innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
7,633 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

19 Commits

Author SHA1 Message Date
Luke Plant 8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default. 
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-26 23:23:07 +00:00
Gary Wilson Jr fa7aa7255c Fixed #9732 -- Added missing close paragraph tag to password reset confirmation template, thanks casseen. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9599 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2008-12-08 05:41:28 +00:00
Karen Tracey 0ededc611f Fixed 8984: Only include a "Documentation" link on change password and change password done pages if admin docs have been configured. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9079 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2008-09-21 16:15:09 +00:00
Adrian Holovaty 6bdb7b9529 Fixed #8172 -- Improved a whole bunch of contrib templates (admin, databrowse, admindocs, etc.) to remove unnecessary 'escape' filters, given autoescaping. Also removed unnecessary {% if %} tags and shortened some {% if %}/{% else %} tags to use {% firstof %}. Thanks for the patch, benspaulding 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8984 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2008-09-08 05:19:28 +00:00
Russell Keith-Magee 78c2c95ed3 Fixed #8129: Modified the password reset email template to use a URL lookup, so that the email doesn't require customization based on the way that the reset view is deployed. Thanks to davenaff for the report and fix. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8517 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2008-08-24 08:51:33 +00:00
Malcolm Tredinnick cc95b44547 Updated password change template (in admin templates) to use current form 
variables (rather than oldforms stuff). Patch from Mike Richardson. Refs #8402.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8496 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2008-08-23 18:20:19 +00:00
Luke Plant 079e5bf1ec Added a login link to the password reset completion screen. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8171 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2008-08-01 16:13:12 +00:00
Luke Plant fcd837cd0f Fixed #7723 - implemented a secure password reset form that uses a token and prompts user for new password. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8162 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2008-07-31 20:47:53 +00:00
Brian Rosner a19ed8aea3 Merged the newforms-admin branch into trunk. 
This is a backward incompatible change. The admin contrib app has been
refactored. The newforms module has several improvements including FormSets
and Media definitions.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@7967 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2008-07-18 23:54:34 +00:00
Gary Wilson Jr 04a110836d Fixed #3491 -- Fixed links in `user-tools` section of admin's `base.html` template to use the `url` template tag. This also removes the need for child templates to override the block just to adjust the relative path. Thanks, saintsjd@gmail.com. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6391 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2007-09-20 06:59:13 +00:00
Adrian Holovaty c8f1d0a84e Fixed #2186 -- Fixed i18n variable substitution in admin/templates/registration/password_reset_email.html. Thanks, md@hudora.de 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3140 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2006-06-18 17:32:15 +00:00
Adrian Holovaty f2ef28fd5c Fixed #1728 -- Fixed broken nav links in password_change_done admin page. Thanks for reporting, mdt@emdete.de 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2840 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2006-05-05 03:02:11 +00:00
Adrian Holovaty f69cf70ed8 MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2006-05-02 01:31:56 +00:00
Adrian Holovaty 23d2be1714 Fixed #1274 -- Fixed broken link in navigation in admin password-change template. Thanks, Brian Ray 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2131 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2006-01-27 15:45:10 +00:00
Jacob Kaplan-Moss 4fe5c9b7ee Fixed #906 - thanks, Esaj 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1432 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2005-11-25 15:00:14 +00:00
Georg Bauer 834e7d3482 fixed a typo in a trans template tag. Thx David Ascher (on IRC) 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1397 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2005-11-24 18:30:31 +00:00
Adrian Holovaty 6d1b5b3b1a Fixed #727 -- Fixed leftover %() syntax in password_reset_email template. Thanks, Hugo 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1100 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2005-11-06 22:30:01 +00:00
Jacob Kaplan-Moss 5cf8f68423 Merged i18n branch into the trunk! Fixes #65, and perhaps some others. NB: this means that the i18n branch is now obsolete and will be made read-only. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1068 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2005-11-04 04:59:46 +00:00
Adrian Holovaty f07e5d4f5d Fixed #627 -- BACKWARDS-INCOMPATIBLE CHANGE. Admin is now an app, not a middleware. See BackwardsIncompatibleChanges for a full list of changes and information on how to update your code. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@948 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2005-10-19 01:09:05 +00:00