innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
7,443 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

4809 Commits

Author SHA1 Message Date
Luke Plant d0b900e6f5 Slight change to CSRF error messages to make debugging easier. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-27 14:04:21 +00:00
Luke Plant c2ffe94d9a Removed unused import. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11664 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-27 00:49:33 +00:00
Luke Plant 7230a995ce Moved contrib.csrf.* to core code. 
There is stub code for backwards compatiblity with Django 1.1 imports.

The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-27 00:36:34 +00:00
Luke Plant 8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default. 
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-26 23:23:07 +00:00
Jacob Kaplan-Moss d1da261417 Fixed #11371: Made `django.test.Client.put()` work for non-form-data PUT (i.e. JSON, etc.). Thanks, phyfus. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11656 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-26 15:02:54 +00:00
Jarek Zgoda e32b042d6b Polish translation updated 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11655 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-25 20:09:49 +00:00
Karen Tracey c54b8ec2f5 Fixed #12079: Changed has_results to get a single result, thus preventing exists() from always returning True on backends that support chunked reads. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11654 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-25 16:32:07 +00:00
Luke Plant a02a6fab66 Fixed #9163 - CsrfMiddleware needs to reset ETag header 
Thanks to carljm for report and patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11650 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-24 10:45:58 +00:00
Luke Plant c44fdf6a1e Fixed #12067 - check_dependencies in contrib.admin.sites not triggered using new style admin include 
Thanks to robhudson for report and patch.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11648 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-24 10:13:24 +00:00
Luke Plant 2b2f92ae8e Fixed a bug in r11646 - refs #11402 
The one line of code not covered by a test... ;-)


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11647 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-24 00:37:01 +00:00
Jacob Kaplan-Moss b79702b2de Fixed #11402: added a `QuerySet.exists()` method. Thanks, Alex Gaynor. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11646 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-24 00:28:39 +00:00
Brian Rosner 0d1177ae99 Moved _get_foreign_key call after testing for fk_name fixing a broken test. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11643 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-23 20:47:29 +00:00
Jacob Kaplan-Moss 8be1bb2268 Fixed #11625: added comment moderation via admin actions. 
This is BACKWARDS INCOMPATIBLE if you were using the completely undocumented moderation view from 1.1. That view's been removed in favor of the admin actions.

Thanks, Thejaswi Puthraya.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11639 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-23 19:22:31 +00:00
Luke Plant 162fade2b7 Fixed #12060 - equality tests between User and SimpleLazyObject-wrapped User failed. 
Also added more tests for SimpleLazyObject

Thanks to ericholscher for report.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11637 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-20 14:11:08 +00:00
Luke Plant c6e8e5d9f0 Fixed non-standard introspection support in LazyObject. 
LazyObject called a public method ``get_all_members`` on wrapped objects in
order to allow introspection.  This could easily cause name clashes with
existing methods on wrapped objects, and so has been changed to use the
standard methods.  This could be slightly backwards-incompatible, in obscure
cases, if the undocumented LazyObject has been used externally.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11636 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-19 21:48:06 +00:00
Luke Plant 22be3d7612 Fixed #12049 - LazyObject-wrapped User breaks queries in template tags 
Thanks to chipx86 for the report and patch.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11634 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-19 21:13:22 +00:00
Brian Rosner cb7a3262b5 Moved the call to _get_foreign_key to run in all cases catching incorrect inline setup sooner. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11631 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-19 19:17:20 +00:00
Brian Rosner 5fc35c9caf Fixed #11709 — Pass inline fk_name attribute when grabbing foreign key to test for exclusion. Thanks yishaibeeri for the report. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11630 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-19 19:17:07 +00:00
Justin Bronn 69535b7b13 The `OGRGeometry.coord_dim` property may now be set; implemented a work-around for an OGR bug that changed geometries to 3D after transformation. Refs #11433. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-17 17:32:25 +00:00
Luke Plant e5ab340d17 Licence block for code added in r11586 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11627 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-15 20:25:20 +00:00
Luke Plant a2d8acbacd Fixed a regression on Python 2.6 caused by r11623 
This might fix #12037, but I cannot reproduce that bug.
Refs #12037



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11625 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-15 14:12:34 +00:00
Luke Plant c161bf21f0 Fixed #6552, #12031 - Make django.core.context_processors.auth lazy to avoid "Vary: Cookie" 
Thanks to olau@iola.dk, Suor for the report



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11623 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-14 18:09:13 +00:00
Jacob Kaplan-Moss b30cba4e2b Fixed #11993: fixed the the `floatformat` filter on `NaN` values in Python 2.6.3. Thanks, kklimonda. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11619 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-12 16:53:23 +00:00
Luke Plant c46ddbf1fc Fixed #8274 - allow custom forms for auth 'login' and 'password_change' views 
Thanks to julien for the suggestion and patch, and SmileyChris for work on the patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11618 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-12 15:32:24 +00:00
Jacob Kaplan-Moss 9f8287a3f1 SECURITY ALERT: Corrected regular expressions for URL and email fields. 
Certain email addresses/URLs could trigger a catastrophic backtracking situation, causing 100% CPU and server overload. If deliberately triggered, this could be the basis of a denial-of-service attack.

This security vulnerability was disclosed in public, so we're skipping our
normal security release process to get the fix out as soon as possible.

This is a security related update. A full announcement, as well as backports for the 1.1.X and 1.0.X series will follow.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11603 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-09 20:57:59 +00:00
Russell Keith-Magee 8aee95ca3e Fixed #11995 -- Modified the admin site definition for comments so that users are shown as a raw id list. Thanks to James Bennett for the report and patch. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11601 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-08 13:30:31 +00:00
Luke Plant 175ab92d6b Removed some unused code and improved docstring on auto_adapt_to_methods 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11600 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-01 16:15:27 +00:00
Luke Plant 6e3a72585a Added 'key_prefix' keyword argument to cache_page() 
This was available before r11586, but undocumented.  It has now been
re-added with documentation and explicit support, as it seems like a useful
feature and people were using it before.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11595 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-28 21:54:54 +00:00
Luke Plant a97648a7e0 Corrected regressions introduced in r11586 and r11593 
I read the order of arguments in the docs incorrectly, doh!


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11594 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-26 19:39:42 +00:00
Luke Plant d6c2286712 Improved error messages when people use cache_page in undocumented and now unsupported ways. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11593 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-23 23:47:53 +00:00
Luke Plant 0a7dc8d590 Fixed typo in docstring for decorator_from_middleware_with_args. 
Thanks for the report, kmike



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11590 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-22 21:21:51 +00:00
Luke Plant af02f38e02 Rewrote user_passes_test to use auto_adapt_to_methods, removing the need for _CheckLogin 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11587 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-21 22:34:45 +00:00
Luke Plant afeafcd492 Fixed #6371 - several decorators don't work with bound methods. 
This involved changing the way the internal function
decorator_from_middleware works slightly, breaking some code that relied on
the old behaviour.  As a result, it is much simpler, but cache_page has been
made slightly more complex to cope with the change.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11586 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-21 22:31:51 +00:00
Russell Keith-Magee d56c1ab7f0 Fixed #11886 -- Corrected handling of F() expressions that use parentheses. Thanks to Brent Hagany for the report. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11581 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-16 12:09:47 +00:00
Justin Bronn 62180a6b44 Fixed #11827: Can now calculate extent in Oracle on tables with one point. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11577 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-13 17:40:46 +00:00
Russell Keith-Magee 85d4baae39 Fixed #11746 -- Marked a string for translation in the FR localflavor. Thanks to iapain for the report and patch. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11552 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-13 04:40:17 +00:00
Russell Keith-Magee 7ae2f70722 Fixed #11862 -- Corrected an error in the Hebrew translation. Thanks to Adam Rimon for the fix. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11550 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-13 03:09:35 +00:00
Russell Keith-Magee d2321e37eb Fixed #11660 -- Corrected the CONTENT_TYPE and CONTENT_LENGTH headers provided by the mod_python handler. Thanks to Nowell Strite and Tareque Hossain for the report and fix. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11528 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-12 21:28:01 +00:00
Justin Bronn 1aef132090 Fixed #11624: `render_to_kmz` no longer balks on non-ASCII data. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11527 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-12 18:35:08 +00:00
Joseph Kocherhans 677ddcbb04 Fixed #10752. Added more advanced bash completion. Thanks, Arthur Koziel. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11526 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-11 23:15:59 +00:00
Luke Plant 7c53c2618d Fixed #10968 - Form.errors should use Form.error_class. 
Thanks for report and initial patch, matehat.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11498 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-11 10:47:40 +00:00
Luke Plant 4decf03f9c Fixed #11502 - wrong escaping in admin. 
Thanks Tomasz Elendt.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11497 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-11 09:42:17 +00:00
Luke Plant 49cf7f4a51 Fixed Widget.__init__() for Python 2.6 and greater. Refs #11703 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11496 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-11 09:08:07 +00:00
Jacob Kaplan-Moss c33355d86a As long as we're micro-optomizing, do it right -- using map() shaves another dozen or so seconds off the test suite run time. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11495 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-10 22:49:05 +00:00
Jacob Kaplan-Moss 9d1a7c203c Micro-optomization to SortedDict.values(). Yes, it looks silly, but it shaves 30 seconds (5%) off the run time of the test suite. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11494 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-10 22:23:24 +00:00
Luke Plant 84ef9dabfa Fixed #11061: Malformed POST request causes TypeError in AdminSite.login(). 
Thanks vvd


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11493 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-10 16:50:57 +00:00
Luke Plant d18dace8eb Fixed #11703: Added missing Super calls to 2 widget classes. 
Thanks Rupe



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11491 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-10 16:30:41 +00:00
Luke Plant 18a67e1069 Fixed #11591: invalid HTML in tabular.html. 
Thanks rlaager(at)wiktel.com



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11489 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-10 16:12:08 +00:00
Luke Plant 976b18a494 Fixed #11252: Invalid XHTML when filtering a paginated list. 
Thanks daemondazz


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11486 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-10 15:36:33 +00:00
Luke Plant bdde46de63 Fixed #10950 - unused import. 
Thanks dc


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11485 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-09-10 15:27:44 +00:00