| Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
Thanks Loic Bistuer for the review.
|
|
Thanks Carl Meyer for the report.
|
|
Thanks Clueless for the initial patch.
Note that unittest has been purposely left out (external package only used by Python 2.6).
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17896 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
corresponding Python objects in templates.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17894 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
For more information on this project, see this thread:
http://groups.google.com/group/django-developers/browse_thread/thread/cf0423bbb85b1bbf
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17106 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
the work on the patch and Alex for reviewing.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16539 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
copy() which caused a range of test failures
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16044 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16031 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
as autoescape)
Thanks to dfoerster for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15795 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
Thanks to cyberdelia for the reports on this.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
store_rendered_templates signal handler.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15600 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
the patch, ggetzie.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14689 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
disabled in a template. Thanks to Benjamin Wohlwend for the work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14395 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
template loaders and tag to be cacheable. Thanks to Mike Malone for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11862 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
There is stub code for backwards compatiblity with Django 1.1 imports.
The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
removed, and turned on by default.
This is a large change to CSRF protection for Django. It includes:
* removing the dependency on the session framework.
* deprecating CsrfResponseMiddleware, and replacing with a core template tag.
* turning on CSRF protection by default by adding CsrfViewMiddleware to
the default value of MIDDLEWARE_CLASSES.
* protecting all contrib apps (whatever is in settings.py)
using a decorator.
For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.
Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.
Details of the rationale for these changes is found here:
http://code.djangoproject.com/wiki/CsrfProtection
As of this commit, the CSRF code is mainly in 'contrib'. The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
that the module can be imported without needing settings, thanks kcarnold and mcroydon.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10209 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
this because Brett Cannon borrowed the time machine and brought Python 2.7's '`importlib` back for inclusion in Django. Thanks for the patch-from-the-future, Brett!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10088 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
help debugging broken context processors. Thanks Jeremy Dunck
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8181 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6975 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
one for push() and update(), the one removed for pop()). Based on a patch from
Brian Harring.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6854 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359
See documentation in templates.txt and templates_python.txt for how everything
works.
Backwards incompatible if you're inserting raw HTML output via template variables.
Based on an original design from Simon Willison and with debugging help from Michael Radziej.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
introduced in [6097] after a suggestion from Malcolm. Applied a similar refactor for MergeDict and Context which had comparable behavior.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6098 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
improvement and forward-compatible with future Python releases. Patch from Gary
Wilson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5091 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
akaihola.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4480 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
instead of empty string, for stricter compliance with Python library reference. Thanks for the patch, Yasushi Masuda
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3951 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
template 'if' statements to work if TEMPLATE_STRING_IF_INVALID is set. Modified unit tests to force the use of this variable, so that returning '' isn't confused with an actual failure.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3268 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
Django. Thanks, Nicola Larosa
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3113 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|