Commit Graph

18 Commits

Author SHA1 Message Date
Russell Keith-Magee ccc49029b8 Fixed #14181 -- Added a template tag and filters to allow localization to be disabled in a template. Thanks to Benjamin Wohlwend for the work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14395 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-29 16:48:58 +00:00
Russell Keith-Magee 44b9076bbe Fixed #6262 -- Added a cached template loader, and modified existing template loaders and tag to be cacheable. Thanks to Mike Malone for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11862 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-14 12:08:23 +00:00
Luke Plant 7230a995ce Moved contrib.csrf.* to core code.
There is stub code for backwards compatiblity with Django 1.1 imports.

The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:36:34 +00:00
Luke Plant 8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Russell Keith-Magee 8d48eaa064 Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:16:13 +00:00
Gary Wilson Jr 9ac3905f01 Fixed #10079 -- Moved settings import inside the function that uses it so that the module can be imported without needing settings, thanks kcarnold and mcroydon.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10209 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-30 20:15:01 +00:00
Jacob Kaplan-Moss c485e236bd Fixed #8193: all dynamic imports in Django are now done correctly. I know this because Brett Cannon borrowed the time machine and brought Python 2.7's '`importlib` back for inclusion in Django. Thanks for the patch-from-the-future, Brett!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10088 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-18 16:55:59 +00:00
Luke Plant ff486b9fba Fixed #3912 - Added simple type checking to template.Context.update() to help debugging broken context processors. Thanks Jeremy Dunck
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8181 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-01 21:37:38 +00:00
Adrian Holovaty abffdf5940 Negligible cleanups to django.template.context
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6975 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-22 19:32:54 +00:00
Malcolm Tredinnick 67373009e0 Fixed #4563 -- Context.pop/push/update return the top-level dictionary (the new
one for push() and update(), the one removed for pop()). Based on a patch from
Brian Harring.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6854 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-02 23:57:22 +00:00
Malcolm Tredinnick 356662cf74 Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359
See documentation in templates.txt and templates_python.txt for how everything
works.

Backwards incompatible if you're inserting raw HTML output via template variables.

Based on an original design from Simon Willison and with debugging help from Michael Radziej.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 12:58:53 +00:00
Russell Keith-Magee 50497e3867 Refs #5138 -- Refactored implementation of __contains__ in HttpRequest introduced in [6097] after a suggestion from Malcolm. Applied a similar refactor for MergeDict and Context which had comparable behavior.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6098 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-11 14:04:40 +00:00
Malcolm Tredinnick 439cb4047f Fixed #4040 -- Changed uses of has_key() to "in". Slight performance
improvement and forward-compatible with future Python releases. Patch from Gary
Wilson.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5091 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-26 13:30:48 +00:00
Malcolm Tredinnick 4d75c7aa6e Fixed #3071 -- added a {{{__contains__}}} method to the Context class. Thanks
akaihola.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@4480 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-10 09:02:00 +00:00
Adrian Holovaty 41d11a685f Fixed #2968 -- Changed arguments to __import__ to use empty dictionary instead of empty string, for stricter compliance with Python library reference. Thanks for the patch, Yasushi Masuda
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3951 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-10-30 20:50:27 +00:00
Russell Keith-Magee 6b383afd39 Fixes #1338, Refs #1400, #2237 -- Modified variable resolution to allow template 'if' statements to work if TEMPLATE_STRING_IF_INVALID is set. Modified unit tests to force the use of this variable, so that returning '' isn't confused with an actual failure.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3268 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-07-04 03:21:44 +00:00
Adrian Holovaty 2abfd5dd58 Fixed #2109 -- Convert old-style classes to new-style classes throughout Django. Thanks, Nicola Larosa
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3113 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-08 05:00:13 +00:00
Adrian Holovaty f69cf70ed8 MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-02 01:31:56 +00:00