0
0
mirror of https://github.com/django/django.git synced 2024-11-22 11:57:34 +01:00
Commit Graph

14 Commits

Author SHA1 Message Date
Luke Plant
8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Joseph Kocherhans
677ddcbb04 Fixed #10752. Added more advanced bash completion. Thanks, Arthur Koziel.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11526 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-11 23:15:59 +00:00
Jacob Kaplan-Moss
7e06b69a3d Removed outdated "adminindex" command -- the same behavior is now far easier and better done in a template, or perhaps a custom AdminSite.index function. Refs #5500.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8548 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 18:53:18 +00:00
Malcolm Tredinnick
3cfa3cbd07 Fixed #5522 -- Moved make-messages, compile-messages and daily-cleanup into django-admin.py.
They are now called  "makemessages", "compilemessages" and "cleanup". This is
backwards incompatible for make-messages.py and compile-messages.py, although
the old executables still exist for now and print an error pointing the caller
to the right command to call.

This reduces the number of binaries and man pages Django needs to install.

Patch from Janis Leidel.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7844 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-06 06:39:44 +00:00
Russell Keith-Magee
3ce81068b8 Fixed #7525 -- Added createsuperuser to the bash completion script. Thanks to John Scott for the fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7727 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-23 12:42:09 +00:00
Russell Keith-Magee
c5f7caba72 Refs #7268 -- Added svn:executable flag for the Bash completion script.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-18 13:27:20 +00:00
Russell Keith-Magee
f9b9052c55 Refs #7268 -- Added django-admin as an alias in the django-bash-completion script. Thanks, Raphael Hertzog <hertzog@debian.org>
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7690 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-18 13:17:23 +00:00
Jacob Kaplan-Moss
aad8342aa4 Fixed #6661: fixed a bug with bash completion and python -i. Thanks, Soeren Sonnenburg.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7156 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-02-25 19:38:09 +00:00
Russell Keith-Magee
a10e73ac30 Fixed some documentation strings in django-admin, and updated the bash completion script.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5245 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-05-15 11:39:00 +00:00
Malcolm Tredinnick
a89b51b033 Fixed #1240 -- Fixed portability problem in bash completion script. Thanks,
Paolo.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@4677 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-03-08 03:34:05 +00:00
Jacob Kaplan-Moss
0e683f6da4 Fixed #1240: added better support for different names for "python" to django_bash_completion. Thanks, paolo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4646 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-28 15:39:53 +00:00
Jacob Kaplan-Moss
0a2155e5b3 Added completetion support for app names to django_base_completion, which closes #1240. Thanks for the patch, Rob Hudson
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4575 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-25 16:33:39 +00:00
Malcolm Tredinnick
3465a4f6f4 Fixed #1240 -- Updated bash completion file to accomodate changes in r3174.
Thanks, Paolo.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@3187 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-21 11:15:01 +00:00
Adrian Holovaty
f69cf70ed8 MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-02 01:31:56 +00:00