Commit Graph

56 Commits

Author SHA1 Message Date
Olivier Sels 63a9555d57 Fixed #19436 -- Don't log warnings in ensure_csrf_cookie. 2013-05-18 16:17:46 +02:00
Julien Phalip 9180146d21 Fixed #19453 -- Ensured that the decorated function's arguments are obfuscated in the @sensitive_variables decorator's frame, in case the variables associated with those arguments were meant to be obfuscated from the decorated function's frame.
Thanks to vzima for the report.
2012-12-31 09:34:08 -08:00
Aymeric Augustin 130829334c Removed csrf_response_exempt and csrf_view_exempt. 2012-12-29 21:59:07 +01:00
Aymeric Augustin 2ecf56ea3f Removed legacy ways of calling cache_page. 2012-12-29 21:59:07 +01:00
Claude Paroz 6c2faaceb0 Made more extensive use of get_current_site
Refs #15089
2012-09-28 20:33:05 +02:00
Claude Paroz 26ff2be787 Imported getLogger directly from logging module
This was a remainder of some 2.4 compatibility code.
2012-09-20 21:03:24 +02:00
Julien Phalip f699641161 Fixed #17138 -- Made the sensitive_variables decorator work with object methods. 2012-06-03 23:44:13 -07:00
Aymeric Augustin e84f79f051 Fixed #18042 -- Advanced deprecation warnings.
Thanks Ramiro for the patch.
2012-05-03 15:27:01 +02:00
Jannis Leidel 55aa285a33 Fixed #17643 -- Set a better stack level for the cache_page decorator deprecation warnings. Thanks, zsiciarz.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17484 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-09 18:59:12 +00:00
Jannis Leidel f0a1633425 Fixed #17358 -- Updated logging calls to use official syntax for arguments instead of string interpolation. Thanks, spulec.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17480 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-09 18:58:36 +00:00
Jannis Leidel 4b71c9998e Fixed #15840 -- Wrapped inner function of the condition decorator with functools.wraps to follow best practices. Thanks, zsiciarz.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17470 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-09 18:57:06 +00:00
Jannis Leidel 24f4764a48 Fixed #16225 -- Removed unused imports. Many thanks to Aymeric Augustin for the work on the patch and Alex for reviewing.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16539 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-13 09:35:51 +00:00
Luke Plant 45e55b9143 Fixed #14614 - filtering of sensitive information in 500 error reports.
This adds a flexible mechanism for filtering what request/traceback
information is shown in 500 error emails and logs. It also applies
screening to some views known to be sensitive e.g. views that handle
passwords.

Thanks to oaylanc for the report and many thanks to Julien Phalip for the
patch and the rest of the work on this.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16339 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-08 22:18:46 +00:00
Luke Plant bb12a02bd8 Deprecated legacy ways of calling cache_page
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16338 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-08 11:12:01 +00:00
Luke Plant 524c5fa07a Fixed #14261 - Added clickjacking protection (X-Frame-Options header)
Many thanks to rniemeyer for the patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16298 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30 22:27:47 +00:00
Luke Plant b6c5f8060d Fixed #15354 - provide method to ensure CSRF token is always available for AJAX requests
Thanks to sayane for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 21:35:24 +00:00
Jannis Leidel 0b1a061881 Replaced old-style with new-style decorator syntax.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16138 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-01 16:46:02 +00:00
Jannis Leidel 086ab44336 Fixed #15637 -- Added a require_safe decorator for views to accept GET or HEAD. Thanks, aaugustin and Julien.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16115 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-28 13:04:16 +00:00
Luke Plant 16f6acdb89 Deprecated csrf_response_exempt and csrf_view_exempt decorators
With the removal of CsrfResponseMiddleware, csrf_response_exempt serves no
purposes, and csrf_exempt and csrf_view_exempt perform the same function.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15956 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-30 17:35:41 +00:00
Adrian Holovaty 13864703bc Removed a bunch more Python 2.4 workarounds now that we don't support that version. Refs #15702 -- thanks to jonash for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15927 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-28 02:11:19 +00:00
Luke Plant dbe6ced0d6 Fixed #717 - If-Modified-Since handling should compare dates according to RFC 2616
Thanks to Maniac for the report, julienb for the initial patch, and
especially to aaugustin for the final patch and tests.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15696 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-01 14:28:06 +00:00
Andrew Godwin 1ad644c0f0 Fixed #14929 -- Move gzip_page docstring to the right place. Thanks adamv.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15161 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-08 14:55:19 +00:00
Andrew Godwin f9fba51164 Fix a small docstring bug in the CSRF decorators.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15026 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-22 21:49:20 +00:00
Russell Keith-Magee 673e6fc7fb Fixed #11675 -- Added support for the PyLibMC cache library. In order to support this, and clean up some other 1.3 caching additions, this patch also includes some changes to the way caches are defined. This means you can now have multiple caches, in the same way you have multiple databases. A huge thanks to Jacob Burch for the work on the PyLibMC backend, and to Jannis for his work on the cache definition changes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15005 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-21 15:19:19 +00:00
Russell Keith-Magee 6770c36262 Fixed #14737 -- Moved the docstring comment for the cache_page decorator so it gets picked up as a docstring. Thanks to adamv for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14798 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-04 06:49:51 +00:00
Luke Plant 90ac02300e Fixed #14565 - No csrf_token on 404 page.
This solution doesn't have the negative side-effects of [14356].

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14377 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-28 11:47:15 +00:00
Russell Keith-Magee fea159282b Fixed #14406 -- Added a Python 2.4 compatibility to the logging interface. Thanks to Łukasz Rekucki for the report, and to Luke Plant for original patch this was based on.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13989 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-06 15:02:26 +00:00
Russell Keith-Magee 24acca4139 Fixed #12012 -- Added support for logging. Thanks to Vinay Sajip for his draft patch, and to the many people who gave feedback during development of the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13981 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-04 15:12:39 +00:00
Luke Plant 9d6eeeec39 Fixed #12019 - backwards compatibility issues with cache_page decorator.
Thanks to rokclimb15 for the report, and j4mie/rokclimb15 for the patches.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13864 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-21 19:32:22 +00:00
Russell Keith-Magee 5211f48ae3 Fixed #12164 -- Removed the Python 2.3 compatibility imports and workarounds. Thanks to timo and claudep for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13094 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-04 14:00:30 +00:00
Russell Keith-Magee 615eab6b02 Fixed #13093 -- Updated some decorators and the decorator_from_middleware function to allow callable classes to be decorated. Thanks to Brian Neal for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12762 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-12 13:06:13 +00:00
Luke Plant 4bff194633 Fixed #12804 - regression with decorating admin views.
This is a BACKWARDS INCOMPATIBLE change, because it removes the flawed
'auto_adapt_to_methods' decorator, and replaces it with 'method_decorator'
which must be applied manually when necessary, as described in the 1.2
release notes.

For users of 1.1 and 1.0, this affects the decorators:

 * login_required
 * permission_required
 * user_passes_test

For those following trunk, this also affects:

 * csrf_protect
 * anything created with decorator_from_middleware 

If a decorator does not depend on the signature of the function it is
supposed to decorate (for example if it only does post-processing of the
result), it will not be affected.
 



git-svn-id: http://code.djangoproject.com/svn/django/trunk@12399 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-09 15:02:39 +00:00
Luke Plant 7230a995ce Moved contrib.csrf.* to core code.
There is stub code for backwards compatiblity with Django 1.1 imports.

The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:36:34 +00:00
Luke Plant 6e3a72585a Added 'key_prefix' keyword argument to cache_page()
This was available before r11586, but undocumented.  It has now been
re-added with documentation and explicit support, as it seems like a useful
feature and people were using it before.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11595 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-28 21:54:54 +00:00
Luke Plant a97648a7e0 Corrected regressions introduced in r11586 and r11593
I read the order of arguments in the docs incorrectly, doh!


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11594 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-26 19:39:42 +00:00
Luke Plant d6c2286712 Improved error messages when people use cache_page in undocumented and now unsupported ways.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11593 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-23 23:47:53 +00:00
Luke Plant afeafcd492 Fixed #6371 - several decorators don't work with bound methods.
This involved changing the way the internal function
decorator_from_middleware works slightly, breaking some code that relied on
the old behaviour.  As a result, it is much simpler, but cache_page has been
made slightly more complex to cope with the change.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11586 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-21 22:31:51 +00:00
Malcolm Tredinnick d2a8bc5b40 Fixed #10681 -- Work around (by ignoring) invalid ETag headers.
This is a hack to work around problems in the Real World. Apparently, Opera
9.64 has been observed sending malformed headers. We now compromise our high
principles and simply ignore such bad behaviour.

Patch from Ivan Sagalaev.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10370 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-03 06:59:34 +00:00
Malcolm Tredinnick e5a8d9e810 A bunch of improvements for conditional HTTP processing.
Fixed some typos in the code (fixed #10586). Added more tests. Made the
tests compatible with Python 2.3. Improved the documentation by putting
the good news and common use-case right up front.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10134 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-24 03:01:46 +00:00
Malcolm Tredinnick 3bb68004ff Fixed #10581 -- Fixed conditional handling of If-Match headers.
The conditional processing decorator from r10114 wasn't parsing ETags
from an If-Match header correctly. Patch from Ivan Sagalaev (who also
did most of the work in r10114, before I rewrote parts of it and added
bonus bugs, although I forgot to thank him there).

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10116 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-22 23:16:03 +00:00
Malcolm Tredinnick b203db6ec8 Fixed #5791 -- Added early-bailout support for views (ETags and Last-modified).
This provides support for views that can have their ETag and/or Last-modified
values computed much more quickly than the view itself. Supports all HTTP
verbs (not just GET).

Documentation and tests need a little more fleshing out (I'm not happy with the
documentation at the moment, since it's a bit backwards), but the functionality
is correct.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10114 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-22 07:58:29 +00:00
Gary Wilson Jr 5ca0b9203b Fixed #5701 -- Fixed decorators to take the name, attributes, and docstring of the function they decorate by adding a modified version of the `functools.wraps` function from Python 2.5. `wraps` has been altered to work with Django's `curry` function and with Python 2.3, which doesn't allow assignment of a function's `__name__` attribute. This fixes severaly annoyances, such as the online documentation for template filters served by the admin app. This change is backwards incompatible if, for some reason, you were relying on the name of a Django decorator instead of the function it decorates.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7153 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-02-25 06:02:35 +00:00
Jacob Kaplan-Moss a926046ba6 Second half of little cleanup tweaks suggested by pyflakes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3414 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-07-21 20:39:17 +00:00
Adrian Holovaty 37addba352 Converted request.META['REQUEST_METHOD'] calls to request.method, throughout the Django codebase
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3171 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-20 04:34:13 +00:00
Adrian Holovaty a09682fd63 Fixed #2185 -- Changed django.views.decorators.http.require_http_methods decorator to use HttpResponseNotAllowed instead of HttpResponseForbidden
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3163 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-20 03:17:57 +00:00
Adrian Holovaty f69cf70ed8 MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-02 01:31:56 +00:00
Adrian Holovaty 8128f440ee Fixed #903 -- Added login_url argument to user_passes_test view decorator. Didn't add it to login_required decorator because that would turn login_required into a callable decorator, which would break backwards compatibility.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1440 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-11-26 07:20:07 +00:00
Jacob Kaplan-Moss f12e324332 Fixed #612 - added cache control headers (thanks, hugo)
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1020 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-10-29 17:00:20 +00:00
Jacob Kaplan-Moss e7c870c36e Fixed #703: added decorators to require that view be called with a given HTTP REQUEST_METHOD
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1016 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-10-28 01:30:30 +00:00
Adrian Holovaty 43ad69e24e Fixed #684 -- Fixed login_required and user_passes_test decorators. Thanks, rjwittams
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1004 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-10-23 22:42:44 +00:00