Luke Plant
4047a21fa8
Noted new security overview page in the 1.4 release notes
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16402 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-14 23:37:12 +00:00
Luke Plant
06a2515145
Fixed typo in release notes regarding CSRF with PUT/DELETE etc
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16401 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-14 23:31:45 +00:00
Jannis Leidel
f749bb829c
Fixed #12875 -- Added get_ordering to ModelAdmin. Many thanks to Manuel Saelices.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16383 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-12 13:04:53 +00:00
Jannis Leidel
d27f909d2e
Fixed #12847 -- Added name parameter to simple_tag, assignment_tag and inclusion_tag helpers. Thanks, vladmos.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16373 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-11 16:05:28 +00:00
Jannis Leidel
ce3c281090
Fixed #811 -- Added support for IPv6 to forms and model fields. Many thanks to Erik Romijn.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16366 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-11 13:48:24 +00:00
Ramiro Morales
dff31de20a
Fixed #16155 -- Removed Python 2.4 compatibility constructs from code and mentions from docs. Thanks Aymeric Augustin for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16349 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-09 20:01:28 +00:00
Idan Gazit
716601109a
Fixed #11834 -- Improved technical 500 stacktrace display.
...
Thanks to buriy and Aleksandra for the implementation!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16343 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-09 12:45:11 +00:00
Luke Plant
45e55b9143
Fixed #14614 - filtering of sensitive information in 500 error reports.
...
This adds a flexible mechanism for filtering what request/traceback
information is shown in 500 error emails and logs. It also applies
screening to some views known to be sensitive e.g. views that handle
passwords.
Thanks to oaylanc for the report and many thanks to Julien Phalip for the
patch and the rest of the work on this.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16339 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-08 22:18:46 +00:00
Luke Plant
bb12a02bd8
Deprecated legacy ways of calling cache_page
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16338 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-08 11:12:01 +00:00
Alex Gaynor
b67ff14208
Removed an alias for ``django.template.loader`` that had been deprecated since 2005. This should only affect World Online.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16337 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-07 21:17:41 +00:00
Luke Plant
5434ce231d
Fixed #11868 - Multiple sort in admin changelist.
...
Many thanks to bendavis78 for the initial patch, and for input from others.
Also fixed #7309 . If people were relying on the undocumented default ordering
applied by the admin before, they will need to add 'ordering = ["-pk"]' to
their ModelAdmin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16316 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-02 16:18:47 +00:00
Jannis Leidel
632dfa2338
Fixed #9200 -- Added new form wizard to formtools based on class based views. Many thanks to Stephan Jäkel, ddurham and ElliottM for their work.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16307 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-01 13:47:00 +00:00
Luke Plant
1a951fa8d4
Added info to release notes about CSRF improvements
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16306 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-31 21:29:35 +00:00
Luke Plant
524c5fa07a
Fixed #14261 - Added clickjacking protection (X-Frame-Options header)
...
Many thanks to rniemeyer for the patch!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16298 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30 22:27:47 +00:00
Jannis Leidel
f60d428463
Fixed #12417 -- Added signing functionality, including signing cookies. Many thanks to Simon, Stephan, Paul and everyone else involved.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16253 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-21 14:41:14 +00:00
Adrian Holovaty
c5cb2fabd2
Edited docs/releases/1.4.txt changes from [16124]
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16227 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-14 17:58:32 +00:00
Simon Meers
5ecb88c146
Fixed #16014 -- numerous documentation typos -- thanks psmith.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16220 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-13 04:33:42 +00:00
Luke Plant
cb060f0f34
Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requests
...
Thanks to brodie for the report, and further input from tow21
This is a potentially backwards incompatible change - if you were doing
PUT/DELETE requests and relying on the lack of protection, you will need to
update your code, as noted in the releaste notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16201 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:45:54 +00:00
Luke Plant
171df93170
Fixed #15954 - New IGNORABLE_404_URLS setting that allows more powerful filtering of 404s to ignore
...
Thanks to aaugustin for implementing this.
(Technically this doesn't fix the original report, as we've decided against
having *any* default values, but the new feature makes it possible, and the
docs have an example addressing #15954 ).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-05 20:49:26 +00:00
Jannis Leidel
950e05c3ff
Fixed #14262 -- Added new assignment_tag as a simple way to assign the result of a template tag to a context variable. Thanks, Julien Phalip.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16149 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-03 11:52:42 +00:00
Jannis Leidel
18d2f4a816
Fixed #5833 -- Modified the admin list filters to be easier to customize. Many thanks to Honza Král, Tom X. Tobin, gerdemb, eandre, sciyoshi, bendavis78 and Julien Phalip for working on this.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16144 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-03 10:44:23 +00:00
Jannis Leidel
0fa8bd3d92
Fixed #15920 -- Removed COMMENTS_BANNED_USERS_GROUP setting in favor of the established comments app customization. Thanks, Daniel Lindsley.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16124 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-29 15:11:17 +00:00
Jannis Leidel
79afd55278
Fixed #5925 -- Added new lazily evaluated version of django.core.urlresolvers.reverse. Thanks, SmileyChris, Preston Timmons and Julien Phalip.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16121 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-29 11:49:59 +00:00
Luke Plant
327081f875
Added note about HTML5 to release notes.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16061 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-21 00:00:32 +00:00
Jacob Kaplan-Moss
c92e0e4765
Added notes about `select_for_update` to the 1.4 release notes.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16059 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-20 21:00:24 +00:00
Jannis Leidel
196ac8f8b3
Fixed #6213 -- Updated the flatpages app to only append a slash if the flatpage actually exist.
...
The FlatpageFallbackMiddleware (and the view) now only add a trailing slash and redirect if the resulting URL refers to an existing flatpage. Previously requesting /notaflatpageoravalidurl would redirect to /notaflatpageoravalidurl/, which would then raise a 404. Requesting /notaflatpageoravalidurl now will immediately raise a 404. Also, Redirects returned by flatpages are now permanent (301 status code) to match the behaviour of the CommonMiddleware.
Thanks to Steve Losh for the initial work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16048 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-20 14:41:47 +00:00
Luke Plant
1f5d684f14
Added release notes about the removal of Django 1.2 compatibility fallbacks for signed data
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15955 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-30 17:35:32 +00:00
Luke Plant
4550f95f29
Added stub release notes for 1.4
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15947 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-30 17:34:01 +00:00