Loading django/contrib/auth/tests/test_forms.py +1 −1 Original line number Diff line number Diff line Loading @@ -133,7 +133,7 @@ class AuthenticationFormTest(TestCase): [force_text(form.error_messages['inactive'])]) def test_custom_login_allowed_policy(self): # The user is inactive, but our custom form policy allows him to log in. # The user is inactive, but our custom form policy allows them to log in. data = { 'username': 'inactive', 'password': 'password', Loading docs/ref/clickjacking.txt +2 −2 Original line number Diff line number Diff line Loading @@ -20,8 +20,8 @@ purchase an item. A user has chosen to stay logged into the store all the time for convenience. An attacker site might create an "I Like Ponies" button on one of their own pages, and load the store's page in a transparent iframe such that the "Buy Now" button is invisibly overlaid on the "I Like Ponies" button. If the user visits the attacker site and clicks "I Like Ponies" he or she will inadvertently click on the online store's "Buy Now" button and unknowingly purchase the item. user visits the attacker's site, clicking "I Like Ponies" will cause an inadvertent click on the "Buy Now" button and an unknowing purchase of the item. .. _clickjacking-prevention: Loading docs/ref/contrib/sites.txt +1 −1 Original line number Diff line number Diff line Loading @@ -172,7 +172,7 @@ Getting the current domain for display LJWorld.com and Lawrence.com both have email alert functionality, which lets readers sign up to get notifications when news happens. It's pretty basic: A reader signs up on a Web form, and he or she immediately gets an email saying, reader signs up on a Web form and immediately gets an email saying, "Thanks for your subscription." It'd be inefficient and redundant to implement this signup-processing code Loading docs/ref/settings.txt +1 −1 Original line number Diff line number Diff line Loading @@ -2468,7 +2468,7 @@ SESSION_EXPIRE_AT_BROWSER_CLOSE Default: ``False`` Whether to expire the session when the user closes his or her browser. See Whether to expire the session when the user closes their browser. See :ref:`browser-length-vs-persistent-sessions`. .. setting:: SESSION_FILE_PATH Loading docs/releases/1.3-beta-1.txt +1 −2 Original line number Diff line number Diff line Loading @@ -73,8 +73,7 @@ The Django admin has long had an undocumented "feature" allowing savvy users to manipulate the query string of changelist pages to filter the list of objects displayed. However, this also creates a security issue, as a staff user with sufficient knowledge of model structure could use this "feature" to gain access to information he or she would not normally have. could use this "feature" to gain access to information not normally accessible. As a result, changelist filtering now explicitly validates all lookup arguments in the query string, and permits only fields which are Loading Loading
django/contrib/auth/tests/test_forms.py +1 −1 Original line number Diff line number Diff line Loading @@ -133,7 +133,7 @@ class AuthenticationFormTest(TestCase): [force_text(form.error_messages['inactive'])]) def test_custom_login_allowed_policy(self): # The user is inactive, but our custom form policy allows him to log in. # The user is inactive, but our custom form policy allows them to log in. data = { 'username': 'inactive', 'password': 'password', Loading
docs/ref/clickjacking.txt +2 −2 Original line number Diff line number Diff line Loading @@ -20,8 +20,8 @@ purchase an item. A user has chosen to stay logged into the store all the time for convenience. An attacker site might create an "I Like Ponies" button on one of their own pages, and load the store's page in a transparent iframe such that the "Buy Now" button is invisibly overlaid on the "I Like Ponies" button. If the user visits the attacker site and clicks "I Like Ponies" he or she will inadvertently click on the online store's "Buy Now" button and unknowingly purchase the item. user visits the attacker's site, clicking "I Like Ponies" will cause an inadvertent click on the "Buy Now" button and an unknowing purchase of the item. .. _clickjacking-prevention: Loading
docs/ref/contrib/sites.txt +1 −1 Original line number Diff line number Diff line Loading @@ -172,7 +172,7 @@ Getting the current domain for display LJWorld.com and Lawrence.com both have email alert functionality, which lets readers sign up to get notifications when news happens. It's pretty basic: A reader signs up on a Web form, and he or she immediately gets an email saying, reader signs up on a Web form and immediately gets an email saying, "Thanks for your subscription." It'd be inefficient and redundant to implement this signup-processing code Loading
docs/ref/settings.txt +1 −1 Original line number Diff line number Diff line Loading @@ -2468,7 +2468,7 @@ SESSION_EXPIRE_AT_BROWSER_CLOSE Default: ``False`` Whether to expire the session when the user closes his or her browser. See Whether to expire the session when the user closes their browser. See :ref:`browser-length-vs-persistent-sessions`. .. setting:: SESSION_FILE_PATH Loading
docs/releases/1.3-beta-1.txt +1 −2 Original line number Diff line number Diff line Loading @@ -73,8 +73,7 @@ The Django admin has long had an undocumented "feature" allowing savvy users to manipulate the query string of changelist pages to filter the list of objects displayed. However, this also creates a security issue, as a staff user with sufficient knowledge of model structure could use this "feature" to gain access to information he or she would not normally have. could use this "feature" to gain access to information not normally accessible. As a result, changelist filtering now explicitly validates all lookup arguments in the query string, and permits only fields which are Loading
