Commit Graph

185 Commits

Author SHA1 Message Date
Milton Mazzarri cbc7cbbc5b Fixed flake8 E251 violations 2013-11-03 03:22:11 -06:00
coagulant 3bc0d46a84 Fixed all E261 warnings 2013-11-02 18:20:39 -04:00
Alex Gaynor 7548aa8ffd More attacking E302 violators 2013-11-02 13:12:09 -07:00
Tim Graham 36ded01527 Fixed #21302 -- Fixed unused imports and import *. 2013-11-02 15:24:56 -04:00
Bouke Haarsma 6107435386 Fixed #21324 -- Translate CSRF failure view
Thanks to Claude Paroz for the original patch.
2013-11-02 11:22:30 +01:00
Bouke Haarsma 0d0f4f020a Fixed #5789 -- Changed LocaleMiddleware session variable to '_language'.
The old 'django_language' variable will still be read from in order
to migrate users. The backwards-compatability shim will be removed in
Django 1.8.

Thanks to jdunck for the report and stugots for the initial patch.
2013-10-22 09:24:42 -04:00
Alasdair Nicol b289fcf1bf Fixed #21288 -- Fixed E126 pep8 warnings 2013-10-21 08:31:30 -04:00
Tim Graham ac4fec5ca2 Fixed bug causing CSRF token not to rotate on login.
Thanks Gavin McQuillan for the report.
2013-10-18 08:31:19 -04:00
Unai Zalakain c7634cd7fe Fixed #7603 -- Added a 'scheme' property to the HttpRequest object
`HttpRequest.scheme` is `https` if `settings.SECURE_PROXY_SSL_HEADER` is
appropriately set and falls back to `HttpRequest._get_scheme()` (a hook
for subclasses to implement) otherwise.

`WSGIRequest._get_scheme()` makes use of the `wsgi.url_scheme` WSGI
environ variable to determine the request scheme.

`HttpRequest.is_secure()` simply checks if `HttpRequest.scheme` is
`https`.

This provides a way to check the current scheme in templates, for example.
It also allows us to deal with other schemes.

Thanks nslater for the suggestion.
2013-10-15 09:04:12 -04:00
Tim Graham cec11a3336 Used "is" for comparisons with None. 2013-10-10 09:35:56 -04:00
Emil Stenström 7a97df190c Fixed #19277 -- Added LocaleMiddleware.response_redirect_class
Thanks ppetrid at yawd.eu for the suggestion.
2013-10-03 16:15:29 -04:00
Curtis Maloney 07876cf02b Deprecated SortedDict (replaced with collections.OrderedDict)
Thanks Loic Bistuer for the review.
2013-08-04 07:09:39 -04:00
Aymeric Augustin acd7b34aaf Advanced deprecation warnings for Django 1.7. 2013-06-29 18:49:37 +02:00
Aymeric Augustin ffcf24c9ce Removed several unused imports. 2013-06-19 17:18:40 +02:00
Ramiro Morales 0fa8d43e74 Replaced `and...or...` constructs with PEP 308 conditional expressions. 2013-05-26 23:47:50 -03:00
Claude Paroz f940e564e4 Fixed #20099 -- Eased subclassing of BrokenLinkEmailsMiddleware
Thanks Ram Rachum for the report and the initial patch, and Simon
Charette for the review.
2013-05-25 12:10:53 +02:00
Vlastimil Zíma 6de81d65f4 Fixed #14825 -- LocaleMiddleware keeps language
* LocaleMiddleware stores language into session if it is not present there.
2013-05-25 10:52:54 +02:00
Andrew Godwin 1514f17aa6 Rotate CSRF token on login 2013-05-24 22:15:08 +01:00
Łukasz Langa 660762681c Fixed #20126 -- XViewMiddleware moved to django.contrib.admindocs.middleware 2013-05-19 13:18:35 +02:00
Łukasz Langa 26e3e7ecb5 Fixed #11915: generic Accept-Language matches country-specific variants 2013-05-19 12:50:09 +02:00
Łukasz Langa bd97f7d0cb Fixed #15201: Marked CACHE_MIDDLEWARE_ANONYMOUS_ONLY as deprecated 2013-05-18 17:38:32 +02:00
Olivier Sels 63a9555d57 Fixed #19436 -- Don't log warnings in ensure_csrf_cookie. 2013-05-18 16:17:46 +02:00
Claude Paroz 8fd44b2551 Fixed #20356 -- Prevented crash when HTTP_REFERER contains non-ascii
Thanks srusskih for the report and Aymeric Augustin for the review.
2013-05-18 12:39:11 +02:00
Aymeric Augustin ac37ed21b3 Deprecated TransactionMiddleware and TRANSACTIONS_MANAGED.
Replaced them with per-database options, for proper multi-db support.

Also toned down the recommendation to tie transactions to HTTP requests.
Thanks Jeremy for sharing his experience.
2013-03-11 15:04:05 +01:00
Aymeric Augustin 3bdc7a6a70 Deprecated transaction.is_managed().
It's synchronized with the autocommit flag.
2013-03-11 14:48:54 +01:00
Aymeric Augustin 7aacde84f2 Made transaction.managed a no-op and deprecated it.
enter_transaction_management() was nearly always followed by managed().

In three places it wasn't, but they will all be refactored eventually.
The "forced" keyword argument avoids introducing behavior changes until
then.

This is mostly backwards-compatible, except, of course, for managed
itself. There's a minor difference in _enter_transaction_management:
the top self.transaction_state now contains the new 'managed' state
rather than the previous one. Django doesn't access
self.transaction_state in _enter_transaction_management.
2013-03-11 14:48:53 +01:00
Aymeric Augustin aa089b106b Fixed #5241 -- Kept active transalation in LocaleMiddleware.process_response. 2013-02-28 14:21:48 +01:00
Łukasz Langa 539900f117 Fixes #17866: Vary: Accept-Language header when language prefix used 2013-02-23 19:41:33 +01:00
Anssi Kääriäinen a4e97cf315 Fixed #19707 -- Reset transaction state after requests 2013-02-10 13:55:54 +02:00
Aymeric Augustin 720888a146 Fixed #15808 -- Added optional HttpOnly flag to the CSRF Cookie.
Thanks Samuel Lavitt for the report and Sascha Peilicke for the patch.
2013-02-07 09:48:08 +01:00
Tim Graham ee26797cff Fixed typos in docs and comments 2013-01-29 10:55:55 -07:00
Aymeric Augustin 50a985b09b Fixed #19099 -- Split broken link emails out of common middleware. 2013-01-15 17:41:45 +01:00
Claude Paroz bcdb4898ca Fixed #19488 -- Made i18n_patterns redirect work with non-slash-ending paths
Thanks Daniel Gerzo for the report and the initial patch.
2013-01-11 21:27:51 +01:00
Aymeric Augustin 641acf76e7 Removed IGNORABLE_404_STARTS/ENDS settings. 2012-12-29 21:59:07 +01:00
Aymeric Augustin 1c8be95a86 Prevented caching of streaming responses.
The test introduced in 4b278131 accidentally passed because of a
limitation of Python < 3.3.

Refs #17758, #7581.
2012-12-24 20:28:07 +01:00
Claude Paroz c0efbc7b53 Fixed #19347 -- Removed unused variable definition in FetchFromCacheMiddleware
Thanks gregplaysguitar at gmail.com for the report.
2012-12-01 13:52:26 +01:00
Aymeric Augustin 973f539ab8 Fixed #15152 -- Avoided crash of CommonMiddleware on broken querystring 2012-11-03 21:28:33 +01:00
Aymeric Augustin 4b27813198 Fixed #7581 -- Added streaming responses.
Thanks mrmachine and everyone else involved on this long-standing ticket.
2012-10-20 20:05:11 +02:00
Claude Paroz 26ff2be787 Imported getLogger directly from logging module
This was a remainder of some 2.4 compatibility code.
2012-09-20 21:03:24 +02:00
Collin Anderson f416ea9c8d fixed rfc comment typo in middleware/csrf.py 2012-09-10 12:11:24 -03:00
Claude Paroz d774ad752d [py3] Made csrf context processor return Unicode 2012-08-13 11:54:21 +02:00
Aymeric Augustin e84f79f051 Fixed #18042 -- Advanced deprecation warnings.
Thanks Ramiro for the patch.
2012-05-03 15:27:01 +02:00
Jannis Leidel 126d9e1b49 Fixed #17817 -- Modified LocalMiddleware to use full URLs when redirecting to i18n URLs. Thanks to Paul for keeping an eye on the standards.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17633 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-02 22:35:26 +00:00
Jannis Leidel 746987f916 Fixed #17734 -- Made sure to only redirect translated URLs if they can actually be resolved to prevent unwanted redirects. Many thanks to Orne Brocaar and Anssi Kääriäinen for input.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17621 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-02 11:07:36 +00:00
Jannis Leidel 7dd0ceba2e Fixed #17720 -- Stopped the LocaleMiddleware from overeagerly using the request path for language activation if it's actually not wanted. Thanks to Anssi Kääriäinen for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17547 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-18 13:37:30 +00:00
Adrian Holovaty 7981efe04f Documentation (and some small source code) edits from [17432] - [17537]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17540 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-17 20:04:11 +00:00
Paul McMillan a77679dfaa Fixes #16827. Adds a length check to CSRF tokens before applying the santizing regex. Thanks to jedie for the report and zsiciarz for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17500 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-11 04:18:15 +00:00
Jannis Leidel f0a1633425 Fixed #17358 -- Updated logging calls to use official syntax for arguments instead of string interpolation. Thanks, spulec.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17480 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-09 18:58:36 +00:00
Jannis Leidel b926765a7c Fixed #16035 -- Appended the Etag response header if the GZipMiddleware is in use to follow RFC2616 better. Thanks, ext and dracos2.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17471 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-09 18:57:13 +00:00
Aymeric Augustin 4288c8831b Fixed #10762, #17514 -- Prevented the GZip middleware from returning a response longer than the original content, allowed compression of non-200 responses, and added tests (there were none). Thanks cannona for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17365 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-01-09 21:42:03 +00:00