Commit Graph

851 Commits

Author SHA1 Message Date
Carl Meyer 0e03a504bf Refs #15855 -- Recommended the csrf_protect decorator rather than vary_on_cookie as workaround for cache_page caching the response before it gets to middleware.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16361 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-10 16:18:40 +00:00
Luke Plant 528157ce73 Fixed #14201 - Add a "security overview" page to the docs
Thanks to davidfischer for the initial patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-10 15:14:36 +00:00
Russell Keith-Magee 046ffa483e Fixed #16185, #15675 -- Added the ability for test runners to define custom options, and to specify a custom test runner at the command line. Thanks to Dmitry Jemerov and Mikołaj Siedlarek for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16352 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-10 08:26:05 +00:00
Chris Beaven b56ef75088 Fixes #13511 -- make regex parameter to RegexValidator to be optional. Also tidies up related docs (parameters aren't attributes). Thanks for the patch work, davidfischer.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16351 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-09 23:51:03 +00:00
Ramiro Morales dff31de20a Fixed #16155 -- Removed Python 2.4 compatibility constructs from code and mentions from docs. Thanks Aymeric Augustin for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16349 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-09 20:01:28 +00:00
Andrew Godwin 865d684a8a Fixed #8913 - Make "must be unique" error messages customisable. Thanks to Leah Culver.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16345 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-09 15:05:13 +00:00
Luke Plant 207e3ed9d5 Fixed #14206 - dynamic list_display support in admin
Thanks to gabejackson for the suggestion, and to cyrus for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16340 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-08 22:53:55 +00:00
Luke Plant 45e55b9143 Fixed #14614 - filtering of sensitive information in 500 error reports.
This adds a flexible mechanism for filtering what request/traceback
information is shown in 500 error emails and logs. It also applies
screening to some views known to be sensitive e.g. views that handle
passwords.

Thanks to oaylanc for the report and many thanks to Julien Phalip for the
patch and the rest of the work on this.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16339 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-08 22:18:46 +00:00
Ramiro Morales 0638ba5bba Enhanced a bit the documentation and docstring for the url template tag. Also, added a test for it.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16331 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-05 23:44:34 +00:00
Luke Plant 5434ce231d Fixed #11868 - Multiple sort in admin changelist.
Many thanks to bendavis78 for the initial patch, and for input from others.

Also fixed #7309. If people were relying on the undocumented default ordering
applied by the admin before, they will need to add 'ordering = ["-pk"]' to
their ModelAdmin.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16316 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-02 16:18:47 +00:00
Jannis Leidel 9abe734b83 Fixed #16141 -- Fixed typos in new form wizard.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16309 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-01 20:14:25 +00:00
Jannis Leidel 632dfa2338 Fixed #9200 -- Added new form wizard to formtools based on class based views. Many thanks to Stephan Jäkel, ddurham and ElliottM for their work.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16307 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-01 13:47:00 +00:00
Timo Graham caefdc8246 Fixed #16090, #16091, #16114 - Typos in docs; thanks teraom.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16300 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-31 09:42:19 +00:00
Luke Plant 0994416d3f Fixed some typos/grammar in clickjacking docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16299 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30 22:50:11 +00:00
Luke Plant 524c5fa07a Fixed #14261 - Added clickjacking protection (X-Frame-Options header)
Many thanks to rniemeyer for the patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16298 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30 22:27:47 +00:00
Jannis Leidel 49f57a5d28 Fixed #15992 -- Added more references to settings. Thanks, aaugustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16290 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-29 17:41:04 +00:00
Jannis Leidel 61da3cc47a Fixed #16120 -- Updated a few reference links in the docs after the contributing reorganization. Thanks to Julien and Ramiro.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16289 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-29 12:47:30 +00:00
Luke Plant a482cc0ba3 Fixed #16004 - csrf_protect does not send cookie if view returns TemplateResponse
The root bug was in decorator_from_middleware, and the fix also corrects
bugs with gzip_page and other decorators.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16276 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-24 21:28:43 +00:00
Timo Graham 6443adc9a9 Fixed #16067 - Couple reST fixes in ref/templates/builtins.txt; thanks julien.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16263 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-22 16:43:50 +00:00
Jannis Leidel fc8116cc4f Fixed #6580 -- Added `default` parameter to `MultiValueDict.getlist` method (the base class for `QueryDict`). Many thanks to mk and andrewebdev.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16260 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-22 15:05:29 +00:00
Timo Graham 940d17409e Fixed #16021 - Minor documentation fixes for Generic Class Views; thanks Bradley Ayers.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16256 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-22 00:08:13 +00:00
Ramiro Morales 50ad59527c Tweaked some `render_to_response` links in the documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16255 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-21 18:36:01 +00:00
Jannis Leidel f60d428463 Fixed #12417 -- Added signing functionality, including signing cookies. Many thanks to Simon, Stephan, Paul and everyone else involved.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16253 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-21 14:41:14 +00:00
Jannis Leidel a3a53e0b73 Fixed #15561 -- Extended test setting override code added in r16165 with a decorator and a signal for setting changes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16237 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-18 12:08:53 +00:00
Jannis Leidel 091c9b530e Fixed #15983 and #16032 -- Another pass over the staticfiles docs. Many thanks to Frank Wiles and EvilDMP.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16235 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-18 09:51:24 +00:00
Jannis Leidel 578a31fea3 Fixed #15921 -- Refined naturaltime filter added in r16071 to use timesince and timeuntil filters as fallbacks instead of date filter.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16233 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-17 10:16:12 +00:00
Timo Graham ce6072aa96 Fixed #15769 - Documented FormWizard's initial argument; thanks aimaz for the suggestion; jrothenbuhler for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16229 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-15 19:11:57 +00:00
Adrian Holovaty c2ba96d8a9 Tweaked weird wording of docs/ref/contrib/humanize.txt 'naturaltime' section from [16071]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16226 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-14 17:44:10 +00:00
Ramiro Morales 2b5730873b Added ability to describe grouping of form fields in the same row to the `fields` ModelAdmin attribute.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16225 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-14 16:29:39 +00:00
Ramiro Morales 5f605678f0 Removed last vestiges of references to technical messages from documentation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16224 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-14 12:28:36 +00:00
Simon Meers 5ecb88c146 Fixed #16014 -- numerous documentation typos -- thanks psmith.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16220 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-13 04:33:42 +00:00
Chris Beaven 014cc896bc Fixes #15963 -- Misleading FileField.save documentation. Thanks for the report and patch, ejucovy.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16207 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-10 00:26:32 +00:00
Luke Plant 396bc58889 Updated AJAX example code in CSRF docs to be consistent regarding what are safe HTTP methods
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16202 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:46:02 +00:00
Luke Plant cb060f0f34 Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requests
Thanks to brodie for the report, and further input from tow21

This is a potentially backwards incompatible change - if you were doing
PUT/DELETE requests and relying on the lack of protection, you will need to
update your code, as noted in the releaste notes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16201 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:45:54 +00:00
Luke Plant 8cbcf1d3a6 Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF cookie
Thanks to cfattarsi for the report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:22 +00:00
Luke Plant a75120927e Added 'settings' section to CSRF docs, eliminating the unneeded 'Subdomains' section
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16199 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:10 +00:00
Luke Plant d3641d889b Clarified wording about use of 2 decorators in CSRF docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16198 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:02 +00:00
Luke Plant bf7af2be15 Added clarifying note to docs for CSRF_COOKIE_DOMAIN
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 22:59:52 +00:00
Luke Plant b6c5f8060d Fixed #15354 - provide method to ensure CSRF token is always available for AJAX requests
Thanks to sayane for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 21:35:24 +00:00
Luke Plant e9342e9b32 Fixed #15469 - CSRF token is inserted on GET requests
Thanks to goran for report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16191 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 19:06:57 +00:00
Luke Plant 7c648ea4aa Mentioned simplification of AJAX example code in CSRF docs.
Refs #15469. Thanks to aaugustin for the suggestion

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16190 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 19:06:49 +00:00
Luke Plant 5df93d529d Documented the edge case of needing a view that is partly CSRF protected
Refs #15518.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16189 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:52 +00:00
Luke Plant b5da093fa9 In CSRF docs, moved 'Exceptions' section to 'Edge cases', and cleaned up some associated markup
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16188 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:45 +00:00
Luke Plant eadcbcb131 Fixed #15518 - documented requires_csrf_token
Thanks to vzima for a report that raised the issue.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16187 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:36 +00:00
Luke Plant 1d350a6c51 Changed an example in CSRF docs to use new 'render' shortcut
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16186 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:28 +00:00
Luke Plant ae1866ddef Fixed #15869 - example AJAX code in CSRF docs fails sometimes for IE7 or absolute same origin URLs
Thanks to nick for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16183 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 15:40:01 +00:00
Jannis Leidel c5f58f54fd Fixed #15941 -- Fixed DateField docs to no longer state that the admin calendar's week always starts on Sunday (refs FIRST_DAY_OF_WEEK setting). Thanks aaugustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16174 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-07 16:58:58 +00:00
Jannis Leidel 0322f2b653 Fixed #15263 -- Added support for format localization to the now template tag. Thanks to danielr and dmclain.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16172 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-07 16:58:45 +00:00
Jannis Leidel 8f3e1c1c63 Fixed #6392 -- Made django.contrib.humanize template tags locale aware. Thanks, Dave McLain.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16168 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-06 13:29:58 +00:00
Luke Plant 171df93170 Fixed #15954 - New IGNORABLE_404_URLS setting that allows more powerful filtering of 404s to ignore
Thanks to aaugustin for implementing this.

(Technically this doesn't fix the original report, as we've decided against
having *any* default values, but the new feature makes it possible, and the
docs have an example addressing #15954).

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-05 20:49:26 +00:00