diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/cache.txt | 5 | ||||
| -rw-r--r-- | docs/faq.txt | 10 | ||||
| -rw-r--r-- | docs/i18n.txt | 5 | ||||
| -rw-r--r-- | docs/middleware.txt | 18 | ||||
| -rw-r--r-- | docs/model-api.txt | 55 | ||||
| -rw-r--r-- | docs/templates_python.txt | 7 |
6 files changed, 84 insertions, 16 deletions
diff --git a/docs/cache.txt b/docs/cache.txt index 62fec289b9..1795345ed9 100644 --- a/docs/cache.txt +++ b/docs/cache.txt @@ -233,7 +233,10 @@ The cache middleware caches every page that doesn't have GET or POST parameters. Optionally, if the ``CACHE_MIDDLEWARE_ANONYMOUS_ONLY`` setting is ``True``, only anonymous requests (i.e., not those made by a logged-in user) will be cached. This is a simple and effective way of disabling caching for any -user-specific pages (include Django's admin interface). +user-specific pages (include Django's admin interface). Note that if you use +``CACHE_MIDDLEWARE_ANONYMOUS_ONLY``, you should make sure you've activated +``AuthenticationMiddleware`` and that ``AuthenticationMiddleware`` appears +before ``CacheMiddleware`` in your ``MIDDLEWARE_CLASSES``. Additionally, ``CacheMiddleware`` automatically sets a few headers in each ``HttpResponse``: diff --git a/docs/faq.txt b/docs/faq.txt index 3cd7090583..42d9ddea55 100644 --- a/docs/faq.txt +++ b/docs/faq.txt @@ -98,11 +98,10 @@ Lawrence, Kansas, USA. On IRC, Simon goes by ``SimonW``. `Wilson Miner`_ - Wilson's design-fu makes us all look like rock stars. When not sneaking - into apartment complex swimming pools, he's the Commercial Development - Director for World Online, which means he makes the money that pays all our - paychecks. He lives in Lawrence, Kansas. - + Wilson's design-fu makes us all look like rock stars. By day, he's an + interactive designer for `Apple`. Don't ask him what he's working on, or + he'll have to kill you. He lives in San Francisco. + On IRC, Wilson goes by ``wilsonian``. .. _`World Online`: http://code.djangoproject.com/wiki/WorldOnline @@ -113,6 +112,7 @@ Lawrence, Kansas, USA. .. _`simon.incutio.com`: http://simon.incutio.com/ .. _`Jacob Kaplan-Moss`: http://www.jacobian.org/ .. _`Wilson Miner`: http://www.wilsonminer.com/ +.. _`Apple`: http://www.apple.com/ Which sites use Django? ----------------------- diff --git a/docs/i18n.txt b/docs/i18n.txt index e12900c2f9..4d0d92b082 100644 --- a/docs/i18n.txt +++ b/docs/i18n.txt @@ -48,9 +48,10 @@ bit of i18n-related overhead in certain places of the framework. If you don't use internationalization, you should take the two seconds to set ``USE_I18N = False`` in your settings file. If ``USE_I18N`` is set to ``False``, then Django will make some optimizations so as not to load the -internationalization machinery. +internationalization machinery. See the `documentation for USE_I18N`_. -See the `documentation for USE_I18N`_. +You'll probably also want to remove ``'django.core.context_processors.i18n'`` +from your ``TEMPLATE_CONTEXT_PROCESSORS`` setting. .. _documentation for USE_I18N: http://www.djangoproject.com/documentation/settings/#use-i18n diff --git a/docs/middleware.txt b/docs/middleware.txt index bad00fd890..efc4d89569 100644 --- a/docs/middleware.txt +++ b/docs/middleware.txt @@ -63,7 +63,7 @@ Adds a few conveniences for perfectionists: last component in the path contains a period. So ``foo.com/bar`` is redirected to ``foo.com/bar/``, but ``foo.com/bar/file.txt`` is passed through unchanged. - + If ``PREPEND_WWW`` is ``True``, URLs that lack a leading "www." will be redirected to the same URL with a leading "www." @@ -101,6 +101,22 @@ Handles conditional GET operations. If the response has a ``ETag`` or Also removes the content from any response to a HEAD request and sets the ``Date`` and ``Content-Length`` response-headers. +django.middleware.http.SetRemoteAddrFromForwardedFor +---------------------------------------------------- + +**New in Django development version** + +Sets ``request['REMOTE_ADDR']`` based on ``request.['HTTP_X_FORWARDED_FOR']``, +if the latter is set. This is useful if you're sitting behind a reverse proxy +that causes each request's ``REMOTE_ADDR`` to be set to ``127.0.0.1``. + +**Important note:** This does NOT validate ``HTTP_X_FORWARDED_FOR``. If you're +not behind a reverse proxy that sets ``HTTP_X_FORWARDED_FOR`` automatically, do +not use this middleware. Anybody can spoof the value of +``HTTP_X_FORWARDED_FOR``, and because this sets ``REMOTE_ADDR`` based on +``HTTP_X_FORWARDED_FOR``, that means anybody can "fake" their IP address. Only +use this when you can absolutely trust the value of ``HTTP_X_FORWARDED_FOR``. + django.contrib.sessions.middleware.SessionMiddleware ---------------------------------------------------- diff --git a/docs/model-api.txt b/docs/model-api.txt index 502ceaf7ff..0a3abe4e26 100644 --- a/docs/model-api.txt +++ b/docs/model-api.txt @@ -217,7 +217,7 @@ steps: subdirectory of ``MEDIA_ROOT`` it should upload files. 3. All that will be stored in your database is a path to the file - (relative to ``MEDIA_ROOT``). You'll must likely want to use the + (relative to ``MEDIA_ROOT``). You'll most likely want to use the convenience ``get_<fieldname>_url`` function provided by Django. For example, if your ``ImageField`` is called ``mug_shot``, you can get the absolute URL to your image in a template with ``{{ @@ -230,6 +230,14 @@ For example, say your ``MEDIA_ROOT`` is set to ``'/home/media'``, and upload a file on Jan. 15, 2007, it will be saved in the directory ``/home/media/photos/2007/01/15``. +Note that whenever you deal with uploaded files, you should pay close attention +to where you're uploading them and what type of files they are, to avoid +security holes. *Validate all uploaded files* so that you're sure the files are +what you think they are. For example, if you blindly let somebody upload files, +without validation, to a directory that's within your Web server's document +root, then somebody could upload a CGI or PHP script and execute that script by +visiting its URL on your site. Don't allow that. + .. _`strftime formatting`: http://docs.python.org/lib/module-time.html#l2h-1941 ``FilePathField`` @@ -678,8 +686,9 @@ you can use the name of the model, rather than the model object itself:: class Manufacturer(models.Model): # ... -Note, however, that support for strings around model names in ``ForeignKey`` is -quite new, and it can be buggy in some cases. +Note, however, that you can only use strings to refer to models in the same +models.py file -- you cannot use a string to reference a model in a different +application, or to reference a model that has been imported from elsewhere. Behind the scenes, Django appends ``"_id"`` to the field name to create its database column name. In the above example, the database table for the ``Car`` @@ -801,7 +810,10 @@ here's how you'd represent that:: As with ``ForeignKey``, a relationship to self can be defined by using the string ``'self'`` instead of the model name, and you can refer to as-yet -undefined models by using a string containing the model name. +undefined models by using a string containing the model name. However, you +can only use strings to refer to models in the same models.py file -- you +cannot use a string to reference a model in a different application, or to +reference a model that has been imported from elsewhere. It's suggested, but not required, that the name of a ``ManyToManyField`` (``toppings`` in the example above) be a plural describing the set of related @@ -1374,6 +1386,41 @@ user searches for ``john lennon``, Django will do the equivalent of this SQL WHERE (first_name ILIKE '%john%' OR last_name ILIKE '%john%') AND (first_name ILIKE '%lennon%' OR last_name ILIKE '%lennon%') +**New in Django development version:** For faster and/or more restrictive +searches, prefix the field name with an operator: + +``^`` + Matches the beginning of the field. For example, if ``search_fields`` is + set to ``['^first_name', '^last_name']`` and a user searches for + ``john lennon``, Django will do the equivalent of this SQL ``WHERE`` + clause:: + + WHERE (first_name ILIKE 'john%' OR last_name ILIKE 'john%') + AND (first_name ILIKE 'lennon%' OR last_name ILIKE 'lennon%') + + This query is more efficient than the normal ``'%john%'`` query, because + the database only needs to check the beginning of a column's data, rather + than seeking through the entire column's data. Plus, if the column has an + index on it, some databases may be able to use the index for this query, + even though it's a ``LIKE`` query. + +``=`` + Matches exactly, case-insensitive. For example, if + ``search_fields`` is set to ``['=first_name', '=last_name']`` and + a user searches for ``john lennon``, Django will do the equivalent + of this SQL ``WHERE`` clause:: + + WHERE (first_name ILIKE 'john' OR last_name ILIKE 'john') + AND (first_name ILIKE 'lennon' OR last_name ILIKE 'lennon') + + Note that the query input is split by spaces, so, following this example, + it's not currently not possible to search for all records in which + ``first_name`` is exactly ``'john winston'`` (containing a space). + +``@`` + Performs a full-text match. This is like the default search method but uses + an index. Currently this is only available for MySQL. + Managers ======== diff --git a/docs/templates_python.txt b/docs/templates_python.txt index 95ccfb3eab..62069ffd6a 100644 --- a/docs/templates_python.txt +++ b/docs/templates_python.txt @@ -259,9 +259,10 @@ an `HttpRequest object`_ as its first argument. For example:: The second difference is that it automatically populates the context with a few variables, according to your `TEMPLATE_CONTEXT_PROCESSORS setting`_. -The ``TEMPLATE_CONTEXT_PROCESSORS`` setting is a tuple of callables that take a -request object as their argument and return a dictionary of items to be merged -into the context. By default, ``TEMPLATE_CONTEXT_PROCESSORS`` is set to:: +The ``TEMPLATE_CONTEXT_PROCESSORS`` setting is a tuple of callables -- called +**context processors** -- that take a request object as their argument and +return a dictionary of items to be merged into the context. By default, +``TEMPLATE_CONTEXT_PROCESSORS`` is set to:: ("django.core.context_processors.auth", "django.core.context_processors.debug", |