Commit Graph

50 Commits

Author SHA1 Message Date
Luke Plant 8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Jacob Kaplan-Moss 7098664940 Removed mentions of Python 2.3 support from the docs -- Django 1.2 drops support for Python 2.3 -- and added a quick FAQ about that dropping of support.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11640 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-23 19:30:23 +00:00
Russell Keith-Magee f14833ee67 Fixed #11959 -- Updated the tutorial to ensure that the admin site continues to work after URLpatterns are introduced. Thanks to carljm for the report and draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11621 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-14 13:38:31 +00:00
Russell Keith-Magee 77c64c69cf Fixed #11628 -- Corrected the tutorial, removing instructions to update the year where that isn't required. Thanks to tommstein for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11538 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:57:58 +00:00
Russell Keith-Magee 8708280783 Fixed #11556 -- Clarified the argument required by get_object_or_404. Thanks to rbonvall for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11344 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-28 14:38:11 +00:00
Russell Keith-Magee e114cbf3de Fixed #11469 -- Removed suspicion that Django developers have trouble counting to four. Thanks to msgre for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11235 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-15 13:53:29 +00:00
Russell Keith-Magee ee8cc099c0 Fixed #10978 -- Clarified that the include statement is part of the urlpattern definition. Thanks to swatermasysk for the suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11052 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:36:40 +00:00
Russell Keith-Magee 457a1f9a03 Fixed #11272 -- Made some clarifications to the overview and tutorial. Thanks to jjinux for the review notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11044 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:32:12 +00:00
Russell Keith-Magee 1a7238c730 Fixed #11328 -- Added missing imports in the sample urls.py from Tutorial 3. Thanks to marcalj for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11021 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-17 13:46:52 +00:00
Russell Keith-Magee 8765615b9b Fixed #10801 -- Reverted a portion of [10371]. Practicality beats purity in this case. Thanks to bruce@z2a.org for the report. Refs #9771.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10973 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-10 12:46:43 +00:00
Karen Tracey 5dc30c9fd2 Fixed #11205 -- Made the links to the str method description look the same as the links to the unicode method description in the tutorial part 1. Having one be fully qualified while the other was not was odd-looking.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10843 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-26 16:46:56 +00:00
Karen Tracey b527a59da8 Fixed #10855: Reference doc on creating superusers in the tutorial at the point where an account is needed, so that readers who neglected to create one earlier (or who forgot the password) don't get stuck or think they have to start all over. Thanks cwolf127 and timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10810 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-17 17:54:51 +00:00
Karen Tracey 33e77db6a2 Fixed #10925 -- Clarified the location of some code referenced in the tutorial. Thanks rm and timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10808 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-17 17:43:15 +00:00
Simon Willison 9e97fdf357 Added admin URLs back to the urls.py example in the tutorial - had a complaint from someone following the tutorial that they got to that step and the admin stopped working and they weren't sure why
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10727 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-09 15:52:17 +00:00
Jacob Kaplan-Moss c6c25adf6d Fixed a whole bunch of small docs typos, errors, and ommissions.
Fixes #8358, #8396, #8724, #9043, #9128, #9247, #9267, #9267, #9375, #9409, #9414, #9416, #9446, #9454, #9464, #9503, #9518, #9533, #9657, #9658, #9683, #9733, #9771, #9835, #9836, #9837, #9897, #9906, #9912, #9945, #9986, #9992, #10055, #10084, #10091, #10145, #10245, #10257, #10309, #10358, #10359, #10424, #10426, #10508, #10531, #10551, #10635, #10637, #10656, #10658, #10690, #10699, #19528.

Thanks to all the respective authors of those tickets.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10371 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-03 18:30:54 +00:00
Jacob Kaplan-Moss 516051bfd2 A whole lotta documentation fixes: Fixes #8704, #8826, #8980, #9243, #9343, #9529,
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10303 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 23:34:03 +00:00
Gary Wilson Jr e87e7436e2 Fixed #10266 -- Clarified restart of shell in tutorial, patch from mboersma.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10263 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 16:45:41 +00:00
Gary Wilson Jr 7372ea159a Fixed #10389, #10501, #10502, #10540, #10562, #10563, #10564, #10565, #10568, #10569, #10614, #10617, #10619 -- Fixed several typos as well as a couple minor issues in the docs, patches from timo, nih, bthomas, rduffield, UloPe, and sebleier@gmail.com.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10242 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 07:01:01 +00:00
Gary Wilson Jr 27314a8934 Fixed #9944 -- Fixed a URL in tutorial four that was changed in the "Decoupling the URLconfs" section at the end of tutorial three, patch from programmerq.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10202 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-30 19:00:33 +00:00
Jacob Kaplan-Moss 4cf1327aa4 Cleaned up some documentation about admin URLs in Django 1.1. Thanks, Alex Gaynor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9892 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-24 01:10:26 +00:00
Jacob Kaplan-Moss 1f84630c87 Fixed #6470: made the admin use a URL resolver.
This *is* backwards compatible, but `admin.site.root()` has been deprecated. The new style is `('^admin/', include(admin.site.urls))`; users will need to update their code to take advantage of the new customizable admin URLs.

Thanks to Alex Gaynor.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@9739 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-14 20:22:25 +00:00
James Bennett 280236eacd Another place where we talked about Python versions.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9632 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-09 23:05:55 +00:00
Karen Tracey 1f69b11ef5 Fixed #9337 -- Use a link to Jython that actually works. Thanks admackin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9323 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-01 20:51:54 +00:00
Karen Tracey d4f4ab8535 Fixed #9487 -- Corrected several links into the Python docs that were broken by the recent Python docs refactor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9312 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-01 19:02:09 +00:00
Karen Tracey 8955a085a5 Fixed #9491 -- Added a missing 'the' in what to read next. Thanks mh983.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9310 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-01 18:04:36 +00:00
Malcolm Tredinnick e466d2ea53 Fixed #9257 -- Fixed a small mismatch in text in part 2 of the tutorial.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9134 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-05 06:19:06 +00:00
Adrian Holovaty 3b0bf9805d Fixed #9097 -- Fixed typo in tutorial04.txt. Thanks, zhe
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9041 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-16 05:30:48 +00:00
Russell Keith-Magee 7931da87ec Fixed #9059: Corrected some markup in tutorial 4 that incorrectly identified a template variable as a function. Thanks to zen for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9022 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-14 08:28:55 +00:00
Russell Keith-Magee a8d2810be5 Fixed #9048: Corrected markup typo in tutorial 4. Thanks to gkelly for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9021 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-14 08:15:22 +00:00
Adrian Holovaty 1b58b77f0d Edited docs changes from [9010] and [9011]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9014 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-11 03:32:28 +00:00
Simon Willison 868748e196 Fixed #9018
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9012 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-11 02:59:11 +00:00
Simon Willison bc5cddc5c5 Clarified the bit in the tutorial about creating your first admin.py - fixes #8891
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9011 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-11 02:57:31 +00:00
Simon Willison 1c78bf4b98 Small documentation tweaks, fixes #9000 - thanks, ramiro
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9010 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-11 02:43:32 +00:00
Adrian Holovaty 2dd4b949f5 Fixed #8986 -- Fixed typo in install.txt. Thanks, rduffield
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8993 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-09 19:09:05 +00:00
Adrian Holovaty 834a041e67 Fixed #8982 -- Removed funky character from whatsnext.txt. Thanks, Fernando Correia
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8986 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-09 01:43:17 +00:00
James Bennett aea34087ef Fixed #8811: Corrected URL example in tutorial part 2
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8906 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-03 04:43:57 +00:00
Jacob Kaplan-Moss 24d7b49849 Fixed #8496: added a note about admindocs to the project template and the tutorial. Thanks, ericvw.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8859 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 16:52:42 +00:00
Jacob Kaplan-Moss 23f012dbfa Cleaned up a bunch of minor doc stuff:
* Removed flatpages/redirects README; no other contrib apps have those.
  * Cleaned up top-level README to be more readable.
  * Removed outdated references to old docs (Fixes #8701)

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8857 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 16:42:13 +00:00
Jacob Kaplan-Moss 64a9469127 Fixed #8753: converted "new in ..." callouts to proper Sphinx "versionadded/versionchanged" directives. Thanks to Marc Fargas for all the heavy lifting here.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8843 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 03:40:42 +00:00
James Bennett ac418c979f Fixed #8581: Corrected example of "grep" to search docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8736 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-30 05:35:18 +00:00
Russell Keith-Magee 5c43a0a43f Fixed #8406: Corrected some expected output to use repr format. Thanks to arien for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8658 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-28 13:40:20 +00:00
Russell Keith-Magee 369b4270fa Fixed #8581: Updated the suggested command for a low-tech documentation search. Thanks to Manuel Saelices for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8654 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-28 11:46:34 +00:00
Gary Wilson Jr c2ba59fc1d Removed oldforms, validators, and related code:
* Removed `Manipulator`, `AutomaticManipulator`, and related classes.
 * Removed oldforms specific bits from model fields:
   * Removed `validator_list` and `core` arguments from constructors.
   * Removed the methods:
     * `get_manipulator_field_names`
     * `get_manipulator_field_objs`
     * `get_manipulator_fields`
     * `get_manipulator_new_data`
     * `prepare_field_objs_and_params`
     * `get_follow`
   * Renamed `flatten_data` method to `value_to_string` for better alignment with its use by the serialization framework, which was the only remaining code using `flatten_data`.
 * Removed oldforms methods from `django.db.models.Options` class: `get_followed_related_objects`, `get_data_holders`, `get_follow`, and `has_field_type`.
 * Removed oldforms-admin specific options from `django.db.models.fields.related` classes: `num_in_admin`, `min_num_in_admin`, `max_num_in_admin`, `num_extra_on_change`, and `edit_inline`.
 * Serialization framework
   * `Serializer.get_string_value` now calls the model fields' renamed `value_to_string` methods.
   * Removed a special-casing of `models.DateTimeField` in `core.serializers.base.Serializer.get_string_value` that's handled by `django.db.models.fields.DateTimeField.value_to_string`.
 * Removed `django.core.validators`:
   * Moved `ValidationError` exception to `django.core.exceptions`.
   * For the couple places that were using validators, brought over the necessary code to maintain the same functionality.
 * Introduced a SlugField form field for validation and to compliment the SlugField model field (refs #8040).
 * Removed an oldforms-style model creation hack (refs #2160).

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8616 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-27 07:19:44 +00:00
Brian Rosner 05a4439581 Fixed #8560 -- Corrected a typo in a comment of docs/intro/tutorial02.txt to be consistent with the change in [8432]. Thanks ramiro for catching this.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8585 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-26 17:44:04 +00:00
Malcolm Tredinnick c849fcc66d Fixed #8558 -- Removed a stray line in tutorial 2 left over from when it was
rewritten for the new admin.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8584 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-26 16:55:37 +00:00
Jacob Kaplan-Moss 30de7331d4 Fixed #8326: added documentation about running Django on Jython. Docs originally written by Leo Soto, and then cleaned up a bit by me.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8582 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-26 15:52:21 +00:00
Malcolm Tredinnick af83b650be Fixed #8150 -- Updated a reference to creating an admin class in the overview
document. Based on a patch from mk.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8574 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-26 07:11:14 +00:00
Jacob Kaplan-Moss 7e06b69a3d Removed outdated "adminindex" command -- the same behavior is now far easier and better done in a template, or perhaps a custom `AdminSite.index` function. Refs #5500.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8548 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 18:53:18 +00:00
Jacob Kaplan-Moss e3df35478d Converted some images in the docs that claimed to be PNGs, but weren't.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8541 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 16:24:41 +00:00
Jacob Kaplan-Moss 97cb07c3a1 Massive reorganization of the docs. See the new docs online at http://docs.djangoproject.com/.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8506 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 22:25:40 +00:00