Commit Graph

101 Commits

Author SHA1 Message Date
Russell Keith-Magee 5f287f75f2 Altered the behavior of URLField to avoid a potential DOS vector, and to avoid potential leakage of local filesystem data. A security announcement will be made shortly.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16760 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 00:47:00 +00:00
Russell Keith-Magee 893cea211a Added protection against spoofing of X_FORWARDED_HOST headers. A security announcement will be made shortly.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16758 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 00:46:38 +00:00
Alex Gaynor d036b87126 Remove no-longer-valid references to the DATABASE_* settings, the legacy code for them was already removed.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16733 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-09 17:14:47 +00:00
Jannis Leidel 6819312c98 Fixed #15918 -- Refined documentation of the various localization settings, especially with regard to the thousand separator. Thanks, Aymeric Augustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16727 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-08 13:25:17 +00:00
Ramiro Morales 932b1b8d6d Converted links to external topics so they use intersphinx extension markup.
This allows to make these links more resilent to changes in the target URLs.
Thanks Jannis for the report and Aymeric Augustin for the patch.

Fixes #16586.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16720 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-04 21:17:30 +00:00
Julien Phalip 5c1b4ab75b Fixed #16729 -- Fixed a small typo in the settings reference doc. Thanks to simon.cruanes.2007@m4x.org for the report and to Aymeric Augustin for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16716 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-02 03:47:49 +00:00
Malcolm Tredinnick f77666a4af Documented some Oracle-specific test settings.
Patch from aaugustin that should help people with specific testing
requirements for Oracle set things up in their preferred way. The
settings have always existed, but now they are documented.

Fixes #16478.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16646 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-22 06:35:52 +00:00
Jannis Leidel 566b3295fa Fixed #16621 -- Fixed lots of typos in the docs. Thanks, Bernhard Essl.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16615 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-13 11:58:19 +00:00
Chris Beaven 956da729d1 Add a note to USE_L10N settings documentation that startproject sets USE_L10N = True
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16538 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-12 00:08:37 +00:00
Jannis Leidel 38a2444277 Fixed #16050 -- BACKWARDS-INCOMPATIBLE CHANGE: Moved static files of the admin to conventional file system location.
This also removes the need for ADMIN_MEDIA_PREFIX and replaces it with the convention to find admin's static files at STATIC_URL + 'admin/'.

Thanks to Jacob for the review and general help.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16487 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-30 09:06:19 +00:00
Luke Plant 45e55b9143 Fixed #14614 - filtering of sensitive information in 500 error reports.
This adds a flexible mechanism for filtering what request/traceback
information is shown in 500 error emails and logs. It also applies
screening to some views known to be sensitive e.g. views that handle
passwords.

Thanks to oaylanc for the report and many thanks to Julien Phalip for the
patch and the rest of the work on this.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16339 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-08 22:18:46 +00:00
Luke Plant 524c5fa07a Fixed #14261 - Added clickjacking protection (X-Frame-Options header)
Many thanks to rniemeyer for the patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16298 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30 22:27:47 +00:00
Jannis Leidel 49f57a5d28 Fixed #15992 -- Added more references to settings. Thanks, aaugustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16290 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-29 17:41:04 +00:00
Jannis Leidel f60d428463 Fixed #12417 -- Added signing functionality, including signing cookies. Many thanks to Simon, Stephan, Paul and everyone else involved.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16253 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-21 14:41:14 +00:00
Luke Plant 8cbcf1d3a6 Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF cookie
Thanks to cfattarsi for the report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:22 +00:00
Luke Plant bf7af2be15 Added clarifying note to docs for CSRF_COOKIE_DOMAIN
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 22:59:52 +00:00
Luke Plant 171df93170 Fixed #15954 - New IGNORABLE_404_URLS setting that allows more powerful filtering of 404s to ignore
Thanks to aaugustin for implementing this.

(Technically this doesn't fix the original report, as we've decided against
having *any* default values, but the new feature makes it possible, and the
docs have an example addressing #15954).

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-05 20:49:26 +00:00
Timo Graham 449e84a2f1 Fixed #15801 - Incorrect external link for dictConfig; thanks David Niergarth for the report; jonash for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16100 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-24 23:53:24 +00:00
Adrian Holovaty f8495d2371 Fixed #15822 -- Removed references to the v1 postgresql backend (which has been removed). Thanks for the patch, aaugustin
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16034 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-17 20:45:06 +00:00
Adrian Holovaty 94af19c43f Changed e-mail to email throughout documentation and codebase. The one exception is translation strings, which I didn't want to disrupt
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15967 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-01 16:10:22 +00:00
Ramiro Morales f6e38f3800 Fixed #5494, #10765, #14924 -- Modified the order in which translations are read when composing the final translation to offer at runtime.
This is slightly backward-incompatible (could result in changed final translations for literals appearing multiple times in different .po files but with different translations).

Translations are now read in the following order (from lower to higher priority):

For the 'django' gettext domain:

 * Django translations
 * INSTALLED_APPS apps translations (with the ones listed first having higher priority)
 * settings/project path translations (deprecated, see below)
 * LOCALE_PATHS translations (with the ones listed first having higher priority)

For the 'djangojs' gettext domain:

 * Python modules whose names are passed to the javascript_catalog view
 * LOCALE_PATHS translations (with the ones listed first having higher priority, previously they weren't included)

Also, automatic loading of translations from the 'locale' subdir of the settings/project path is now deprecated.

Thanks to vanschelven, vbmendes and an anonymous user for reporting issues, to vanschelven, Claude Paroz and an anonymous contributor for their initial work on fixes and to Jannis  Leidel and Claude for review and discussion.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15441 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-07 18:48:40 +00:00
Carl Meyer 76fb2bb0e2 Fixed some documentation and default-settings.py comments that were misleading about the purpose of STATIC_ROOT, and removed an unused import.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15384 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-01 14:28:07 +00:00
Jannis Leidel 8fe42053bc Reworded parts of the staticfiles documentation after receiving various user feedback. Thanks, all!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15369 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-30 17:23:25 +00:00
Ramiro Morales f81d4ba5b3 Fixed #14038 -- Added information to release notes and version changed|added markers to documentation additions for the new template loeaders API introduced in version 1.2. Thanks 3point2 for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15309 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-25 15:42:24 +00:00
Jannis Leidel 544ab30ed7 Fixed #6218 -- Made MEDIA_URL and STATIC_URL require a trailing slash to ensure there is a consistent way to combine paths in templates. Thanks to Michael Toomim, Chris Heisel and Chris Beaven.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15130 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-02 01:33:11 +00:00
Timo Graham 2ea93f9327 Fixed #14000 - remove versionadded/changed tags for Django 1.0 and 1.1
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15055 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-26 00:37:14 +00:00
Russell Keith-Magee 673e6fc7fb Fixed #11675 -- Added support for the PyLibMC cache library. In order to support this, and clean up some other 1.3 caching additions, this patch also includes some changes to the way caches are defined. This means you can now have multiple caches, in the same way you have multiple databases. A huge thanks to Jacob Burch for the work on the PyLibMC backend, and to Jannis for his work on the cache definition changes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15005 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-21 15:19:19 +00:00
Jannis Leidel dad28e8557 Fixed #14103 -- Take USE_ETAGS setting into account when patching the response headers. Thanks, trbs and Eric Holscher.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14885 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-12 22:57:17 +00:00
Gabriel Hurley 0ab50aad36 Fixed #13605 -- Improved documentation of the django.core.files.storage module. Added documentation for DefaultStorage, get_storage_class, FileSystemStorage, and some missing public methods on Storage. New metadata targets included for everything. Thanks to kopernikus for the report and elbarto for contributing to the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14831 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-05 06:45:34 +00:00
Russell Keith-Magee 50e3b9d028 Added versionadded markup to the TEST_DEPENDENCIES setting.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14824 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-05 01:23:23 +00:00
Russell Keith-Magee d53fd71acb Corrected incomplete and incorrect docs from r14822.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14823 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-05 01:03:39 +00:00
Timo Graham 3cbaf3c2b6 Fixed #14781 - Setting "CACHE_PREFIX" should be "CACHE_KEY_PREFIX". Thanks to adamv for report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14713 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-26 13:38:39 +00:00
Russell Keith-Magee 78be884ea7 Fixed #3304 -- Added support for HTTPOnly cookies. Thanks to arvin for the suggestion, and rodolfo for the draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14707 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-26 13:30:50 +00:00
Gabriel Hurley 25f3eda3cc Fixed #14738 -- Improved crossref linking for cache settings, and fixed a few minor typos.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14676 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-22 06:15:02 +00:00
Russell Keith-Magee 99d247f4cb Fixed #13795 -- Added a site-wide cache prefix and cache versioning. Thanks to bruth for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14623 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-19 15:39:35 +00:00
Jannis Leidel 33d8fcde8a Fixed #14693, #14709 -- Backwards incompatible change to rectify the confusion around the STATICFILES_URL and STATICFILES_ROOT settings.
* Two new global settings that will be used by -- **but are not limited to** -- the staticfiles app: STATIC_ROOT and STATIC_URL.

  * Moving the 'django.contrib.staticfiles.templatetags.staticfiles' template tag to the core ('django.templatetags.static') and renaming it to 'get_static_prefix'.

  * Moving the context processor 'django.contrib.staticfiles.context_processors.staticfiles' to the core ('django.core.context_processors.static') and renaming it to 'static'.

  * Paths in media definitions will use STATIC_URL as the prefix if the value is not None, and falls back to the previously used MEDIA_URL.

Thanks again to the community for constructive criticism and Carl and Russ for sanity-inducing discussions on IRC.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14592 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-17 15:36:26 +00:00
Chris Beaven ea145923fc Better cross-referencing of the USE_THOUSAND_SEPARATOR setting in documentation. Thanks to Klaas van Schelven for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14578 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-16 21:33:48 +00:00
Luke Plant d9ae7c6b37 Corrected default value for ADMIN_MEDIA_PREFIX in docs, and added info about how it integrates with staticfiles.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14551 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-13 03:55:06 +00:00
Jannis Leidel 70edd4e103 Reverted deprecation of media context processor (from r14293) to separate static files and media files a bit more.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14535 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-11 21:44:33 +00:00
Jannis Leidel 8e96584f63 Fixed #14524, #14582, #14617, #14665 and #14667 -- Tweaked staticfiles app.
* Updated StaticFilesHandler and AdminMediaHandler
  to make use of the 404 handler if needed.

* Updated runserver management command to serve static files
  only in DEBUG mode (or if specified the --insecure option)
  and if the staticfiles app is in INSTALLED_APPS. Also added
  an option to disable serving completely (--nostatic).

* Added check in debug mode if STATICFILES_* settings are
  different to MEDIA_* settings.

* Removed a faulty PendingDeprecationWarning in AdminMediaHandler
  that is triggered every time runserver is used.

* Fixed an issue with the modification time checks when
  running collectstatic.

* Extended and refined documentation.

Thanks to everyone for input, especially to Carl Meyer, Ted Kaemming and
Adam Vandenberg for patches.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14533 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-11 21:43:49 +00:00
Jacob Kaplan-Moss d30fe03e6b Fixed #14641 - a handful of grammer/typo fixes.
Thanks, programmerq.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14497 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-08 20:37:52 +00:00
Gabriel Hurley 11b012038c Fixed #14600 -- Added a versionchanged directive to the TEMPLATE_CONTEXT_PROCESSORS setting reference, and added a currentmodule directive to the staticfiles docs so that the crossref targets would point to the right place even with full paths in the staticfiles docs. Thanks to mathijs for the report and suggested text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14479 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-06 23:30:10 +00:00
Gabriel Hurley bb062c376f Fixed #14584 -- Documented settings.PASSWORD_RESET_TIMEOUT_DAYS. Also fixed some cross-refs in the neighborhood. Thanks to hop for the report and Adam Mckerlie for the draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14437 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-02 11:53:01 +00:00
Gabriel Hurley a200cc6d54 Fixed #14541 -- Corrected an outdated bit of wording in the LANGUAGES setting docs. Thanks to akelm for the report and suggested fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14333 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-23 22:14:57 +00:00
Ramiro Morales f9def8b873 Fixed #14463 -- Fixed links to new location of date/time format specifiers docs.
Thanks epicserve for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14325 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-23 14:52:01 +00:00
Jannis Leidel cfc19f84de Fixed #12323 and #11582 -- Extended the ability to handle static files. Thanks to all for helping with the original app, the patch, documentation and general support.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14293 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-20 01:33:24 +00:00
Gabriel Hurley ace6519fae Fixed #14058 -- Clarified information on OPTIONS setting (for adding additional parameters when connecting to a database) and linked to Database Backend docs. Thanks to chris@cwroofs for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14114 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-10 07:58:50 +00:00
Gabriel Hurley 888168003a Fixed #14228 -- Added additional information on what the APPEND_SLASH setting does. Thanks to ttencate for the report and draft text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14110 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-10 06:36:38 +00:00
Russell Keith-Magee 240f68e4e5 Fixed #14388 -- Corrected some typos in the logging docs. Thanks to varikin, gremmie, Ramiro Morales and Gabriel Hurley for the reviews.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13982 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-05 00:11:41 +00:00
Russell Keith-Magee 24acca4139 Fixed #12012 -- Added support for logging. Thanks to Vinay Sajip for his draft patch, and to the many people who gave feedback during development of the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13981 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-04 15:12:39 +00:00