Commit Graph

2254 Commits

Author SHA1 Message Date
Shai Berger 5112e65ef2 Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
Florian Apolloner 9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Loïc Bistuer ed0ff913c6 Fixed #10506, #13793, #14891, #25201 -- Introduced new APIs to specify models' default and base managers.
This deprecates use_for_related_fields.

Old API:

class CustomManager(models.Model):
    use_for_related_fields = True

class Model(models.Model):
    custom_manager = CustomManager()

New API:

class Model(models.Model):
    custom_manager = CustomManager()

    class Meta:
        base_manager_name = 'custom_manager'

Refs #20932, #25897.

Thanks Carl Meyer for the guidance throughout this work.
Thanks Tim Graham for writing the docs.
2016-05-17 12:07:22 +07:00
Loïc Bistuer 3a47d42fa3 Fixed #20932, #25897 -- Streamlined manager inheritance. 2016-05-17 02:29:22 +07:00
Claude Paroz 9935f97cd2 Refs #21379 -- Normalized unicode username inputs 2016-05-16 19:38:02 +02:00
Aron Podrigal 85ef98dc6e Fixed #24305 -- Allowed overriding fields on abstract models.
Fields inherited from abstract base classes may be overridden like
any other Python attribute. Inheriting from multiple models/classes
with the same attribute name will follow the MRO.
2016-05-16 07:32:21 -04:00
Tim Graham e475e84970 Refs #26021 -- Used hanging indentation in some doc examples. 2016-05-14 19:06:31 -04:00
Tim Graham 5238af3257 Used 'classmethod' annotation in docs/topics/auth/customizing.txt 2016-05-14 18:58:09 -04:00
Tim Graham af69c9113c Fixed typo in docs/topics/db/models.txt 2016-05-13 15:18:33 -04:00
Matthew Somerville 1962a96a30 Fixed #24938 -- Added PostgreSQL trigram support. 2016-05-13 12:38:21 -04:00
eltronix f4bb2dce79 Fixed typo in docs/topics/conditional-view-processing.txt 2016-05-12 20:07:34 -04:00
Tim Graham baf3ec2e29 Refs #26052 -- Corrected a sentence for conditional_content_removal() removal. 2016-05-11 11:09:28 -04:00
Tim Graham f5ff5010cd Fixed #26483 -- Updated docs.python.org links to use Intersphinx. 2016-05-08 18:07:43 -04:00
Vasiliy Faronov 101dd787ec Fixed #26566 -- Rewrote an incorrect Cache-Control example. 2016-05-07 10:49:47 -04:00
Matthias K 8b2fce0f70 Fixed a typo 2016-05-07 15:40:53 +02:00
shiblystory 6ae617dc57 Fixed #26595 -- Removed unnecessary save() in one_to_one.txt example. 2016-05-07 06:53:03 -04:00
Tim Graham c6499d532d Fixed syntax highlighting in docs/topics/cache.txt 2016-05-06 18:57:48 -04:00
Ville Skyttä 575a9a791e Normalized "an SQL" spelling. 2016-05-03 19:30:48 -04:00
David D Lowe c9c5ccbd41 Clarified that setting names must be uppercase. 2016-05-03 12:53:24 -04:00
Vasiliy Faronov ac77c55bc5 Fixed #26567 -- Updated references to obsolete RFC2616.
Didn't touch comments where it wasn't obvious that the code adhered to
the newer standard.
2016-05-03 11:14:40 -04:00
Tim Graham f945fb24a3 Fixed #26554 -- Updated docs URLs to readthedocs.io 2016-04-28 10:09:57 -04:00
Tim Graham fe70f280d7 Refs #25136 -- Fixed nonexistent field reference in aggregation topic guide.
Thanks Ankush Thakur for the report and Simon for the review.
2016-04-27 15:16:00 -04:00
eltronix 8ccb8ff453 Fixed typo in docs/topics/testing/tools.txt 2016-04-27 08:01:48 -04:00
eltronix 75c5e547b5 Fixed typo in docs/topics/testing/tools.txt 2016-04-26 18:19:00 -04:00
Marc Tamlyn 2d877da855 Refs #3254 -- Added full text search to contrib.postgres.
Adds a reasonably feature complete implementation of full text search
using the built in PostgreSQL engine. It uses public APIs from
Expression and Lookup.

With thanks to Tim Graham, Simon Charettes, Josh Smeaton, Mikey Ariel
and many others for their advice and review. Particular thanks also go
to the supporters of the contrib.postgres kickstarter.
2016-04-22 10:44:37 +01:00
Jon Dufresne ec6121693f Fixed #22383 -- Added support for HTML5 required attribute on required form fields. 2016-04-21 19:16:38 -04:00
Jon Dufresne 38ddd4ab55 Fixed incorrect rendered widget in forms example. 2016-04-20 21:07:59 -04:00
Tobias Kroenke b040ac06eb Fixed #26520 -- Fixed a regression where SessionBase.pop() didn't return a KeyError. 2016-04-20 13:06:47 -04:00
eltronix f43da05cc5 Fixed typo in docs/topics/class-based-views/mixins.txt 2016-04-18 20:25:54 -04:00
Tim Graham 2c4c67af94 Fixed #26514 -- Documented that User.refresh_from_db() doesn't clear the permission cache. 2016-04-18 09:02:56 -04:00
Claude Paroz de40cfbe74 Fixed #19567 -- Added JavaScriptCatalog and JSONCatalog class-based views
Thanks Cristiano Coelho and Tim Graham for the reviews.
2016-04-15 17:28:54 +02:00
Filipa Andrade 47fbbc33de Fixed #26493 -- Documented how built-in signals are sent. 2016-04-13 07:48:18 -04:00
Jeremy Lainé c1aec0feda Fixed #25847 -- Made User.is_(anonymous|authenticated) properties. 2016-04-09 14:54:18 -04:00
Tim Graham f6ca63a9f8 Refs #26464 -- Added a link to OWASP Top 10 in security topic guide. 2016-04-09 07:49:40 -04:00
Claude Paroz 0d3c616fbb Refs #26351 -- Added check hook to support database-related checks
Thanks Tim Graham and Shai Berger for the reviews.
2016-04-08 20:28:00 +02:00
Daniel Jilg eed658d7c4 Refs #14131 -- Documented why paginating large QuerySets may be slow. 2016-04-06 11:06:38 -04:00
Tim Graham 15a20dc9af Removed a reference to Django 1.3.1 in docs. 2016-04-04 11:55:34 -04:00
David Evans 99bb7fcc18 Fixed #26452 -- Loaded middleware on server start rather than on first request. 2016-04-04 10:12:41 -04:00
Daniel Jilg 55c843f2ef Fixed #14131 -- Added note to docs about Pagination and large Querysets 2016-04-02 16:03:34 +02:00
Simon Charette 64aba7a8ab Fixed #26438 -- Fixed multiple .objects typos in the docs.
Thanks Pablo Oubiña for the report.
2016-03-31 18:27:47 -04:00
Tim Graham a65fc6df89 Fixed #26410 -- Added a docs example for loader.render_to_string(). 2016-03-31 08:31:55 -04:00
Akshesh 49f95cc0a0 Fixed #11560 -- Allowed proxy model multiple-inheritance from the same concrete base model. 2016-03-30 13:06:27 -04:00
Krzysztof Jurewicz 940b7fd5cb Fixed #21446 -- Allowed not performing redirect in set_language view
Thanks Claude Paroz and Tim Graham for polishing the patch.
2016-03-29 22:15:14 +02:00
Aymeric Augustin 7b1ce7fd91 Fixed #26408 -- Updated link to DEP 182.
Thanks kaifeldhoff for the report.
2016-03-25 20:49:18 +01:00
Tim Shaffer 8550566af6 Fixed typo in docs/topics/db/aggregation.txt. 2016-03-25 13:38:16 -04:00
Alexander Gaevsky 107165c4b0 Fixed #24987 -- Allowed inactive users to login with the test client. 2016-03-23 09:01:52 -04:00
Alexander Gaevsky e0a3d93730 Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users. 2016-03-23 09:01:48 -04:00
Tim Graham c41737dc00 Fixed #26392 -- Corrected login_required/permission_required stacking example. 2016-03-21 19:56:15 -04:00
Andrew Abraham f2d9caa625 Fixed DiscoverRunner failfast parameter default in docs. 2016-03-15 18:33:35 -04:00
Duane Hilton f8b23e52e8 Fixed #26290 -- Documented that a QuerySet for pagination should be ordered. 2016-03-15 10:13:47 -04:00