Shai Berger
5112e65ef2
Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
...
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).
While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).
Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
Florian Apolloner
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Loïc Bistuer
ed0ff913c6
Fixed #10506 , #13793 , #14891 , #25201 -- Introduced new APIs to specify models' default and base managers.
...
This deprecates use_for_related_fields.
Old API:
class CustomManager(models.Model):
use_for_related_fields = True
class Model(models.Model):
custom_manager = CustomManager()
New API:
class Model(models.Model):
custom_manager = CustomManager()
class Meta:
base_manager_name = 'custom_manager'
Refs #20932 , #25897 .
Thanks Carl Meyer for the guidance throughout this work.
Thanks Tim Graham for writing the docs.
2016-05-17 12:07:22 +07:00
Loïc Bistuer
3a47d42fa3
Fixed #20932 , #25897 -- Streamlined manager inheritance.
2016-05-17 02:29:22 +07:00
Claude Paroz
9935f97cd2
Refs #21379 -- Normalized unicode username inputs
2016-05-16 19:38:02 +02:00
Aron Podrigal
85ef98dc6e
Fixed #24305 -- Allowed overriding fields on abstract models.
...
Fields inherited from abstract base classes may be overridden like
any other Python attribute. Inheriting from multiple models/classes
with the same attribute name will follow the MRO.
2016-05-16 07:32:21 -04:00
Tim Graham
e475e84970
Refs #26021 -- Used hanging indentation in some doc examples.
2016-05-14 19:06:31 -04:00
Tim Graham
5238af3257
Used 'classmethod' annotation in docs/topics/auth/customizing.txt
2016-05-14 18:58:09 -04:00
Tim Graham
af69c9113c
Fixed typo in docs/topics/db/models.txt
2016-05-13 15:18:33 -04:00
Matthew Somerville
1962a96a30
Fixed #24938 -- Added PostgreSQL trigram support.
2016-05-13 12:38:21 -04:00
eltronix
f4bb2dce79
Fixed typo in docs/topics/conditional-view-processing.txt
2016-05-12 20:07:34 -04:00
Tim Graham
baf3ec2e29
Refs #26052 -- Corrected a sentence for conditional_content_removal() removal.
2016-05-11 11:09:28 -04:00
Tim Graham
f5ff5010cd
Fixed #26483 -- Updated docs.python.org links to use Intersphinx.
2016-05-08 18:07:43 -04:00
Vasiliy Faronov
101dd787ec
Fixed #26566 -- Rewrote an incorrect Cache-Control example.
2016-05-07 10:49:47 -04:00
Matthias K
8b2fce0f70
Fixed a typo
2016-05-07 15:40:53 +02:00
shiblystory
6ae617dc57
Fixed #26595 -- Removed unnecessary save() in one_to_one.txt example.
2016-05-07 06:53:03 -04:00
Tim Graham
c6499d532d
Fixed syntax highlighting in docs/topics/cache.txt
2016-05-06 18:57:48 -04:00
Ville Skyttä
575a9a791e
Normalized "an SQL" spelling.
2016-05-03 19:30:48 -04:00
David D Lowe
c9c5ccbd41
Clarified that setting names must be uppercase.
2016-05-03 12:53:24 -04:00
Vasiliy Faronov
ac77c55bc5
Fixed #26567 -- Updated references to obsolete RFC2616.
...
Didn't touch comments where it wasn't obvious that the code adhered to
the newer standard.
2016-05-03 11:14:40 -04:00
Tim Graham
f945fb24a3
Fixed #26554 -- Updated docs URLs to readthedocs.io
2016-04-28 10:09:57 -04:00
Tim Graham
fe70f280d7
Refs #25136 -- Fixed nonexistent field reference in aggregation topic guide.
...
Thanks Ankush Thakur for the report and Simon for the review.
2016-04-27 15:16:00 -04:00
eltronix
8ccb8ff453
Fixed typo in docs/topics/testing/tools.txt
2016-04-27 08:01:48 -04:00
eltronix
75c5e547b5
Fixed typo in docs/topics/testing/tools.txt
2016-04-26 18:19:00 -04:00
Marc Tamlyn
2d877da855
Refs #3254 -- Added full text search to contrib.postgres.
...
Adds a reasonably feature complete implementation of full text search
using the built in PostgreSQL engine. It uses public APIs from
Expression and Lookup.
With thanks to Tim Graham, Simon Charettes, Josh Smeaton, Mikey Ariel
and many others for their advice and review. Particular thanks also go
to the supporters of the contrib.postgres kickstarter.
2016-04-22 10:44:37 +01:00
Jon Dufresne
ec6121693f
Fixed #22383 -- Added support for HTML5 required attribute on required form fields.
2016-04-21 19:16:38 -04:00
Jon Dufresne
38ddd4ab55
Fixed incorrect rendered widget in forms example.
2016-04-20 21:07:59 -04:00
Tobias Kroenke
b040ac06eb
Fixed #26520 -- Fixed a regression where SessionBase.pop() didn't return a KeyError.
2016-04-20 13:06:47 -04:00
eltronix
f43da05cc5
Fixed typo in docs/topics/class-based-views/mixins.txt
2016-04-18 20:25:54 -04:00
Tim Graham
2c4c67af94
Fixed #26514 -- Documented that User.refresh_from_db() doesn't clear the permission cache.
2016-04-18 09:02:56 -04:00
Claude Paroz
de40cfbe74
Fixed #19567 -- Added JavaScriptCatalog and JSONCatalog class-based views
...
Thanks Cristiano Coelho and Tim Graham for the reviews.
2016-04-15 17:28:54 +02:00
Filipa Andrade
47fbbc33de
Fixed #26493 -- Documented how built-in signals are sent.
2016-04-13 07:48:18 -04:00
Jeremy Lainé
c1aec0feda
Fixed #25847 -- Made User.is_(anonymous|authenticated) properties.
2016-04-09 14:54:18 -04:00
Tim Graham
f6ca63a9f8
Refs #26464 -- Added a link to OWASP Top 10 in security topic guide.
2016-04-09 07:49:40 -04:00
Claude Paroz
0d3c616fbb
Refs #26351 -- Added check hook to support database-related checks
...
Thanks Tim Graham and Shai Berger for the reviews.
2016-04-08 20:28:00 +02:00
Daniel Jilg
eed658d7c4
Refs #14131 -- Documented why paginating large QuerySets may be slow.
2016-04-06 11:06:38 -04:00
Tim Graham
15a20dc9af
Removed a reference to Django 1.3.1 in docs.
2016-04-04 11:55:34 -04:00
David Evans
99bb7fcc18
Fixed #26452 -- Loaded middleware on server start rather than on first request.
2016-04-04 10:12:41 -04:00
Daniel Jilg
55c843f2ef
Fixed #14131 -- Added note to docs about Pagination and large Querysets
2016-04-02 16:03:34 +02:00
Simon Charette
64aba7a8ab
Fixed #26438 -- Fixed multiple .objects typos in the docs.
...
Thanks Pablo Oubiña for the report.
2016-03-31 18:27:47 -04:00
Tim Graham
a65fc6df89
Fixed #26410 -- Added a docs example for loader.render_to_string().
2016-03-31 08:31:55 -04:00
Akshesh
49f95cc0a0
Fixed #11560 -- Allowed proxy model multiple-inheritance from the same concrete base model.
2016-03-30 13:06:27 -04:00
Krzysztof Jurewicz
940b7fd5cb
Fixed #21446 -- Allowed not performing redirect in set_language view
...
Thanks Claude Paroz and Tim Graham for polishing the patch.
2016-03-29 22:15:14 +02:00
Aymeric Augustin
7b1ce7fd91
Fixed #26408 -- Updated link to DEP 182.
...
Thanks kaifeldhoff for the report.
2016-03-25 20:49:18 +01:00
Tim Shaffer
8550566af6
Fixed typo in docs/topics/db/aggregation.txt.
2016-03-25 13:38:16 -04:00
Alexander Gaevsky
107165c4b0
Fixed #24987 -- Allowed inactive users to login with the test client.
2016-03-23 09:01:52 -04:00
Alexander Gaevsky
e0a3d93730
Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users.
2016-03-23 09:01:48 -04:00
Tim Graham
c41737dc00
Fixed #26392 -- Corrected login_required/permission_required stacking example.
2016-03-21 19:56:15 -04:00
Andrew Abraham
f2d9caa625
Fixed DiscoverRunner failfast parameter default in docs.
2016-03-15 18:33:35 -04:00
Duane Hilton
f8b23e52e8
Fixed #26290 -- Documented that a QuerySet for pagination should be ordered.
2016-03-15 10:13:47 -04:00