Commit Graph

7468 Commits

Author SHA1 Message Date
Luke Plant 53b2c3867b Fixed #12130 - documented need for csrf_protect on views that don't accept POST
Includes:
   
 * proper documentation for csrf_protect
 * notes in comments app.
 * specific upgrade notes for comments app

Thanks to carljm for report and debugging.




git-svn-id: http://code.djangoproject.com/svn/django/trunk@11711 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-03 14:40:37 +00:00
Russell Keith-Magee 585b7acaa3 Fixed #10109 -- Removed the use of raw SQL in many-to-many fields by introducing an autogenerated through model.
This is the first part of Alex Gaynor's GSoC project to add Multi-db support to Django.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11710 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-03 14:02:49 +00:00
Russell Keith-Magee aba5389326 Fixed #10355 -- Added an API for pluggable e-mail backends.
Thanks to Andi Albrecht for his work on this patch, and to everyone else that contributed during design and development.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11709 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-03 12:53:26 +00:00
Justin Bronn 8287c27b18 Fixed #12101 -- `OGRGeometry` does not need to create a clone of the `SpatialReference` object upon assignment.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11707 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-03 06:16:09 +00:00
Russell Keith-Magee 5dfed1b24a Fixed #12127 -- Corrected teardown of dateformat tests. Thanks to apollo13 for the report, and Karen Tracey for the debugging help.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11705 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-02 08:26:03 +00:00
Justin Bronn be89c9abab Fixed #12093 -- `LayerMapping` now takes into account model inheritance when looking for the geometry column; forgot to diable extent regression test on MySQL.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11703 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-02 02:17:56 +00:00
Karen Tracey 1ea08b441d Repeat the setUp/tearDown changes made in r11699 for the tests
converted in r11694.  This allows the dateformat tests to pass 
on Windows.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11701 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-01 23:48:31 +00:00
Karen Tracey d4bb582b1a Changed setUp and tearDown for the tests converted from doctests in r11695
to not assume TZ absolutely will be set in the environment.  That environment
variable does not necessarily exist on Windows, it seems.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11699 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-01 23:09:23 +00:00
Karen Tracey ff38e0b1d1 Fixed #12125 -- Fixed a typo in the generic views date_based test that caused it to fail in November. Thanks brutasse.
--This line and those below, will be ignored--

M    tests/regressiontests/views/tests/generic/date_based.py


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11697 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-01 22:12:40 +00:00
Russell Keith-Magee e18af06eed Fixed #12123 -- Updated the utils.dateformat test to be a unittest too, due to a dependency on the old dateformat test.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11695 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-01 04:53:51 +00:00
Russell Keith-Magee acfa9332de Fixed #12123 -- Refactored dateformat tests to use unittest. This is needed so that we have a reliable teardown that can reset the timezone at the end of the test.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11693 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-01 04:20:17 +00:00
Russell Keith-Magee 08d521efa0 Fixed #12121 -- Modified __reduce__ on a model to avoid an infinite recursion problem that occurs on Python 2.4. Thanks to emulbreh for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-01 03:04:20 +00:00
Brian Rosner 8dd4a28721 Fixed #11872 -- Instantiate the correct model in BaseInlineFormSet.__init__ when instance is None. Thanks tobias.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11688 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-30 09:11:56 +00:00
Brian Rosner 8812060d77 Fixed #12115 -- Corrected typo in admin documentation. Thanks encinas.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11686 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-30 08:48:48 +00:00
Brian Rosner 120ea2a4b8 Updated INSTALL file
setup.py does not require an Internet connection nor setuptools. That was
fixed in [3906]. Updated the minimum Python version as well.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11684 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-30 08:24:05 +00:00
Luke Plant 5a0aab41ee Allow CsrfResponseMiddleware to be used if templates cannot be updated.
For the case where someone is using contrib views with custom templates that
they cannot update to use the template tag, it should be possible to use
CsrfResponseMiddleware.  This requires that 'csrf_response_exempt' is not
used for the admin views.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-30 00:17:29 +00:00
Russell Keith-Magee 96658ef2d2 Fixed #12057 -- Corrected regression of caching performance when a model contained a callable default. Thanks to Michael Thornhill for the excellent assistance tracking this problem.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11681 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-29 14:32:01 +00:00
Luke Plant c5c7791e91 Improved HTML in CSRF debug template - <code> instead of <tt>
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11680 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-29 14:17:39 +00:00
Jannis Leidel 7440fca145 Added bio for myself
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11678 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-28 10:01:16 +00:00
Luke Plant e6f0c10e77 Fixed typo in docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11677 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 22:26:54 +00:00
Luke Plant 5df19aa99e Small improvement to CSRF failure template.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11676 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 22:20:03 +00:00
Luke Plant 9dc9770736 Documented the presence of {% csrf_token %} in Django 1.1.2 in trunk docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 21:52:25 +00:00
Luke Plant 905dba3694 Misc clarifications in csrf middleware comments
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11673 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 21:31:20 +00:00
Luke Plant 43c2ed0eb3 Fixed #12095 - login and other contrib views failing if template rendered using inclusion tag.
The {% csrf_token %} tag is unable to get its value if a template is
rendered using an inclusion_tag, since that creates a brand new Context,
rather than using the existing one.  Since this is a common pattern, and we
need CSRF protection to be as simple and easy as possible, we special case
the csrf_token and copy it from the parent context to the new context.

A more elegant and general solution may appear in future, but this is good
enough for now.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11672 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 21:27:09 +00:00
Jacob Kaplan-Moss 4281bf3db0 Fixed #11057: having no actions in the admin (`actions=None`) no longer messes up the layout. Thanks, rvdrijst.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11670 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 20:56:12 +00:00
Luke Plant d0b900e6f5 Slight change to CSRF error messages to make debugging easier.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 14:04:21 +00:00
Luke Plant b32a187296 Fixed some typos
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11668 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 13:13:40 +00:00
Luke Plant f00ad4168e Added explicit notes about the need to update any customised templates for contrib apps for CSRF changes
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11667 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 12:11:56 +00:00
Luke Plant f6ef3fd941 Completed a name in AUTHORS file, now I know it.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11666 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 10:46:04 +00:00
Luke Plant 2ddf1364c4 Added 'version added' info to CSRF_* settings.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11665 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 01:10:20 +00:00
Luke Plant c2ffe94d9a Removed unused import.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11664 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:49:33 +00:00
Luke Plant 64b4ab18b4 Use decorator syntax for csrf_exempt example.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11663 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:43:16 +00:00
Luke Plant 7230a995ce Moved contrib.csrf.* to core code.
There is stub code for backwards compatiblity with Django 1.1 imports.

The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:36:34 +00:00
Luke Plant 8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Jacob Kaplan-Moss d1da261417 Fixed #11371: Made `django.test.Client.put()` work for non-form-data PUT (i.e. JSON, etc.). Thanks, phyfus.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11656 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 15:02:54 +00:00
Jarek Zgoda e32b042d6b Polish translation updated
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11655 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-25 20:09:49 +00:00
Karen Tracey c54b8ec2f5 Fixed #12079: Changed has_results to get a single result, thus preventing exists() from always returning True on backends that support chunked reads.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11654 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-25 16:32:07 +00:00
Luke Plant 92090253fe Fixed small error in deprecation policy.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11652 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 14:10:00 +00:00
Luke Plant a02a6fab66 Fixed #9163 - CsrfMiddleware needs to reset ETag header
Thanks to carljm for report and patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11650 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 10:45:58 +00:00
Luke Plant c44fdf6a1e Fixed #12067 - check_dependencies in contrib.admin.sites not triggered using new style admin include
Thanks to robhudson for report and patch.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11648 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 10:13:24 +00:00
Luke Plant 2b2f92ae8e Fixed a bug in r11646 - refs #11402
The one line of code not covered by a test... ;-)


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11647 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 00:37:01 +00:00
Jacob Kaplan-Moss b79702b2de Fixed #11402: added a `QuerySet.exists()` method. Thanks, Alex Gaynor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11646 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 00:28:39 +00:00
Jacob Kaplan-Moss 9f70783b14 Fixed a couple of test-ordering-dependant failures introduced in [11639] that caused test failures when running the whole test suite.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11645 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 00:23:47 +00:00
Brian Rosner 0d1177ae99 Moved _get_foreign_key call after testing for fk_name fixing a broken test.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11643 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-23 20:47:29 +00:00
Jacob Kaplan-Moss fa6ca072a3 Clarified faq/install w.r.t. the various Python versions available.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11642 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-23 19:52:15 +00:00
Jacob Kaplan-Moss 7770c70007 Fixed a silly typo left over from removing Python 2.3 references.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11641 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-23 19:43:58 +00:00
Jacob Kaplan-Moss 7098664940 Removed mentions of Python 2.3 support from the docs -- Django 1.2 drops support for Python 2.3 -- and added a quick FAQ about that dropping of support.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11640 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-23 19:30:23 +00:00
Jacob Kaplan-Moss 8be1bb2268 Fixed #11625: added comment moderation via admin actions.
This is BACKWARDS INCOMPATIBLE if you were using the completely undocumented moderation view from 1.1. That view's been removed in favor of the admin actions.

Thanks, Thejaswi Puthraya.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11639 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-23 19:22:31 +00:00
Luke Plant 162fade2b7 Fixed #12060 - equality tests between User and SimpleLazyObject-wrapped User failed.
Also added more tests for SimpleLazyObject

Thanks to ericholscher for report.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11637 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-20 14:11:08 +00:00
Luke Plant c6e8e5d9f0 Fixed non-standard introspection support in LazyObject.
LazyObject called a public method ``get_all_members`` on wrapped objects in
order to allow introspection.  This could easily cause name clashes with
existing methods on wrapped objects, and so has been changed to use the
standard methods.  This could be slightly backwards-incompatible, in obscure
cases, if the undocumented LazyObject has been used externally.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11636 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-19 21:48:06 +00:00