summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorAndrew Godwin <andrew@aeracode.org>2012-09-07 15:43:28 -0400
committerAndrew Godwin <andrew@aeracode.org>2012-09-07 15:43:28 -0400
commit828d691f62814edf3e93d981c0f991a48781fb79 (patch)
tree10aeb64ecaa08678aebad730deac73dbb5646d94 /docs
parentca9c3cd39fade827cced1b5198dd37bb80c208b0 (diff)
parent5999eb42eb6dad6a74c43eb6e9d96ac368ad97b4 (diff)
Merge branch 'master' into schema-alteration
Diffstat (limited to 'docs')
-rw-r--r--docs/intro/tutorial03.txt2
-rw-r--r--docs/ref/contrib/gis/install.txt26
-rw-r--r--docs/ref/forms/validation.txt5
-rw-r--r--docs/ref/forms/widgets.txt4
-rw-r--r--docs/ref/models/options.txt7
-rw-r--r--docs/ref/models/querysets.txt3
-rw-r--r--docs/releases/1.3.txt2
-rw-r--r--docs/topics/db/queries.txt4
-rw-r--r--docs/topics/python3.txt18
-rw-r--r--docs/topics/security.txt32
10 files changed, 67 insertions, 36 deletions
diff --git a/docs/intro/tutorial03.txt b/docs/intro/tutorial03.txt
index 6d4fb7eef1..2430bc3a2d 100644
--- a/docs/intro/tutorial03.txt
+++ b/docs/intro/tutorial03.txt
@@ -517,7 +517,7 @@ URLconf by removing the leading "polls/" from each line, and removing the
lines registering the admin site. Your ``polls/urls.py`` file should now look like
this::
- from django.conf.urls import patterns, include, url
+ from django.conf.urls import patterns, url
urlpatterns = patterns('polls.views',
url(r'^$', 'index'),
diff --git a/docs/ref/contrib/gis/install.txt b/docs/ref/contrib/gis/install.txt
index 3e952c173b..5dc3726ad1 100644
--- a/docs/ref/contrib/gis/install.txt
+++ b/docs/ref/contrib/gis/install.txt
@@ -80,7 +80,7 @@ geospatial libraries:
Program Description Required Supported Versions
======================== ==================================== ================================ ==========================
:ref:`GEOS <ref-geos>` Geometry Engine Open Source Yes 3.3, 3.2, 3.1, 3.0
-`PROJ.4`_ Cartographic Projections library Yes (PostgreSQL and SQLite only) 4.7, 4.6, 4.5, 4.4
+`PROJ.4`_ Cartographic Projections library Yes (PostgreSQL and SQLite only) 4.8, 4.7, 4.6, 4.5, 4.4
:ref:`GDAL <ref-gdal>` Geospatial Data Abstraction Library No (but, required for SQLite) 1.9, 1.8, 1.7, 1.6, 1.5
:ref:`GeoIP <ref-geoip>` IP-based geolocation library No 1.4
`PostGIS`__ Spatial extensions for PostgreSQL Yes (PostgreSQL only) 1.5, 1.4, 1.3
@@ -140,16 +140,16 @@ internal geometry representation used by GeoDjango (it's behind the "lazy"
geometries). Specifically, the C API library is called (e.g., ``libgeos_c.so``)
directly from Python using ctypes.
-First, download GEOS 3.3.0 from the refractions Web site and untar the source
+First, download GEOS 3.3.5 from the refractions Web site and untar the source
archive::
- $ wget http://download.osgeo.org/geos/geos-3.3.0.tar.bz2
- $ tar xjf geos-3.3.0.tar.bz2
+ $ wget http://download.osgeo.org/geos/geos-3.3.5.tar.bz2
+ $ tar xjf geos-3.3.5.tar.bz2
Next, change into the directory where GEOS was unpacked, run the configure
script, compile, and install::
- $ cd geos-3.3.0
+ $ cd geos-3.3.5
$ ./configure
$ make
$ sudo make install
@@ -203,15 +203,15 @@ reference systems.
First, download the PROJ.4 source code and datum shifting files [#]_::
- $ wget http://download.osgeo.org/proj/proj-4.7.0.tar.gz
- $ wget http://download.osgeo.org/proj/proj-datumgrid-1.5.zip
+ $ wget http://download.osgeo.org/proj/proj-4.8.0.tar.gz
+ $ wget http://download.osgeo.org/proj/proj-datumgrid-1.5.tar.gz
Next, untar the source code archive, and extract the datum shifting files in the
``nad`` subdirectory. This must be done *prior* to configuration::
- $ tar xzf proj-4.7.0.tar.gz
- $ cd proj-4.7.0/nad
- $ unzip ../../proj-datumgrid-1.5.zip
+ $ tar xzf proj-4.8.0.tar.gz
+ $ cd proj-4.8.0/nad
+ $ tar xzf ../../proj-datumgrid-1.5.tar.gz
$ cd ..
Finally, configure, make and install PROJ.4::
@@ -239,9 +239,9 @@ installed prior to building PostGIS.
First download the source archive, and extract::
- $ wget http://postgis.refractions.net/download/postgis-1.5.2.tar.gz
- $ tar xzf postgis-1.5.2.tar.gz
- $ cd postgis-1.5.2
+ $ wget http://postgis.refractions.net/download/postgis-1.5.5.tar.gz
+ $ tar xzf postgis-1.5.5.tar.gz
+ $ cd postgis-1.5.5
Next, configure, make and install PostGIS::
diff --git a/docs/ref/forms/validation.txt b/docs/ref/forms/validation.txt
index 95424d0cd0..1af32da875 100644
--- a/docs/ref/forms/validation.txt
+++ b/docs/ref/forms/validation.txt
@@ -70,9 +70,8 @@ overridden:
formfield-specific piece of validation and, possibly,
cleaning/normalizing the data.
- Just like the general field ``clean()`` method, above, this method
- should return the cleaned data, regardless of whether it changed
- anything or not.
+ This method should return the cleaned value obtained from cleaned_data,
+ regardless of whether it changed anything or not.
* The Form subclass's ``clean()`` method. This method can perform
any validation that requires access to multiple fields from the form at
diff --git a/docs/ref/forms/widgets.txt b/docs/ref/forms/widgets.txt
index fb7657349a..eab314a4cd 100644
--- a/docs/ref/forms/widgets.txt
+++ b/docs/ref/forms/widgets.txt
@@ -310,6 +310,10 @@ commonly used groups of widgets:
A callable that takes the value of the CheckBoxInput and returns
``True`` if the checkbox should be checked for that value.
+ .. versionchanged:: 1.5
+ Exceptions from ``check_test`` used to be silenced by its caller,
+ this is no longer the case, they will propagate upwards.
+
``Select``
~~~~~~~~~~
diff --git a/docs/ref/models/options.txt b/docs/ref/models/options.txt
index 9d076f6274..c5ae8398ea 100644
--- a/docs/ref/models/options.txt
+++ b/docs/ref/models/options.txt
@@ -83,9 +83,10 @@ Django quotes column and table names behind the scenes.
.. attribute:: Options.get_latest_by
- The name of a :class:`DateField` or :class:`DateTimeField` in the model.
- This specifies the default field to use in your model :class:`Manager`'s
- :class:`~QuerySet.latest` method.
+ The name of an orderable field in the model, typically a :class:`DateField`,
+ :class:`DateTimeField`, or :class:`IntegerField`. This specifies the default
+ field to use in your model :class:`Manager`'s :class:`~QuerySet.latest`
+ method.
Example::
diff --git a/docs/ref/models/querysets.txt b/docs/ref/models/querysets.txt
index b59b2ece82..4f5f8858b5 100644
--- a/docs/ref/models/querysets.txt
+++ b/docs/ref/models/querysets.txt
@@ -2064,7 +2064,7 @@ Note this is only available in MySQL and requires direct manipulation of the
database to add the full-text index. By default Django uses BOOLEAN MODE for
full text searches. See the `MySQL documentation`_ for additional details.
-.. _MySQL documentation: http://dev.mysql.com/doc/refman/5.1/en/fulltext-boolean.html>
+.. _MySQL documentation: http://dev.mysql.com/doc/refman/5.1/en/fulltext-boolean.html
.. fieldlookup:: regex
@@ -2236,4 +2236,3 @@ Variance
extension.
.. _SQLite documentation: http://www.sqlite.org/contrib
-
diff --git a/docs/releases/1.3.txt b/docs/releases/1.3.txt
index 772dbdb2e7..c507f1bed6 100644
--- a/docs/releases/1.3.txt
+++ b/docs/releases/1.3.txt
@@ -587,7 +587,7 @@ gettext domain):
ones listed later.
* The ``locale`` subdirectory of the directory containing the settings, that
- usually coincides with and is know as the *project directory* is being
+ usually coincides with and is known as the *project directory* is being
deprecated in this release as a source of translations. (the precedence of
these translations is intermediate between applications and :setting:`LOCALE_PATHS`
translations). See the `corresponding deprecated features section`_
diff --git a/docs/topics/db/queries.txt b/docs/topics/db/queries.txt
index 60437c1120..f87fa2920f 100644
--- a/docs/topics/db/queries.txt
+++ b/docs/topics/db/queries.txt
@@ -235,14 +235,14 @@ refinements together. For example::
... ).exclude(
... pub_date__gte=datetime.now()
... ).filter(
- ... pub_date__gte=datetime(2005, 1, 1)
+ ... pub_date__gte=datetime(2005, 1, 30)
... )
This takes the initial :class:`~django.db.models.query.QuerySet` of all entries
in the database, adds a filter, then an exclusion, then another filter. The
final result is a :class:`~django.db.models.query.QuerySet` containing all
entries with a headline that starts with "What", that were published between
-January 1, 2005, and the current day.
+January 30, 2005, and the current day.
.. _filtered-querysets-are-unique:
diff --git a/docs/topics/python3.txt b/docs/topics/python3.txt
index 457486caa4..d816db8046 100644
--- a/docs/topics/python3.txt
+++ b/docs/topics/python3.txt
@@ -25,10 +25,11 @@ free to chose another strategy for your own code, especially if you don't need
to stay compatible with Python 2. But authors of pluggable applications are
encouraged to use the same porting strategy as Django itself.
-Writing compatible code is much easier if you target Python ≥ 2.6. You will
-most likely take advantage of the compatibility functions introduced in Django
-1.5, like :mod:`django.utils.six`, so your application will also require
-Django ≥ 1.5.
+Writing compatible code is much easier if you target Python ≥ 2.6. Django 1.5
+introduces compatibility tools such as :mod:`django.utils.six`. For
+convenience, forwards-compatible aliases were introduced in Django 1.4.2. If
+your application takes advantage of these tools, it will require Django ≥
+1.4.2.
Obviously, writing compatible source code adds some overhead, and that can
cause frustration. Django's developers have found that attempting to write
@@ -102,6 +103,8 @@ Old name New name
For backwards compatibility, the old names still work on Python 2. Under
Python 3, ``smart_str`` is an alias for ``smart_text``.
+For forwards compatibility, the new names work as of Django 1.4.2.
+
.. note::
:mod:`django.utils.encoding` was deeply refactored in Django 1.5 to
@@ -126,6 +129,8 @@ For backwards compatibility, the old names still work on Python 2. Under
Python 3, ``EscapeString`` and ``SafeString`` are aliases for ``EscapeText``
and ``SafeText`` respectively.
+For forwards compatibility, the new names work as of Django 1.4.2.
+
:meth:`__str__` and :meth:`__unicode__` methods
-----------------------------------------------
@@ -166,6 +171,8 @@ On Python 3, the decorator is a no-op. On Python 2, it defines appropriate
This technique is the best match for Django's porting philosophy.
+For forwards compatibility, this decorator is available as of Django 1.4.2.
+
Finally, note that :meth:`__repr__` must return a :class:`str` on all versions
of Python.
@@ -317,7 +324,8 @@ Writing compatible code with six
six_ is the canonical compatibility library for supporting Python 2 and 3 in
a single codebase. Read its documentation!
-:mod:`six` is bundled with Django: you can import it as :mod:`django.utils.six`.
+:mod`six` is bundled with Django as of version 1.4.2. You can import it as
+:mod`django.utils.six`.
Here are the most common changes required to write compatible code.
diff --git a/docs/topics/security.txt b/docs/topics/security.txt
index 151853d4ac..0a3c6bff02 100644
--- a/docs/topics/security.txt
+++ b/docs/topics/security.txt
@@ -76,9 +76,17 @@ POST to your Web site and have another logged in user unwittingly submit that
form. The malicious user would have to know the nonce, which is user specific
(using a cookie).
+When deployed with :ref:`HTTPS <security-recommendation-ssl>`,
+``CsrfViewMiddleware`` will check that the HTTP referer header is set to a
+URL on the same origin (including subdomain and port). Because HTTPS
+provides additional security, it is imperative to ensure connections use HTTPS
+where it is available by forwarding insecure connection requests and using
+HSTS for supported browsers.
+
Be very careful with marking views with the ``csrf_exempt`` decorator unless
it is absolutely necessary.
+
SQL injection protection
========================
@@ -112,6 +120,8 @@ The middleware is strongly recommended for any site that does not need to have
its pages wrapped in a frame by third party sites, or only needs to allow that
for a small section of the site.
+.. _security-recommendation-ssl:
+
SSL/HTTPS
=========
@@ -147,7 +157,15 @@ server, there are some additional steps you may need:
any POST data being accepted over HTTP (which will be fine if you are
redirecting all HTTP traffic to HTTPS).
-.. _additional-security-topics:
+* Use HTTP Strict Transport Security (HSTS)
+
+ HSTS is an HTTP header that informs a browser that all future connections
+ to a particular site should always use HTTPS. Combined with redirecting
+ requests over HTTP to HTTPS, this will ensure that connections always enjoy
+ the added security of SSL provided one successful connection has occurred.
+ HSTS is usually configured on the web server.
+
+.. _host-headers-virtual-hosting:
Host headers and virtual hosting
================================
@@ -158,15 +176,17 @@ Site Scripting attacks, they can be used for Cross-Site Request
Forgery and cache poisoning attacks in some circumstances. We
recommend you ensure your Web server is configured such that:
- * It always validates incoming HTTP ``Host`` headers against the expected
- host name.
- * Disallows requests with no ``Host`` header.
- * Is *not* configured with a catch-all virtual host that forwards requests
- to a Django application.
+* It always validates incoming HTTP ``Host`` headers against the expected
+ host name.
+* Disallows requests with no ``Host`` header.
+* Is *not* configured with a catch-all virtual host that forwards requests
+ to a Django application.
Additionally, as of 1.3.1, Django requires you to explicitly enable support for
the ``X-Forwarded-Host`` header if your configuration requires it.
+.. _additional-security-topics:
+
Additional security topics
==========================