Loading docs/howto/deployment/checklist.txt +0 −8 Original line number Diff line number Diff line Loading @@ -232,14 +232,6 @@ details about the default templates: * :ref:`http_forbidden_view` * :ref:`http_bad_request_view` Miscellaneous ============= :setting:`ALLOWED_INCLUDE_ROOTS` -------------------------------- This setting is required if you're using the :ttag:`ssi` template tag. Python Options ============== Loading docs/internals/deprecation.txt +4 −0 Original line number Diff line number Diff line Loading @@ -87,6 +87,10 @@ details on these changes. * The backwards compatibility shim to allow ``FormMixin.get_form()`` to be defined with no default value for its ``form_class`` argument will be removed. * The following settings will be removed: * ``ALLOWED_INCLUDE_ROOTS`` * The backwards compatibility alias ``django.template.loader.BaseLoader`` will be removed. Loading docs/ref/settings.txt +5 −0 Original line number Diff line number Diff line Loading @@ -123,6 +123,11 @@ ALLOWED_INCLUDE_ROOTS Default: ``()`` (Empty tuple) .. deprecated:: 1.8 Set the ``'allowed_include_roots'`` option in the :setting:`OPTIONS <TEMPLATES-OPTIONS>` of a ``DjangoTemplates`` backend instead. A tuple of strings representing allowed prefixes for the ``{% ssi %}`` template tag. This is a security measure, so that template authors can't access files that they shouldn't be accessing. Loading docs/ref/templates/builtins.txt +2 −2 Original line number Diff line number Diff line Loading @@ -996,8 +996,8 @@ file are evaluated as template code, within the current context:: {% ssi '/home/html/ljworld.com/includes/right_generic.html' parsed %} Note that if you use ``{% ssi %}``, you'll need to define :setting:`ALLOWED_INCLUDE_ROOTS` in your Django settings, as a security measure. ``'allowed_include_roots'`` in the :setting:`OPTIONS <TEMPLATES-OPTIONS>` of your template engine, as a security measure. .. note:: With the :ttag:`ssi` tag and the ``parsed`` parameter Loading docs/releases/1.8.txt +8 −0 Original line number Diff line number Diff line Loading @@ -1014,6 +1014,14 @@ Related to the previous item, referencing views as strings in the ``url()`` function is deprecated. Pass the callable view as described in the previous section instead. Template-related settings ~~~~~~~~~~~~~~~~~~~~~~~~~ As a consequence of the multiple template engines refactor, several settings are deprecated in favor of :setting:`TEMPLATES`: * ``ALLOWED_INCLUDE_ROOTS`` ``django.core.context_processors`` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Loading Loading
docs/howto/deployment/checklist.txt +0 −8 Original line number Diff line number Diff line Loading @@ -232,14 +232,6 @@ details about the default templates: * :ref:`http_forbidden_view` * :ref:`http_bad_request_view` Miscellaneous ============= :setting:`ALLOWED_INCLUDE_ROOTS` -------------------------------- This setting is required if you're using the :ttag:`ssi` template tag. Python Options ============== Loading
docs/internals/deprecation.txt +4 −0 Original line number Diff line number Diff line Loading @@ -87,6 +87,10 @@ details on these changes. * The backwards compatibility shim to allow ``FormMixin.get_form()`` to be defined with no default value for its ``form_class`` argument will be removed. * The following settings will be removed: * ``ALLOWED_INCLUDE_ROOTS`` * The backwards compatibility alias ``django.template.loader.BaseLoader`` will be removed. Loading
docs/ref/settings.txt +5 −0 Original line number Diff line number Diff line Loading @@ -123,6 +123,11 @@ ALLOWED_INCLUDE_ROOTS Default: ``()`` (Empty tuple) .. deprecated:: 1.8 Set the ``'allowed_include_roots'`` option in the :setting:`OPTIONS <TEMPLATES-OPTIONS>` of a ``DjangoTemplates`` backend instead. A tuple of strings representing allowed prefixes for the ``{% ssi %}`` template tag. This is a security measure, so that template authors can't access files that they shouldn't be accessing. Loading
docs/ref/templates/builtins.txt +2 −2 Original line number Diff line number Diff line Loading @@ -996,8 +996,8 @@ file are evaluated as template code, within the current context:: {% ssi '/home/html/ljworld.com/includes/right_generic.html' parsed %} Note that if you use ``{% ssi %}``, you'll need to define :setting:`ALLOWED_INCLUDE_ROOTS` in your Django settings, as a security measure. ``'allowed_include_roots'`` in the :setting:`OPTIONS <TEMPLATES-OPTIONS>` of your template engine, as a security measure. .. note:: With the :ttag:`ssi` tag and the ``parsed`` parameter Loading
docs/releases/1.8.txt +8 −0 Original line number Diff line number Diff line Loading @@ -1014,6 +1014,14 @@ Related to the previous item, referencing views as strings in the ``url()`` function is deprecated. Pass the callable view as described in the previous section instead. Template-related settings ~~~~~~~~~~~~~~~~~~~~~~~~~ As a consequence of the multiple template engines refactor, several settings are deprecated in favor of :setting:`TEMPLATES`: * ``ALLOWED_INCLUDE_ROOTS`` ``django.core.context_processors`` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Loading
