This deprecates User.message_set in favour of a configurable messaging
system, with backends provided for cookie storage, session storage and
backward compatibility.
Many thanks to Tobias McNulty for the bulk of the work here, with
contributions from Chris Beaven (SmileyChris) and lots of code review from
Russell Keith-Magee, and input from many others. Also credit to the authors
of various messaging systems for Django whose ideas may have been pinched
:-)
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11804 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This is a large change to CSRF protection for Django. It includes:
* removing the dependency on the session framework.
* deprecating CsrfResponseMiddleware, and replacing with a core template tag.
* turning on CSRF protection by default by adding CsrfViewMiddleware to
the default value of MIDDLEWARE_CLASSES.
* protecting all contrib apps (whatever is in settings.py)
using a decorator.
For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.
Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.
Details of the rationale for these changes is found here:
http://code.djangoproject.com/wiki/CsrfProtection
As of this commit, the CSRF code is mainly in 'contrib'. The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Added to documentation of missing characters from `allowed_chars` in `make_random_password`.
* Fixed several long lines and word wraps.
* Added a reference link to the "How to log a user in" section and made a later reference to this section an actual link using the `:ref:` directive.
* Turned a command line code example into a code block.
* Added attribute reference link for a ``request.META`` mention.
* Added `code-block:: html` directives for HTML examples.
* Corrected reference links for all the `auth.views` functions.
* Added a few function signatures and documentation of optional parameters that were missing for some of the the `auth.views` functions (refs #10272).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9835 bcc190cf-cafb-0310-a4f2-bffc1f526a37
version". Some were replaced with versionadded or versionchanged directives.
Other, more minor ones, were removed altogether.
Based on a patch from James Bennett.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9454 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Adrian Holovaty
Jannis Leidel
Luke Plant
Jacob Kaplan-Moss
Russell Keith-Magee
Karen Tracey
James Bennett
Gary Wilson Jr
Malcolm Tredinnick