Commit Graph

206 Commits

Author SHA1 Message Date
Karen Tracey f761802b22 Fixed #11972: Corrected title filter handling of numbers followed by letters. Thanks schwank@gmail.com and Randy Barlow.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11822 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-12 17:20:32 +00:00
Luke Plant 2c2f5aee4d Implemented 'smart if' template tag, allowing filters and various operators to be used in the 'if' tag
Thanks to Chris Beaven for the initial patch, Fredrik Lundh for the basis
of the parser methodology and Russell Keith-Magee for code reviews.

There are some BACKWARDS INCOMPATIBILITIES in rare cases - in particular, if
you were using the keywords 'and', 'or' or 'not' as variable names within
the 'if' expression, which was previously allowed in some cases.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11806 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-09 22:40:36 +00:00
Luke Plant 43c2ed0eb3 Fixed #12095 - login and other contrib views failing if template rendered using inclusion tag.
The {% csrf_token %} tag is unable to get its value if a template is
rendered using an inclusion_tag, since that creates a brand new Context,
rather than using the existing one.  Since this is a common pattern, and we
need CSRF protection to be as simple and easy as possible, we special case
the csrf_token and copy it from the parent context to the new context.

A more elegant and general solution may appear in future, but this is good
enough for now.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11672 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 21:27:09 +00:00
Luke Plant 7230a995ce Moved contrib.csrf.* to core code.
There is stub code for backwards compatiblity with Django 1.1 imports.

The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:36:34 +00:00
Luke Plant 8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Jacob Kaplan-Moss b30cba4e2b Fixed #11993: fixed the the `floatformat` filter on `NaN` values in Python 2.6.3. Thanks, kklimonda.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11619 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-12 16:53:23 +00:00
Russell Keith-Magee 8d48eaa064 Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:16:13 +00:00
Russell Keith-Magee 6ed0345092 Fixed #11413 -- Added notes on the cycle and firstof tag detailing that variables output by those tags will not be escaped by default. Thanks to krystal for the report and draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11163 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 05:41:36 +00:00
Karen Tracey 50745cc31e Fixed #11066 -- Corrected 15 duplicate "the"s found in docs and code comments. Thanks kaikuehne.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10801 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-17 16:45:28 +00:00
Jacob Kaplan-Moss 9e7388f885 Fixed #11026, a small typo in the regroup template tag docstring. Thanks,
mitsuhiko.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10687 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-07 13:46:16 +00:00
Malcolm Tredinnick 8931d8d688 Fixed #10675 -- Added unicode paragraph and line-sep handling to escapejs.
There were a couple of line breaking Unicode characters (\u2028 and
\u2029) that cause Javascript errors, at least in Firefox, if not
escaped. So now we do so. Based on a patch from rleland.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10543 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-12 04:55:41 +00:00
Malcolm Tredinnick b1a5db37e6 Fixed #10369 -- Fixed auto-escaping inside "tran" and "blocktrans" tags.
Patch from Andrew Badr.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10519 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-11 12:03:52 +00:00
Malcolm Tredinnick be4a83c448 Fixed #9315 -- Handle spaces in URL tag arguments.
Thanks Natalia Bidart and Matías Bordese for most of this patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10462 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-10 04:13:27 +00:00
Jacob Kaplan-Moss 6d6bbb6d05 Fixed #9756: the for tag no longer leaves the context stack unbalanced when dealing with an empty iterable. Thanks, seanl.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10439 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-07 22:02:34 +00:00
Jacob Kaplan-Moss 4f7950ac05 Fixed #10644: removed an undocumented, unused, and (as far as I can tell) unnecessary "feature" of the ifchanged tag. Thanks, akaihola.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10438 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-07 21:55:39 +00:00
Jacob Kaplan-Moss 9828557731 Fixed #9520: make the date filter fail silently for non-date values. Thanks, Andrew Badr and Eric Holscher.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10365 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-02 05:20:25 +00:00
Jacob Kaplan-Moss 73c0556911 Fixed #10053: the most exciting commit you'll ever see.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10358 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-02 01:55:49 +00:00
Brian Rosner 64e82fb648 Fixed #10043 -- widthratio tag now accepts a variable for the max_width argument.
The max_width argument now passes through FilterExpression which by side-affect
allows float values, but will be truncated.

Thanks obeattie and Eric Holscher for patches.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10352 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-01 23:41:36 +00:00
Jacob Kaplan-Moss 624caace17 Fixed #9005: don't wig out when reversing a URL if SETTINGS_MODULE isn't set. While I was there, I fixed #10599 by re-raising the original error message, which is almost always a better idea. Thanks, Eric
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10350 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-01 22:46:46 +00:00
Jacob Kaplan-Moss a68c4a85ce Fixed #10513: floatformat now works with floatish things, not just real floats. Thanks, Alex.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10278 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 18:17:21 +00:00
Gary Wilson Jr 86c5142461 Fixed #10094 -- Fixed the `include` and `extends` template tags to work with filenames with spaces, patch from mcroydon.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10211 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-30 20:30:28 +00:00
Gary Wilson Jr 9ac3905f01 Fixed #10079 -- Moved settings import inside the function that uses it so that the module can be imported without needing settings, thanks kcarnold and mcroydon.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10209 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-30 20:15:01 +00:00
Gary Wilson Jr 432f7f624a Fixed #8462 -- Made `length` and `length_is` template filters fail silently when given a value that has undefined length and added tests for both filters. Based on patch from marcelor, rob, and SmileyChris.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10193 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-30 16:46:27 +00:00
Malcolm Tredinnick 2c6c60cec6 Template filters now pass numerical arguments through as numbers.
This was the (undocumented) behaviour prior to r10118 and now it's back
again. It's neither hard nor harmful to maintain compatibility with the
old ways.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10169 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-25 03:45:56 +00:00
Jacob Kaplan-Moss 9797d51efe Fixed an error in the `firstof` template tag when used with `TEMPLATE_STRING_IF_INVALID`. Thanks to Alex Gaynor for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10124 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 22:00:13 +00:00
Malcolm Tredinnick 7db24dd2b0 Fixed #5756, #6296 -- Most template tags can now handle filters in arguments.
Most of the hard work for this was done by akaihola.

There are still possibly some problems with the i18n template tags,
since they are written quite differently and a few other bug fixes have
to made before they can be fixed.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10119 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 09:42:51 +00:00
Malcolm Tredinnick a6f429e37e Added consistent support for double- and single-quote delimiters in templates.
Some template filters and tags understood single-quoted arguments, others
didn't. This makes everything consistent. Based on a patch from akaihola.

Fixed #7295.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10118 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 09:40:25 +00:00
Jacob Kaplan-Moss c485e236bd Fixed #8193: all dynamic imports in Django are now done correctly. I know this because Brett Cannon borrowed the time machine and brought Python 2.7's '`importlib` back for inclusion in Django. Thanks for the patch-from-the-future, Brett!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10088 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-18 16:55:59 +00:00
Malcolm Tredinnick dfddf129f0 Fixed #9701 -- Added a "safeseq" template filter.
This is like "safe", except it operates on the individual elements of a
sequence, rather than treating the whole argument as a string.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@9952 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-02 08:16:33 +00:00
Malcolm Tredinnick 14b3f03015 Fixed #10014 -- Don't crash when using debug template tag inside a block node tag.
Returning non-ASCII characters from TextNode.__repr__ was causing
problems in the BlockNode.__repr__ method (and probably in other places
we don't know about yet). We now forcibly convert to ascii and replace any
unconvertible characters, rather than returning some moderately
corrupted data in the non-ASCII case.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@9757 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-16 08:59:02 +00:00
Jacob Kaplan-Moss bd2b0059be Here's the rest of [9530] where I actually rename the tag like I said I did. I swear this was git's fault, not mine.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9532 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-24 22:33:32 +00:00
Jacob Kaplan-Moss 4aa97f5c18 Fixed #6398: added an optional `{% empty %}` clause to the `{% for %}` template tag. The contents of this clause are rendered if the list iterated over turns out to be empty. Thanks, Jannis Leidel.
Astute readers will notice that the patch originally called this `default`; after consideration I decided that `empty` is a very slightly better color for this particular bikeshed.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@9530 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-24 22:01:48 +00:00
Malcolm Tredinnick ec8150e78a Fixed a bug introduced in r9422.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9446 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-15 02:49:15 +00:00
Malcolm Tredinnick 0349d83289 Fixed #6948 -- The join filter was escaping the literal value that was
passed in for the connector. This was contrary to what the documentation
for autoescaping said and to what every other filter does with literal
strings as arguments.

This is backwards incompatible for the situation of the literal string
containing one of the five special HTML characters: if you were writing
{{ foo|join:"&" }}, you now have to write {{ foo| join:"&" }}.
Previous behaviour was, as noted, a bug and contrary to what was
documented and expected.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9442 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-15 01:16:20 +00:00
Karen Tracey dfa90aec1b Fixed #9579 -- Properly handle apps running with (and specifically, loading templates from) a current working directory path that contains non-ASCII characters. Thanks for the report to gonzalodelgado and for advice on how to fix it to Daniel Pope.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9411 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-13 19:03:42 +00:00
Karen Tracey b81bc22ad2 Fixed #5748 -- Made floatformat filter round properly on all platforms and handle NaN input correctly on Windows. Also added tests for these cases. Thanks for the report and initial patch to SmileyChris and PJCrosier.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9369 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-08 01:44:46 +00:00
Karen Tracey 2026934600 Fixed #8966 -- Changed is_safe for length_is filter to False, since its return value is a boolean, not a string.
Thanks Thomas Steinacher and carljm.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9291 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-28 19:00:49 +00:00
Malcolm Tredinnick 8fb1459b52 Added some better error reporting and path handling when creating template paths.
We now raise UnicodeDecodeError for non-UTF-8 bytestrings (thanks to Daniel
Pope for diagnosing this was being swallowed by ValueError) and allow UTF-8
bytestrings as template directories.

Refs #8965.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9161 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-06 06:34:54 +00:00
Jacob Kaplan-Moss 86316f0be6 Fixed #7027: template tags now corectly break tokens around strings marked for translation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8769 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-31 18:28:06 +00:00
Jacob Kaplan-Moss c068bc184c Merge branch 'url-tag-asvar'
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8716 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-29 19:28:03 +00:00
Malcolm Tredinnick 3111d7f60b Fixed #7201 -- Fixed the timeuntil filter to work correctly with timezone-aware
times. Patch from Jeremy Carbaugh.

This is backwards incompatible in the sense that previously, if you tried to
compare timezone-aware and timezone-naive values, you got an incorrect result.
Now you get an empty string. So your previously incorrect code returns a
different incorrect result.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8579 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-26 08:08:55 +00:00
Malcolm Tredinnick 8c4a525871 Fixed #7177 -- Added extra robustness to the escapejs filter so that all
invalid characters are correctly escaped. This avoids any chance to inject raw
HTML inside <script> tags. Thanks to Mike Wiacek for the patch and Collin Grady
for the tests.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8577 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-26 07:56:32 +00:00
Russell Keith-Magee 06d49768bd Fixed #7743: Reverted [8483], which was itself a reversion of [8481], after confirmation from Malcolm. Corrected a long standing mistake in the timesince/timeuntil filters when using a parameter for 'now'. Thanks to Andrew Shearer <ashearerw@shearersoftware.com> for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8535 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 12:31:10 +00:00
Russell Keith-Magee 67402a6fb5 Reverted [8481] and [8482] while we work out what is going on with #8453 and the related discussions that I wasn't previously aware of.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8486 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 15:03:40 +00:00
Russell Keith-Magee 46da8ac9e5 Fixed #7443: Corrected a long standing mistake in the timesince/timeuntil filters when using a parameter for 'now'. Thanks to Andrew Shearer <ashearerw@shearersoftware.com> for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8481 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 12:52:04 +00:00
Gary Wilson Jr 6d863fef8a Fixed #5270 -- Allow template tags and filters to accept an emtpy string, patch from jdunck.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8393 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15 21:08:11 +00:00
Luke Plant c768bc6f25 Fixed #8031 - url tag no longer silences NoReverseMatch exceptions since this is very rarely useful
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8211 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-05 14:16:13 +00:00
Luke Plant ff486b9fba Fixed #3912 - Added simple type checking to template.Context.update() to help debugging broken context processors. Thanks Jeremy Dunck
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8181 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-01 21:37:38 +00:00
Malcolm Tredinnick e29aece743 Fixed #4534 -- Added an "else" option to the "ifchanged" template tag.
Patch from SmileyChris.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8095 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-26 22:09:43 +00:00
Adrian Holovaty 2c08986f44 Fixed #7417 -- Fixed ReST error in do_if() docstring. Thanks, Richard Bell <rbell01824@earthlink.net>
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7758 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-26 05:24:32 +00:00