Russell Keith-Magee
5f287f75f2
Altered the behavior of URLField to avoid a potential DOS vector, and to avoid potential leakage of local filesystem data. A security announcement will be made shortly.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16760 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 00:47:00 +00:00
Russell Keith-Magee
893cea211a
Added protection against spoofing of X_FORWARDED_HOST headers. A security announcement will be made shortly.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16758 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 00:46:38 +00:00
Alex Gaynor
d036b87126
Remove no-longer-valid references to the DATABASE_* settings, the legacy code for them was already removed.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16733 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-09 17:14:47 +00:00
Jannis Leidel
6819312c98
Fixed #15918 -- Refined documentation of the various localization settings, especially with regard to the thousand separator. Thanks, Aymeric Augustin.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16727 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-08 13:25:17 +00:00
Ramiro Morales
932b1b8d6d
Converted links to external topics so they use intersphinx extension markup.
...
This allows to make these links more resilent to changes in the target URLs.
Thanks Jannis for the report and Aymeric Augustin for the patch.
Fixes #16586 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16720 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-04 21:17:30 +00:00
Julien Phalip
5c1b4ab75b
Fixed #16729 -- Fixed a small typo in the settings reference doc. Thanks to simon.cruanes.2007@m4x.org for the report and to Aymeric Augustin for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16716 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-02 03:47:49 +00:00
Malcolm Tredinnick
f77666a4af
Documented some Oracle-specific test settings.
...
Patch from aaugustin that should help people with specific testing
requirements for Oracle set things up in their preferred way. The
settings have always existed, but now they are documented.
Fixes #16478 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16646 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-22 06:35:52 +00:00
Jannis Leidel
566b3295fa
Fixed #16621 -- Fixed lots of typos in the docs. Thanks, Bernhard Essl.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16615 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-13 11:58:19 +00:00
Chris Beaven
956da729d1
Add a note to USE_L10N settings documentation that startproject sets USE_L10N = True
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16538 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-12 00:08:37 +00:00
Jannis Leidel
38a2444277
Fixed #16050 -- BACKWARDS-INCOMPATIBLE CHANGE: Moved static files of the admin to conventional file system location.
...
This also removes the need for ADMIN_MEDIA_PREFIX and replaces it with the convention to find admin's static files at STATIC_URL + 'admin/'.
Thanks to Jacob for the review and general help.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16487 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-30 09:06:19 +00:00
Luke Plant
45e55b9143
Fixed #14614 - filtering of sensitive information in 500 error reports.
...
This adds a flexible mechanism for filtering what request/traceback
information is shown in 500 error emails and logs. It also applies
screening to some views known to be sensitive e.g. views that handle
passwords.
Thanks to oaylanc for the report and many thanks to Julien Phalip for the
patch and the rest of the work on this.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16339 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-08 22:18:46 +00:00
Luke Plant
524c5fa07a
Fixed #14261 - Added clickjacking protection (X-Frame-Options header)
...
Many thanks to rniemeyer for the patch!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16298 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30 22:27:47 +00:00
Jannis Leidel
49f57a5d28
Fixed #15992 -- Added more references to settings. Thanks, aaugustin.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16290 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-29 17:41:04 +00:00
Jannis Leidel
f60d428463
Fixed #12417 -- Added signing functionality, including signing cookies. Many thanks to Simon, Stephan, Paul and everyone else involved.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16253 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-21 14:41:14 +00:00
Luke Plant
8cbcf1d3a6
Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF cookie
...
Thanks to cfattarsi for the report and initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:22 +00:00
Luke Plant
bf7af2be15
Added clarifying note to docs for CSRF_COOKIE_DOMAIN
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 22:59:52 +00:00
Luke Plant
171df93170
Fixed #15954 - New IGNORABLE_404_URLS setting that allows more powerful filtering of 404s to ignore
...
Thanks to aaugustin for implementing this.
(Technically this doesn't fix the original report, as we've decided against
having *any* default values, but the new feature makes it possible, and the
docs have an example addressing #15954 ).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-05 20:49:26 +00:00
Timo Graham
449e84a2f1
Fixed #15801 - Incorrect external link for dictConfig; thanks David Niergarth for the report; jonash for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16100 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-24 23:53:24 +00:00
Adrian Holovaty
f8495d2371
Fixed #15822 -- Removed references to the v1 postgresql backend (which has been removed). Thanks for the patch, aaugustin
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16034 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-17 20:45:06 +00:00
Adrian Holovaty
94af19c43f
Changed e-mail to email throughout documentation and codebase. The one exception is translation strings, which I didn't want to disrupt
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15967 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-01 16:10:22 +00:00
Ramiro Morales
f6e38f3800
Fixed #5494 , #10765 , #14924 -- Modified the order in which translations are read when composing the final translation to offer at runtime.
...
This is slightly backward-incompatible (could result in changed final translations for literals appearing multiple times in different .po files but with different translations).
Translations are now read in the following order (from lower to higher priority):
For the 'django' gettext domain:
* Django translations
* INSTALLED_APPS apps translations (with the ones listed first having higher priority)
* settings/project path translations (deprecated, see below)
* LOCALE_PATHS translations (with the ones listed first having higher priority)
For the 'djangojs' gettext domain:
* Python modules whose names are passed to the javascript_catalog view
* LOCALE_PATHS translations (with the ones listed first having higher priority, previously they weren't included)
Also, automatic loading of translations from the 'locale' subdir of the settings/project path is now deprecated.
Thanks to vanschelven, vbmendes and an anonymous user for reporting issues, to vanschelven, Claude Paroz and an anonymous contributor for their initial work on fixes and to Jannis Leidel and Claude for review and discussion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15441 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-07 18:48:40 +00:00
Carl Meyer
76fb2bb0e2
Fixed some documentation and default-settings.py comments that were misleading about the purpose of STATIC_ROOT, and removed an unused import.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15384 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-01 14:28:07 +00:00
Jannis Leidel
8fe42053bc
Reworded parts of the staticfiles documentation after receiving various user feedback. Thanks, all!
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15369 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-30 17:23:25 +00:00
Ramiro Morales
f81d4ba5b3
Fixed #14038 -- Added information to release notes and version changed|added markers to documentation additions for the new template loeaders API introduced in version 1.2. Thanks 3point2 for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15309 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-25 15:42:24 +00:00
Jannis Leidel
544ab30ed7
Fixed #6218 -- Made MEDIA_URL and STATIC_URL require a trailing slash to ensure there is a consistent way to combine paths in templates. Thanks to Michael Toomim, Chris Heisel and Chris Beaven.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15130 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-02 01:33:11 +00:00
Timo Graham
2ea93f9327
Fixed #14000 - remove versionadded/changed tags for Django 1.0 and 1.1
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15055 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-26 00:37:14 +00:00
Russell Keith-Magee
673e6fc7fb
Fixed #11675 -- Added support for the PyLibMC cache library. In order to support this, and clean up some other 1.3 caching additions, this patch also includes some changes to the way caches are defined. This means you can now have multiple caches, in the same way you have multiple databases. A huge thanks to Jacob Burch for the work on the PyLibMC backend, and to Jannis for his work on the cache definition changes.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15005 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-21 15:19:19 +00:00
Jannis Leidel
dad28e8557
Fixed #14103 -- Take USE_ETAGS setting into account when patching the response headers. Thanks, trbs and Eric Holscher.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14885 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-12 22:57:17 +00:00
Gabriel Hurley
0ab50aad36
Fixed #13605 -- Improved documentation of the django.core.files.storage module. Added documentation for DefaultStorage, get_storage_class, FileSystemStorage, and some missing public methods on Storage. New metadata targets included for everything. Thanks to kopernikus for the report and elbarto for contributing to the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14831 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-05 06:45:34 +00:00
Russell Keith-Magee
50e3b9d028
Added versionadded markup to the TEST_DEPENDENCIES setting.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14824 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-05 01:23:23 +00:00
Russell Keith-Magee
d53fd71acb
Corrected incomplete and incorrect docs from r14822.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14823 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-05 01:03:39 +00:00
Timo Graham
3cbaf3c2b6
Fixed #14781 - Setting "CACHE_PREFIX" should be "CACHE_KEY_PREFIX". Thanks to adamv for report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14713 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-26 13:38:39 +00:00
Russell Keith-Magee
78be884ea7
Fixed #3304 -- Added support for HTTPOnly cookies. Thanks to arvin for the suggestion, and rodolfo for the draft patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14707 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-26 13:30:50 +00:00
Gabriel Hurley
25f3eda3cc
Fixed #14738 -- Improved crossref linking for cache settings, and fixed a few minor typos.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14676 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-22 06:15:02 +00:00
Russell Keith-Magee
99d247f4cb
Fixed #13795 -- Added a site-wide cache prefix and cache versioning. Thanks to bruth for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14623 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-19 15:39:35 +00:00
Jannis Leidel
33d8fcde8a
Fixed #14693 , #14709 -- Backwards incompatible change to rectify the confusion around the STATICFILES_URL and STATICFILES_ROOT settings.
...
* Two new global settings that will be used by -- **but are not limited to** -- the staticfiles app: STATIC_ROOT and STATIC_URL.
* Moving the 'django.contrib.staticfiles.templatetags.staticfiles' template tag to the core ('django.templatetags.static') and renaming it to 'get_static_prefix'.
* Moving the context processor 'django.contrib.staticfiles.context_processors.staticfiles' to the core ('django.core.context_processors.static') and renaming it to 'static'.
* Paths in media definitions will use STATIC_URL as the prefix if the value is not None, and falls back to the previously used MEDIA_URL.
Thanks again to the community for constructive criticism and Carl and Russ for sanity-inducing discussions on IRC.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14592 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-17 15:36:26 +00:00
Chris Beaven
ea145923fc
Better cross-referencing of the USE_THOUSAND_SEPARATOR setting in documentation. Thanks to Klaas van Schelven for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14578 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-16 21:33:48 +00:00
Luke Plant
d9ae7c6b37
Corrected default value for ADMIN_MEDIA_PREFIX in docs, and added info about how it integrates with staticfiles.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14551 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-13 03:55:06 +00:00
Jannis Leidel
70edd4e103
Reverted deprecation of media context processor (from r14293) to separate static files and media files a bit more.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14535 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-11 21:44:33 +00:00
Jannis Leidel
8e96584f63
Fixed #14524 , #14582 , #14617 , #14665 and #14667 -- Tweaked staticfiles app.
...
* Updated StaticFilesHandler and AdminMediaHandler
to make use of the 404 handler if needed.
* Updated runserver management command to serve static files
only in DEBUG mode (or if specified the --insecure option)
and if the staticfiles app is in INSTALLED_APPS. Also added
an option to disable serving completely (--nostatic).
* Added check in debug mode if STATICFILES_* settings are
different to MEDIA_* settings.
* Removed a faulty PendingDeprecationWarning in AdminMediaHandler
that is triggered every time runserver is used.
* Fixed an issue with the modification time checks when
running collectstatic.
* Extended and refined documentation.
Thanks to everyone for input, especially to Carl Meyer, Ted Kaemming and
Adam Vandenberg for patches.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14533 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-11 21:43:49 +00:00
Jacob Kaplan-Moss
d30fe03e6b
Fixed #14641 - a handful of grammer/typo fixes.
...
Thanks, programmerq.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14497 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-08 20:37:52 +00:00
Gabriel Hurley
11b012038c
Fixed #14600 -- Added a versionchanged directive to the TEMPLATE_CONTEXT_PROCESSORS setting reference, and added a currentmodule directive to the staticfiles docs so that the crossref targets would point to the right place even with full paths in the staticfiles docs. Thanks to mathijs for the report and suggested text.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14479 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-06 23:30:10 +00:00
Gabriel Hurley
bb062c376f
Fixed #14584 -- Documented settings.PASSWORD_RESET_TIMEOUT_DAYS. Also fixed some cross-refs in the neighborhood. Thanks to hop for the report and Adam Mckerlie for the draft patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14437 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-02 11:53:01 +00:00
Gabriel Hurley
a200cc6d54
Fixed #14541 -- Corrected an outdated bit of wording in the LANGUAGES setting docs. Thanks to akelm for the report and suggested fix.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14333 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-23 22:14:57 +00:00
Ramiro Morales
f9def8b873
Fixed #14463 -- Fixed links to new location of date/time format specifiers docs.
...
Thanks epicserve for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14325 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-23 14:52:01 +00:00
Jannis Leidel
cfc19f84de
Fixed #12323 and #11582 -- Extended the ability to handle static files. Thanks to all for helping with the original app, the patch, documentation and general support.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14293 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-20 01:33:24 +00:00
Gabriel Hurley
ace6519fae
Fixed #14058 -- Clarified information on OPTIONS setting (for adding additional parameters when connecting to a database) and linked to Database Backend docs. Thanks to chris@cwroofs for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14114 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-10 07:58:50 +00:00
Gabriel Hurley
888168003a
Fixed #14228 -- Added additional information on what the APPEND_SLASH setting does. Thanks to ttencate for the report and draft text.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14110 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-10 06:36:38 +00:00
Russell Keith-Magee
240f68e4e5
Fixed #14388 -- Corrected some typos in the logging docs. Thanks to varikin, gremmie, Ramiro Morales and Gabriel Hurley for the reviews.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13982 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-05 00:11:41 +00:00
Russell Keith-Magee
24acca4139
Fixed #12012 -- Added support for logging. Thanks to Vinay Sajip for his draft patch, and to the many people who gave feedback during development of the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13981 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-04 15:12:39 +00:00