 50 bytes, but the low
likelihood and low impact meant compatibility code was not worth it.

All known instances where tokens/hashes were compared using simple string
equality, which could potentially open timing based attacks, have also been
fixed using a constant-time comparison function.

There are no known practical attacks against the existing implementations,
so these security improvements will not be backported.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14218 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 20:54:30 +00:00
Gabriel Hurley 767cf955d2 Fixed #5327 -- Added standardized field information to ModelChoiceField and ModelMultipleChoiceField documentation. Thanks to danielrubio for the report and PhiR for the text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14214 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 10:03:08 +00:00
Justin Bronn 120aae2209 Enabled area calculations for geography columns.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14189 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 17:13:27 +00:00
Jannis Leidel 6ddfe26932 Fixed #14349 -- Added Belgium localflavor. Thanks for the report and patch, Laurent Luce.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 23:35:23 +00:00
Justin Bronn c4cbbb25a2 Updated version of PostGIS in GeoDjango install docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14150 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 19:48:15 +00:00
Gabriel Hurley ace6519fae Fixed #14058 -- Clarified information on OPTIONS setting (for adding additional parameters when connecting to a database) and linked to Database Backend docs. Thanks to chris@cwroofs for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14114 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-10 07:58:50 +00:00
Gabriel Hurley 876013dc12 Fixed #10027 -- Makes links to form and field validation (and form reference docs in general) more readily available from form topic overview. Thanks to john_fries for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14112 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-10 07:08:35 +00:00
Gabriel Hurley 888168003a Fixed #14228 -- Added additional information on what the APPEND_SLASH setting does. Thanks to ttencate for the report and draft text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14110 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-10 06:36:38 +00:00
Carl Meyer b61cafb146 Fixed misspelling in model fields docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14096 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 22:38:51 +00:00
Gabriel Hurley 6400026feb Fixed #14004 -- Adds documentation for QuerySet.update() method. Thanks to dwillis and timo for the majority of the wording.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14074 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 10:00:13 +00:00
Russell Keith-Magee a904e55859 Fixed #11509 -- Modified usage of "Web" to match our style guide in various documentation, comments and code. Thanks to timo and Simon Meers for the work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14069 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 08:12:50 +00:00
Simon Meers 2cadc6b10a Tiny formatting tweak.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14068 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 07:53:17 +00:00
Simon Meers fa3335fa9f Fixed #5537 -- document trailing '+' on related_name for supressing backward relation.
Thanks to dcramer for the report, and Russ for pointing out the workaround.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@14049 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 02:54:48 +00:00
Russell Keith-Magee ae128aa28b Fixed #14232 -- Clarified the data type of date_list in date-based generic views. Thanks to clelland for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14020 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-08 15:38:21 +00:00
Russell Keith-Magee 2b87347049 Fixed #14375 -- Corrected the capitalization of MultiValueField. Thanks to Blue for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14018 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-08 15:37:38 +00:00
Russell Keith-Magee 127a25ac27 Fixed #14383 -- Corrected the capitalization of reStructuredText. Thanks to timo for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14017 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-08 15:37:16 +00:00
Jannis Leidel 70e7e082fc Fixed #13188 -- Moved date format documentation from the now template tag to the date filter. Thanks, dwillis and timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14013 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-08 15:33:11 +00:00
Jannis Leidel 58b704d8da Fixed #10497 -- Added a few time-related methods to the storage API. Thanks for the report and patch to Stephan Jaekel.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14012 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-08 15:11:59 +00:00
Russell Keith-Magee 060701a26a Fixed #14221 -- Cleaned up some text in the GIS tutorial. Thanks to Grant <renderbox@gmail.com> for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14006 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-08 14:13:44 +00:00
Russell Keith-Magee 240f68e4e5 Fixed #14388 -- Corrected some typos in the logging docs. Thanks to varikin, gremmie, Ramiro Morales and Gabriel Hurley for the reviews.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13982 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-05 00:11:41 +00:00
Russell Keith-Magee 24acca4139 Fixed #12012 -- Added support for logging. Thanks to Vinay Sajip for his draft patch, and to the many people who gave feedback during development of the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13981 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-04 15:12:39 +00:00
Luke Plant 667d832e90 Fixed #14386, #8960, #10235, #10909, #10608, #13845, #14377 - standardize Site/RequestSite usage in various places.
Many thanks to gabrielhurley for putting most of this together.  Also to
bmihelac, arthurk, qingfeng, hvendelbo, petr.pulc@s-cape.cz, Hraban for
reports and some initial patches.

The patch also contains some whitespace/PEP8 fixes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13980 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-04 14:20:47 +00:00
Jannis Leidel 392d992f82 Fixed #7048 -- Added ClearableFileInput widget to clear file fields. Thanks for report and patch, jarrow and Carl Meyer.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13968 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-01 02:02:58 +00:00
Jannis Leidel 8e301812fa Fixed #13876 -- Fixed duplication in docs. Thanks, zerok and timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13966 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-01 02:01:38 +00:00
Jannis Leidel e77f16144b Fixed #14281 -- A few documentation fixes. Thanks, Ramiro and Timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13964 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-01 02:00:52 +00:00
Jannis Leidel 2c9f0b75fb Fixed #14122 -- Added example for builtin yesno template filter. Thanks, idahogray.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13872 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-26 20:52:36 +00:00
Luke Plant 6fb4f6e299 Fixed #13765 - 'safe' parameter for urlencode filter
Thanks to KyleMac for the suggestion and SmileyChris for the patch

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13849 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-13 23:01:34 +00:00
Malcolm Tredinnick 2d4da641a6 Allow setting HttpResponse cookie expiry times with datetime objects.
Patch from SmileyChris. Fixed #7770.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-12 20:52:49 +00:00
Malcolm Tredinnick 030c97b119 Documented how to manually piece together URLs with get_script_name().
Thanks to timo and leovitch for the patch. Fixed #10328.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13772 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-12 19:44:19 +00:00
Malcolm Tredinnick fffe0a00a3 Add option to redirect_to view to allow passing along the query string
from the original request. Default is current behaviour, which is not to
pass the query string (it often won't be appropriate to do so).

Thanks to steingrd@ifi.uio.no for the patch and tests. Fixed #9966.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13746 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-11 03:13:23 +00:00
Malcolm Tredinnick 9802a73e25 Better error message for calling get_next_by_* on unsaved models.
Patch from Marc Fargas. Fixed #7435.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13738 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-11 00:20:35 +00:00
Karen Tracey 5912903852 Fixed #11358: Don't include private flatpages in sitemap. Thanks dburke and mlavin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13734 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-10 23:30:46 +00:00
Luke Plant e5d30c7001 Fixed #13350 - Documentation on autoescape should mention endautoescape
Thanks to mountainpaul@gmail.com for report and to dwillis patch.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13694 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-07 20:49:32 +00:00
Luke Plant 2422fbfc93 Fixed #13414 - QuerySet API ref wrong sql equivalent in __year lookup example
Thanks to idle for report and patch



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13692 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-07 20:43:19 +00:00
Luke Plant c8bcd5e547 Fixed #14205 - Tiny grammar fix in form validation documentation
Thanks to zendak for report and patch.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13687 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-07 20:19:41 +00:00
Russell Keith-Magee bb79b01774 Fixed #14054 -- Added documentation for the connection_created event. Thanks to Rob Hudson for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13673 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-30 13:21:45 +00:00
Luke Plant 5deb3e5a62 Fixed #14162 - Dumpdata needs an option to use the base manager instead of the default manager
Thanks to PaulM for suggestion and patch.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-30 11:58:26 +00:00
Luke Plant 58c8d92334 Fixed #14189 - permalink docs import mistake
Thanks to 7times9 for report and patch.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13666 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-30 10:29:44 +00:00
Russell Keith-Magee e1e2726957 Fixed #6932 -- Added a template tag that gives a list of available flatpages for a given user. Thanks to Dmitri Fedortchenko for the suggestion, and to Mnewman, faldridge and Simon Meers for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13654 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-28 11:59:14 +00:00
Luke Plant c00f35ae0d Fixed #14185 - improved example SQL for 'select' example.
Thanks to Trindaz for the suggestion.

Also fixed some references to 'lede' which is no longer part of the
example Blog model.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@13652 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-28 11:23:54 +00:00
Russell Keith-Magee f611ffaab3 Fixed #13820 -- Started the deprecation process for mod_python. Thanks to Robert Coup for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13648 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-28 02:40:57 +00:00
Russell Keith-Magee 23e85ef25f Refactored markup documentation to give it it's own home.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13647 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-28 02:40:17 +00:00
Russell Keith-Magee 8ce4a1991a Fixed #14116 -- Added a flag to enable CSRF checks in the test client. Thanks to jon@licq.org for the suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13640 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-27 13:54:13 +00:00
Karen Tracey 88e83ee472 Fixed #14172: Corrected misspelling of explicitly. Thanks 3point2.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13638 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-26 11:08:12 +00:00
Russell Keith-Magee 331bf80904 Fixed #14154 -- Corrected grammar error in settings docs. Thanks to d00gs for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13633 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-23 13:50:28 +00:00
Russell Keith-Magee a323fd3c5e Fixed #14112 -- Various Markup fixes for the docs. Thanks to ramiro for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-23 08:07:35 +00:00
Jacob Kaplan-Moss 728effcfbd Fixed #14141: docs now use the :doc: construct for links between documents.
Thanks, Ramiro Morales.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13608 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-19 19:27:44 +00:00
Karen Tracey d69cdc6d70 Fixed #14100: Corrected spelling error in description of user_email. Thanks tom_simpson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13574 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-12 10:48:24 +00:00
Russell Keith-Magee 806f3b26f8 Fixed #11021 -- Clarified newline stripping behavior in the truncatewords and truncatewords_html filters. Thanks to Ben Spaulding for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13555 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-07 14:57:24 +00:00
Russell Keith-Magee 103f7f83eb Fixed #11047 -- Clarified the explanation of arguments to GenericForeignKey. Thanks to psmith and timo for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13554 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-07 14:56:59 +00:00