[1.8.x] Fixed #26309 -- Documented that login URL settings no longer support dotted paths.

Backport of 2404d209a5 from master
This commit is contained in:
Alasdair Nicol 2016-03-02 15:48:13 +00:00 committed by Tim Graham
parent 6a9bb1447c
commit e4be3c80a1
3 changed files with 20 additions and 13 deletions

View File

@ -34,6 +34,9 @@ details on these changes.
* The ability to :func:`~django.core.urlresolvers.reverse` URLs using a dotted
Python path will be removed.
* The ability to use a dotted Python path for the ``LOGIN_URL`` and
``LOGIN_REDIRECT_URL`` settings will be removed.
* Support for :py:mod:`optparse` will be dropped for custom management commands
(replaced by :py:mod:`argparse`).

View File

@ -2866,9 +2866,14 @@ The URL where requests are redirected after login when the
This is used by the :func:`~django.contrib.auth.decorators.login_required`
decorator, for example.
This setting also accepts view function names and :ref:`named URL patterns
<naming-url-patterns>` which can be used to reduce configuration duplication
since you don't have to define the URL in two places (``settings`` and URLconf).
This setting also accepts :ref:`named URL patterns <naming-url-patterns>` which
can be used to reduce configuration duplication since you don't have to define
the URL in two places (``settings`` and URLconf).
.. deprecated:: 1.8
The setting may also be a dotted Python path to a view function. Support
for this will be removed in Django 1.10.
.. setting:: LOGIN_URL
@ -2880,18 +2885,14 @@ Default: ``'/accounts/login/'``
The URL where requests are redirected for login, especially when using the
:func:`~django.contrib.auth.decorators.login_required` decorator.
This setting also accepts view function names and :ref:`named URL patterns
<naming-url-patterns>` which can be used to reduce configuration duplication
since you don't have to define the URL in two places (``settings`` and URLconf).
This setting also accepts :ref:`named URL patterns <naming-url-patterns>` which
can be used to reduce configuration duplication since you don't have to define
the URL in two places (``settings`` and URLconf).
.. setting:: LOGOUT_URL
.. deprecated:: 1.8
LOGOUT_URL
----------
Default: ``'/accounts/logout/'``
LOGIN_URL counterpart.
The setting may also be a dotted Python path to a view function. Support
for this will be removed in Django 1.10.
.. setting:: PASSWORD_RESET_TIMEOUT_DAYS

View File

@ -1357,6 +1357,9 @@ to ensure compatibility when reversing by Python path is removed in Django 1.10.
Similarly for GIS sitemaps, add ``name='django.contrib.gis.sitemaps.views.kml'``
or ``name='django.contrib.gis.sitemaps.views.kmz'``.
If you are using a Python path for the :setting:`LOGIN_URL` or
:setting:`LOGIN_REDIRECT_URL` setting, use the name of the ``url()`` instead.
.. _security issue: https://www.djangoproject.com/weblog/2014/apr/21/security/#s-issue-unexpected-code-execution-using-reverse
Aggregate methods and modules