If you are running an old version of django-cms, you can still upgrade Django. I would strongly suggest doing this since it's very uncomplicated. However, if you are running django-cms 2.0, you should first upgrade to 2.0.2 and run the South migrations, which is also totally uncomplicated.
django-cms 1.x are most likely stuck on older versions of Django as well. I did once try to get them running on new Django versions but gave up.
Basically this guide just fixes a little bug in admin/pageadmin.py and a few issues regarding a missing csrf_token in the templates. It also means that django-cms 2.0.2 becomes SSL compatible. This is not backwards-compatible, however, so if you apply this stuff, your django-cms will no longer work with Django 1.1.
After upgrading to django 1.3.1 (also tested on 1.2.X btw), you need to make the following corrections manually in your django-cms installation.
1) Edit cms/admin/pageadmin.py, line 59 to say:
exclude = []
2) Edit cms/templates/admin/cms/page/plugin_change_form.html, line 77, by adding the csrf_token tag:
{% block form_top %}{% endblock %}
{% csrf_token %}
2.1) Do the same in cms/templates/admin/cms/page/change_form.html, line 99:
{% block form_top %}{% endblock %}
{% csrf_token %}
2.2) Do the same in cms/templates/admin/cms/page/dialog/base.html, line 5:
{% block form %}{% if form %}{% csrf_token %}{{ form.as_p }}{% endif %}{% endblock %}
3) Ensure that you have CsrfViewMiddleware and CsrfResponseMiddleware installed. Your settings.py should contain something like this:
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.middleware.csrf.CsrfResponseMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'cms.middleware.page.CurrentPageMiddleware',
'cms.middleware.user.CurrentUserMiddleware',
)
5) Finally, you need to bring in a file from later django-cms, csrf.js (github revision that I used). Place it in media/cms/js/.
6) Add csrf.js to cms/admin/widgets.py in PluginEditor.media, around line 17:
class Media:
js = [join(settings.CMS_MEDIA_URL, path) for path in (
'js/lib/jquery.js',
'js/lib/ui.core.js',
'js/lib/ui.sortable.js',
'js/csrf.js',
'js/plugin_editor.js',
)]
7) Add this around line 97 in cms/media/cms/js/change_list.js:
$(document).ready(function() {
$.fn.cmsPatchCSRF();
selected_page = false;
action = false;
8) Do the same in cms/media/cms/js/plugin_editor.js at the first line:
$(document).ready(function() {
$.fn.cmsPatchCSRF();
9) Do the same in cms/plugins/text/templates/cms/plugins/widgets/wymeditor.html line 12:
$(document).ready(function() {
$.fn.cmsPatchCSRF();
10) ...and also in cms/plugins/text/templates/cms/plugins/widgets/wymeditor.html line 2, insert:
11) In /cms/templates/admin/cms/page/change_list.html you should also include csrf.js, around line 33:
<script type="text/javascript" src="{{ CMS_MEDIA_URL }}js/csrf.js"></script>
<script type="text/javascript" src="{{ CMS_MEDIA_URL }}js/change_list.js"></script>