Go to file
Jacob Kaplan-Moss 174d8db57c Prevented non-admin users from accessing the admin redirect shortcut.
If the admin shortcut view (e.g. /admin/r/<content-type>/<pk>/) is
publically-accessible, and if a public users can guess a content-type ID
(which isn't hard given that they're sequential), then the redirect view could
possibly leak data by redirecting to pages a user shouldn't "know about." So
the redirect view needs the same protection as the rest of the admin site.

Thanks to Jason Royes for pointing this out.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15639 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-24 13:34:51 +00:00
.tx Added the configuration file for Transifex. 2011-01-21 19:36:57 +00:00
django Prevented non-admin users from accessing the admin redirect shortcut. 2011-02-24 13:34:51 +00:00
docs Fixed #15299 -- Started the process of migrating the auth context processor support classes into the auth context processor module. Thanks to shailesh for the report, and v1v3kn for the draft patch. 2011-02-23 13:36:58 +00:00
extras Fixed #12174 -- Corrected Bash command line completion when calling "python manage.py". Thanks to sethp for the report, and SmileyChris for the initial patch. 2010-02-05 15:42:22 +00:00
scripts Added a man page for django-admin.py. Also install it correctly as part of the 2007-06-10 06:33:31 +00:00
tests Prevented non-admin users from accessing the admin redirect shortcut. 2011-02-24 13:34:51 +00:00
.gitignore Fixed #14680 -- Added ignore files for Mercurial and Git. 2010-12-21 17:52:17 +00:00
.hgignore Fixed #14680 -- Added ignore files for Mercurial and Git. 2010-12-21 17:52:17 +00:00
AUTHORS Fixed #9964 -- Ensure that all database operations make transactions dirty, not just write operations. Many thanks to Shai Berger for his work and persistence on this issue. 2011-02-12 13:03:34 +00:00
INSTALL Updated INSTALL file 2009-10-30 08:24:05 +00:00
LICENSE Updated LICENSE file to acknowledge individual copyrights as well (after 2008-08-09 14:40:51 +00:00
MANIFEST.in Added app translation files to the package manifest template. 2011-01-21 20:47:56 +00:00
README Another (hopefully the last) trivial commit to test auth. 2011-01-28 22:07:43 +00:00
setup.cfg Fixed #13153 -- Removed a stale reference to the examples directory in setup.cfg. Thanks to cesar@mifprojects.com for the report. 2010-08-05 13:00:09 +00:00
setup.py Update download_url for beta. 2010-12-23 04:12:04 +00:00

README

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design.

All documentation is in the "docs" directory and online at
http://docs.djangoproject.com/en/dev/. If you're just getting started, here's
how we recommend you read the docs:

    * First, read docs/intro/install.txt for instructions on installing Django.

    * Next, work through the tutorials in order (docs/intro/tutorial01.txt,
      docs/intro/tutorial02.txt, etc.).

    * If you want to set up an actual deployment server, read
      docs/howto/deployment/index.txt for instructions.

    * You'll probably want to read through the topical guides (in docs/topics)
      next; from there you can jump to the HOWTOs (in docs/howto) for specific
      problems, and check out the reference (docs/ref) for gory details.

    * See docs/README for instructions on building an HTML version of the docs.

Docs are updated rigorously. If you find any problems in the docs, or think they
should be clarified in any way, please take 30 seconds to fill out a ticket
here:

http://code.djangoproject.com/newticket

To get more help:

    * Join the #django channel on irc.freenode.net. Lots of helpful people
      hang out there. Read the archives at http://botland.oebfare.com/logger/django/.

    * Join the django-users mailing list, or read the archives, at
      http://groups.google.com/group/django-users.

To contribute to Django:

    * Check out http://www.djangoproject.com/community/ for information
      about getting involved.

To run Django's test suite:

    * Follow the instructions in the "Unit tests" section of
      docs/internals/contributing.txt, published online at
      http://docs.djangoproject.com/en/dev/internals/contributing/#running-the-unit-tests