diff options
| author | Andrew Godwin <andrew@aeracode.org> | 2012-09-07 15:43:28 -0400 |
|---|---|---|
| committer | Andrew Godwin <andrew@aeracode.org> | 2012-09-07 15:43:28 -0400 |
| commit | 828d691f62814edf3e93d981c0f991a48781fb79 (patch) | |
| tree | 10aeb64ecaa08678aebad730deac73dbb5646d94 /docs | |
| parent | ca9c3cd39fade827cced1b5198dd37bb80c208b0 (diff) | |
| parent | 5999eb42eb6dad6a74c43eb6e9d96ac368ad97b4 (diff) | |
Merge branch 'master' into schema-alteration
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/intro/tutorial03.txt | 2 | ||||
| -rw-r--r-- | docs/ref/contrib/gis/install.txt | 26 | ||||
| -rw-r--r-- | docs/ref/forms/validation.txt | 5 | ||||
| -rw-r--r-- | docs/ref/forms/widgets.txt | 4 | ||||
| -rw-r--r-- | docs/ref/models/options.txt | 7 | ||||
| -rw-r--r-- | docs/ref/models/querysets.txt | 3 | ||||
| -rw-r--r-- | docs/releases/1.3.txt | 2 | ||||
| -rw-r--r-- | docs/topics/db/queries.txt | 4 | ||||
| -rw-r--r-- | docs/topics/python3.txt | 18 | ||||
| -rw-r--r-- | docs/topics/security.txt | 32 |
10 files changed, 67 insertions, 36 deletions
diff --git a/docs/intro/tutorial03.txt b/docs/intro/tutorial03.txt index 6d4fb7eef1..2430bc3a2d 100644 --- a/docs/intro/tutorial03.txt +++ b/docs/intro/tutorial03.txt @@ -517,7 +517,7 @@ URLconf by removing the leading "polls/" from each line, and removing the lines registering the admin site. Your ``polls/urls.py`` file should now look like this:: - from django.conf.urls import patterns, include, url + from django.conf.urls import patterns, url urlpatterns = patterns('polls.views', url(r'^$', 'index'), diff --git a/docs/ref/contrib/gis/install.txt b/docs/ref/contrib/gis/install.txt index 3e952c173b..5dc3726ad1 100644 --- a/docs/ref/contrib/gis/install.txt +++ b/docs/ref/contrib/gis/install.txt @@ -80,7 +80,7 @@ geospatial libraries: Program Description Required Supported Versions ======================== ==================================== ================================ ========================== :ref:`GEOS <ref-geos>` Geometry Engine Open Source Yes 3.3, 3.2, 3.1, 3.0 -`PROJ.4`_ Cartographic Projections library Yes (PostgreSQL and SQLite only) 4.7, 4.6, 4.5, 4.4 +`PROJ.4`_ Cartographic Projections library Yes (PostgreSQL and SQLite only) 4.8, 4.7, 4.6, 4.5, 4.4 :ref:`GDAL <ref-gdal>` Geospatial Data Abstraction Library No (but, required for SQLite) 1.9, 1.8, 1.7, 1.6, 1.5 :ref:`GeoIP <ref-geoip>` IP-based geolocation library No 1.4 `PostGIS`__ Spatial extensions for PostgreSQL Yes (PostgreSQL only) 1.5, 1.4, 1.3 @@ -140,16 +140,16 @@ internal geometry representation used by GeoDjango (it's behind the "lazy" geometries). Specifically, the C API library is called (e.g., ``libgeos_c.so``) directly from Python using ctypes. -First, download GEOS 3.3.0 from the refractions Web site and untar the source +First, download GEOS 3.3.5 from the refractions Web site and untar the source archive:: - $ wget http://download.osgeo.org/geos/geos-3.3.0.tar.bz2 - $ tar xjf geos-3.3.0.tar.bz2 + $ wget http://download.osgeo.org/geos/geos-3.3.5.tar.bz2 + $ tar xjf geos-3.3.5.tar.bz2 Next, change into the directory where GEOS was unpacked, run the configure script, compile, and install:: - $ cd geos-3.3.0 + $ cd geos-3.3.5 $ ./configure $ make $ sudo make install @@ -203,15 +203,15 @@ reference systems. First, download the PROJ.4 source code and datum shifting files [#]_:: - $ wget http://download.osgeo.org/proj/proj-4.7.0.tar.gz - $ wget http://download.osgeo.org/proj/proj-datumgrid-1.5.zip + $ wget http://download.osgeo.org/proj/proj-4.8.0.tar.gz + $ wget http://download.osgeo.org/proj/proj-datumgrid-1.5.tar.gz Next, untar the source code archive, and extract the datum shifting files in the ``nad`` subdirectory. This must be done *prior* to configuration:: - $ tar xzf proj-4.7.0.tar.gz - $ cd proj-4.7.0/nad - $ unzip ../../proj-datumgrid-1.5.zip + $ tar xzf proj-4.8.0.tar.gz + $ cd proj-4.8.0/nad + $ tar xzf ../../proj-datumgrid-1.5.tar.gz $ cd .. Finally, configure, make and install PROJ.4:: @@ -239,9 +239,9 @@ installed prior to building PostGIS. First download the source archive, and extract:: - $ wget http://postgis.refractions.net/download/postgis-1.5.2.tar.gz - $ tar xzf postgis-1.5.2.tar.gz - $ cd postgis-1.5.2 + $ wget http://postgis.refractions.net/download/postgis-1.5.5.tar.gz + $ tar xzf postgis-1.5.5.tar.gz + $ cd postgis-1.5.5 Next, configure, make and install PostGIS:: diff --git a/docs/ref/forms/validation.txt b/docs/ref/forms/validation.txt index 95424d0cd0..1af32da875 100644 --- a/docs/ref/forms/validation.txt +++ b/docs/ref/forms/validation.txt @@ -70,9 +70,8 @@ overridden: formfield-specific piece of validation and, possibly, cleaning/normalizing the data. - Just like the general field ``clean()`` method, above, this method - should return the cleaned data, regardless of whether it changed - anything or not. + This method should return the cleaned value obtained from cleaned_data, + regardless of whether it changed anything or not. * The Form subclass's ``clean()`` method. This method can perform any validation that requires access to multiple fields from the form at diff --git a/docs/ref/forms/widgets.txt b/docs/ref/forms/widgets.txt index fb7657349a..eab314a4cd 100644 --- a/docs/ref/forms/widgets.txt +++ b/docs/ref/forms/widgets.txt @@ -310,6 +310,10 @@ commonly used groups of widgets: A callable that takes the value of the CheckBoxInput and returns ``True`` if the checkbox should be checked for that value. + .. versionchanged:: 1.5 + Exceptions from ``check_test`` used to be silenced by its caller, + this is no longer the case, they will propagate upwards. + ``Select`` ~~~~~~~~~~ diff --git a/docs/ref/models/options.txt b/docs/ref/models/options.txt index 9d076f6274..c5ae8398ea 100644 --- a/docs/ref/models/options.txt +++ b/docs/ref/models/options.txt @@ -83,9 +83,10 @@ Django quotes column and table names behind the scenes. .. attribute:: Options.get_latest_by - The name of a :class:`DateField` or :class:`DateTimeField` in the model. - This specifies the default field to use in your model :class:`Manager`'s - :class:`~QuerySet.latest` method. + The name of an orderable field in the model, typically a :class:`DateField`, + :class:`DateTimeField`, or :class:`IntegerField`. This specifies the default + field to use in your model :class:`Manager`'s :class:`~QuerySet.latest` + method. Example:: diff --git a/docs/ref/models/querysets.txt b/docs/ref/models/querysets.txt index b59b2ece82..4f5f8858b5 100644 --- a/docs/ref/models/querysets.txt +++ b/docs/ref/models/querysets.txt @@ -2064,7 +2064,7 @@ Note this is only available in MySQL and requires direct manipulation of the database to add the full-text index. By default Django uses BOOLEAN MODE for full text searches. See the `MySQL documentation`_ for additional details. -.. _MySQL documentation: http://dev.mysql.com/doc/refman/5.1/en/fulltext-boolean.html> +.. _MySQL documentation: http://dev.mysql.com/doc/refman/5.1/en/fulltext-boolean.html .. fieldlookup:: regex @@ -2236,4 +2236,3 @@ Variance extension. .. _SQLite documentation: http://www.sqlite.org/contrib - diff --git a/docs/releases/1.3.txt b/docs/releases/1.3.txt index 772dbdb2e7..c507f1bed6 100644 --- a/docs/releases/1.3.txt +++ b/docs/releases/1.3.txt @@ -587,7 +587,7 @@ gettext domain): ones listed later. * The ``locale`` subdirectory of the directory containing the settings, that - usually coincides with and is know as the *project directory* is being + usually coincides with and is known as the *project directory* is being deprecated in this release as a source of translations. (the precedence of these translations is intermediate between applications and :setting:`LOCALE_PATHS` translations). See the `corresponding deprecated features section`_ diff --git a/docs/topics/db/queries.txt b/docs/topics/db/queries.txt index 60437c1120..f87fa2920f 100644 --- a/docs/topics/db/queries.txt +++ b/docs/topics/db/queries.txt @@ -235,14 +235,14 @@ refinements together. For example:: ... ).exclude( ... pub_date__gte=datetime.now() ... ).filter( - ... pub_date__gte=datetime(2005, 1, 1) + ... pub_date__gte=datetime(2005, 1, 30) ... ) This takes the initial :class:`~django.db.models.query.QuerySet` of all entries in the database, adds a filter, then an exclusion, then another filter. The final result is a :class:`~django.db.models.query.QuerySet` containing all entries with a headline that starts with "What", that were published between -January 1, 2005, and the current day. +January 30, 2005, and the current day. .. _filtered-querysets-are-unique: diff --git a/docs/topics/python3.txt b/docs/topics/python3.txt index 457486caa4..d816db8046 100644 --- a/docs/topics/python3.txt +++ b/docs/topics/python3.txt @@ -25,10 +25,11 @@ free to chose another strategy for your own code, especially if you don't need to stay compatible with Python 2. But authors of pluggable applications are encouraged to use the same porting strategy as Django itself. -Writing compatible code is much easier if you target Python ≥ 2.6. You will -most likely take advantage of the compatibility functions introduced in Django -1.5, like :mod:`django.utils.six`, so your application will also require -Django ≥ 1.5. +Writing compatible code is much easier if you target Python ≥ 2.6. Django 1.5 +introduces compatibility tools such as :mod:`django.utils.six`. For +convenience, forwards-compatible aliases were introduced in Django 1.4.2. If +your application takes advantage of these tools, it will require Django ≥ +1.4.2. Obviously, writing compatible source code adds some overhead, and that can cause frustration. Django's developers have found that attempting to write @@ -102,6 +103,8 @@ Old name New name For backwards compatibility, the old names still work on Python 2. Under Python 3, ``smart_str`` is an alias for ``smart_text``. +For forwards compatibility, the new names work as of Django 1.4.2. + .. note:: :mod:`django.utils.encoding` was deeply refactored in Django 1.5 to @@ -126,6 +129,8 @@ For backwards compatibility, the old names still work on Python 2. Under Python 3, ``EscapeString`` and ``SafeString`` are aliases for ``EscapeText`` and ``SafeText`` respectively. +For forwards compatibility, the new names work as of Django 1.4.2. + :meth:`__str__` and :meth:`__unicode__` methods ----------------------------------------------- @@ -166,6 +171,8 @@ On Python 3, the decorator is a no-op. On Python 2, it defines appropriate This technique is the best match for Django's porting philosophy. +For forwards compatibility, this decorator is available as of Django 1.4.2. + Finally, note that :meth:`__repr__` must return a :class:`str` on all versions of Python. @@ -317,7 +324,8 @@ Writing compatible code with six six_ is the canonical compatibility library for supporting Python 2 and 3 in a single codebase. Read its documentation! -:mod:`six` is bundled with Django: you can import it as :mod:`django.utils.six`. +:mod`six` is bundled with Django as of version 1.4.2. You can import it as +:mod`django.utils.six`. Here are the most common changes required to write compatible code. diff --git a/docs/topics/security.txt b/docs/topics/security.txt index 151853d4ac..0a3c6bff02 100644 --- a/docs/topics/security.txt +++ b/docs/topics/security.txt @@ -76,9 +76,17 @@ POST to your Web site and have another logged in user unwittingly submit that form. The malicious user would have to know the nonce, which is user specific (using a cookie). +When deployed with :ref:`HTTPS <security-recommendation-ssl>`, +``CsrfViewMiddleware`` will check that the HTTP referer header is set to a +URL on the same origin (including subdomain and port). Because HTTPS +provides additional security, it is imperative to ensure connections use HTTPS +where it is available by forwarding insecure connection requests and using +HSTS for supported browsers. + Be very careful with marking views with the ``csrf_exempt`` decorator unless it is absolutely necessary. + SQL injection protection ======================== @@ -112,6 +120,8 @@ The middleware is strongly recommended for any site that does not need to have its pages wrapped in a frame by third party sites, or only needs to allow that for a small section of the site. +.. _security-recommendation-ssl: + SSL/HTTPS ========= @@ -147,7 +157,15 @@ server, there are some additional steps you may need: any POST data being accepted over HTTP (which will be fine if you are redirecting all HTTP traffic to HTTPS). -.. _additional-security-topics: +* Use HTTP Strict Transport Security (HSTS) + + HSTS is an HTTP header that informs a browser that all future connections + to a particular site should always use HTTPS. Combined with redirecting + requests over HTTP to HTTPS, this will ensure that connections always enjoy + the added security of SSL provided one successful connection has occurred. + HSTS is usually configured on the web server. + +.. _host-headers-virtual-hosting: Host headers and virtual hosting ================================ @@ -158,15 +176,17 @@ Site Scripting attacks, they can be used for Cross-Site Request Forgery and cache poisoning attacks in some circumstances. We recommend you ensure your Web server is configured such that: - * It always validates incoming HTTP ``Host`` headers against the expected - host name. - * Disallows requests with no ``Host`` header. - * Is *not* configured with a catch-all virtual host that forwards requests - to a Django application. +* It always validates incoming HTTP ``Host`` headers against the expected + host name. +* Disallows requests with no ``Host`` header. +* Is *not* configured with a catch-all virtual host that forwards requests + to a Django application. Additionally, as of 1.3.1, Django requires you to explicitly enable support for the ``X-Forwarded-Host`` header if your configuration requires it. +.. _additional-security-topics: + Additional security topics ========================== |
