Commit Graph

157 Commits

Author SHA1 Message Date
Anssi Kääriäinen a4e97cf315 Fixed #19707 -- Reset transaction state after requests 2013-02-10 13:55:54 +02:00
Aymeric Augustin 720888a146 Fixed #15808 -- Added optional HttpOnly flag to the CSRF Cookie.
Thanks Samuel Lavitt for the report and Sascha Peilicke for the patch.
2013-02-07 09:48:08 +01:00
Tim Graham ee26797cff Fixed typos in docs and comments 2013-01-29 10:55:55 -07:00
Aymeric Augustin 50a985b09b Fixed #19099 -- Split broken link emails out of common middleware. 2013-01-15 17:41:45 +01:00
Claude Paroz bcdb4898ca Fixed #19488 -- Made i18n_patterns redirect work with non-slash-ending paths
Thanks Daniel Gerzo for the report and the initial patch.
2013-01-11 21:27:51 +01:00
Aymeric Augustin 641acf76e7 Removed IGNORABLE_404_STARTS/ENDS settings. 2012-12-29 21:59:07 +01:00
Aymeric Augustin 1c8be95a86 Prevented caching of streaming responses.
The test introduced in 4b278131 accidentally passed because of a
limitation of Python < 3.3.

Refs #17758, #7581.
2012-12-24 20:28:07 +01:00
Claude Paroz c0efbc7b53 Fixed #19347 -- Removed unused variable definition in FetchFromCacheMiddleware
Thanks gregplaysguitar at gmail.com for the report.
2012-12-01 13:52:26 +01:00
Aymeric Augustin 973f539ab8 Fixed #15152 -- Avoided crash of CommonMiddleware on broken querystring 2012-11-03 21:28:33 +01:00
Aymeric Augustin 4b27813198 Fixed #7581 -- Added streaming responses.
Thanks mrmachine and everyone else involved on this long-standing ticket.
2012-10-20 20:05:11 +02:00
Claude Paroz 26ff2be787 Imported getLogger directly from logging module
This was a remainder of some 2.4 compatibility code.
2012-09-20 21:03:24 +02:00
Collin Anderson f416ea9c8d fixed rfc comment typo in middleware/csrf.py 2012-09-10 12:11:24 -03:00
Claude Paroz d774ad752d [py3] Made csrf context processor return Unicode 2012-08-13 11:54:21 +02:00
Aymeric Augustin e84f79f051 Fixed #18042 -- Advanced deprecation warnings.
Thanks Ramiro for the patch.
2012-05-03 15:27:01 +02:00
Jannis Leidel 126d9e1b49 Fixed #17817 -- Modified LocalMiddleware to use full URLs when redirecting to i18n URLs. Thanks to Paul for keeping an eye on the standards.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17633 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-02 22:35:26 +00:00
Jannis Leidel 746987f916 Fixed #17734 -- Made sure to only redirect translated URLs if they can actually be resolved to prevent unwanted redirects. Many thanks to Orne Brocaar and Anssi Kääriäinen for input.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17621 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-02 11:07:36 +00:00
Jannis Leidel 7dd0ceba2e Fixed #17720 -- Stopped the LocaleMiddleware from overeagerly using the request path for language activation if it's actually not wanted. Thanks to Anssi Kääriäinen for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17547 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-18 13:37:30 +00:00
Adrian Holovaty 7981efe04f Documentation (and some small source code) edits from [17432] - [17537]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17540 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-17 20:04:11 +00:00
Paul McMillan a77679dfaa Fixes #16827. Adds a length check to CSRF tokens before applying the santizing regex. Thanks to jedie for the report and zsiciarz for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17500 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-11 04:18:15 +00:00
Jannis Leidel f0a1633425 Fixed #17358 -- Updated logging calls to use official syntax for arguments instead of string interpolation. Thanks, spulec.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17480 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-09 18:58:36 +00:00
Jannis Leidel b926765a7c Fixed #16035 -- Appended the Etag response header if the GZipMiddleware is in use to follow RFC2616 better. Thanks, ext and dracos2.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17471 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-09 18:57:13 +00:00
Aymeric Augustin 4288c8831b Fixed #10762, #17514 -- Prevented the GZip middleware from returning a response longer than the original content, allowed compression of non-200 responses, and added tests (there were none). Thanks cannona for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17365 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-01-09 21:42:03 +00:00
Aymeric Augustin e2f9c11736 Fixed #16705 - Made the test client adhere to the WSGI spec -- in particular, removed the assumption that environ['QUERY_STRING'] exists.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16933 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-06 20:39:15 +00:00
Jannis Leidel bce890ace4 Fixed #16584 -- Fixed a bunch of typos in code comments. Thanks, Bernhard Essl.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16598 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-12 14:14:15 +00:00
Jannis Leidel 24f4764a48 Fixed #16225 -- Removed unused imports. Many thanks to Aymeric Augustin for the work on the patch and Alex for reviewing.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16539 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-13 09:35:51 +00:00
Jannis Leidel 43cb78fafd Fixed #14506 -- Added an assertion to XViewMiddleware about the dependency on the authentication middleware. Thanks, vanschelven.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16496 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-03 17:56:25 +00:00
Jannis Leidel 896e3c69c7 Fixed #11585 -- Added ability to translate and prefix URL patterns with a language code as an alternative method for language discovery. Many thanks to Orne Brocaar for his initial work and Carl Meyer for feedback.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16405 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-15 17:29:10 +00:00
Luke Plant 524c5fa07a Fixed #14261 - Added clickjacking protection (X-Frame-Options header)
Many thanks to rniemeyer for the patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16298 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30 22:27:47 +00:00
Adrian Holovaty d7036e52ab Made some small tweaks/fixes to documentation from IGNORABLE_404_URLS changeset [16160]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16275 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-24 18:39:28 +00:00
Luke Plant cb060f0f34 Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requests
Thanks to brodie for the report, and further input from tow21

This is a potentially backwards incompatible change - if you were doing
PUT/DELETE requests and relying on the lack of protection, you will need to
update your code, as noted in the releaste notes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16201 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:45:54 +00:00
Luke Plant 8cbcf1d3a6 Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF cookie
Thanks to cfattarsi for the report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:22 +00:00
Luke Plant 171df93170 Fixed #15954 - New IGNORABLE_404_URLS setting that allows more powerful filtering of 404s to ignore
Thanks to aaugustin for implementing this.

(Technically this doesn't fix the original report, as we've decided against
having *any* default values, but the new feature makes it possible, and the
docs have an example addressing #15954).

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-05 20:49:26 +00:00
Luke Plant 8823021625 Removed deprecated CsrfResponseMiddleware, and corresponding tests and docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15949 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-30 17:34:26 +00:00
Luke Plant 21ef64e34c Removed Django 1.1 fallback for CSRF checks.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15948 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-30 17:34:14 +00:00
Adrian Holovaty 13864703bc Removed a bunch more Python 2.4 workarounds now that we don't support that version. Refs #15702 -- thanks to jonash for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15927 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-28 02:11:19 +00:00
Adrian Holovaty 3e18969bcb Fixed #15635 -- Converted two legacy old-style raise statements. Thanks, DaNmarner
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15917 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-26 03:30:48 +00:00
Luke Plant 243d0bec19 Fixed #15617 - CSRF referer checking too strict
Thanks to adam for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15840 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-15 20:37:09 +00:00
Jannis Leidel f6c991667f Fixed #4992 -- Respect the GET request query string when creating cache keys. Thanks PeterKz and guettli for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15705 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-02 12:47:36 +00:00
Luke Plant dbe6ced0d6 Fixed #717 - If-Modified-Since handling should compare dates according to RFC 2616
Thanks to Maniac for the report, julienb for the initial patch, and
especially to aaugustin for the final patch and tests.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15696 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-01 14:28:06 +00:00
Luke Plant e57e296167 Corrected logging call in CSRF middleware
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15623 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 23:00:44 +00:00
Carl Meyer 969217d455 Fixed #15260 -- Ensured that CACHE_MIDDLEWARE_ANONYMOUS_ONLY is effective with the cache_page decorator, not only the middleware. Thanks to brodie for report and draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15559 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-17 04:35:26 +00:00
Alex Gaynor 208630aa4b Fixed a security issue in the CSRF component. Disclosure and new release forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15464 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-09 02:06:27 +00:00
Carl Meyer 00fda7f45d Fixed #13283 -- Corrected CACHE_MIDDLEWARE_ANONYMOUS_ONLY's bad habit of setting Vary: Cookie on all responses and destroying cache efficiency. Thanks to natrius for the fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15381 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-01 00:20:31 +00:00
Russell Keith-Magee 4bb1b2304d Fixed #15187 -- Ensure that missing page emails aren't sent when running under debug. Thanks to Dan Carroll for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15363 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-30 13:11:45 +00:00
Russell Keith-Magee 3f528e10d5 Fixed #15012 -- Added post-rendering callbacks to TemplateResponse so that decorators (in particular, the cache decorator) can defer processing until after rendering has occurred. Thanks to Joshua Ginsberg for the draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15295 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-24 14:24:35 +00:00
Russell Keith-Magee fe581013b0 Fixed #15144 -- Corrected some problems with the Cache middleware when used with multiple cache settings. Thanks to Jim Dalton for the report, and to Jim and Joshua Ginsberg for the work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15285 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-24 06:36:31 +00:00
Luke Plant c0dd2babb1 Fixed sending mail on 404s to fail silently.
A failure in the e-mail system should not turn a 404 into a 500.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15145 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-04 04:01:37 +00:00
Russell Keith-Magee b22415214a Beefed up the tests for multi-cache handling of the cache middleware and view decorators, and made a couple of tweaks for edge cases as a result.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15021 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-22 07:52:44 +00:00
Russell Keith-Magee 673e6fc7fb Fixed #11675 -- Added support for the PyLibMC cache library. In order to support this, and clean up some other 1.3 caching additions, this patch also includes some changes to the way caches are defined. This means you can now have multiple caches, in the same way you have multiple databases. A huge thanks to Jacob Burch for the work on the PyLibMC backend, and to Jannis for his work on the cache definition changes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15005 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-21 15:19:19 +00:00
Alex Gaynor 352deb0915 Fixed #14559 -- corrected some typos and misleading docstrings. Thanks to Gabriel Hurley for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14441 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-02 18:30:00 +00:00