Commit Graph

196 Commits

Author SHA1 Message Date
Luke Plant 8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Russell Keith-Magee 8b6a2c11e4 Fixed #11073 -- Added documentation for SESSION_COOKIE_PATH. Thanks to liling for the report, and gsong for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11545 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 00:17:35 +00:00
Russell Keith-Magee 1ed9d29db8 Modified r11531 to use the original suggested text from the patch (which was better).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11532 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:41:12 +00:00
Russell Keith-Magee 15f3610747 Fixed #11589 -- Corrected an argument in the shortcuts documentation. Thanks to tsaylor for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11531 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-12 22:32:07 +00:00
Russell Keith-Magee 42ff5b3c12 Cleanup of some minor markup problems in URL documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11275 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-21 01:48:59 +00:00
Russell Keith-Magee 0c9d0bf7d6 Fixed #11492 -- Corrected some typos, and added some extra markup for the URLs documentation. Thanks to Ramiro Morales for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11258 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-17 00:55:21 +00:00
Russell Keith-Magee 3469f4b819 Fixed #11491 -- Corrected minor typo in new namespace URL docs. Thanks to Carl Meyer for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11253 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 23:45:36 +00:00
Russell Keith-Magee 8d48eaa064 Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:16:13 +00:00
Russell Keith-Magee ebce1b9a2b Fixed #11439 -- Added docs on including URL patterns as an iterable. Thanks to Ramiro Morales for the draft text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11221 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-11 15:38:47 +00:00
Russell Keith-Magee d71097111a Fixed #11322 -- Clarified docs regarding middleware processing. Thanks the Michael Malone for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11048 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:34:27 +00:00
Russell Keith-Magee 457a1f9a03 Fixed #11272 -- Made some clarifications to the overview and tutorial. Thanks to jjinux for the review notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11044 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:32:12 +00:00
Adrian Holovaty 9848f888ba Made some small improvements to docs/topics/http/sessions.txt
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10839 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-26 05:29:28 +00:00
Karen Tracey a6a0b29318 Fixed #10400: Added a note in the file uploads doc about the correct form type needed for file uploads to work. Thanks claudep and timo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10816 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-17 18:45:25 +00:00
Jacob Kaplan-Moss c6c25adf6d Fixed a whole bunch of small docs typos, errors, and ommissions.
Fixes #8358, #8396, #8724, #9043, #9128, #9247, #9267, #9267, #9375, #9409, #9414, #9416, #9446, #9454, #9464, #9503, #9518, #9533, #9657, #9658, #9683, #9733, #9771, #9835, #9836, #9837, #9897, #9906, #9912, #9945, #9986, #9992, #10055, #10084, #10091, #10145, #10245, #10257, #10309, #10358, #10359, #10424, #10426, #10508, #10531, #10551, #10635, #10637, #10656, #10658, #10690, #10699, #19528.

Thanks to all the respective authors of those tickets.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10371 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-03 18:30:54 +00:00
Jacob Kaplan-Moss 516051bfd2 A whole lotta documentation fixes: Fixes #8704, #8826, #8980, #9243, #9343, #9529,
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10303 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 23:34:03 +00:00
Gary Wilson Jr 86d772bb2a Fixed #10120 -- Added a `return` to a doc example, patch from andrews.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10265 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 16:49:54 +00:00
Gary Wilson Jr b4f5655c86 Fixed #10553 -- Corrected several uses of `URLconf` in documentation and comments, according to the Django style guide. Based on patch from rduffield.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10256 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 16:07:07 +00:00
Luke Plant cdc8c61bc3 Made default MIDDLEWARE_CLASSES same as in project_template.
And updated docs, and also corrected them about middleware by removing
'XViewMiddleware'



git-svn-id: http://code.djangoproject.com/svn/django/trunk@10129 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 23:20:40 +00:00
Luke Plant 20f7e51493 Reverted 10094 and 10095 (in favour of solution that will hopefully land for beta 2)
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10128 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 23:02:46 +00:00
Gary Wilson Jr e389234201 Added a versionadded directive to new redirect shortcut (refs #10194).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10111 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-21 15:26:56 +00:00
Jacob Kaplan-Moss d7e8127524 Fixed #10194: added `django.shortcuts.redirect`, a do-what-I-mean redirect shortcut. See the docs at topics/http/shortcuts for details.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10108 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-21 13:09:13 +00:00
Luke Plant 4e7a4eda3d Updated all refs to default middleware in docs.
(adding CSRF, removing XView which is no longer a default)



git-svn-id: http://code.djangoproject.com/svn/django/trunk@10095 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-19 23:28:16 +00:00
Russell Keith-Magee 16d67a11ac Fixed #10298 -- Corrected the example for the get_list_or_404 shortcut. Thanks to Dagur for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9857 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-22 06:06:56 +00:00
Gary Wilson Jr 88837875f2 Auth-related doc cleanups:
* Added to documentation of missing characters from `allowed_chars` in `make_random_password`.
  * Fixed several long lines and word wraps.
  * Added a reference link to the "How to log a user in" section and made a later reference to this section an actual link using the `:ref:` directive.
  * Turned a command line code example into a code block.
  * Added attribute reference link for a ``request.META`` mention.
  * Added `code-block:: html` directives for HTML examples.
  * Corrected reference links for all the `auth.views` functions.
  * Added a few function signatures and documentation of optional parameters that were missing for some of the the `auth.views` functions (refs #10272).


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9835 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-16 05:10:31 +00:00
Gary Wilson Jr f76cb41251 A few minor wording, whitespace, punctuation, and link changes for the middleware documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9833 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-15 05:46:00 +00:00
Gary Wilson Jr 11d382c6c4 Fixed a long line, a typo, and a few misspellings from [9727].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9729 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-11 05:47:06 +00:00
Jacob Kaplan-Moss 299e1e814f Fixed #6791: added a write-through cache session backend: session data is written through the cache to the database, but read from the cache for speed. Thanks to jhenry, mcroydon, and jdunck.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9727 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-10 22:18:14 +00:00
Adrian Holovaty 0cfcc72f88 Renamed file-uploads.txt from 'topics-file-uploads' to 'topics-http-file-uploads' to be consistent with directory structure
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9489 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-18 07:32:38 +00:00
Adrian Holovaty e37e57f44a Removed 'Most Web sites wouldn't be complete without a way to upload files' sentence from file-uploads.txt in docs. I beg to differ.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9487 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-18 06:35:05 +00:00
Malcolm Tredinnick a573f4c029 Fixed #9472 -- Fixed a couple of URL patterns to be more consistent (and remove
a misleading initial slash). Thanks, daveyjoe.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9471 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-16 09:35:30 +00:00
Karen Tracey c483583023 Fixed #9497 - Doc typos. Many thanks ramiro.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9330 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-02 20:43:20 +00:00
Karen Tracey 8a5f2ee912 Fixed #9495 -- Corrected typo in urls doc. Thanks seemant.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9328 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-02 04:17:59 +00:00
Karen Tracey dd9fd80561 Fixed #9441 -- Corrected typo in file upload settings doc. Thanks gsf.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9316 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-01 19:45:03 +00:00
Karen Tracey d4f4ab8535 Fixed #9487 -- Corrected several links into the Python docs that were broken by the recent Python docs refactor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9312 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-01 19:02:09 +00:00
Malcolm Tredinnick cbe11c1982 Fixed #9430 -- Fixed documentation references to the HttpResponse classes for
returning HTTP status codes other than 200.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9266 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-24 09:24:42 +00:00
Malcolm Tredinnick fa63f1642d Fixed #8975 -- Added a note to the documentation for reverse() that all views
must be importable for URL reversing to work correctly.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9167 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-06 08:31:32 +00:00
Malcolm Tredinnick a011a49457 Fixed #9047 -- Marked up django.core.urlresolvers.reverse() properly in the
docs. It now appears in the index.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9163 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-06 08:27:24 +00:00
Russell Keith-Magee c9f0dd1ed6 Fixed #9075: Added a call to close() in the example file upload handler. Thanks to Brendan (bmsleight) for the suggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9027 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-14 10:32:04 +00:00
Adrian Holovaty 74f386dba2 Fixed #8979 -- Made a bunch of typo/formatting fixes to the docs. Thanks, ramiro
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8987 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-09 01:54:20 +00:00
Jacob Kaplan-Moss 64a9469127 Fixed #8753: converted "new in ..." callouts to proper Sphinx "versionadded/versionchanged" directives. Thanks to Marc Fargas for all the heavy lifting here.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8843 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 03:40:42 +00:00
Malcolm Tredinnick a63a83e5d8 A rewrite of the reverse URL parsing: the reverse() call and the "url" template tag.
This is fully backwards compatible, but it fixes a bunch of little bugs. Thanks
to SmileyChris and Ilya Semenov for some early patches in this area that were
incorporated into this change.

Fixed #2977, #4915, #6934, #7206.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8760 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-31 11:11:20 +00:00
James Bennett ce24a1f81d Fixed #7654: Documented the fact that file upload handlers must be modified before reading request.POST
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8758 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-31 10:23:36 +00:00
Jacob Kaplan-Moss 52914fbf5a Fixed #8656: added a note about iterating over `UploadedFile` only understanding `\n`.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8685 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-28 21:39:17 +00:00
Russell Keith-Magee f1ab8b4342 Fixed #8600: Corrected example URLConf to match new comments framework. Thanks to julien for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8650 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-28 11:27:17 +00:00
Jacob Kaplan-Moss ff420b4364 Fixed #8454: added a FILE_UPLOAD_PERMISSIONS setting to control the permissoin of files uploaded by the built-in file storage system. Thanks, dcwatson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8640 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-27 22:21:14 +00:00
Jacob Kaplan-Moss 97cb07c3a1 Massive reorganization of the docs. See the new docs online at http://docs.djangoproject.com/.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8506 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 22:25:40 +00:00