diff options
Diffstat (limited to 'parts/django/django/middleware')
| -rw-r--r-- | parts/django/django/middleware/__init__.py | 0 | ||||
| -rw-r--r-- | parts/django/django/middleware/cache.py | 156 | ||||
| -rw-r--r-- | parts/django/django/middleware/common.py | 147 | ||||
| -rw-r--r-- | parts/django/django/middleware/csrf.py | 298 | ||||
| -rw-r--r-- | parts/django/django/middleware/doc.py | 19 | ||||
| -rw-r--r-- | parts/django/django/middleware/gzip.py | 38 | ||||
| -rw-r--r-- | parts/django/django/middleware/http.py | 51 | ||||
| -rw-r--r-- | parts/django/django/middleware/locale.py | 25 | ||||
| -rw-r--r-- | parts/django/django/middleware/transaction.py | 27 |
9 files changed, 0 insertions, 761 deletions
diff --git a/parts/django/django/middleware/__init__.py b/parts/django/django/middleware/__init__.py deleted file mode 100644 index e69de29..0000000 --- a/parts/django/django/middleware/__init__.py +++ /dev/null diff --git a/parts/django/django/middleware/cache.py b/parts/django/django/middleware/cache.py deleted file mode 100644 index 3f602fe..0000000 --- a/parts/django/django/middleware/cache.py +++ /dev/null @@ -1,156 +0,0 @@ -""" -Cache middleware. If enabled, each Django-powered page will be cached based on -URL. The canonical way to enable cache middleware is to set -``UpdateCacheMiddleware`` as your first piece of middleware, and -``FetchFromCacheMiddleware`` as the last:: - - MIDDLEWARE_CLASSES = [ - 'django.middleware.cache.UpdateCacheMiddleware', - ... - 'django.middleware.cache.FetchFromCacheMiddleware' - ] - -This is counter-intuitive, but correct: ``UpdateCacheMiddleware`` needs to run -last during the response phase, which processes middleware bottom-up; -``FetchFromCacheMiddleware`` needs to run last during the request phase, which -processes middleware top-down. - -The single-class ``CacheMiddleware`` can be used for some simple sites. -However, if any other piece of middleware needs to affect the cache key, you'll -need to use the two-part ``UpdateCacheMiddleware`` and -``FetchFromCacheMiddleware``. This'll most often happen when you're using -Django's ``LocaleMiddleware``. - -More details about how the caching works: - -* Only parameter-less GET or HEAD-requests with status code 200 are cached. - -* The number of seconds each page is stored for is set by the "max-age" section - of the response's "Cache-Control" header, falling back to the - CACHE_MIDDLEWARE_SECONDS setting if the section was not found. - -* If CACHE_MIDDLEWARE_ANONYMOUS_ONLY is set to True, only anonymous requests - (i.e., those not made by a logged-in user) will be cached. This is a simple - and effective way of avoiding the caching of the Django admin (and any other - user-specific content). - -* This middleware expects that a HEAD request is answered with a response - exactly like the corresponding GET request. - -* When a hit occurs, a shallow copy of the original response object is returned - from process_request. - -* Pages will be cached based on the contents of the request headers listed in - the response's "Vary" header. - -* This middleware also sets ETag, Last-Modified, Expires and Cache-Control - headers on the response object. - -""" - -from django.conf import settings -from django.core.cache import cache -from django.utils.cache import get_cache_key, learn_cache_key, patch_response_headers, get_max_age - -class UpdateCacheMiddleware(object): - """ - Response-phase cache middleware that updates the cache if the response is - cacheable. - - Must be used as part of the two-part update/fetch cache middleware. - UpdateCacheMiddleware must be the first piece of middleware in - MIDDLEWARE_CLASSES so that it'll get called last during the response phase. - """ - def __init__(self): - self.cache_timeout = settings.CACHE_MIDDLEWARE_SECONDS - self.key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX - self.cache_anonymous_only = getattr(settings, 'CACHE_MIDDLEWARE_ANONYMOUS_ONLY', False) - - def process_response(self, request, response): - """Sets the cache, if needed.""" - if not hasattr(request, '_cache_update_cache') or not request._cache_update_cache: - # We don't need to update the cache, just return. - return response - if request.method != 'GET': - # This is a stronger requirement than above. It is needed - # because of interactions between this middleware and the - # HTTPMiddleware, which throws the body of a HEAD-request - # away before this middleware gets a chance to cache it. - return response - if not response.status_code == 200: - return response - # Try to get the timeout from the "max-age" section of the "Cache- - # Control" header before reverting to using the default cache_timeout - # length. - timeout = get_max_age(response) - if timeout == None: - timeout = self.cache_timeout - elif timeout == 0: - # max-age was set to 0, don't bother caching. - return response - patch_response_headers(response, timeout) - if timeout: - cache_key = learn_cache_key(request, response, timeout, self.key_prefix) - cache.set(cache_key, response, timeout) - return response - -class FetchFromCacheMiddleware(object): - """ - Request-phase cache middleware that fetches a page from the cache. - - Must be used as part of the two-part update/fetch cache middleware. - FetchFromCacheMiddleware must be the last piece of middleware in - MIDDLEWARE_CLASSES so that it'll get called last during the request phase. - """ - def __init__(self): - self.cache_timeout = settings.CACHE_MIDDLEWARE_SECONDS - self.key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX - self.cache_anonymous_only = getattr(settings, 'CACHE_MIDDLEWARE_ANONYMOUS_ONLY', False) - - def process_request(self, request): - """ - Checks whether the page is already cached and returns the cached - version if available. - """ - if self.cache_anonymous_only: - assert hasattr(request, 'user'), "The Django cache middleware with CACHE_MIDDLEWARE_ANONYMOUS_ONLY=True requires authentication middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.auth.middleware.AuthenticationMiddleware' before the CacheMiddleware." - - if not request.method in ('GET', 'HEAD') or request.GET: - request._cache_update_cache = False - return None # Don't bother checking the cache. - - if self.cache_anonymous_only and request.user.is_authenticated(): - request._cache_update_cache = False - return None # Don't cache requests from authenticated users. - - cache_key = get_cache_key(request, self.key_prefix) - if cache_key is None: - request._cache_update_cache = True - return None # No cache information available, need to rebuild. - - response = cache.get(cache_key, None) - if response is None: - request._cache_update_cache = True - return None # No cache information available, need to rebuild. - - request._cache_update_cache = False - return response - -class CacheMiddleware(UpdateCacheMiddleware, FetchFromCacheMiddleware): - """ - Cache middleware that provides basic behavior for many simple sites. - - Also used as the hook point for the cache decorator, which is generated - using the decorator-from-middleware utility. - """ - def __init__(self, cache_timeout=None, key_prefix=None, cache_anonymous_only=None): - self.cache_timeout = cache_timeout - if cache_timeout is None: - self.cache_timeout = settings.CACHE_MIDDLEWARE_SECONDS - self.key_prefix = key_prefix - if key_prefix is None: - self.key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX - if cache_anonymous_only is None: - self.cache_anonymous_only = getattr(settings, 'CACHE_MIDDLEWARE_ANONYMOUS_ONLY', False) - else: - self.cache_anonymous_only = cache_anonymous_only diff --git a/parts/django/django/middleware/common.py b/parts/django/django/middleware/common.py deleted file mode 100644 index 0be89d4..0000000 --- a/parts/django/django/middleware/common.py +++ /dev/null @@ -1,147 +0,0 @@ -import re - -from django.conf import settings -from django import http -from django.core.mail import mail_managers -from django.utils.http import urlquote -from django.core import urlresolvers -from django.utils.hashcompat import md5_constructor - -class CommonMiddleware(object): - """ - "Common" middleware for taking care of some basic operations: - - - Forbids access to User-Agents in settings.DISALLOWED_USER_AGENTS - - - URL rewriting: Based on the APPEND_SLASH and PREPEND_WWW settings, - this middleware appends missing slashes and/or prepends missing - "www."s. - - - If APPEND_SLASH is set and the initial URL doesn't end with a - slash, and it is not found in urlpatterns, a new URL is formed by - appending a slash at the end. If this new URL is found in - urlpatterns, then an HTTP-redirect is returned to this new URL; - otherwise the initial URL is processed as usual. - - - ETags: If the USE_ETAGS setting is set, ETags will be calculated from - the entire page content and Not Modified responses will be returned - appropriately. - """ - - def process_request(self, request): - """ - Check for denied User-Agents and rewrite the URL based on - settings.APPEND_SLASH and settings.PREPEND_WWW - """ - - # Check for denied User-Agents - if 'HTTP_USER_AGENT' in request.META: - for user_agent_regex in settings.DISALLOWED_USER_AGENTS: - if user_agent_regex.search(request.META['HTTP_USER_AGENT']): - return http.HttpResponseForbidden('<h1>Forbidden</h1>') - - # Check for a redirect based on settings.APPEND_SLASH - # and settings.PREPEND_WWW - host = request.get_host() - old_url = [host, request.path] - new_url = old_url[:] - - if (settings.PREPEND_WWW and old_url[0] and - not old_url[0].startswith('www.')): - new_url[0] = 'www.' + old_url[0] - - # Append a slash if APPEND_SLASH is set and the URL doesn't have a - # trailing slash and there is no pattern for the current path - if settings.APPEND_SLASH and (not old_url[1].endswith('/')): - urlconf = getattr(request, 'urlconf', None) - if (not _is_valid_path(request.path_info, urlconf) and - _is_valid_path("%s/" % request.path_info, urlconf)): - new_url[1] = new_url[1] + '/' - if settings.DEBUG and request.method == 'POST': - raise RuntimeError, ("" - "You called this URL via POST, but the URL doesn't end " - "in a slash and you have APPEND_SLASH set. Django can't " - "redirect to the slash URL while maintaining POST data. " - "Change your form to point to %s%s (note the trailing " - "slash), or set APPEND_SLASH=False in your Django " - "settings.") % (new_url[0], new_url[1]) - - if new_url == old_url: - # No redirects required. - return - if new_url[0]: - newurl = "%s://%s%s" % ( - request.is_secure() and 'https' or 'http', - new_url[0], urlquote(new_url[1])) - else: - newurl = urlquote(new_url[1]) - if request.GET: - newurl += '?' + request.META['QUERY_STRING'] - return http.HttpResponsePermanentRedirect(newurl) - - def process_response(self, request, response): - "Send broken link emails and calculate the Etag, if needed." - if response.status_code == 404: - if settings.SEND_BROKEN_LINK_EMAILS: - # If the referrer was from an internal link or a non-search-engine site, - # send a note to the managers. - domain = request.get_host() - referer = request.META.get('HTTP_REFERER', None) - is_internal = _is_internal_request(domain, referer) - path = request.get_full_path() - if referer and not _is_ignorable_404(path) and (is_internal or '?' not in referer): - ua = request.META.get('HTTP_USER_AGENT', '<none>') - ip = request.META.get('REMOTE_ADDR', '<none>') - mail_managers("Broken %slink on %s" % ((is_internal and 'INTERNAL ' or ''), domain), - "Referrer: %s\nRequested URL: %s\nUser agent: %s\nIP address: %s\n" \ - % (referer, request.get_full_path(), ua, ip)) - return response - - # Use ETags, if requested. - if settings.USE_ETAGS: - if response.has_header('ETag'): - etag = response['ETag'] - else: - etag = '"%s"' % md5_constructor(response.content).hexdigest() - if response.status_code >= 200 and response.status_code < 300 and request.META.get('HTTP_IF_NONE_MATCH') == etag: - cookies = response.cookies - response = http.HttpResponseNotModified() - response.cookies = cookies - else: - response['ETag'] = etag - - return response - -def _is_ignorable_404(uri): - """ - Returns True if a 404 at the given URL *shouldn't* notify the site managers. - """ - for start in settings.IGNORABLE_404_STARTS: - if uri.startswith(start): - return True - for end in settings.IGNORABLE_404_ENDS: - if uri.endswith(end): - return True - return False - -def _is_internal_request(domain, referer): - """ - Returns true if the referring URL is the same domain as the current request. - """ - # Different subdomains are treated as different domains. - return referer is not None and re.match("^https?://%s/" % re.escape(domain), referer) - -def _is_valid_path(path, urlconf=None): - """ - Returns True if the given path resolves against the default URL resolver, - False otherwise. - - This is a convenience method to make working with "is this a match?" cases - easier, avoiding unnecessarily indented try...except blocks. - """ - try: - urlresolvers.resolve(path, urlconf) - return True - except urlresolvers.Resolver404: - return False - diff --git a/parts/django/django/middleware/csrf.py b/parts/django/django/middleware/csrf.py deleted file mode 100644 index 67b02f0..0000000 --- a/parts/django/django/middleware/csrf.py +++ /dev/null @@ -1,298 +0,0 @@ -""" -Cross Site Request Forgery Middleware. - -This module provides a middleware that implements protection -against request forgeries from other sites. -""" - -import itertools -import re -import random - -from django.conf import settings -from django.core.urlresolvers import get_callable -from django.utils.cache import patch_vary_headers -from django.utils.hashcompat import md5_constructor -from django.utils.safestring import mark_safe - -_POST_FORM_RE = \ - re.compile(r'(<form\W[^>]*\bmethod\s*=\s*(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE) - -_HTML_TYPES = ('text/html', 'application/xhtml+xml') - -# Use the system (hardware-based) random number generator if it exists. -if hasattr(random, 'SystemRandom'): - randrange = random.SystemRandom().randrange -else: - randrange = random.randrange -_MAX_CSRF_KEY = 18446744073709551616L # 2 << 63 - -REASON_NO_REFERER = "Referer checking failed - no Referer." -REASON_BAD_REFERER = "Referer checking failed - %s does not match %s." -REASON_NO_COOKIE = "No CSRF or session cookie." -REASON_NO_CSRF_COOKIE = "CSRF cookie not set." -REASON_BAD_TOKEN = "CSRF token missing or incorrect." - - -def _get_failure_view(): - """ - Returns the view to be used for CSRF rejections - """ - return get_callable(settings.CSRF_FAILURE_VIEW) - - -def _get_new_csrf_key(): - return md5_constructor("%s%s" - % (randrange(0, _MAX_CSRF_KEY), settings.SECRET_KEY)).hexdigest() - - -def _make_legacy_session_token(session_id): - return md5_constructor(settings.SECRET_KEY + session_id).hexdigest() - - -def get_token(request): - """ - Returns the the CSRF token required for a POST form. The token is an - alphanumeric value. - - A side effect of calling this function is to make the the csrf_protect - decorator and the CsrfViewMiddleware add a CSRF cookie and a 'Vary: Cookie' - header to the outgoing response. For this reason, you may need to use this - function lazily, as is done by the csrf context processor. - """ - request.META["CSRF_COOKIE_USED"] = True - return request.META.get("CSRF_COOKIE", None) - - -def _sanitize_token(token): - # Allow only alphanum, and ensure we return a 'str' for the sake of the post - # processing middleware. - token = re.sub('[^a-zA-Z0-9]', '', str(token.decode('ascii', 'ignore'))) - if token == "": - # In case the cookie has been truncated to nothing at some point. - return _get_new_csrf_key() - else: - return token - - -class CsrfViewMiddleware(object): - """ - Middleware that requires a present and correct csrfmiddlewaretoken - for POST requests that have a CSRF cookie, and sets an outgoing - CSRF cookie. - - This middleware should be used in conjunction with the csrf_token template - tag. - """ - # The _accept and _reject methods currently only exist for the sake of the - # requires_csrf_token decorator. - def _accept(self, request): - # Avoid checking the request twice by adding a custom attribute to - # request. This will be relevant when both decorator and middleware - # are used. - request.csrf_processing_done = True - return None - - def _reject(self, request, reason): - return _get_failure_view()(request, reason=reason) - - def process_view(self, request, callback, callback_args, callback_kwargs): - if getattr(request, 'csrf_processing_done', False): - return None - - # If the user doesn't have a CSRF cookie, generate one and store it in the - # request, so it's available to the view. We'll store it in a cookie when - # we reach the response. - try: - # In case of cookies from untrusted sources, we strip anything - # dangerous at this point, so that the cookie + token will have the - # same, sanitized value. - request.META["CSRF_COOKIE"] = _sanitize_token(request.COOKIES[settings.CSRF_COOKIE_NAME]) - cookie_is_new = False - except KeyError: - # No cookie, so create one. This will be sent with the next - # response. - request.META["CSRF_COOKIE"] = _get_new_csrf_key() - # Set a flag to allow us to fall back and allow the session id in - # place of a CSRF cookie for this request only. - cookie_is_new = True - - # Wait until request.META["CSRF_COOKIE"] has been manipulated before - # bailing out, so that get_token still works - if getattr(callback, 'csrf_exempt', False): - return None - - if request.method == 'POST': - if getattr(request, '_dont_enforce_csrf_checks', False): - # Mechanism to turn off CSRF checks for test suite. It comes after - # the creation of CSRF cookies, so that everything else continues to - # work exactly the same (e.g. cookies are sent etc), but before the - # any branches that call reject() - return self._accept(request) - - if request.is_ajax(): - # .is_ajax() is based on the presence of X-Requested-With. In - # the context of a browser, this can only be sent if using - # XmlHttpRequest. Browsers implement careful policies for - # XmlHttpRequest: - # - # * Normally, only same-domain requests are allowed. - # - # * Some browsers (e.g. Firefox 3.5 and later) relax this - # carefully: - # - # * if it is a 'simple' GET or POST request (which can - # include no custom headers), it is allowed to be cross - # domain. These requests will not be recognized as AJAX. - # - # * if a 'preflight' check with the server confirms that the - # server is expecting and allows the request, cross domain - # requests even with custom headers are allowed. These - # requests will be recognized as AJAX, but can only get - # through when the developer has specifically opted in to - # allowing the cross-domain POST request. - # - # So in all cases, it is safe to allow these requests through. - return self._accept(request) - - if request.is_secure(): - # Strict referer checking for HTTPS - referer = request.META.get('HTTP_REFERER') - if referer is None: - return self._reject(request, REASON_NO_REFERER) - - # The following check ensures that the referer is HTTPS, - # the domains match and the ports match. This might be too strict. - good_referer = 'https://%s/' % request.get_host() - if not referer.startswith(good_referer): - return self._reject(request, REASON_BAD_REFERER % - (referer, good_referer)) - - # If the user didn't already have a CSRF cookie, then fall back to - # the Django 1.1 method (hash of session ID), so a request is not - # rejected if the form was sent to the user before upgrading to the - # Django 1.2 method (session independent nonce) - if cookie_is_new: - try: - session_id = request.COOKIES[settings.SESSION_COOKIE_NAME] - csrf_token = _make_legacy_session_token(session_id) - except KeyError: - # No CSRF cookie and no session cookie. For POST requests, - # we insist on a CSRF cookie, and in this way we can avoid - # all CSRF attacks, including login CSRF. - return self._reject(request, REASON_NO_COOKIE) - else: - csrf_token = request.META["CSRF_COOKIE"] - - # check incoming token - request_csrf_token = request.POST.get('csrfmiddlewaretoken', None) - if request_csrf_token != csrf_token: - if cookie_is_new: - # probably a problem setting the CSRF cookie - return self._reject(request, REASON_NO_CSRF_COOKIE) - else: - return self._reject(request, REASON_BAD_TOKEN) - - return self._accept(request) - - def process_response(self, request, response): - if getattr(response, 'csrf_processing_done', False): - return response - - # If CSRF_COOKIE is unset, then CsrfViewMiddleware.process_view was - # never called, probaby because a request middleware returned a response - # (for example, contrib.auth redirecting to a login page). - if request.META.get("CSRF_COOKIE") is None: - return response - - if not request.META.get("CSRF_COOKIE_USED", False): - return response - - # Set the CSRF cookie even if it's already set, so we renew the expiry timer. - response.set_cookie(settings.CSRF_COOKIE_NAME, - request.META["CSRF_COOKIE"], max_age = 60 * 60 * 24 * 7 * 52, - domain=settings.CSRF_COOKIE_DOMAIN) - # Content varies with the CSRF cookie, so set the Vary header. - patch_vary_headers(response, ('Cookie',)) - response.csrf_processing_done = True - return response - - -class CsrfResponseMiddleware(object): - """ - DEPRECATED - Middleware that post-processes a response to add a csrfmiddlewaretoken. - - This exists for backwards compatibility and as an interim measure until - applications are converted to using use the csrf_token template tag - instead. It will be removed in Django 1.4. - """ - def __init__(self): - import warnings - warnings.warn( - "CsrfResponseMiddleware and CsrfMiddleware are deprecated; use CsrfViewMiddleware and the template tag instead (see CSRF documentation).", - PendingDeprecationWarning - ) - - def process_response(self, request, response): - if getattr(response, 'csrf_exempt', False): - return response - - if response['Content-Type'].split(';')[0] in _HTML_TYPES: - csrf_token = get_token(request) - # If csrf_token is None, we have no token for this request, which probably - # means that this is a response from a request middleware. - if csrf_token is None: - return response - - # ensure we don't add the 'id' attribute twice (HTML validity) - idattributes = itertools.chain(("id='csrfmiddlewaretoken'",), - itertools.repeat('')) - def add_csrf_field(match): - """Returns the matched <form> tag plus the added <input> element""" - return mark_safe(match.group() + "<div style='display:none;'>" + \ - "<input type='hidden' " + idattributes.next() + \ - " name='csrfmiddlewaretoken' value='" + csrf_token + \ - "' /></div>") - - # Modify any POST forms - response.content, n = _POST_FORM_RE.subn(add_csrf_field, response.content) - if n > 0: - # Content varies with the CSRF cookie, so set the Vary header. - patch_vary_headers(response, ('Cookie',)) - - # Since the content has been modified, any Etag will now be - # incorrect. We could recalculate, but only if we assume that - # the Etag was set by CommonMiddleware. The safest thing is just - # to delete. See bug #9163 - del response['ETag'] - return response - - -class CsrfMiddleware(object): - """ - Django middleware that adds protection against Cross Site - Request Forgeries by adding hidden form fields to POST forms and - checking requests for the correct value. - - CsrfMiddleware uses two middleware, CsrfViewMiddleware and - CsrfResponseMiddleware, which can be used independently. It is recommended - to use only CsrfViewMiddleware and use the csrf_token template tag in - templates for inserting the token. - """ - # We can't just inherit from CsrfViewMiddleware and CsrfResponseMiddleware - # because both have process_response methods. - def __init__(self): - self.response_middleware = CsrfResponseMiddleware() - self.view_middleware = CsrfViewMiddleware() - - def process_response(self, request, resp): - # We must do the response post-processing first, because that calls - # get_token(), which triggers a flag saying that the CSRF cookie needs - # to be sent (done in CsrfViewMiddleware.process_response) - resp2 = self.response_middleware.process_response(request, resp) - return self.view_middleware.process_response(request, resp2) - - def process_view(self, request, callback, callback_args, callback_kwargs): - return self.view_middleware.process_view(request, callback, callback_args, - callback_kwargs) diff --git a/parts/django/django/middleware/doc.py b/parts/django/django/middleware/doc.py deleted file mode 100644 index 4f91503..0000000 --- a/parts/django/django/middleware/doc.py +++ /dev/null @@ -1,19 +0,0 @@ -from django.conf import settings -from django import http - -class XViewMiddleware(object): - """ - Adds an X-View header to internal HEAD requests -- used by the documentation system. - """ - def process_view(self, request, view_func, view_args, view_kwargs): - """ - If the request method is HEAD and either the IP is internal or the - user is a logged-in staff member, quickly return with an x-header - indicating the view function. This is used by the documentation module - to lookup the view function for an arbitrary page. - """ - if request.method == 'HEAD' and (request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or - (request.user.is_active and request.user.is_staff)): - response = http.HttpResponse() - response['X-View'] = "%s.%s" % (view_func.__module__, view_func.__name__) - return response diff --git a/parts/django/django/middleware/gzip.py b/parts/django/django/middleware/gzip.py deleted file mode 100644 index 47f75aa..0000000 --- a/parts/django/django/middleware/gzip.py +++ /dev/null @@ -1,38 +0,0 @@ -import re - -from django.utils.text import compress_string -from django.utils.cache import patch_vary_headers - -re_accepts_gzip = re.compile(r'\bgzip\b') - -class GZipMiddleware(object): - """ - This middleware compresses content if the browser allows gzip compression. - It sets the Vary header accordingly, so that caches will base their storage - on the Accept-Encoding header. - """ - def process_response(self, request, response): - # It's not worth compressing non-OK or really short responses. - if response.status_code != 200 or len(response.content) < 200: - return response - - patch_vary_headers(response, ('Accept-Encoding',)) - - # Avoid gzipping if we've already got a content-encoding. - if response.has_header('Content-Encoding'): - return response - - # MSIE have issues with gzipped respones of various content types. - if "msie" in request.META.get('HTTP_USER_AGENT', '').lower(): - ctype = response.get('Content-Type', '').lower() - if not ctype.startswith("text/") or "javascript" in ctype: - return response - - ae = request.META.get('HTTP_ACCEPT_ENCODING', '') - if not re_accepts_gzip.search(ae): - return response - - response.content = compress_string(response.content) - response['Content-Encoding'] = 'gzip' - response['Content-Length'] = str(len(response.content)) - return response diff --git a/parts/django/django/middleware/http.py b/parts/django/django/middleware/http.py deleted file mode 100644 index 75af664..0000000 --- a/parts/django/django/middleware/http.py +++ /dev/null @@ -1,51 +0,0 @@ -from django.core.exceptions import MiddlewareNotUsed -from django.utils.http import http_date - -class ConditionalGetMiddleware(object): - """ - Handles conditional GET operations. If the response has a ETag or - Last-Modified header, and the request has If-None-Match or - If-Modified-Since, the response is replaced by an HttpNotModified. - - Also sets the Date and Content-Length response-headers. - """ - def process_response(self, request, response): - response['Date'] = http_date() - if not response.has_header('Content-Length'): - response['Content-Length'] = str(len(response.content)) - - if response.has_header('ETag'): - if_none_match = request.META.get('HTTP_IF_NONE_MATCH', None) - if if_none_match == response['ETag']: - # Setting the status is enough here. The response handling path - # automatically removes content for this status code (in - # http.conditional_content_removal()). - response.status_code = 304 - - if response.has_header('Last-Modified'): - if_modified_since = request.META.get('HTTP_IF_MODIFIED_SINCE', None) - if if_modified_since == response['Last-Modified']: - # Setting the status code is enough here (same reasons as - # above). - response.status_code = 304 - - return response - -class SetRemoteAddrFromForwardedFor(object): - """ - This middleware has been removed; see the Django 1.1 release notes for - details. - - It previously set REMOTE_ADDR based on HTTP_X_FORWARDED_FOR. However, after - investiagtion, it turns out this is impossible to do in a general manner: - different proxies treat the X-Forwarded-For header differently. Thus, a - built-in middleware can lead to application-level security problems, and so - this was removed in Django 1.1 - - """ - def __init__(self): - import warnings - warnings.warn("SetRemoteAddrFromForwardedFor has been removed. " - "See the Django 1.1 release notes for details.", - category=DeprecationWarning) - raise MiddlewareNotUsed()
\ No newline at end of file diff --git a/parts/django/django/middleware/locale.py b/parts/django/django/middleware/locale.py deleted file mode 100644 index b5e4949..0000000 --- a/parts/django/django/middleware/locale.py +++ /dev/null @@ -1,25 +0,0 @@ -"this is the locale selecting middleware that will look at accept headers" - -from django.utils.cache import patch_vary_headers -from django.utils import translation - -class LocaleMiddleware(object): - """ - This is a very simple middleware that parses a request - and decides what translation object to install in the current - thread context. This allows pages to be dynamically - translated to the language the user desires (if the language - is available, of course). - """ - - def process_request(self, request): - language = translation.get_language_from_request(request) - translation.activate(language) - request.LANGUAGE_CODE = translation.get_language() - - def process_response(self, request, response): - patch_vary_headers(response, ('Accept-Language',)) - if 'Content-Language' not in response: - response['Content-Language'] = translation.get_language() - translation.deactivate() - return response diff --git a/parts/django/django/middleware/transaction.py b/parts/django/django/middleware/transaction.py deleted file mode 100644 index 96b1538..0000000 --- a/parts/django/django/middleware/transaction.py +++ /dev/null @@ -1,27 +0,0 @@ -from django.db import transaction - -class TransactionMiddleware(object): - """ - Transaction middleware. If this is enabled, each view function will be run - with commit_on_response activated - that way a save() doesn't do a direct - commit, the commit is done when a successful response is created. If an - exception happens, the database is rolled back. - """ - def process_request(self, request): - """Enters transaction management""" - transaction.enter_transaction_management() - transaction.managed(True) - - def process_exception(self, request, exception): - """Rolls back the database and leaves transaction management""" - if transaction.is_dirty(): - transaction.rollback() - transaction.leave_transaction_management() - - def process_response(self, request, response): - """Commits and leaves transaction management.""" - if transaction.is_managed(): - if transaction.is_dirty(): - transaction.commit() - transaction.leave_transaction_management() - return response |