Commit Graph

3672 Commits

Author SHA1 Message Date
Luke Plant cb060f0f34 Fixed #15258 - Ajax CSRF protection doesn't apply to PUT or DELETE requests
Thanks to brodie for the report, and further input from tow21

This is a potentially backwards incompatible change - if you were doing
PUT/DELETE requests and relying on the lack of protection, you will need to
update your code, as noted in the releaste notes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16201 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:45:54 +00:00
Luke Plant 8cbcf1d3a6 Fixed #14134 - ability to set cookie 'path' and 'secure' attributes of CSRF cookie
Thanks to cfattarsi for the report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:22 +00:00
Luke Plant a75120927e Added 'settings' section to CSRF docs, eliminating the unneeded 'Subdomains' section
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16199 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:10 +00:00
Luke Plant d3641d889b Clarified wording about use of 2 decorators in CSRF docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16198 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 23:00:02 +00:00
Luke Plant bf7af2be15 Added clarifying note to docs for CSRF_COOKIE_DOMAIN
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 22:59:52 +00:00
Simon Meers 8122ce7c76 Fixed #15989 -- typo in static-files howto. Thanks luizvital.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16195 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 22:30:31 +00:00
Luke Plant b6c5f8060d Fixed #15354 - provide method to ensure CSRF token is always available for AJAX requests
Thanks to sayane for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 21:35:24 +00:00
Luke Plant e9342e9b32 Fixed #15469 - CSRF token is inserted on GET requests
Thanks to goran for report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16191 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 19:06:57 +00:00
Luke Plant 7c648ea4aa Mentioned simplification of AJAX example code in CSRF docs.
Refs #15469. Thanks to aaugustin for the suggestion

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16190 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 19:06:49 +00:00
Luke Plant 5df93d529d Documented the edge case of needing a view that is partly CSRF protected
Refs #15518.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16189 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:52 +00:00
Luke Plant b5da093fa9 In CSRF docs, moved 'Exceptions' section to 'Edge cases', and cleaned up some associated markup
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16188 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:45 +00:00
Luke Plant eadcbcb131 Fixed #15518 - documented requires_csrf_token
Thanks to vzima for a report that raised the issue.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16187 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:36 +00:00
Luke Plant 1d350a6c51 Changed an example in CSRF docs to use new 'render' shortcut
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16186 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 18:27:28 +00:00
Luke Plant ae1866ddef Fixed #15869 - example AJAX code in CSRF docs fails sometimes for IE7 or absolute same origin URLs
Thanks to nick for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16183 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-09 15:40:01 +00:00
Jannis Leidel c5f58f54fd Fixed #15941 -- Fixed DateField docs to no longer state that the admin calendar's week always starts on Sunday (refs FIRST_DAY_OF_WEEK setting). Thanks aaugustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16174 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-07 16:58:58 +00:00
Jannis Leidel e282e1b327 Added missing reference to custom template tag docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16173 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-07 16:58:52 +00:00
Jannis Leidel 0322f2b653 Fixed #15263 -- Added support for format localization to the now template tag. Thanks to danielr and dmclain.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16172 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-07 16:58:45 +00:00
Jannis Leidel 8f3e1c1c63 Fixed #6392 -- Made django.contrib.humanize template tags locale aware. Thanks, Dave McLain.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16168 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-06 13:29:58 +00:00
Jannis Leidel 0dc6420b3e Added TestCase.settings context manager to easily override settings in test methods.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16165 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-06 13:29:24 +00:00
Luke Plant d11acfd209 Fixed typo in deprecation docs.
Thanks to aaugustin for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16161 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-05 20:49:35 +00:00
Luke Plant 171df93170 Fixed #15954 - New IGNORABLE_404_URLS setting that allows more powerful filtering of 404s to ignore
Thanks to aaugustin for implementing this.

(Technically this doesn't fix the original report, as we've decided against
having *any* default values, but the new feature makes it possible, and the
docs have an example addressing #15954).

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-05 20:49:26 +00:00
Timo Graham 127f1e4190 Fixed #15827 - Documented that OneToOneField in Profile should be named 'user'; thanks lawgon.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16155 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-04 23:44:26 +00:00
Jannis Leidel 95dc7c7486 Fixed #15960 -- Extended list filer API added in r16144 slightly to pass the current model admin to the SimpleListFilter.lookups method to support finer grained control over what is filtered over. Many thanks to Carl Meyer and Julien Phalip for the suggestion and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16152 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-04 22:52:04 +00:00
Jannis Leidel 05b4f2ebc2 Corrected the behavior of the SimpleFilter.lookups method to also be able to return None. Also modified example in documentation to be a bite more realistic. Refs #5833. Thanks for the hint, Martin Mahner.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16150 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-03 13:52:39 +00:00
Jannis Leidel 950e05c3ff Fixed #14262 -- Added new assignment_tag as a simple way to assign the result of a template tag to a context variable. Thanks, Julien Phalip.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16149 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-03 11:52:42 +00:00
Jannis Leidel f4860448dd Fixed #13729 -- Renamed UK localflavor to GB to correctly follow ISO 3166. Thanks, Claude Paroz.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16147 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-03 11:52:20 +00:00
Jannis Leidel 18d2f4a816 Fixed #5833 -- Modified the admin list filters to be easier to customize. Many thanks to Honza Král, Tom X. Tobin, gerdemb, eandre, sciyoshi, bendavis78 and Julien Phalip for working on this.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16144 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-03 10:44:23 +00:00
Timo Graham a85cd1688b Fixed #15942 - removed duplicate module id in docs; thanks magopian.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16142 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-03 10:22:49 +00:00
Alex Gaynor c21d3afaef Fixed #15952 -- fixed an error in the template builtins docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16141 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-03 03:15:28 +00:00
Timo Graham 5487ec8039 Fixed #15887 - Added clarification for required_*() decorators; thanks RoySmith for the sugggestion.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16139 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-01 20:08:55 +00:00
Jannis Leidel 13b4f98b80 Fixed #6581 -- Moved documentation of django.contrib.auth.views.redirect_to_login to an own "Helper functions" section.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16130 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-30 13:37:03 +00:00
Timo Graham 2830872d60 Fixed #15876 - Document that test.client.RequestFactory doesn't support sessions or request-altering middleware; thanks slinkp for the suggestion, ShawnMilo for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16128 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-30 12:59:24 +00:00
Ramiro Morales 1d7c2dedcd Fixed small typos in custom template tags docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16126 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-30 02:19:24 +00:00
Jannis Leidel 12a9107a7d Fixed minor doc typo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16125 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-29 15:11:24 +00:00
Jannis Leidel 0fa8bd3d92 Fixed #15920 -- Removed COMMENTS_BANNED_USERS_GROUP setting in favor of the established comments app customization. Thanks, Daniel Lindsley.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16124 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-29 15:11:17 +00:00
Jannis Leidel 79afd55278 Fixed #5925 -- Added new lazily evaluated version of django.core.urlresolvers.reverse. Thanks, SmileyChris, Preston Timmons and Julien Phalip.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16121 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-29 11:49:59 +00:00
Jannis Leidel 07854d1c44 Fixed #15713 -- Added a form field for validating Polish National ID Card numbers. Thanks, xtrqt.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16116 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-28 13:20:33 +00:00
Jannis Leidel 086ab44336 Fixed #15637 -- Added a require_safe decorator for views to accept GET or HEAD. Thanks, aaugustin and Julien.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16115 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-28 13:04:16 +00:00
Simon Meers 013ce8aca2 Fixed #15865 -- correct class name for BaseGenericInlineFormset. Thanks leonelfreire for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16113 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-28 01:46:46 +00:00
Simon Meers fe7695533d Fix heading formatting in localflavor docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16112 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-28 00:28:42 +00:00
Simon Meers e5cf560783 Fixed #15885 -- Update auth view docs re: TemplateResponse. Thanks prestontimmons.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16111 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-28 00:26:31 +00:00
Simon Meers 6d98cda03c Fixed #15830 -- Add documentation regarding localflavor i18n. Thanks framos.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16109 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-28 00:20:10 +00:00
Alex Gaynor 930371e91b Fixed #15889 -- when trying to access to access a serializer that doesn't exist, raise a new SerializerDoesNotExist exception. Thanks to Mathieu Agopian for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16104 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-26 16:49:32 +00:00
Timo Graham 449e84a2f1 Fixed #15801 - Incorrect external link for dictConfig; thanks David Niergarth for the report; jonash for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16100 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-24 23:53:24 +00:00
Timo Graham f9fa9327c6 Fixed #15853 - typo in m2m_changed signal documentation; thanks elbarto.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16098 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-24 23:47:18 +00:00
Timo Graham b2481a2cfb Fixed #15875 - typo in F() example; thanks jblaine.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16096 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-23 21:48:23 +00:00
Chris Beaven 5bbba4b9ad Fixes #15862 -- Error in post_syncdb documentation example. Thanks for the report and patch andialbrecht.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16091 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-22 21:23:26 +00:00
Chris Beaven 534c427b20 Fixed #13584 -- Optionally allow empty files with django.forms.FileField. Thanks for the patch erickr and closedbracket.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16090 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-22 21:18:27 +00:00
Jannis Leidel c8092b840b Fixed #15008 -- Replaced all calls in the admin to render_to_response with TemplateResponses for easier customization. Thanks to Chris Adams for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16087 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-22 18:17:16 +00:00
Ramiro Morales 13cfdb0d8b Fixed a couple of small documentation typos.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16086 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-22 14:08:31 +00:00