Luke Plant
8e70cef9b6
Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
...
This is a large change to CSRF protection for Django. It includes:
* removing the dependency on the session framework.
* deprecating CsrfResponseMiddleware, and replacing with a core template tag.
* turning on CSRF protection by default by adding CsrfViewMiddleware to
the default value of MIDDLEWARE_CLASSES.
* protecting all contrib apps (whatever is in settings.py)
using a decorator.
For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.
Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.
Details of the rationale for these changes is found here:
http://code.djangoproject.com/wiki/CsrfProtection
As of this commit, the CSRF code is mainly in 'contrib'. The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Luke Plant
18a67e1069
Fixed #11591 : invalid HTML in tabular.html.
...
Thanks rlaager(at)wiktel.com
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11489 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-10 16:12:08 +00:00
Karen Tracey
eaf1f7d6e3
Fixed #11534 : Improved wording for admin delete confirmation. Thanks hanksims and others who reported this.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11447 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-13 17:16:29 +00:00
Russell Keith-Magee
8d48eaa064
Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
...
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:16:13 +00:00
Russell Keith-Magee
708bc80ba6
Fixed #11271 -- Added a translation marker for the list_editable save button. Thanks to dc for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10931 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-06 13:43:44 +00:00
Jacob Kaplan-Moss
f7d01c49e9
Fixed #10651 : fixed a javascript error on the admin user add form. Thanks, seanl.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10714 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-08 12:57:57 +00:00
Russell Keith-Magee
e2d66e7d03
Fixed #10959 -- Changed the admin search button text to make it clearer in the UI, and to disambiguate during translation. Thanks to Ramiro Morales for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10678 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-05 22:26:01 +00:00
Russell Keith-Magee
9d28568cb4
Fixed #10275 -- Corrected the edge case of rendering a LogEntry with a contenttype of None. Thanks to Jarek Zgoda for the report, and Peter Bengtsson for the patch
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-05 11:52:03 +00:00
Russell Keith-Magee
80a54dd23b
Fixed #9362 -- Prevented inline forms from overwriting the content_type_id attribute on objets being inlined. Thanks to carljm for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10667 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-03 13:38:36 +00:00
Russell Keith-Magee
2c24bba934
Fixed #8903 -- Corrected rendering of admin inline formsets (tabular and stacked) when the inline model has a custom non-autofield primary key. Thanks to dgouldin for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10666 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-03 13:37:20 +00:00
Malcolm Tredinnick
86b6db591c
Fixed #9420 -- Fixed admin templates CSS.
...
Removed some unconditional, invalid, IE-specific notations that were
protecting IE 5 users. IE 5 is sufficiently old, we don't really need to
do that and helping that small userbase at the expense of everybody else
was a slight priority inversion.
Patch from G2P and reviwed by Wilson Miner (who made the original
changes).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10598 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-19 03:06:29 +00:00
Jacob Kaplan-Moss
bb15cee58a
Made a bunch of improvements to admin actions. Be warned: this includes one minor but BACKWARDS-INCOMPATIBLE change.
...
These changes are:
* BACKWARDS-INCOMPATIBLE CHANGE: action functions and action methods now share the same signature: `(modeladmin, request, queryset)`. Actions defined as methods stay the same, but if you've defined an action as a standalone function you'll now need to add that first `modeladmin` argument.
* The delete selected action is now a standalone function registered site-wide; this makes disabling it easy.
* Fixed #10596 : there are now official, documented `AdminSite` APIs for dealing with actions, including a method to disable global actions. You can still re-enable globally-disabled actions on a case-by-case basis.
* Fixed #10595 : you can now disable actions for a particular `ModelAdmin` by setting `actions` to `None`.
* Fixed #10734 : actions are now sorted (by name).
* Fixed #10618 : the action is now taken from the form whose "submit" button you clicked, not arbitrarily the last form on the page.
* All of the above is documented and tested.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10408 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-06 20:23:33 +00:00
Jacob Kaplan-Moss
4e035a03b6
Fixed #8749 : add better breadcrumbs in the change password template. Thanks, SmileyChris.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10234 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-30 23:00:55 +00:00
Jacob Kaplan-Moss
44f3080226
Fixed #10505 : added support for bulk admin actions, including a globally-available "delete selected" action. See the documentation for details.
...
This work started life as Brian Beck's "django-batchadmin." It was rewritten for inclusion in Django by Alex Gaynor, Jannis Leidel (jezdez), and Martin Mahner (bartTC). Thanks, guys!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10121 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 20:22:56 +00:00
Jacob Kaplan-Moss
7bc0878922
Fixed #8939 : added a `list_editable` option to `ModelAdmin`; fields declared `list_editable` may be edited, in bulk, on the changelist page. Thanks, Alex Gaynor.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10077 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-17 20:51:47 +00:00
Russell Keith-Magee
8569157664
Fixed #9276 -- Corrected the way the CSS class is rolled out in a stacked edit-inline template. Thanks to creecode@gmail.com for the report and fix.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9877 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-22 08:05:40 +00:00
Luke Plant
a754165a91
Fixed #9637 : Use 'block.super' in admin 'extrastyle' blocks to preserve changes in base_site.html
...
The current admin templates do not need this. However, a common way to customize admin
appearance is to provide your own 'base_site.html' template, and add stylesheets using
the extrastyle block. Without this patch, these customizations are lost.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9690 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-27 00:01:11 +00:00
Gary Wilson Jr
fa7aa7255c
Fixed #9732 -- Added missing close paragraph tag to password reset confirmation template, thanks casseen.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9599 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-08 05:41:28 +00:00
Wilson Miner
21e86f2af2
Updated stylesheet link on the change password form.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9464 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-16 00:09:39 +00:00
Wilson Miner
902df97f36
Removed the hidden import rules in the contrib.admin stylesheets. Each individual stylesheet is now linked to explicitly from the template where it's used (in the extrastyle block), with the exception of widgets.css, which is imported by forms.css, but still available separately for reuse. Also moved the override stylesheets (IE and RTL) below the extrastyle block and all styles within the conditional comment which blocks CSS from IE5 and lower.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9463 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-16 00:08:48 +00:00
Karen Tracey
c367e2869e
Fixed #9514 -- Made admin change_form template correctly recognize/report when a form has only a single error.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9371 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-09 18:51:28 +00:00
Wilson Miner
6b82c386f6
Applied contrib.admin IE CSS patches to IE6 and 7, and added simple hacks to filter some rules to both and some only to IE6.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9303 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-31 23:44:24 +00:00
Wilson Miner
50535505a9
Added IE conditional comments to contrib.admin base template to block CSS from IE5 and lower and serve a patch to IE6 with IE conditional comments. Removed dependency on CSS hacks and empty null.css file.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9300 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-31 23:01:38 +00:00
Brian Rosner
0ea15f5650
Fixed #8882 -- When a foreign key is among the unique_together fields in an inline formset properly handle it.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9297 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-31 22:07:05 +00:00
Karen Tracey
03070a9955
Fixed #7179 -- Changed breadcrumbs on the add page so that a link to the change view is not included when the user doesn't have permission for that view. Also added tests to ensure the link is not there when it shouldn't be, and there when it should be. Thanks for the report & patch alen__ribic.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9276 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-24 19:14:24 +00:00
Brian Rosner
5e5af8a8aa
Display non_field_errors of inline forms in the admin. This was a presentation bug.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9243 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-21 20:25:45 +00:00
Karen Tracey
0ededc611f
Fixed 8984: Only include a "Documentation" link on change password and change password done pages if admin docs have been configured.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9079 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-21 16:15:09 +00:00
Adrian Holovaty
6bdb7b9529
Fixed #8172 -- Improved a whole bunch of contrib templates (admin, databrowse, admindocs, etc.) to remove unnecessary 'escape' filters, given autoescaping. Also removed unnecessary {% if %} tags and shortened some {% if %}/{% else %} tags to use {% firstof %}. Thanks for the patch, benspaulding
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8984 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-08 05:19:28 +00:00
Malcolm Tredinnick
42393ff604
Fixed #8812 -- Fixed up the positioning of the "delete" link in the admin
...
interface for right-to-left languages (Hebrew, Arabic, etc). Patch from Jannis
Leidel.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8903 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-03 04:22:39 +00:00
Jacob Kaplan-Moss
0e5faf225c
Security fix. Announcement forthcoming.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8877 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 21:10:00 +00:00
Jacob Kaplan-Moss
7a9b55ddc4
Fixed #2612 : fixed display of admin `help_text` with multiple fields on the same line. Thanks to Nathan Borror for the original patch, and jezdez for a little cleanup.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8871 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 19:25:27 +00:00
Brian Rosner
eefec151d1
Fixed #2612 -- Fixed admin formatting when help_text is used with multiple fields on the same line.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8824 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-01 22:59:43 +00:00
Brian Rosner
30c7ce90c5
Fixed #8631 -- Corrected a display issue with the popup submit_row where the Save button would overflow. Thanks btaylordesign for report and initial patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8762 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-31 17:13:29 +00:00
Jacob Kaplan-Moss
0871ff2c9c
Fixed #7810 : added named URLs for admin docs, and use them in the admin base template. Thanks, MattBowen.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8717 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-29 19:28:53 +00:00
Brian Rosner
5dd68fa74a
Marked a couple of unmarked strings in edit_inline templates and corrected a marked string.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8587 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-26 18:15:19 +00:00
Brian Rosner
5a72589d7a
Fixed #7984 -- 'View on site' links now work in inlines. Thanks philwo for the report and initial patch by julianb.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8586 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-26 18:07:36 +00:00
Brian Rosner
853f4d29b8
Fixed #8547 -- Corrected the breadcrumb display in the object_history.html template. Thanks sorl for catching this.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8555 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 19:56:14 +00:00
Russell Keith-Magee
78c2c95ed3
Fixed #8129 : Modified the password reset email template to use a URL lookup, so that the email doesn't require customization based on the way that the reset view is deployed. Thanks to davenaff for the report and fix.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8517 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-24 08:51:33 +00:00
Malcolm Tredinnick
b3688e8194
Fixed #7903 -- Allow admin's prepopulated_from to work with TextFields. Patch
...
from mk and Alex Gaynor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8505 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 22:10:45 +00:00
Malcolm Tredinnick
c83a96d298
Tweaked the Admin add/change page so that "save" is still the highlighted
...
too look like the default button and it actually operates as the defaut
(previously "save and add another" was the default action, which confused
people if you hit the save button and it looked like your work was eaten by a
grue).
Fixed #7272 . Patch from Jannis Leidel.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8501 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 19:07:49 +00:00
Malcolm Tredinnick
cc95b44547
Updated password change template (in admin templates) to use current form
...
variables (rather than oldforms stuff). Patch from Mike Richardson. Refs #8402 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8496 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 18:20:19 +00:00
Russell Keith-Magee
358ba07166
Fixed #7946 : Modified object history template to use a common date format. Thanks to Marc Garcia for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8485 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 14:23:50 +00:00
Brian Rosner
77c78201b8
Fixed #1390 -- Added an app index in the admin interface. Thanks juliae and ext for their work on patches.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8474 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 04:00:15 +00:00
Brian Rosner
d7467a0bfc
Fixed #957 -- prepopulated_fields now works correctly on inlines.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8385 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15 17:38:39 +00:00
Gary Wilson Jr
dd842ad34d
Refs #7742 -- Changed the `django.contrib.admin.views.template.template_validator` view to use newforms instead of oldforms.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8294 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-11 04:31:55 +00:00
Jacob Kaplan-Moss
88baf06c3d
Fixed #7811 : moved admindocs templates into admindocs/templates. This is slightly backwards-incompatible in that if you're using the admindocs you'll need to add 'django.contrib.admindocs' to INSTALLED_APPS.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8264 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-09 15:53:50 +00:00
Brian Rosner
5d199ba901
Fixed #8163 -- Restore oldforms admin styling on input fields. Also cleaned up some styles for both tabular and stacked inlines. Thanks Nathan Borror for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8240 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-08 19:54:34 +00:00
Luke Plant
7b4b1309d9
Added a 'name' attribute to the 'Save' button on admin change form
...
This makes it much easier/possible for testing tools e.g. twill to find
the 'Save' submit button.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8226 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-07 21:18:43 +00:00
Luke Plant
079e5bf1ec
Added a login link to the password reset completion screen.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8171 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-01 16:13:12 +00:00
Luke Plant
fcd837cd0f
Fixed #7723 - implemented a secure password reset form that uses a token and prompts user for new password.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8162 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-31 20:47:53 +00:00