Commit Graph

134 Commits

Author SHA1 Message Date
Luke Plant 840ffd80ba Noted that SECURE_PROXY_SSL_HEADER is needed by CSRF protection.
Both false positives and false negatives of HttpRequest.is_secure can be
dangerous.
2012-06-04 21:41:05 +01:00
Ramiro Morales e9a56606e7 Fixed broken URLs introduced in 1adc87cd32. 2012-05-03 12:42:56 -03:00
Ramiro Morales 1adc87cd32 Updated some URLs in the documentation to point to the new repository. 2012-05-03 11:53:17 -03:00
Claude Paroz eefb00f301 Fixed #18220 -- Removed the CACHE_BACKEND setting, as per official deprecation timeline.
Thanks Ramiro Morales for the review.
2012-04-29 20:47:36 +02:00
Claude Paroz cb2fafe574 Fixed #18045 -- Corrected the documented default value of SESSION_COOKIE_HTTPONLY setting. Missing bit of r17135.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17862 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-01 17:13:55 +00:00
Aymeric Augustin 9ed6e08ff9 Removed deprecated URLField.verify_exists.
The deprecation schedule was slightly accelerated because of possible security ramifications.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@17847 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-31 13:55:03 +00:00
Aymeric Augustin 00ec03fd44 Fixed #17733 -- Discouraged setting TIME_ZONE to None when USE_TZ is True. Thanks berdario for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-26 14:17:13 +00:00
Claude Paroz 78638a9a51 Replaced http by https in djangoproject.com links
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17703 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-13 17:53:31 +00:00
Adrian Holovaty 2ade1e916f Edited stuff from [17543] to [17629]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17630 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-02 17:16:52 +00:00
Jannis Leidel d93a2ef887 Fixed #17568 -- Mentioned ``reverse_lazy`` in the ``LOGIN_REDIRECT_URL`` settings docs. Thanks, zsiciarz.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17626 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-02 16:56:04 +00:00
Timo Graham d2988ce0f4 Fixed #17767 - Added signed cookie session backed to session engine settings docs; thanks Preston Holmes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17606 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-01 01:06:22 +00:00
Aymeric Augustin 6daad896fb Reverted r17577 because it's actually possible to use a time zone that isn't the system time zone without pytz, thanks to the TZ environment variable.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17578 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-22 21:42:50 +00:00
Aymeric Augustin 8842183448 Noted that TIME_ZONE must be the server time zone when time zone support is enabled and pytz isn't installed.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17577 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-22 21:13:36 +00:00
Timo Graham 7d7d2d354c Fixed #16758 - Added a warning regarding overriding default settings; thanks cyclops for the suggestion & Aymeric Augustin for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17566 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-20 19:08:22 +00:00
Aymeric Augustin 1d78897c5d Fixed #17166 -- Documented how FIXTURE_DIRS works in the inital data how-to, and edited related bits in the settings reference.
Performed minor edits for consistency while I was there.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@17558 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-19 09:02:52 +00:00
Aymeric Augustin 7a7ec73efe Fixed #16452 -- Clarified that the DATE/DATETIME/TIME_INPUT_FORMATS settings have no effect when USE_L10N is True. Thanks Travis Brooks.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17554 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-19 08:00:06 +00:00
Adrian Holovaty 7981efe04f Documentation (and some small source code) edits from [17432] - [17537]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17540 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-17 20:04:11 +00:00
Jannis Leidel ec5e2f0ccc Fixed #17460 -- Extended the HIDDEN_SETTINGS constant in with a few more sensible names of settings to hide in the debug view. Many thanks to chomik, lpiatek and tomaszrybak.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17481 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-09 18:58:45 +00:00
Adrian Holovaty d4f11eb776 Fixed incorrect 'setting::' prefix in settings.txt
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17312 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-30 21:13:08 +00:00
Adrian Holovaty 61f0aff811 Fixed #14597 -- Added a SECURE_PROXY_SSL_HEADER setting for cases when you're behind a proxy that 'swallows' the fact that a request is HTTPS
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17209 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-16 22:06:06 +00:00
Jannis Leidel 6f66b55108 Fixed #17255 -- Removed "as" prefix from new timezone template filter names for the sake of clarity. Cheers to Aymeric Augustin for bearing with me.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17107 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-18 15:00:08 +00:00
Aymeric Augustin 9b1cb755a2 Added support for time zones. Thanks Luke Plant for the review. Fixed #2626.
For more information on this project, see this thread:
http://groups.google.com/group/django-developers/browse_thread/thread/cf0423bbb85b1bbf



git-svn-id: http://code.djangoproject.com/svn/django/trunk@17106 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-18 13:01:06 +00:00
Luke Plant 3b7a4c6adc Fixed #17117 - ADMIN_MEDIA_PREFIX should still be visible in docs
Thanks to claudep for the report and patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17063 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-01 21:37:12 +00:00
Aymeric Augustin 67e6e0fcf3 Fixed #17087 -- Re-organized the i18n docs to reduce confusion between USE_I18N/USE_L10N and the concepts of internationalization/localisation. Re
moved some duplicate content.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@17026 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-22 17:17:57 +00:00
Carl Meyer 145a77edc9 Fixed #16360 -- Added WSGI entrypoint to startproject layout, and enabled internal servers (runserver and runfcgi) to use an externally-defined WSGI application. Thanks to Armin Ronacher, Jannis Leidel, Alex Gaynor, ptone, and Jacob Kaplan-Moss.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17022 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-22 04:30:10 +00:00
Aymeric Augustin 246580573d Fixed #12308 -- Added tablespace support to the PostgreSQL backend.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16987 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-14 21:49:43 +00:00
Luke Plant d1e5c55258 Fixed many more ReST indentation errors, somehow accidentally missed from [16955]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16983 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-14 00:12:01 +00:00
Aymeric Augustin 846fc7260a Fixed typo in r16935. Refs #17012.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16936 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-07 15:33:55 +00:00
Aymeric Augustin 510ea906f7 Fixed #17012 - Removed references to the 'hasNoProfanities' validator. Refs #8794.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16935 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-07 08:35:20 +00:00
Julien Phalip fc06ec0daf Fixed #16876 -- Fixed a cross reference in the settings reference doc. Thanks to Gumnos for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16855 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-19 07:33:32 +00:00
Julien Phalip 357910c1c6 Rectified the settings reference documentation to indicate that `USE_L10N` (and not `USE_I18N`) controls the activation of locale-dictated formats.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16850 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-18 07:50:50 +00:00
Carl Meyer 00678334aa Fixed #16863 -- Corrected ReST markup to avoid errors building docs.
Although directives such as "note" and "warning" will accept content
immediately following the directive, this is technically where arguments to the
directive should go (see http://sphinx.pocoo.org/rest.html#directives). Putting
the content there means that any lines beginning with an inline text role
(e.g. ":setting:`DEBUG`") will be mis-interpreted as an option block for the
directive. To avoid this error, there should always be a blank line between the
directive start and the directive content.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16842 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-16 18:06:42 +00:00
Carl Meyer d1d6109229 Added release note and updated TEMPLATE_DEBUG documentation for r16833. Thanks jezdez for the reminder.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16841 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-16 17:07:19 +00:00
Russell Keith-Magee 5f287f75f2 Altered the behavior of URLField to avoid a potential DOS vector, and to avoid potential leakage of local filesystem data. A security announcement will be made shortly.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16760 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 00:47:00 +00:00
Russell Keith-Magee 893cea211a Added protection against spoofing of X_FORWARDED_HOST headers. A security announcement will be made shortly.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16758 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 00:46:38 +00:00
Alex Gaynor d036b87126 Remove no-longer-valid references to the DATABASE_* settings, the legacy code for them was already removed.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16733 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-09 17:14:47 +00:00
Jannis Leidel 6819312c98 Fixed #15918 -- Refined documentation of the various localization settings, especially with regard to the thousand separator. Thanks, Aymeric Augustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16727 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-08 13:25:17 +00:00
Ramiro Morales 932b1b8d6d Converted links to external topics so they use intersphinx extension markup.
This allows to make these links more resilent to changes in the target URLs.
Thanks Jannis for the report and Aymeric Augustin for the patch.

Fixes #16586.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16720 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-04 21:17:30 +00:00
Julien Phalip 5c1b4ab75b Fixed #16729 -- Fixed a small typo in the settings reference doc. Thanks to simon.cruanes.2007@m4x.org for the report and to Aymeric Augustin for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16716 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-02 03:47:49 +00:00
Malcolm Tredinnick f77666a4af Documented some Oracle-specific test settings.
Patch from aaugustin that should help people with specific testing
requirements for Oracle set things up in their preferred way. The
settings have always existed, but now they are documented.

Fixes #16478.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16646 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-22 06:35:52 +00:00
Jannis Leidel 566b3295fa Fixed #16621 -- Fixed lots of typos in the docs. Thanks, Bernhard Essl.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16615 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-13 11:58:19 +00:00
Chris Beaven 956da729d1 Add a note to USE_L10N settings documentation that startproject sets USE_L10N = True
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16538 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-12 00:08:37 +00:00
Jannis Leidel 38a2444277 Fixed #16050 -- BACKWARDS-INCOMPATIBLE CHANGE: Moved static files of the admin to conventional file system location.
This also removes the need for ADMIN_MEDIA_PREFIX and replaces it with the convention to find admin's static files at STATIC_URL + 'admin/'.

Thanks to Jacob for the review and general help.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16487 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-30 09:06:19 +00:00
Luke Plant 45e55b9143 Fixed #14614 - filtering of sensitive information in 500 error reports.
This adds a flexible mechanism for filtering what request/traceback
information is shown in 500 error emails and logs. It also applies
screening to some views known to be sensitive e.g. views that handle
passwords.

Thanks to oaylanc for the report and many thanks to Julien Phalip for the
patch and the rest of the work on this.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16339 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-08 22:18:46 +00:00
Luke Plant 524c5fa07a Fixed #14261 - Added clickjacking protection (X-Frame-Options header)
Many thanks to rniemeyer for the patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16298 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30 22:27:47 +00:00
Jannis Leidel 49f57a5d28 Fixed #15992 -- Added more references to settings. Thanks, aaugustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16290 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-29 17:41:04 +00:00
Jannis Leidel f60d428463 Fixed #12417 -- Added signing functionality, including signing cookies. Many thanks to Simon, Stephan, Paul and everyone else involved.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16253 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-21 14:41:14 +00:00
Luke Plant 8cbcf1d3a6 Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF cookie
Thanks to cfattarsi for the report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:22 +00:00
Luke Plant bf7af2be15 Added clarifying note to docs for CSRF_COOKIE_DOMAIN
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 22:59:52 +00:00
Luke Plant 171df93170 Fixed #15954 - New IGNORABLE_404_URLS setting that allows more powerful filtering of 404s to ignore
Thanks to aaugustin for implementing this.

(Technically this doesn't fix the original report, as we've decided against
having *any* default values, but the new feature makes it possible, and the
docs have an example addressing #15954).

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-05 20:49:26 +00:00