Re: [Django] #16430: Stronger wording for CSRF protection in `modifying upload handlers on the fly`

2011-08-06 Thread Django 
#16430: Stronger wording for CSRF protection in `modifying upload handlers on 
the
fly`
-+-
   Reporter: |  Owner:  tomchristie
  tomchristie| Status:  closed
   Type: |  Component:  Documentation
  Cleanup/optimization   |   Severity:  Normal
  Milestone: |   Keywords:
Version:  1.3|  Has patch:  1
 Resolution:  fixed  |Needs tests:  0
   Triage Stage:  Ready for  |  Easy pickings:  0
  checkin|
Needs documentation:  0  |
Patch needs improvement:  0  |
  UI/UX:  0  |
-+-

Comment (by timo):

 In [16589]:
 {{{
 #!CommitTicketReference repository="" revision="16589"
 [1.3.X] Fixed #16430 - Stronger wording for CSRF protection in `modifying
 upload handlers on the fly`; thanks tomchristie.

 Backport of r16588 from trunk.
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #16430: Stronger wording for CSRF protection in `modifying upload handlers on the fly`

2011-08-06 Thread Django 
#16430: Stronger wording for CSRF protection in `modifying upload handlers on 
the
fly`
-+-
   Reporter: |  Owner:  tomchristie
  tomchristie| Status:  closed
   Type: |  Component:  Documentation
  Cleanup/optimization   |   Severity:  Normal
  Milestone: |   Keywords:
Version:  1.3|  Has patch:  1
 Resolution:  fixed  |Needs tests:  0
   Triage Stage:  Ready for  |  Easy pickings:  0
  checkin|
Needs documentation:  0  |
Patch needs improvement:  0  |
  UI/UX:  0  |
-+-
Changes (by timo):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 In [16588]:
 {{{
 #!CommitTicketReference repository="" revision="16588"
 Fixed #16430 - Stronger wording for CSRF protection in `modifying upload
 handlers on the fly`; thanks tomchristie.
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #16430: Stronger wording for CSRF protection in `modifying upload handlers on the fly`

2011-07-21 Thread Django 
#16430: Stronger wording for CSRF protection in `modifying upload handlers on 
the
fly`
-+-
   Reporter: |  Owner:  tomchristie
  tomchristie| Status:  assigned
   Type: |  Component:  Documentation
  Cleanup/optimization   |   Severity:  Normal
  Milestone: |   Keywords:
Version:  1.3|  Has patch:  1
 Resolution: |Needs tests:  0
   Triage Stage:  Ready for  |  Easy pickings:  0
  checkin|
Needs documentation:  0  |
Patch needs improvement:  0  |
  UI/UX:  0  |
-+-
Changes (by PaulM):

 * stage:  Accepted => Ready for checkin


Comment:

 Looks good to me. Marking RFC.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #16430: Stronger wording for CSRF protection in `modifying upload handlers on the fly`

2011-07-21 Thread Django 
#16430: Stronger wording for CSRF protection in `modifying upload handlers on 
the
fly`
-+-
   Reporter: |  Owner:  tomchristie
  tomchristie| Status:  assigned
   Type: |  Component:  Documentation
  Cleanup/optimization   |   Severity:  Normal
  Milestone: |   Keywords:
Version:  1.3|  Has patch:  1
 Resolution: |Needs tests:  0
   Triage Stage:  Accepted   |  Easy pickings:  0
Needs documentation:  0  |
Patch needs improvement:  0  |
  UI/UX:  0  |
-+-
Changes (by tomchristie):

 * status:  new => assigned
 * owner:  nobody => tomchristie
 * has_patch:  0 => 1


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #16430: Stronger wording for CSRF protection in `modifying upload handlers on the fly`

2011-07-07 Thread Django 
#16430: Stronger wording for CSRF protection in `modifying upload handlers on 
the
fly`
-+-
   Reporter: |  Owner:  nobody
  tomchristie| Status:  new
   Type: |  Component:  Documentation
  Cleanup/optimization   |   Severity:  Normal
  Milestone: |   Keywords:
Version:  1.3|  Has patch:  0
 Resolution: |Needs tests:  0
   Triage Stage:  Accepted   |  Easy pickings:  0
Needs documentation:  0  |
Patch needs improvement:  0  |
  UI/UX:  0  |
-+-
Changes (by aaugustin):

 * needs_better_patch:   => 0
 * component:  Uncategorized => Documentation
 * needs_tests:   => 0
 * needs_docs:   => 0
 * type:  Uncategorized => Cleanup/optimization
 * stage:  Unreviewed => Accepted


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

[Django] #16430: Stronger wording for CSRF protection in `modifying upload handlers on the fly`

2011-07-07 Thread Django 
#16430: Stronger wording for CSRF protection in `modifying upload handlers on 
the
fly`
---+---
 Reporter:  tomchristie|  Owner:  nobody
 Type:  Uncategorized  | Status:  new
Milestone: |  Component:  Uncategorized
  Version:  1.3|   Severity:  Normal
 Keywords: |   Triage Stage:  Unreviewed
Has patch:  0  |  Easy pickings:  0
UI/UX:  0  |
---+---
 The text in [https://docs.djangoproject.com/en/dev/topics/http/file-
 uploads/#modifying-upload-handlers-on-the-fly modifying upload handlers on
 the fly] could be more strongly worded regarding CSRF protection.

 It might be better if the text "Assuming you do need CSRF protection, you
 will then need to use csrf_protect() on the function that actually
 processes the request." simply read "You will then need to use
 csrf_protect() on the function that actually processes the request."

 Obviously it's a bit of a subjective issue, but I think the stronger
 implication that we're simply explaining how to defer ''when the CSRF
 validation runs'', rather than making a decision about ''if it should be
 run'' would be slightly better.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.