django.git, branch 1.2.6

django.git, branch 1.2.6 django http://cgit.adnoto.dev/django.git/atom?h=1.2.6 2011-09-10T01:41:36Z [1.2.X] Bump to 1.2.6 for security release. 2011-09-10T01:41:36Z James Bennett ubernostrum@gmail.com 2011-09-10T01:41:36Z urn:sha1:216a79ee477d1e8dcb9d0e631cd7cbb93ff9fb14 git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@16769 bcc190cf-cafb-0310-a4f2-bffc1f526a37 [1.2.X] Altered the behavior of URLField to avoid a potential DOS vector, and to avoid potential leakage of local filesystem data. A security announcement will be made shortly. 2011-09-10T01:28:50Z Russell Keith-Magee russell@keith-magee.com 2011-09-10T01:28:50Z urn:sha1:7268f8af86186518821d775c530d5558fd726930 Backport of r16760 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@16766 bcc190cf-cafb-0310-a4f2-bffc1f526a37 [1.2.X] Corrected an issue which could allow attackers to manipulate session data using the cache. A security announcement will be made shortly. 2011-09-10T01:28:40Z Russell Keith-Magee russell@keith-magee.com 2011-09-10T01:28:40Z urn:sha1:ac7c3a110f906e4dfed3a17451bf7fd9fcb81296 Backport of r16759 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@16765 bcc190cf-cafb-0310-a4f2-bffc1f526a37 [1.2.X] Added protection against spoofing of X_FORWARDED_HOST headers. A security announcement will be made shortly. 2011-09-10T01:28:31Z Russell Keith-Magee russell@keith-magee.com 2011-09-10T01:28:31Z urn:sha1:c613af4d6485586c79d692b70a9acac429f3ca9d Backport of r16758 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@16764 bcc190cf-cafb-0310-a4f2-bffc1f526a37 [1.2.X] Updated AJAX example code in CSRF docs to be consistent regarding what are safe HTTP methods 2011-05-09T23:56:04Z Luke Plant L.Plant.98@cantab.net 2011-05-09T23:56:04Z urn:sha1:285b464fb8cb972af6bbdd7cf62b46e75c128a64 Backport of [16202] from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@16204 bcc190cf-cafb-0310-a4f2-bffc1f526a37 [1.2.X] Fixed #15469 - CSRF token is inserted on GET requests 2011-05-09T21:39:22Z Luke Plant L.Plant.98@cantab.net 2011-05-09T21:39:22Z urn:sha1:cfc1756ef57b019b772ac60e651a76fe2d41a7e1 Thanks to goran for report. Backport of [16191] from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@16194 bcc190cf-cafb-0310-a4f2-bffc1f526a37 [1.2.X] Fixed #15869 - example AJAX code in CSRF docs fails sometimes for IE7 or absolute same origin URLs 2011-05-09T15:49:54Z Luke Plant L.Plant.98@cantab.net 2011-05-09T15:49:54Z urn:sha1:87fa64ca7c24fe16189fe638805e09a66c52b403 Thanks to nick for the report. Backport of [16183] from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@16185 bcc190cf-cafb-0310-a4f2-bffc1f526a37 [1.2.X] Ensure stdin is a tty before handing it to termios, so as to prevent prolems when running under IDEs. 2011-03-24T13:00:59Z Karen Tracey kmtracey@gmail.com 2011-03-24T13:00:59Z urn:sha1:1dc518555b137beb7b3ffabc8d0e68edd2b27e61 r15911 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15912 bcc190cf-cafb-0310-a4f2-bffc1f526a37 [1.2.X] Fixed typo in forms API documentation. 2011-03-22T23:24:13Z Simon Meers simon@simonmeers.com 2011-03-22T23:24:13Z urn:sha1:c5b476e22ac58bd927f9aa12b12976b76400c4b9 Backport of r15896 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15899 bcc190cf-cafb-0310-a4f2-bffc1f526a37 [1.2.X] Tweaked title level in custom file storage systems documentation. 2011-03-21T15:41:53Z Ramiro Morales cramm0@gmail.com 2011-03-21T15:41:53Z urn:sha1:1332e898520a7f3c580ac0be6136ecf5be07b5c5 Backport of [15888] from trunk git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15889 bcc190cf-cafb-0310-a4f2-bffc1f526a37