Commit Graph

4255 Commits

Author SHA1 Message Date
Malcolm Tredinnick 86ca11dd6d Rewrote the section about writing autoescaping-aware filters, based on feedback
from Ivan Sagalaev.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6692 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-18 07:19:11 +00:00
Gary Wilson Jr 38d972b9ec Fixed #5880 -- Fixed an XSS hole in the admin interface.
* Escaped text that gets sent after saving the admin foreignkey popup form.
 * Added quotes around the second argument passed to `opener.dismissAddAnotherPopup` to make the function also work when a text field is used as the primary key.
 * Added a `html_unescape` javascript function to unescape the strings passed in to the `dismissAddAnotherPopup` function so that the added choice displays correctly in the dropdown box.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-18 06:51:20 +00:00
Malcolm Tredinnick 5f8cfe99f3 Fixed #5969 -- Corrected a problem introduced in [6682].
*sigh* As usual, the one case I forget to test turned out to be broken.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6689 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-18 03:36:03 +00:00
Malcolm Tredinnick ce73298e26 Fixed #5960 -- Fixed some Python 2.3 incompatibilities.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6685 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-17 12:58:06 +00:00
Malcolm Tredinnick 4bd75e8712 Fixed a couple of chained filter tests that weren't demonstrating what they
claimed (since the "cut" filter's behaviour had changed since I originally
wrote those tests).


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6684 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-17 12:18:09 +00:00
Malcolm Tredinnick 4585b4d6c2 Fixed some missed auto-escaping and URL quoting cases in the urlize filter.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-17 12:12:40 +00:00
Malcolm Tredinnick adcec0885d Fixed a few problems with variable resolving inside of blocktrans tags. A couple of these were exposed by the auto-escaping changes, but I suspect the other one has been hiding in plain sight for a while.
Fixed #5952, #5953


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6682 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-17 12:12:18 +00:00
Malcolm Tredinnick 64c0bf8677 Translating safe strings should return a safe result.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6681 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-17 12:11:54 +00:00
Malcolm Tredinnick 0928fa5566 Fixed #5945 -- Treat string literals in template filter arguments as safe
strings for auto-escaping purposes.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6680 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-17 12:11:26 +00:00
Malcolm Tredinnick 0b0ef3f0c5 Fixed #4713 -- Fixed handling of _() in template tag arguments. Based on
patched from Indy and SmileyChris.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6679 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-17 04:04:12 +00:00
Malcolm Tredinnick d0f3c4386e Fixed #5898 -- Updated docs for r6662, as pointed out by arien.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6678 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-15 09:26:57 +00:00
Malcolm Tredinnick 84c1e78551 Fixed #5892, #5930 -- Fixed some typos pointed out by ars@iki.fi and nickl.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6677 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-15 09:21:36 +00:00
Malcolm Tredinnick a5e960db48 Fixed #5933 -- Updated Polish translation from Jarek Zgoda.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6676 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-15 09:17:53 +00:00
Malcolm Tredinnick b58c55fc80 Fixed #5944 -- Added safe string markings to admin error messages in one place
that was missed.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 22:58:24 +00:00
Malcolm Tredinnick 3322521cd6 Documented the time-saver in flatpages: title and content are marked as safe
strings.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6674 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 21:30:18 +00:00
Malcolm Tredinnick bdb0b903c2 Content coming via {{ block.super }} is always going to be correctly escaped
already. We mark it as safe so that template authors don't need to.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6673 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 21:07:27 +00:00
Malcolm Tredinnick 356662cf74 Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359
See documentation in templates.txt and templates_python.txt for how everything
works.

Backwards incompatible if you're inserting raw HTML output via template variables.

Based on an original design from Simon Willison and with debugging help from Michael Radziej.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 12:58:53 +00:00
Gary Wilson Jr babfe78494 Fixed #4787, #5913 -- Updating the queryset on a `ModelChoiceField` or `ModelMultipleChoiceField` now updates its widget's choices. The clean methods for `ModelChoiceField` and `ModelMultipleChoiceField` were changed to only allow choices in the specified queryset (instead of allowing all choices returned by the queryset model's default manager).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6670 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-13 14:36:29 +00:00
Gary Wilson Jr 5e8be6978e Simplified `SortedDict.__deepcopy__` now that the its constructor can take a sequence of tuples.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-12 03:12:47 +00:00
Gary Wilson Jr a4907be38e Fixed #5918 -- Removed `SortedDictFromList` since `SortedDict` now can do everything `SortedDictFromList` could do. Since `SortedDict`'s `copy` method doesn't return a deepcopy as `SortedDictFromList`'s `copy` method did, you will need to update your code if you were relying on `SortedDictFromList.copy` to return a deepcopy by using the `deepcopy` function from the `copy` module.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6668 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-11 04:44:20 +00:00
Malcolm Tredinnick af256a02f9 Fixed #5890 -- Fixed a ReST markup error. Thanks, arien.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6667 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-11 04:44:11 +00:00
Malcolm Tredinnick 33206720f0 Fixed #5876 -- Updated Catalan translation from Marc Garcia.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6666 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-11 04:40:06 +00:00
Malcolm Tredinnick eec71cfc6d Fixed #5914 -- Updated Hebrew translation from Meir Kriheli.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6665 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-11 04:39:35 +00:00
Malcolm Tredinnick da23c7bcfe Fixed #5900 -- Updated traditional Chinese translation. Thanks, terryh.tp@gmail.com.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6664 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-11 04:38:53 +00:00
Malcolm Tredinnick 5a8af0738f Fixed #5687 -- Updated Swedish translation. A bit of a group effort from Dmitri
Fedortchenko, Ludvig Ericson and the django-se team.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6663 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-11 04:38:19 +00:00
Malcolm Tredinnick 3ee3d6b5f3 Fixed #5898 -- Changed a few response processing paths to make things harder to get wrong and easier to get right. Previous behaviour wasn't buggy, but it was harder to use than necessary.
We now have automatic HEAD processing always (previously required ConditionalGetMiddleware), middleware benefits from the Location header rewrite, so they can use relative URLs as well, and responses with response codes 1xx, 204 or 304 will always have their content removed, in accordance with the HTTP spec (so it's much harder to indavertently deliver invalid responses).

Based on a patch and diagnosis from regexbot@gmail.com.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6662 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-11 03:55:44 +00:00
Malcolm Tredinnick 30848dfe34 When using assertRedirect(), allow the caller to specify relative URLs and
automatically fill in the hostname and scheme (host can be passed in, if
different from the default).


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-11 03:54:21 +00:00
Gary Wilson Jr 1eecc5a47e Corrected a couple comments in `model_forms` tests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-09 19:35:56 +00:00
Luke Plant 8c9b65429a Fixed bug in /admin/doc/views/ caused by [6658]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6659 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-09 15:27:49 +00:00
Luke Plant 8eeb9feab0 Fixed #4376 -- login_required now works with bound methods. Thanks, Steven Bethard.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6658 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-07 22:45:07 +00:00
Malcolm Tredinnick 8216abe748 Documentation for creating custom model fields.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6652 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-05 13:59:52 +00:00
Malcolm Tredinnick ea100b607a Added the small changes necessary to make creating custom model fields easier.
Also includes some tests for this.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6651 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-05 13:59:42 +00:00
Malcolm Tredinnick 595e75e8dd Fixed #5729 -- For MySQL (only), always delay the creation of foreign key
references, for all tables, until after the table has been created. This means
that when using the InnoDB storage engine, true foreign key constraints are
created (inline "REFERENCES" are ignored by InnoDB, unfortunately).

Fully backwards compatible.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6650 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-04 05:05:24 +00:00
Malcolm Tredinnick 3f1ce2e602 Fixed #5640 -- Added some extra error reporting when smart_unicode() or
force_unicode() raise a UnicodeDecodeError. This should at least help people
identify which is the bad piece of data they passed in. About the best we can
do here.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6649 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-04 03:37:04 +00:00
Gary Wilson Jr 6f7fd897bc Added pretty tables for `floatformat` documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6648 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-04 02:48:44 +00:00
Gary Wilson Jr a5eb61cd9f Added tests for `floatformat` template filter for number with non-zero decimal place digit and ending in zeros.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6647 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-04 02:32:02 +00:00
Gary Wilson Jr 72b7a33929 `floatformat` template filter docstring changes:
* Split example cases.
 * Corrected use with negative arguments (quotes are needed).
 * Added another example of a number that has decimal places that include a non-zero digit and that ends with zeros.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6646 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-04 02:27:17 +00:00
Malcolm Tredinnick 75efa2811d Fixed #5868 -- Provided an example of how to extend simplejson to serialize
lazy translation objects for those who want to use it directly.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6645 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-04 02:08:24 +00:00
Malcolm Tredinnick 77a846bab0 Fixed a Python 2.3 problem.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6644 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-04 02:08:15 +00:00
Gary Wilson Jr 99697d9bec Added examples to the `pluralize` template filter's docstring.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6643 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-04 02:08:04 +00:00
Malcolm Tredinnick 2184248c05 For readability, use _() as an alias to mark translatable strings.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6642 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-04 02:08:02 +00:00
Gary Wilson Jr 4e8864a882 Style and import fixes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6641 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-04 02:05:56 +00:00
Gary Wilson Jr 0e59bf42cf Fixed #5869 -- Corrected documentation for `now` template tag's "r" format character. Thanks, xavier.morel@masklinn.net.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6640 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-04 01:14:58 +00:00
Gary Wilson Jr 2a48fc5007 Made use of `itertools.cycle` for the `cycle` template tag.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6636 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-03 02:04:59 +00:00
Gary Wilson Jr 5997cb8ad4 Removed unused variable.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6635 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-31 04:04:07 +00:00
Gary Wilson Jr 8c442f21dc Fixed #5816 -- Fixed a regression from [6333] that generates incorrect cookie "expires" dates when using a locale other than English. Introduced `http_date` and `cookie_date` utility functions. Thanks for the report Michael Lemaire. Thanks for the patch Karen Tracey and `SmileyChris`.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6634 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-31 03:59:40 +00:00
Gary Wilson Jr 39f28512b9 Fixed #5842 -- Marked cache template tag as "New in development version", thanks `SmileyChris`.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6633 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-31 01:46:32 +00:00
Gary Wilson Jr 0709c23046 Fixed #5832 -- Removed unneeded import in testing documentation, thanks Thomas Güttler.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6632 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-30 23:00:57 +00:00
Gary Wilson Jr 9a30ed5cd5 Fixed #5834 -- Fixed import in `formtools` documentation, thanks telenieko.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6631 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-30 22:57:46 +00:00
Gary Wilson Jr b237537e00 Changed name of `PythonInterpreter` so as not to get confused with the use of `DJANGO_SETTINGS_MODULE mysite.other_settings`
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6630 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-30 22:50:42 +00:00