Luke Plant
8e70cef9b6
Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
...
This is a large change to CSRF protection for Django. It includes:
* removing the dependency on the session framework.
* deprecating CsrfResponseMiddleware, and replacing with a core template tag.
* turning on CSRF protection by default by adding CsrfViewMiddleware to
the default value of MIDDLEWARE_CLASSES.
* protecting all contrib apps (whatever is in settings.py)
using a decorator.
For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.
Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.
Details of the rationale for these changes is found here:
http://code.djangoproject.com/wiki/CsrfProtection
As of this commit, the CSRF code is mainly in 'contrib'. The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Russell Keith-Magee
0757607217
Fixed #11820 -- Corrected the spelling of Grace Hopper's name in a test. Thanks to shields@msrl.com for the report, and apologies to Admiral Hopper for the error.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11551 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 04:32:55 +00:00
Luke Plant
84ef9dabfa
Fixed #11061 : Malformed POST request causes TypeError in AdminSite.login().
...
Thanks vvd
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11493 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-10 16:50:57 +00:00
Russell Keith-Magee
8d48eaa064
Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
...
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:16:13 +00:00
Russell Keith-Magee
e992e57d3e
Fixed #11416 -- Restored use of the never_cache decorator on admin views. Thanks to Ramiro Morales and Michael Newmann for their work on the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11229 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-13 13:46:31 +00:00
Russell Keith-Magee
7ecb8b08b3
Fixed #10922 -- Corrected handling of POST data to ensure that the right objects are updated on save when the ordering field is editable. Thanks to Alex Gaynor, Karen Tracy, and Will Hardy for their contributions to this patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 03:05:17 +00:00
Matt Boersma
56f3ed7f54
Fixed import statement in admin_views test to work with Python 2.3.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10789 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-15 15:01:40 +00:00
Jacob Kaplan-Moss
e508bfd27f
Fixed #10992 : fixed a bug saving inlines with custom primary key fields. Thanks, Zain.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10777 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 02:23:53 +00:00
Russell Keith-Magee
2c2871b7c3
Fixed #11042 -- Corrected admin inlines for inherited models. Thanks to jsmullyan for the report, and mir for helpful triage work. Patch includes regression test for #8093 , and a commented out test for #10992 .
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10725 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-09 11:40:13 +00:00
Jacob Kaplan-Moss
23fa913676
Fixed #10448 : correcting errors on "save as new" now correctly create a new object instead of modifying the old one. Thanks, bastih.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10713 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-08 12:53:14 +00:00
Russell Keith-Magee
ae7d9bfad2
Fixed #10899 -- Ensured that log messages for deletions in the admin contain useful descriptions. Thanks to Jeremy Dunck for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10686 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-07 13:10:59 +00:00
Russell Keith-Magee
b5f0aff922
Fixed #10516 -- Corrected admin search when the search_fields definition contains multiple fields on the same base model. Thanks to Zain Memon for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10684 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-07 12:52:43 +00:00
Russell Keith-Magee
eb81d5acb3
Fixed #10893 -- Corrected a problem with using list_editable in the admin when the model has a manual primary key. Thanks to Alex Gaynor for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10681 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-07 11:56:10 +00:00
Russell Keith-Magee
9d28568cb4
Fixed #10275 -- Corrected the edge case of rendering a LogEntry with a contenttype of None. Thanks to Jarek Zgoda for the report, and Peter Bengtsson for the patch
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-05 11:52:03 +00:00
Jacob Kaplan-Moss
ccc8e104ee
Fixed #10799 : fixed the use of list_editable with model inheritance and custom one-to-one parent links. Thanks, Alex Gaynor.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10590 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-18 21:03:29 +00:00
Jacob Kaplan-Moss
1e4ad6f118
Fixed #10002 : inline file uploads now correctly display prior data. Thanks, dgouldin.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10588 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-18 20:29:55 +00:00
Jacob Kaplan-Moss
bb15cee58a
Made a bunch of improvements to admin actions. Be warned: this includes one minor but BACKWARDS-INCOMPATIBLE change.
...
These changes are:
* BACKWARDS-INCOMPATIBLE CHANGE: action functions and action methods now share the same signature: `(modeladmin, request, queryset)`. Actions defined as methods stay the same, but if you've defined an action as a standalone function you'll now need to add that first `modeladmin` argument.
* The delete selected action is now a standalone function registered site-wide; this makes disabling it easy.
* Fixed #10596 : there are now official, documented `AdminSite` APIs for dealing with actions, including a method to disable global actions. You can still re-enable globally-disabled actions on a case-by-case basis.
* Fixed #10595 : you can now disable actions for a particular `ModelAdmin` by setting `actions` to `None`.
* Fixed #10734 : actions are now sorted (by name).
* Fixed #10618 : the action is now taken from the form whose "submit" button you clicked, not arbitrarily the last form on the page.
* All of the above is documented and tested.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10408 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-06 20:23:33 +00:00
Jacob Kaplan-Moss
8f7aa84def
Fixed #9651 : fixed save_as with inline forms. Thanks, kmike and Mnewman.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10353 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-02 00:01:15 +00:00
Jacob Kaplan-Moss
ee17cabba0
Fixed #9969 : choices with options groups (added in [7977]) now work correctly in the admin with list_display and list_filter. Thanks, ramiro.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10318 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-01 14:14:20 +00:00
Jacob Kaplan-Moss
f83af07ce3
Fixed #7510 : the ModelAdmin now uses `self.queryset` instead of the default manager. Thanks, Alex Gaynor.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10314 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-01 03:11:58 +00:00
Joseph Kocherhans
62353e8fe7
Fixed #9863 . A ForeignKey with editable=False to the parent in an inline no longer raises an exception. Thanks to keithb for the test case and Alex Gaynor for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10239 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 00:03:34 +00:00
Brian Rosner
69977d2045
Fixed #10622 -- Resolved an issue with model inheritence and list_editable. Thanks oyvind and Alex Gaynor.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10178 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-29 18:52:38 +00:00
Jacob Kaplan-Moss
44f3080226
Fixed #10505 : added support for bulk admin actions, including a globally-available "delete selected" action. See the documentation for details.
...
This work started life as Brian Beck's "django-batchadmin." It was rewritten for inclusion in Django by Alex Gaynor, Jannis Leidel (jezdez), and Martin Mahner (bartTC). Thanks, guys!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10121 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 20:22:56 +00:00
Jacob Kaplan-Moss
7bc0878922
Fixed #8939 : added a `list_editable` option to `ModelAdmin`; fields declared `list_editable` may be edited, in bulk, on the changelist page. Thanks, Alex Gaynor.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10077 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-17 20:51:47 +00:00
Russell Keith-Magee
3c8568a7dc
Fixed #10271 , #10281 -- Fixed the handling multiple inline models that share a common base class and have the link to the inline parent on the base class. Includes modifications that allow the equivalent handling for GenericFields. Thanks to Idan Gazit, Antti Kaihola (akaihola), and Alex Gaynor for their work on this patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10017 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-10 11:19:26 +00:00
Jacob Kaplan-Moss
1f84630c87
Fixed #6470 : made the admin use a URL resolver.
...
This *is* backwards compatible, but `admin.site.root()` has been deprecated. The new style is `('^admin/', include(admin.site.urls))`; users will need to update their code to take advantage of the new customizable admin URLs.
Thanks to Alex Gaynor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9739 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-14 20:22:25 +00:00
Karen Tracey
10894da8a8
Fixed #9859 -- Added another missing force_unicode needed in admin when running on Python 2.3. Many thanks for report & patch to nfg.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9656 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-16 15:04:47 +00:00
Karen Tracey
6ed91234e3
Fixed #8910 -- Added force_unicode during admin log message creation to avoid triggering a Python 2.3 bug. Thanks for the report joshg and patch nfg.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9383 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-10 17:13:41 +00:00
Karen Tracey
c367e2869e
Fixed #9514 -- Made admin change_form template correctly recognize/report when a form has only a single error.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9371 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-09 18:51:28 +00:00
Karen Tracey
03070a9955
Fixed #7179 -- Changed breadcrumbs on the add page so that a link to the change view is not included when the user doesn't have permission for that view. Also added tests to ensure the link is not there when it shouldn't be, and there when it should be. Thanks for the report & patch alen__ribic.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9276 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-24 19:14:24 +00:00
Karen Tracey
30241385d5
Fixed #9252 -- Moved the try/except protecting against incorrect lookup params to where the error is now raised, and added a test for this case.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9245 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-22 23:09:35 +00:00
Karen Tracey
ae43d11838
Fixed #3096 -- Make admin list_filters respect limit_choices_to.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9241 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-21 19:03:21 +00:00
Karen Tracey
05d695908c
Fixed #9053 -- Allowed for sorting of callable and ModelAdmin methods specified in list_display (added in r8352). Previously attempting to sort on the former would raise an exception and the latter simply didn't sort. Also added tests for this function. Thanks rgl and jenan.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9211 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-08 14:47:01 +00:00
Jacob Kaplan-Moss
0e5faf225c
Security fix. Announcement forthcoming.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8877 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 21:10:00 +00:00
Brian Rosner
cd0b65bcf7
Fixed #7982 -- Corrected ModelAdmin url dispatching to ensure it matching exactly what it needs and doesn't stomp on primary key space. 'add' is a lost cause for now. This originated from #6470 . Thanks jdetaeye for the original patch and basith for providing test cases.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8704 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-29 16:46:46 +00:00
Jacob Kaplan-Moss
21928f2ba0
Fixed #7738 : support initial values via `GET` for `SelectMutliple` in the admin.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8699 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-29 16:09:29 +00:00
Russell Keith-Magee
27b0077a48
Fixed #8509 : Cleaned up handling of test cookies in admin logins. Thanks to rajeshd for the report of a problem case.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8509 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-24 06:34:18 +00:00
Russell Keith-Magee
a9ee1d4e28
Fixed #7776 : Ensured that the test cookie is always deleted once a login has succeeded. Thanks for the report and fix, Mnewman.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8484 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 14:12:58 +00:00
Malcolm Tredinnick
4881a4ffb0
Use failIf() instead of assertFalse() so that tests work with python 2.3.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8379 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15 14:58:47 +00:00
Brian Rosner
65be56816f
Fixed #5780 -- Adjusted the ModelAdmin API to allow the created/updated objects
...
to be passed to the formsets prior to validation.
This is a backward incompatible change for anyone overridding save_add or
save_change. They have been removed in favor of more granular methods
introduced in [8266] and the new response_add and response_change nethods.
save_model has been renamed to save_form due to its slightly changed behavior.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8273 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-09 20:52:40 +00:00
Jacob Kaplan-Moss
4747347385
Fixed #5801 : admin requests with GET args now get properly bounced through login with those args intact. Thanks for the patch, Rozza.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8271 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-09 17:35:19 +00:00
Malcolm Tredinnick
ab8965c428
Added a few force_unicode() calls around objects in the admin. Required for
...
Python 2.3 compatibility. Patch from nfg.
Refs #8151 , #8153 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8236 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-08 18:07:33 +00:00
Malcolm Tredinnick
c5a76a3669
Fixed a bunch of Python 2.3 test failures.
...
All remaining buildbot failures on 2.3 are not due to the test suite, as far as
I can work out.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8055 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-22 19:48:36 +00:00
Brian Rosner
a19ed8aea3
Merged the newforms-admin branch into trunk.
...
This is a backward incompatible change. The admin contrib app has been
refactored. The newforms module has several improvements including FormSets
and Media definitions.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7967 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-18 23:54:34 +00:00