Documentation (and some small source code) edits from [17432] - [17537]

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17540 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Adrian Holovaty 2012-02-17 20:04:11 +00:00
parent 9fa536dc4f
commit 7981efe04f
12 changed files with 139 additions and 141 deletions

View File

@ -283,9 +283,8 @@ def get_validation_errors(outfile, app=None):
# this format would be nice, but it's a little fiddly).
if '__' in field_name:
continue
# Skip ordering on pk, this is always a valid order_by field
# but is an alias and therefore won't be found by
# opts.get_field.
# Skip ordering on pk. This is always a valid order_by field
# but is an alias and therefore won't be found by opts.get_field.
if field_name == 'pk':
continue
try:

View File

@ -110,19 +110,19 @@ class CsrfViewMiddleware(object):
# Mechanism to turn off CSRF checks for test suite.
# It comes after the creation of CSRF cookies, so that
# everything else continues to work exactly the same
# (e.g. cookies are sent etc), but before the any
# branches that call reject()
# (e.g. cookies are sent, etc.), but before any
# branches that call reject().
return self._accept(request)
if request.is_secure():
# Suppose user visits http://example.com/
# An active network attacker,(man-in-the-middle, MITM) sends a
# POST form which targets https://example.com/detonate-bomb/ and
# submits it via javascript.
# An active network attacker (man-in-the-middle, MITM) sends a
# POST form that targets https://example.com/detonate-bomb/ and
# submits it via JavaScript.
#
# The attacker will need to provide a CSRF cookie and token, but
# that is no problem for a MITM and the session independent
# nonce we are using. So the MITM can circumvent the CSRF
# that's no problem for a MITM and the session-independent
# nonce we're using. So the MITM can circumvent the CSRF
# protection. This is true for any HTTP connection, but anyone
# using HTTPS expects better! For this reason, for
# https://example.com/ we need additional protection that treats
@ -141,7 +141,7 @@ class CsrfViewMiddleware(object):
)
return self._reject(request, REASON_NO_REFERER)
# Note that request.get_host() includes the port
# Note that request.get_host() includes the port.
good_referer = 'https://%s/' % request.get_host()
if not same_origin(referer, good_referer):
reason = REASON_BAD_REFERER % (referer, good_referer)
@ -166,14 +166,14 @@ class CsrfViewMiddleware(object):
)
return self._reject(request, REASON_NO_CSRF_COOKIE)
# check non-cookie token for match
# Check non-cookie token for match.
request_csrf_token = ""
if request.method == "POST":
request_csrf_token = request.POST.get('csrfmiddlewaretoken', '')
if request_csrf_token == "":
# Fall back to X-CSRFToken, to make things easier for AJAX,
# and possible for PUT/DELETE
# and possible for PUT/DELETE.
request_csrf_token = request.META.get('HTTP_X_CSRFTOKEN', '')
if not constant_time_compare(request_csrf_token, csrf_token):

View File

@ -9,9 +9,8 @@ command for the ``polls`` application from the
:doc:`tutorial</intro/tutorial01>`.
To do this, just add a ``management/commands`` directory to the application.
Each Python module in that directory will be auto-discovered. Modules having
names not starting with an underscore will be registered as commands that can be
executed as an action when you run ``manage.py``::
Django will register a ``manage.py`` command for each Python module in that
directory whose name doesn't begin with an underscore. For example::
polls/
__init__.py

View File

@ -697,8 +697,8 @@ subclass::
.. note::
The ``FieldListFilter`` API is currently considered internal and prone
to refactoring.
The ``FieldListFilter`` API is considered internal and might be
changed.
.. versionadded:: 1.4

View File

@ -44,7 +44,7 @@ Because GeoDjango is included with Django, please refer to Django's
.. _spatial_database:
Spatial Database
Spatial database
----------------
PostgreSQL (with PostGIS), MySQL, Oracle, and SQLite (with SpatiaLite) are
the spatial databases currently supported.
@ -69,7 +69,7 @@ SQLite GEOS, GDAL, PROJ.4, SpatiaLite 3.6.+ Requires
.. _geospatial_libs:
Geospatial Libraries
Geospatial libraries
--------------------
GeoDjango uses and/or provides interfaces for the following open source
geospatial libraries:
@ -104,7 +104,7 @@ __ http://www.gaia-gis.it/spatialite/index.html
.. _build_from_source:
Building from Source
Building from source
====================
When installing from source on UNIX and GNU/Linux systems, please follow
@ -156,7 +156,7 @@ script, compile, and install::
Troubleshooting
^^^^^^^^^^^^^^^
Can't find GEOS Library
Can't find GEOS library
~~~~~~~~~~~~~~~~~~~~~~~
When GeoDjango can't find GEOS, this error is raised:
@ -297,7 +297,7 @@ __ http://trac.osgeo.org/gdal/wiki/GdalOgrInPython
Troubleshooting
^^^^^^^^^^^^^^^
Can't find GDAL Library
Can't find GDAL library
~~~~~~~~~~~~~~~~~~~~~~~
When GeoDjango can't find the GDAL library, the ``HAS_GDAL`` flag
@ -410,7 +410,7 @@ __ http://www.sqlite.org/download.html
.. _spatialitebuild :
SpatiaLite Library (``libspatialite``) and Tools (``spatialite``)
SpatiaLite library (``libspatialite``) and tools (``spatialite``)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
After SQLite has been built with the R*Tree module enabled, get the latest
@ -495,12 +495,12 @@ to build and install::
$ sudo python setup.py install
Post-Installation
Post-installation
=================
.. _spatialdb_template:
Creating a Spatial Database Template for PostGIS
Creating a spatial database template for PostGIS
------------------------------------------------
Creating a spatial database with PostGIS is different than normal because
@ -549,7 +549,7 @@ These commands may be placed in a shell script for later use; for convenience
the following scripts are available:
=============== =============================================
PostGIS Version Bash Shell Script
PostGIS version Bash shell script
=============== =============================================
1.3 :download:`create_template_postgis-1.3.sh`
1.4 :download:`create_template_postgis-1.4.sh`
@ -572,44 +572,34 @@ Afterwards, you may create a spatial database by simply specifying
.. _create_spatialite_db:
Creating a Spatial Database for SpatiaLite
-------------------------------------------
Creating a spatial database for SpatiaLite
------------------------------------------
After the SpatiaLite library and tools have been installed, it is now possible
to create a spatial database for use with GeoDjango.
After you've installed SpatiaLite, you'll need to create a number of spatial
metadata tables in your database in order to perform spatial queries.
For this, a number of spatial metadata tables must be created in the database
before any spatial query is performed against it.
If you are using SpatiaLite 3.0 or newer then use the ``spatialite`` utility to
call the ``InitSpatiaMetaData()`` function which will take care of that (you can
safely ignore the error messages shown) then you can skip the rest of this
section::
If you're using SpatiaLite 3.0 or newer, use the ``spatialite`` utility to
call the ``InitSpatiaMetaData()`` function, like this::
$ spatialite geodjango.db "SELECT InitSpatialMetaData();"
the SPATIAL_REF_SYS table already contains some row(s)
InitSpatiaMetaData ()error:"table spatial_ref_sys already exists"
0
If you re using a version of Spatialite older than 3.0 then to achieve the same
result you need to download a database initialization file and execute the SQL
queries it contains against your database.
You can safely ignore the error messages shown. When you've done this, you can
skip the rest of this section.
First, get it from the appropiate SpatiaLite Resources page (i.e.
If you're using a version of SpatiaLite older than 3.0, you'll need to download
a database-initialization file and execute its SQL queries in your database.
First, get it from the appropriate SpatiaLite Resources page (
http://www.gaia-gis.it/spatialite-2.3.1/resources.html for 2.3 or
http://www.gaia-gis.it/spatialite-2.4.0/ for 2.4)::
$ wget http://www.gaia-gis.it/spatialite-2.3.1/init_spatialite-2.3.sql.gz
$ gunzip init_spatialite-2.3.sql.gz
(Or, if you are using SpatiaLite 2.4 then do::
$ wget http://www.gaia-gis.it/spatialite-2.4.0/init_spatialite-2.4.sql.gz
$ gunzip init_spatialite-2.4.sql.gz
)
Now, the ``spatialite`` command can be used to initialize a spatial database::
Then, use the ``spatialite`` command to initialize a spatial database::
$ spatialite geodjango.db < init_spatialite-2.X.sql
@ -629,15 +619,15 @@ features such as the geographic admin or KML sitemaps will not function properly
.. _addgoogleprojection:
Add Google Projection to ``spatial_ref_sys`` table
Add Google projection to ``spatial_ref_sys`` table
--------------------------------------------------
.. versionchanged:: 1.2
.. note::
If running PostGIS 1.4 and above, the entry is already included in the
default ``spatial_ref_sys`` table. You can skip this step.
If you're running PostGIS 1.4 or above, you can skip this step. The entry
is already included in the default ``spatial_ref_sys`` table.
In order to conduct database transformations to the so-called "Google"
projection (a spherical mercator projection used by Google Maps),
@ -678,7 +668,7 @@ __ http://code.djangoproject.com/simpleticket
.. _libsettings:
Library Environment Settings
Library environment settings
----------------------------
By far, the most common problem when installing GeoDjango is that the
@ -701,7 +691,7 @@ could place the following in their bash profile::
export LD_LIBRARY_PATH=/usr/local/lib
Setting System Library Path
Setting system library path
^^^^^^^^^^^^^^^^^^^^^^^^^^^
On GNU/Linux systems, there is typically a file in ``/etc/ld.so.conf``, which may include
@ -740,7 +730,7 @@ Similarly, on Red Hat and CentOS systems::
$ sudo yum install binutils
Platform Specific Instructions
Platform-specific instructions
==============================
.. _macosx:
@ -789,7 +779,7 @@ __ http://python.org/ftp/python/2.6.2/python-2.6.2-macosx2009-04-16.dmg
.. _kyngchaos:
KyngChaos Packages
KyngChaos packages
^^^^^^^^^^^^^^^^^^
William Kyngesburye provides a number of `geospatial library binary packages`__
@ -952,9 +942,9 @@ Ubuntu & Debian GNU/Linux
.. note::
The PostGIS SQL files are not placed in the PostgreSQL share directory in
the Debian and Ubuntu packages, and are located instead in a special
directory depending on the release. Thus, when :ref:`spatialdb_template`
use the :download:`create_template_postgis-debian.sh` script instead.
the Debian and Ubuntu packages. Instead, they're located in a special
directory depending on the release. In this case, use the
:download:`create_template_postgis-debian.sh` script
.. _ubuntu:
@ -1049,10 +1039,11 @@ Debian
4.0 (Etch)
^^^^^^^^^^
The situation here is the same as that of Ubuntu :ref:`heron` -- in other words,
some packages must be built from source to work properly with GeoDjango.
Binary Packages
Binary packages
~~~~~~~~~~~~~~~
The following command will install acceptable binary packages, as well as
the development tools necessary to build the rest of the requirements::
@ -1075,7 +1066,7 @@ Optional packages:
* ``libgeoip``: for :ref:`GeoIP <ref-geoip>` support
Source Packages
Source packages
~~~~~~~~~~~~~~~
You will still have to install :ref:`geosbuild`, :ref:`proj4`,
:ref:`postgis`, and :ref:`gdalbuild` from source. Please follow the
@ -1104,7 +1095,7 @@ in the above command with the appropriate PostgreSQL version.
.. _post_install:
Post-installation Notes
Post-installation notes
~~~~~~~~~~~~~~~~~~~~~~~
If the PostgreSQL database cluster was not initiated after installing, then it
@ -1234,7 +1225,7 @@ installer.
.. _OSGeo4W installer: http://trac.osgeo.org/osgeo4w/
Modify Windows Environment
Modify Windows environment
^^^^^^^^^^^^^^^^^^^^^^^^^^
In order to use GeoDjango, you will need to add your Python and OSGeo4W
@ -1269,8 +1260,8 @@ script, :download:`geodjango_setup.bat`.
then you will need to modify the ``OSGEO4W_ROOT`` and/or ``PYTHON_ROOT``
variables accordingly.
Install Django and Setup Database
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Install Django and set up database
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Finally, :ref:`install Django <installing-official-release>` on your system.
You do not need to create a spatial database template, as one named

View File

@ -1,11 +1,11 @@
======================
Testing GeoDjango Apps
Testing GeoDjango apps
======================
.. versionchanged:: 1.2
In Django 1.2, the addition of :ref:`spatial-backends` simplified the
process of testing GeoDjango applications -- the process is now the
process of testing GeoDjango applications. The process is now the
same as :doc:`/topics/testing`.
Included in this documentation are some additional notes and settings
@ -49,7 +49,7 @@ to configure for PostGIS 1.5.2 you would use::
POSTGIS_VERSION = (1, 5, 2)
Obtaining Sufficient Privileges
Obtaining sufficient privileges
-------------------------------
Depending on your configuration, this section describes several methods to
@ -60,7 +60,7 @@ was created like in the instructions, then your testing database user
only needs to have the ability to create databases. In other configurations,
you may be required to use a database superuser.
Create Database User
Create database user
^^^^^^^^^^^^^^^^^^^^
To make database user with the ability to create databases, use the
@ -76,7 +76,7 @@ Alternatively, you may alter an existing user's role from the SQL shell
postgres# ALTER ROLE <user_name> CREATEDB NOSUPERUSER NOCREATEROLE;
Create Database Superuser
Create database superuser
^^^^^^^^^^^^^^^^^^^^^^^^^
This may be done at the time the user is created, for example::
@ -89,7 +89,7 @@ is done from an existing superuser account)::
postgres# ALTER ROLE <user_name> SUPERUSER;
Create Local PostgreSQL Database
Create local PostgreSQL database
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1. Initialize database: ``initdb -D /path/to/user/db``
@ -114,8 +114,8 @@ spatial database entitled ``template_postgis``.
SpatiaLite
==========
You need to make sure needed spatial tables are created in your test spatial
database as described in :ref:`create_spatialite_db`. Then all you have to do is::
Make sure the necessary spatial tables are created in your test spatial
database, as described in :ref:`create_spatialite_db`. Then just do this::
$ python manage.py test
@ -127,18 +127,18 @@ Settings
``SPATIALITE_SQL``
^^^^^^^^^^^^^^^^^^
(only relevant when using a SpatiaLite version older than 3.0).
Only relevant when using a SpatiaLite version older than 3.0.
By default, the GeoDjango test runner looks for the SpatiaLite SQL in the
same directory where it was invoked (by default the same directory where
``manage.py`` is located). If you want to use a different location, then
you may add the following to your settings::
``manage.py`` is located). To use a different location, add the following to
your settings::
SPATIALITE_SQL='/path/to/init_spatialite-2.3.sql'
.. _geodjango-tests:
GeoDjango Tests
GeoDjango tests
===============
.. versionchanged:: 1.3

View File

@ -954,10 +954,10 @@ creating the ``myapp`` app::
.. versionadded:: 1.4
When Django copies the app template files, it also renders the files
whose extension matches those passed with the ``--extension`` option (``py``
by default) and those files which names are passed with the ``--name`` option
using the template engine. The :class:`template context
When Django copies the app template files, it also renders certain files
through the template engine: the files whose extensions match the
``--extension`` option (``py`` by default) and the files whose names are passed
with the ``--name`` option. The :class:`template context
<django.template.Context>` used is:
- Any option passed to the startapp command
@ -1017,10 +1017,10 @@ when creating the ``myproject`` project::
django-admin.py startproject --template=/Users/jezdez/Code/my_project_template myproject
When Django copies the project template files, it will also render the files
whose extension matches those passed with the ``--extension`` option (``py``
by default) and those files which names are passed with the ``--name`` option
using the template engine. The :class:`template context
When Django copies the project template files, it also renders certain files
through the template engine: the files whose extensions match the
``--extension`` option (``py`` by default) and the files whose names are passed
with the ``--name`` option. The :class:`template context
<django.template.Context>` used is:
- Any option passed to the startproject command

View File

@ -756,31 +756,44 @@ Default: ``False``
A boolean that turns on/off debug mode.
If you define custom settings, `django/views/debug.py`_ has a
``HIDDEN_SETTINGS`` regular expression which will hide from the DEBUG view
anything that contains ``'API'``, ``'TOKEN'``, ``'KEY'``, ``'SECRET'``,
``'PASS'``, ``'PROFANITIES_LIST'``, or ``'SIGNATURE'``. This allows untrusted
users to be able to give backtraces without seeing sensitive (or offensive)
settings.
Never deploy a site into production with :setting:`DEBUG` turned on.
Did you catch that? NEVER deploy a site into production with :setting:`DEBUG`
turned on.
One of the main features of debug mode is the display of detailed error pages.
If your app raises an exception when ``DEBUG`` is ``True``, Django will display
a detailed traceback, including a lot of metadata about your environment, such
as all the currently defined Django settings (from ``settings.py``).
As a security measure, Django will *not* include settings that might be
sensitive (or offensive), such as ``SECRET_KEY`` or ``PROFANITIES_LIST``.
Specifically, it will exclude any setting whose name includes any of the
following:
* API
* KEY
* PASS
* PROFANITIES_LIST
* SECRET
* SIGNATURE
* TOKEN
.. versionchanged:: 1.4
``'PASSWORD'`` changed to ``'PASS'``. ``'API'``, ``'TOKEN'``, ``'KEY'``
We changed ``'PASSWORD'`` ``'PASS'``. ``'API'``, ``'TOKEN'`` and ``'KEY'``
were added.
Note that due to how regular expression matching works ``'PASS'`` will also
match PASSWORD, just as ``'TOKEN'`` will also match TOKENIZED and so on.
Note that these are *partial* matches. ``'PASS'`` will also match PASSWORD,
just as ``'TOKEN'`` will also match TOKENIZED and so on.
Still, note that there are always going to be sections of your debug output
that are inappropriate for public consumption. File paths, configuration
options, and the like all give attackers extra information about your server.
options and the like all give attackers extra information about your server.
It is also important to remember that when running with :setting:`DEBUG`
turned on, Django will remember every SQL query it executes. This is useful
when you are debugging, but on a production server, it will rapidly consume
memory.
Never deploy a site into production with :setting:`DEBUG` turned on.
when you're debugging, but it'll rapidly consume memory on a production server.
.. _django/views/debug.py: http://code.djangoproject.com/browser/django/trunk/django/views/debug.py

View File

@ -171,13 +171,12 @@ Django 1.4 introduces a cookie-based session backend that uses the tools for
:doc:`cryptographic signing </topics/signing>` to store the session data in
the client's browser.
+.. warning::
+
+ Session data is signed and validated by the server, but is not
+ encrypted. This means that a user can view any data stored in the
+ session, but cannot change it. Please read the documentation for
+ further clarification before using this backend.
+
.. warning::
Session data is signed and validated by the server, but it's not
encrypted. This means a user can view any data stored in the
session but cannot change it. Please read the documentation for
further clarification before using this backend.
See the :ref:`cookie-based session backend <cookie-session-backend>` docs for
more information.
@ -1027,9 +1026,10 @@ Output of :djadmin:`manage.py help <help>`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:djadmin:`manage.py help <help>` now groups available commands by application.
If you depended on its output, for instance if you parsed it, you must update
your scripts. To obtain the list of all available management commands in a
script, you can use :djadmin:`manage.py help --commands <help>` instead.
If you depended on the output of this command -- if you parsed it, for example
-- then you'll need to update your code. To get a list of all available
management commands in a script, use
:djadmin:`manage.py help --commands <help>` instead.
Features deprecated in 1.4
==========================
@ -1186,16 +1186,13 @@ actually provided the body of the HTTP request. It's been renamed to
``HttpRequest.body``, and ``HttpRequest.raw_post_data`` has been deprecated.
``django.contrib.sitemaps`` bug fix with potential performance implications
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In previous versions the Paginator objects used in sitemap classes were
cached and could result in stale sitemap indexes. Removing this cache causes
new Paginator objects to be created and the
In previous versions, ``Paginator`` objects used in sitemap classes were
cached, which could result in stale site maps. We've removed the caching, so
each request to a site map now creates a new Paginator object and calls the
:attr:`~django.contrib.sitemaps.Sitemap.items()` method of the
:class:`~django.contrib.sitemaps.Sitemap` subclass to be called during every
sitemap-related request.
If the :attr:`django.contrib.sitemaps.Sitemap.items()` method returns a
``QuerySet`` its length will be evaluated which may lead to extra database
queries. To mitigate the performance impact consider using the :doc:`caching
framework </topics/cache>`.
:class:`~django.contrib.sitemaps.Sitemap` subclass. Depending on what your
``items()`` method is doing, this may have a negative performance impact.
To mitigate the performance impact, consider using the :doc:`caching
framework </topics/cache>` within your ``Sitemap`` subclass.

View File

@ -440,7 +440,7 @@ Including other URLconfs
At any point, your ``urlpatterns`` can "include" other URLconf modules. This
essentially "roots" a set of URLs below other ones.
For example, here's an except of the URLconf for the `Django Web site`_
For example, here's an excerpt of the URLconf for the `Django Web site`_
itself. It includes a number of other URLconfs::
from django.conf.urls import patterns, url, include
@ -849,7 +849,7 @@ This ``current_app`` argument is used as a hint to resolve application
namespaces into URLs on specific application instances, according to the
:ref:`namespaced URL resolution strategy <topics-http-reversing-url-namespaces>`.
You can use ``kwargs`` instead of ``args``, for example::
You can use ``kwargs`` instead of ``args``. For example::
>>> reverse('admin:app_list', kwargs={'app_label': 'auth'})
'/admin/auth/'
@ -976,7 +976,7 @@ A :class:`ResolverMatch` object can also be assigned to a triple::
information it provides) is not available in earlier Django releases.
One possible use of :func:`~django.core.urlresolvers.resolve` would be to test
if a view would raise a ``Http404`` error before redirecting to it::
whether a view would raise a ``Http404`` error before redirecting to it::
from urlparse import urlparse
from django.core.urlresolvers import resolve

View File

@ -186,16 +186,15 @@ instead of the default for English, a comma.
Limitations of the provided locale formats
==========================================
Some locales use context-sensitive formats for numbers, which Djangos
Some locales use context-sensitive formats for numbers, which Django's
localization system cannot handle automatically.
Switzerland (German)
--------------------
The Swiss number formatting depends on the type of number that is being
formatted. For monetary values, a comma is used as the thousand separator and
a decimal point for the decimal separator, for all other numbers, a comma is
a decimal point for the decimal separator. For all other numbers, a comma is
used as decimal separator and a space as thousand separator. The locale format
provided by Django uses the generic separators, a comma for decimal and a space
for thousand separators.

View File

@ -297,7 +297,7 @@ Lazy translation
Use the lazy versions of translation functions in
:mod:`django.utils.translation` (easily recognizable by the ``lazy`` suffix in
their names) to translate strings lazily -- when the value is accessed rather
than when they are called.
than when they're called.
These functions store a lazy reference to the string -- not the actual
translation. The translation itself will be done when the string is used in a
@ -306,10 +306,10 @@ string context, such as in template rendering.
This is essential when calls to these functions are located in code paths that
are executed at module load time.
As this is something that can easily happen when defining models, forms and
model forms (the declarative notation Django offers for them is implemented in a
way such that their fields are actually class level attributes) this means you
need to make sure to use lazy translations in the following cases:
This is something that can easily happen when defining models, forms and
model forms, because Django implements these such that their fields are
actually class-level attributes. For that reason, make sure to use lazy
translations in the following cases:
Model fields and relationships ``verbose_name`` and ``help_text`` option values
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~