p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Updated various links in docs

This commit is contained in:
Claude Paroz 2015-08-08 13:56:37 +02:00
parent a3830f6d66
commit e9c5c39631
20 changed files with 84 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/faq/admin.txt
View File

@ -106,4 +106,4 @@ There *may* be minor stylistic differences between supported browsers—for
example, some browsers may not support rounded corners. These are considered
acceptable variations in rendering.
.. _YUI's A-grade: http://yuilibrary.com/yui/docs/tutorials/gbs/
.. _YUI's A-grade: https://github.com/yui/yui3/wiki/Graded-Browser-Support

2
docs/howto/auth-remote-user.txt
View File

@ -10,7 +10,7 @@ Windows Authentication or Apache and `mod_authnz_ldap`_, `CAS`_, `Cosign`_,
`WebAuth`_, `mod_auth_sspi`_, etc.
.. _mod_authnz_ldap: http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html
.. _CAS: https://www.apereo.org/cas
.. _CAS: https://www.apereo.org/projects/cas
.. _Cosign: http://weblogin.org
.. _WebAuth: http://www.stanford.edu/services/webauth/
.. _mod_auth_sspi: http://sourceforge.net/projects/mod-auth-sspi

2
docs/howto/jython.txt
View File

@ -45,7 +45,7 @@ The `django-jython`_ project contains database backends and management commands
for Django/Jython development. Note that the builtin Django backends won't work
on top of Jython.
.. _`django-jython`: http://code.google.com/p/django-jython/
.. _`django-jython`: https://github.com/beachmachine/django-jython
To install it, follow the `installation instructions`_ detailed on the project
Web site. Also, read the `database backends`_ documentation there.

2
docs/howto/upgrade-version.txt
View File

@ -62,7 +62,7 @@ If you use some other installation process, you might have to manually
:ref:`uninstall the old Django version <removing-old-versions-of-django>` and
should look at the complete installation instructions.
.. _pip: http://www.pip-installer.org/
.. _pip: https://pip.pypa.io/
.. _virtualenv: http://www.virtualenv.org/
Testing

4
docs/howto/windows.txt
View File

@ -39,7 +39,7 @@ your Python version and follow the installation instructions given there.
Install PIP
===========
`PIP <http://www.pip-installer.org/>`_ is a package manager for Python that
`PIP <https://pip.pypa.io/>`_ is a package manager for Python that
uses the `Python Package Index <https://pypi.python.org>`_ to install Python
packages. PIP will later be used to install Django from PyPI. If you've
installed Python 3.4, ``pip`` is included so you may skip this section.
@ -48,7 +48,7 @@ Open a command prompt and execute ``easy_install pip``. This will install
``pip`` on your system. This command will work if you have successfully
installed Setuptools.
Alternatively, go to `<http://www.pip-installer.org/en/latest/installing.html>`_
Alternatively, go to `<https://pip.pypa.io/en/latest/installing.html>`_
for installing/upgrading instructions.
Install Django

2
docs/internals/contributing/committing-code.txt
View File

@ -176,7 +176,7 @@ Django's Git repository:
commit message, GitHub will close the pull request, but the Trac plugin
will also close the same numbered ticket in Trac.
.. _Trac plugin: https://github.com/aaugustin/trac-github
.. _Trac plugin: https://github.com/trac-hacks/trac-github
* If your commit references a ticket in the Django `ticket tracker`_ but
does *not* close the ticket, include the phrase "Refs #xxxxx", where "xxxxx"

2
docs/internals/contributing/writing-code/unit-tests.txt
View File

@ -183,7 +183,7 @@ associated tests will be skipped.
.. _gettext: http://www.gnu.org/software/gettext/manual/gettext.html
.. _selenium: https://pypi.python.org/pypi/selenium
.. _sqlparse: https://pypi.python.org/pypi/sqlparse
.. _pip requirements files: http://www.pip-installer.org/en/latest/user_guide.html#requirements-files
.. _pip requirements files: https://pip.pypa.io/en/latest/user_guide.html#requirements-files
Code coverage
~~~~~~~~~~~~~

16
docs/internals/team.txt
View File

@ -52,7 +52,7 @@ Journal-World`_ of Lawrence, Kansas, USA.
.. _soundslice: https://www.soundslice.com/
.. _simon willison: http://simonwillison.net/
.. _web-development blog: `simon willison`_
.. _jacob kaplan-moss: http://jacobian.org/
.. _jacob kaplan-moss: https://jacobian.org/
.. _revolution systems: http://revsys.com/
.. _wilson miner: http://wilsonminer.com/
.. _heroku: https://heroku.com/
@ -151,7 +151,7 @@ Karen Tracey
.. _Jannis Leidel: https://jezdez.com/
.. _Bauhaus-University Weimar: http://www.uni-weimar.de/
.. _virtualenv: http://www.virtualenv.org/
.. _pip: http://www.pip-installer.org/
.. _pip: https://pip.pypa.io/
.. _Mozilla: https://www.mozilla.org/
`Andrew Godwin`_
@ -232,7 +232,7 @@ Tim Graham
things Django and Python.
.. _Idan Gazit: http://idan.gazit.me
.. _photographer: http://flickr.com/photos/idangazit
.. _photographer: https://flickr.com/photos/idangazit
.. _Pixane: http://pixane.com
.. _Skills: http://skillsapp.com
@ -421,8 +421,8 @@ Daniele Procida
that goal in mind. Erik lives in Amsterdam, The Netherlands.
.. _Erik Romijn: http://erik.io/
.. _Solid Links: http://solidlinks.nl/
.. _Erik's Pony Checkup: http://ponycheckup.com/
.. _Solid Links: https://solidlinks.nl/
.. _Erik's Pony Checkup: https://ponycheckup.com/
`Loïc Bistuer`_
Loïc studied telecommunications engineering and works as an independent
@ -537,7 +537,7 @@ Daniele Procida
.. _Tomek Paczkowski: https://hauru.eu
.. _DjangoCon Europe 2013: http://love.djangocircus.com
.. _Django Girls: http://djangogirls.org
.. _Django Girls: https://djangogirls.org
.. _Squirrel: http://squirrel.me
`Ola Sitarska`_
@ -558,8 +558,8 @@ Daniele Procida
.. _Ola Sitarska: http://ola.sitarska.com/
.. _DjangoCon Europe 2013: http://love.djangocircus.com
.. _Django Girls Tutorial: http://tutorial.djangogirls.org
.. _Django Girls: http://djangogirls.org
.. _Potato: http://p.ota.to
.. _Django Girls: https://djangogirls.org
.. _Potato: https://p.ota.to
Past team members
=================

4
docs/ref/clickjacking.txt
View File

@ -35,7 +35,7 @@ load the resource in a frame if the request originated from the same site. If
the header is set to ``DENY`` then the browser will block the resource from
loading in a frame no matter which site made the request.
.. _X-Frame-Options: https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
.. _X-Frame-Options: https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
Django provides a few simple ways to include this header in responses from your
site:
@ -127,5 +127,5 @@ See also
A `complete list`_ of browsers supporting ``X-Frame-Options``.
.. _complete list: https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header#Browser_compatibility
.. _complete list: https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options#Browser_compatibility
.. _other clickjacking prevention techniques: https://en.wikipedia.org/wiki/Clickjacking#Prevention

6
docs/ref/contrib/gis/gdal.txt
View File

@ -22,7 +22,7 @@ to raster (image) data.
some of the capabilities of OGR and GDAL's raster features at this time.
__ http://www.gdal.org/
__ http://www.gdal.org/ogr/
__ http://www.gdal.org/ogr_arch.html
Overview
========
@ -94,7 +94,7 @@ each feature in that layer.
Returns the name of the data source.
__ http://www.gdal.org/ogr/ogr_formats.html
__ http://www.gdal.org/ogr_formats.html
``Layer``
---------
@ -455,7 +455,7 @@ systems and coordinate transformation::
reading vector data from :class:`Layer` (which is in turn a part of
a :class:`DataSource`).
__ http://www.gdal.org/ogr/classOGRGeometry.html
__ http://www.gdal.org/classOGRGeometry.html
.. classmethod:: from_bbox(bbox)

2
docs/ref/contrib/gis/install/geolibs.txt
View File

@ -263,4 +263,4 @@ the GDAL library. For example::
It is easier to install the shifting files now, then to have debug a
problem caused by their absence later.
.. [#] Specifically, GeoDjango provides support for the `OGR
<http://gdal.org/ogr>`_ library, a component of GDAL.
<http://gdal.org/ogr_arch.html>`_ library, a component of GDAL.

13
docs/ref/contrib/gis/install/index.txt
View File

@ -234,15 +234,12 @@ Foundation, however, this is not required.
Python
^^^^^^
Although OS X comes with Python installed, users can use framework
installers (`2.7`__, `3.2`__ and `3.3`__ are available) provided by
the Python Software Foundation. An advantage to using the installer is
that OS X's Python will remain "pristine" for internal operating system
use.
Although OS X comes with Python installed, users can use `framework
installers`__ provided by the Python Software Foundation. An advantage to
using the installer is that OS X's Python will remain "pristine" for internal
operating system use.
__ https://python.org/ftp/python/2.7.5/
__ https://python.org/ftp/python/3.2.5/
__ https://python.org/ftp/python/3.3.2/
__ https://www.python.org/ftp/python/
.. note::

2
docs/ref/contrib/gis/measure.txt
View File

@ -174,5 +174,5 @@ Measurement API
.. rubric:: Footnotes
.. [#] `Robert Coup <https://koordinates.com/>`_ is the initial author of the measure objects,
and was inspired by Brian Beck's work in `geopy <http://code.google.com/p/geopy/>`_
and was inspired by Brian Beck's work in `geopy <https://github.com/geopy/geopy/>`_
and Geoff Biggs' PhD work on dimensioned units for robotics.

3
docs/ref/contrib/gis/model-api.txt
View File

@ -118,7 +118,7 @@ are not.
Most people are familiar with using latitude and longitude to reference a
location on the earth's surface. However, latitude and longitude are angles,
not distances. [#fnharvard]_ In other words, while the shortest path between two points on
not distances. In other words, while the shortest path between two points on
a flat surface is a straight line, the shortest path between two points on a curved
surface (such as the earth) is an *arc* of a `great circle`__. [#fnthematic]_ Thus,
additional computation is required to obtain distances in planar units (e.g.,
@ -281,7 +281,6 @@ for example::
.. [#fnogc] OpenGIS Consortium, Inc., `Simple Feature Specification For SQL <http://www.opengeospatial.org/standards/sfs>`_.
.. [#fnogcsrid] *See id.* at Ch. 2.3.8, p. 39 (Geometry Values and Spatial Reference Systems).
.. [#fnsrid] Typically, SRID integer corresponds to an EPSG (`European Petroleum Survey Group <http://www.epsg.org>`_) identifier. However, it may also be associated with custom projections defined in spatial database's spatial reference systems table.
.. [#fnharvard] Harvard Graduate School of Design, `An Overview of Geodesy and Geographic Referencing Systems <http://www.gsd.harvard.edu/gis/manual/projections/fundamentals/>`_. This is an excellent resource for an overview of principles relating to geographic and Cartesian coordinate systems.
.. [#fnthematic] Terry A. Slocum, Robert B. McMaster, Fritz C. Kessler, & Hugh H. Howard, *Thematic Cartography and Geographic Visualization* (Prentice Hall, 2nd edition), at Ch. 7.1.3.
.. [#fndist] This limitation does not apply to PostGIS.
.. [#fngeography] Please refer to the `PostGIS Geography Type <http://postgis.net/docs/manual-2.1/using_postgis_dbmanagement.html#PostGIS_Geography>`_ documentation for more details.

4
docs/releases/1.0-porting-guide.txt
View File

@ -79,8 +79,8 @@ see `the admin`_ below for more details.
A contributor to djangosnippets__ has written a script that'll `scan your
models.py and generate a corresponding admin.py`__.
__ http://www.djangosnippets.org/
__ http://www.djangosnippets.org/snippets/603/
__ https://www.djangosnippets.org/
__ https://www.djangosnippets.org/snippets/603/
Example
~~~~~~~

2
docs/releases/1.9.txt
View File

@ -122,7 +122,7 @@ The admin sports a modern, flat design. It still provides a fully-functional
experience to `YUI's A-grade`_ browsers. Older browser may experience varying
levels of graceful degradation.
.. _YUI's A-grade: http://yuilibrary.com/yui/docs/tutorials/gbs/
.. _YUI's A-grade: https://github.com/yui/yui3/wiki/Graded-Browser-Support
Minor features
~~~~~~~~~~~~~~

96
docs/releases/security.txt
View File

@ -42,7 +42,7 @@ issued at the time and CVEs may not have been assigned.
August 16, 2006 - CVE-2007-0404
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2007-0404 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0404&cid=3>`_: Filename validation issue in translation framework. `Full description <https://www.djangoproject.com/weblog/2006/aug/16/compilemessages/>`__
`CVE-2007-0404 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0404&cid=3>`_: Filename validation issue in translation framework. `Full description <https://www.djangoproject.com/weblog/2006/aug/16/compilemessages/>`__
Versions affected
-----------------
@ -54,7 +54,7 @@ Versions affected
January 21, 2007 - CVE-2007-0405
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2007-0405 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0405&cid=3>`_: Apparent "caching" of authenticated user. `Full description <https://www.djangoproject.com/weblog/2007/jan/21/0951/>`__
`CVE-2007-0405 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0405&cid=3>`_: Apparent "caching" of authenticated user. `Full description <https://www.djangoproject.com/weblog/2007/jan/21/0951/>`__
Versions affected
-----------------
@ -70,7 +70,7 @@ security process. These are listed below.
October 26, 2007 - CVE-2007-5712
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2007-5712 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5712&cid=3>`_: Denial-of-service via arbitrarily-large ``Accept-Language`` header. `Full description <https://www.djangoproject.com/weblog/2007/oct/26/security-fix/>`__
`CVE-2007-5712 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5712&cid=3>`_: Denial-of-service via arbitrarily-large ``Accept-Language`` header. `Full description <https://www.djangoproject.com/weblog/2007/oct/26/security-fix/>`__
Versions affected
-----------------
@ -82,7 +82,7 @@ Versions affected
May 14, 2008 - CVE-2008-2302
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2008-2302 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2302&cid=3>`_: XSS via admin login redirect. `Full description <https://www.djangoproject.com/weblog/2008/may/14/security/>`__
`CVE-2008-2302 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2302&cid=3>`_: XSS via admin login redirect. `Full description <https://www.djangoproject.com/weblog/2008/may/14/security/>`__
Versions affected
-----------------
@ -94,7 +94,7 @@ Versions affected
September 2, 2008 - CVE-2008-3909
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2008-3909 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3909&cid=3>`_: CSRF via preservation of POST data during admin login. `Full description <https://www.djangoproject.com/weblog/2008/sep/02/security/>`__
`CVE-2008-3909 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3909&cid=3>`_: CSRF via preservation of POST data during admin login. `Full description <https://www.djangoproject.com/weblog/2008/sep/02/security/>`__
Versions affected
-----------------
@ -106,7 +106,7 @@ Versions affected
July 28, 2009 - CVE-2009-2659
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2009-2659 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2659&cid=3>`_: Directory-traversal in development server media handler. `Full description <https://www.djangoproject.com/weblog/2009/jul/28/security/>`__
`CVE-2009-2659 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2659&cid=3>`_: Directory-traversal in development server media handler. `Full description <https://www.djangoproject.com/weblog/2009/jul/28/security/>`__
Versions affected
-----------------
@ -117,7 +117,7 @@ Versions affected
October 9, 2009 - CVE-2009-3965
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2009-3965 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3695&cid=3>`_: Denial-of-service via pathological regular expression performance. `Full description <https://www.djangoproject.com/weblog/2009/oct/09/security/>`__
`CVE-2009-3965 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3695&cid=3>`_: Denial-of-service via pathological regular expression performance. `Full description <https://www.djangoproject.com/weblog/2009/oct/09/security/>`__
Versions affected
-----------------
@ -128,7 +128,7 @@ Versions affected
September 8, 2010 - CVE-2010-3082
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2010-3082 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3082&cid=3>`_: XSS via trusting unsafe cookie value. `Full description <https://www.djangoproject.com/weblog/2010/sep/08/security-release/>`__
`CVE-2010-3082 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3082&cid=3>`_: XSS via trusting unsafe cookie value. `Full description <https://www.djangoproject.com/weblog/2010/sep/08/security-release/>`__
Versions affected
-----------------
@ -138,7 +138,7 @@ Versions affected
December 22, 2010 - CVE-2010-4534
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2010-4534 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4534&cid=3>`_: Information leakage in administrative interface. `Full description <https://www.djangoproject.com/weblog/2010/dec/22/security/>`__
`CVE-2010-4534 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4534&cid=3>`_: Information leakage in administrative interface. `Full description <https://www.djangoproject.com/weblog/2010/dec/22/security/>`__
Versions affected
-----------------
@ -149,7 +149,7 @@ Versions affected
December 22, 2010 - CVE-2010-4535
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2010-4535 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4535&cid=2>`_: Denial-of-service in password-reset mechanism. `Full description <https://www.djangoproject.com/weblog/2010/dec/22/security/>`__
`CVE-2010-4535 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4535&cid=2>`_: Denial-of-service in password-reset mechanism. `Full description <https://www.djangoproject.com/weblog/2010/dec/22/security/>`__
Versions affected
-----------------
@ -160,7 +160,7 @@ Versions affected
February 8, 2011 - CVE-2011-0696
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2011-0696 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0696&cid=2>`_: CSRF via forged HTTP headers. `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`__
`CVE-2011-0696 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0696&cid=2>`_: CSRF via forged HTTP headers. `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`__
Versions affected
-----------------
@ -171,7 +171,7 @@ Versions affected
February 8, 2011 - CVE-2011-0697
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2011-0697 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0697&cid=2>`_: XSS via unsanitized names of uploaded files. `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`__
`CVE-2011-0697 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0697&cid=2>`_: XSS via unsanitized names of uploaded files. `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`__
Versions affected
-----------------
@ -182,7 +182,7 @@ Versions affected
February 8, 2011 - CVE-2011-0698
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2011-0698 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0698&cid=2>`_: Directory-traversal on Windows via incorrect path-separator handling. `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`__
`CVE-2011-0698 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0698&cid=2>`_: Directory-traversal on Windows via incorrect path-separator handling. `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`__
Versions affected
-----------------
@ -193,7 +193,7 @@ Versions affected
September 9, 2011 - CVE-2011-4136
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2011-4136 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4136&cid=2>`_: Session manipulation when using memory-cache-backed session. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__
`CVE-2011-4136 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4136&cid=2>`_: Session manipulation when using memory-cache-backed session. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__
Versions affected
-----------------
@ -204,7 +204,7 @@ Versions affected
September 9, 2011 - CVE-2011-4137
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2011-4137 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4137&cid=2>`_: Denial-of-service via via ``URLField.verify_exists``. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__
`CVE-2011-4137 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4137&cid=2>`_: Denial-of-service via via ``URLField.verify_exists``. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__
Versions affected
-----------------
@ -215,7 +215,7 @@ Versions affected
September 9, 2011 - CVE-2011-4138
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2011-4138 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4138&cid=2>`_: Information leakage/arbitrary request issuance via ``URLField.verify_exists``. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__
`CVE-2011-4138 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4138&cid=2>`_: Information leakage/arbitrary request issuance via ``URLField.verify_exists``. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__
Versions affected
-----------------
@ -226,7 +226,7 @@ Versions affected
September 9, 2011 - CVE-2011-4139
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2011-4139 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4139&cid=2>`_: ``Host`` header cache poisoning. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__
`CVE-2011-4139 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4139&cid=2>`_: ``Host`` header cache poisoning. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__
Versions affected
-----------------
@ -237,7 +237,7 @@ Versions affected
September 9, 2011 - CVE-2011-4140
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2011-4140 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4140&cid=2>`_: Potential CSRF via ``Host`` header. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__
`CVE-2011-4140 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4140&cid=2>`_: Potential CSRF via ``Host`` header. `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`__
Versions affected
-----------------
@ -250,7 +250,7 @@ This notification was an advisory only, so no patches were issued.
July 30, 2012 - CVE-2012-3442
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2012-3442 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3442&cid=2>`_: XSS via failure to validate redirect scheme. `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`__
`CVE-2012-3442 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3442&cid=2>`_: XSS via failure to validate redirect scheme. `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`__
Versions affected
-----------------
@ -261,7 +261,7 @@ Versions affected
July 30, 2012 - CVE-2012-3443
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2012-3443 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3443&cid=2>`_: Denial-of-service via compressed image files. `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`__
`CVE-2012-3443 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3443&cid=2>`_: Denial-of-service via compressed image files. `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`__
Versions affected
-----------------
@ -272,7 +272,7 @@ Versions affected
July 30, 2012 - CVE-2012-3444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2012-3444 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3444&cid=2>`_: Denial-of-service via large image files. `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`__
`CVE-2012-3444 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3444&cid=2>`_: Denial-of-service via large image files. `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`__
Versions affected
-----------------
@ -283,7 +283,7 @@ Versions affected
October 17, 2012 - CVE-2012-4520
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2012-4520 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4520&cid=2>`_: ``Host`` header poisoning. `Full description <https://www.djangoproject.com/weblog/2012/oct/17/security/>`__
`CVE-2012-4520 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4520&cid=2>`_: ``Host`` header poisoning. `Full description <https://www.djangoproject.com/weblog/2012/oct/17/security/>`__
Versions affected
-----------------
@ -327,7 +327,7 @@ Versions affected
February 19, 2013 - CVE-2013-1664/1665
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2013-1664 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1664&cid=2>`_ and `CVE-2013-1665 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1665&cid=2>`_: Entity-based attacks against Python XML libraries. `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`__
`CVE-2013-1664 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1664&cid=2>`_ and `CVE-2013-1665 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1665&cid=2>`_: Entity-based attacks against Python XML libraries. `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`__
Versions affected
-----------------
@ -338,7 +338,7 @@ Versions affected
February 19, 2013 - CVE-2013-0305
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2013-0305 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0305&cid=2>`_: Information leakage via admin history log. `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`__
`CVE-2013-0305 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0305&cid=2>`_: Information leakage via admin history log. `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`__
Versions affected
-----------------
@ -349,7 +349,7 @@ Versions affected
February 19, 2013 - CVE-2013-0306
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2013-0306 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0306&cid=2>`_: Denial-of-service via formset ``max_num`` bypass. `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`__
`CVE-2013-0306 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0306&cid=2>`_: Denial-of-service via formset ``max_num`` bypass. `Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`__
Versions affected
-----------------
@ -360,7 +360,7 @@ Versions affected
August 13, 2013 - CVE-2013-4249
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2013-4249 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4249&cid=2>`_: XSS via admin trusting ``URLField`` values. `Full description <https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/>`__
`CVE-2013-4249 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4249&cid=2>`_: XSS via admin trusting ``URLField`` values. `Full description <https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/>`__
Versions affected
-----------------
@ -370,7 +370,7 @@ Versions affected
August 13, 2013 - CVE-2013-6044
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2013-6044 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6044&cid=2>`_: Possible XSS via unvalidated URL redirect schemes. `Full description <https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/>`__
`CVE-2013-6044 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6044&cid=2>`_: Possible XSS via unvalidated URL redirect schemes. `Full description <https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/>`__
Versions affected
-----------------
@ -381,7 +381,7 @@ Versions affected
September 10, 2013 - CVE-2013-4315
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2013-4315 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4315&cid=2>`_ Directory-traversal via ``ssi`` template tag. `Full description <https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/>`__
`CVE-2013-4315 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4315&cid=2>`_ Directory-traversal via ``ssi`` template tag. `Full description <https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/>`__
Versions affected
-----------------
@ -403,7 +403,7 @@ Versions affected
April 21, 2014 - CVE-2014-0472
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2014-0472 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0472&cid=2>`_: Unexpected code execution using ``reverse()``. `Full description <https://www.djangoproject.com/weblog/2014/apr/21/security/>`__
`CVE-2014-0472 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0472&cid=2>`_: Unexpected code execution using ``reverse()``. `Full description <https://www.djangoproject.com/weblog/2014/apr/21/security/>`__
Versions affected
-----------------
@ -416,7 +416,7 @@ Versions affected
April 21, 2014 - CVE-2014-0473
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2014-0473 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0473&cid=2>`_: Caching of anonymous pages could reveal CSRF token. `Full description <https://www.djangoproject.com/weblog/2014/apr/21/security/>`__
`CVE-2014-0473 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0473&cid=2>`_: Caching of anonymous pages could reveal CSRF token. `Full description <https://www.djangoproject.com/weblog/2014/apr/21/security/>`__
Versions affected
-----------------
@ -429,7 +429,7 @@ Versions affected
April 21, 2014 - CVE-2014-0474
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2014-0474 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0474&cid=2>`_: MySQL typecasting causes unexpected query results. `Full description <https://www.djangoproject.com/weblog/2014/apr/21/security/>`__
`CVE-2014-0474 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0474&cid=2>`_: MySQL typecasting causes unexpected query results. `Full description <https://www.djangoproject.com/weblog/2014/apr/21/security/>`__
Versions affected
-----------------
@ -442,7 +442,7 @@ Versions affected
May 18, 2014 - CVE-2014-1418
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2014-1418 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1418&cid=2>`_: Caches may be allowed to store and serve private data. `Full description <https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/>`__
`CVE-2014-1418 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1418&cid=2>`_: Caches may be allowed to store and serve private data. `Full description <https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/>`__
Versions affected
-----------------
@ -455,7 +455,7 @@ Versions affected
May 18, 2014 - CVE-2014-3730
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2014-3730 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3730&cid=2>`_: Malformed URLs from user input incorrectly validated. `Full description <https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/>`__
`CVE-2014-3730 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3730&cid=2>`_: Malformed URLs from user input incorrectly validated. `Full description <https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/>`__
Versions affected
-----------------
@ -468,7 +468,7 @@ Versions affected
August 20, 2014 - CVE-2014-0480
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2014-0480 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0480&cid=2>`_: reverse() can generate URLs pointing to other hosts. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__
`CVE-2014-0480 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0480&cid=2>`_: reverse() can generate URLs pointing to other hosts. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__
Versions affected
-----------------
@ -481,7 +481,7 @@ Versions affected
August 20, 2014 - CVE-2014-0481
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2014-0481 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0481&cid=2>`_: File upload denial of service. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__
`CVE-2014-0481 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0481&cid=2>`_: File upload denial of service. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__
Versions affected
-----------------
@ -494,7 +494,7 @@ Versions affected
August 20, 2014 - CVE-2014-0482
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2014-0482 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0482&cid=2>`_: RemoteUserMiddleware session hijacking. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__
`CVE-2014-0482 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0482&cid=2>`_: RemoteUserMiddleware session hijacking. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__
Versions affected
-----------------
@ -507,7 +507,7 @@ Versions affected
August 20, 2014 - CVE-2014-0483
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2014-0483 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0483&cid=2>`_: Data leakage via querystring manipulation in admin. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__
`CVE-2014-0483 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0483&cid=2>`_: Data leakage via querystring manipulation in admin. `Full description <https://www.djangoproject.com/weblog/2014/aug/20/security/>`__
Versions affected
-----------------
@ -520,7 +520,7 @@ Versions affected
January 13, 2015 - CVE-2015-0219
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2015-0219 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0219&cid=2>`_:
`CVE-2015-0219 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0219&cid=2>`_:
WSGI header spoofing via underscore/dash conflation.
`Full description <https://www.djangoproject.com/weblog/2015/jan/13/security/>`__
@ -534,7 +534,7 @@ Versions affected
January 13, 2015 - CVE-2015-0220
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2015-0220 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0220&cid=2>`_: Mitigated possible XSS attack via user-supplied redirect URLs. `Full description <https://www.djangoproject.com/weblog/2015/jan/13/security/>`__
`CVE-2015-0220 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0220&cid=2>`_: Mitigated possible XSS attack via user-supplied redirect URLs. `Full description <https://www.djangoproject.com/weblog/2015/jan/13/security/>`__
Versions affected
-----------------
@ -546,7 +546,7 @@ Versions affected
January 13, 2015 - CVE-2015-0221
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2015-0221 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0221&cid=2>`_:
`CVE-2015-0221 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0221&cid=2>`_:
Denial-of-service attack against ``django.views.static.serve()``.
`Full description <https://www.djangoproject.com/weblog/2015/jan/13/security/>`__
@ -560,7 +560,7 @@ Versions affected
January 13, 2015 - CVE-2015-0222
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2015-0222 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0222&cid=2>`_:
`CVE-2015-0222 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0222&cid=2>`_:
Database denial-of-service with ``ModelMultipleChoiceField``.
`Full description <https://www.djangoproject.com/weblog/2015/jan/13/security/>`__
@ -573,7 +573,7 @@ Versions affected
March 9, 2015 - CVE-2015-2241
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2015-2241 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2241&cid=2>`_:
`CVE-2015-2241 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2241&cid=2>`_:
XSS attack via properties in ``ModelAdmin.readonly_fields``.
`Full description <https://www.djangoproject.com/weblog/2015/mar/09/security-releases/>`__
@ -586,7 +586,7 @@ Versions affected
March 18, 2015 - CVE-2015-2316
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2015-2316 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2316&cid=2>`_:
`CVE-2015-2316 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2316&cid=2>`_:
Denial-of-service possibility with ``strip_tags()``.
`Full description <https://www.djangoproject.com/weblog/2015/mar/18/security-releases/>`__
@ -600,7 +600,7 @@ Versions affected
March 18, 2015 - CVE-2015-2317
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2015-2317 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2317&cid=2>`_:
`CVE-2015-2317 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2317&cid=2>`_:
Mitigated possible XSS attack via user-supplied redirect URLs.
`Full description <https://www.djangoproject.com/weblog/2015/mar/18/security-releases/>`__
@ -615,7 +615,7 @@ Versions affected
May 20, 2015 - CVE-2015-3982
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2015-3982 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3982&cid=2>`_:
`CVE-2015-3982 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3982&cid=2>`_:
Fixed session flushing in the cached_db backend.
`Full description <https://www.djangoproject.com/weblog/2015/may/20/security-release/>`__
@ -627,7 +627,7 @@ Versions affected
July 8, 2015 - CVE-2015-5143
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2015-5143 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5143&cid=2>`_:
`CVE-2015-5143 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5143&cid=2>`_:
Denial-of-service possibility by filling session store.
`Full description <https://www.djangoproject.com/weblog/2015/jul/08/security-releases/>`__
@ -641,7 +641,7 @@ Versions affected
July 8, 2015 - CVE-2015-5144
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2015-5144 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5144&cid=2>`_:
`CVE-2015-5144 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5144&cid=2>`_:
Header injection possibility since validators accept newlines in input.
`Full description <https://www.djangoproject.com/weblog/2015/jul/08/security-releases/>`__
@ -655,7 +655,7 @@ Versions affected
July 8, 2015 - CVE-2015-5145
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`CVE-2015-5145 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5145&cid=2>`_:
`CVE-2015-5145 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5145&cid=2>`_:
Denial-of-service possibility in URL validation.
`Full description <https://www.djangoproject.com/weblog/2015/jul/08/security-releases/>`__

4
docs/topics/install.txt
View File

@ -184,10 +184,10 @@ This is the recommended way to install Django.
privileges, and this will install Django in the virtualenv's
``site-packages`` directory.
.. _pip: http://www.pip-installer.org/
.. _pip: https://pip.pypa.io/
.. _virtualenv: http://www.virtualenv.org/
.. _virtualenvwrapper: http://virtualenvwrapper.readthedocs.org/en/latest/
.. _standalone pip installer: http://www.pip-installer.org/en/latest/installing.html#install-pip
.. _standalone pip installer: https://pip.pypa.io/en/latest/installing.html#install-pip
Installing an official release manually
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2
docs/topics/python3.txt
View File

@ -245,7 +245,7 @@ consequence, the following pattern is sometimes necessary::
Be cautious if you have to `index bytestrings`_.
.. _index bytestrings: https://docs.python.org/3/howto/pyporting.html#indexing-bytes-objects
.. _index bytestrings: https://docs.python.org/3/howto/pyporting.html#text-versus-binary-data
Exceptions
~~~~~~~~~~

2
docs/topics/security.txt
View File

@ -271,4 +271,4 @@ security protection of the Web server, operating system and other components.
* It is a good idea to limit the accessibility of your caching system and
database using a firewall.
.. _LimitRequestBody: http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestbody
.. _LimitRequestBody: http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody