django-cms 2.0.2 and Django 1.2 - 1.3

If you are running an old version of django-cms, you can still upgrade Django. I would strongly suggest doing this since it's very uncomplicated. However, if you are running django-cms 2.0, you should first upgrade to 2.0.2 and run the South migrations, which is also totally uncomplicated.

django-cms 1.x are most likely stuck on older versions of Django as well. I did once try to get them running on new Django versions but gave up.

Basically this guide just fixes a little bug in admin/pageadmin.py and a few issues regarding a missing csrf_token in the templates. It also means that django-cms 2.0.2 becomes SSL compatible. This is not backwards-compatible, however, so if you apply this stuff, your django-cms will no longer work with Django 1.1.

After upgrading to django 1.3.1 (also tested on 1.2.X btw), you need to make the following corrections manually in your django-cms installation.

1) Edit cms/admin/pageadmin.py, line 59 to say:

    exclude = []

2) Edit cms/templates/admin/cms/page/plugin_change_form.html, line 77, by adding the csrf_token tag:

{% block form_top %}{% endblock %}  
{% csrf_token %}

2.1) Do the same in cms/templates/admin/cms/page/change_form.html, line 99:

{% block form_top %}{% endblock %}  
{% csrf_token %}

2.2) Do the same in cms/templates/admin/cms/page/dialog/base.html, line 5:

                {% block form %}{% if form %}{% csrf_token %}{{ form.as_p }}{% endif %}{% endblock %}

3) Ensure that you have CsrfViewMiddleware and CsrfResponseMiddleware installed. Your settings.py should contain something like this:

MIDDLEWARE_CLASSES = (  
    'django.middleware.common.CommonMiddleware',  
    'django.contrib.sessions.middleware.SessionMiddleware',  
    'django.middleware.csrf.CsrfViewMiddleware',  
    'django.middleware.csrf.CsrfResponseMiddleware',  
    'django.contrib.auth.middleware.AuthenticationMiddleware',  
    'django.contrib.messages.middleware.MessageMiddleware',  
    'cms.middleware.page.CurrentPageMiddleware',  
    'cms.middleware.user.CurrentUserMiddleware',  
)

5) Finally, you need to bring in a file from later django-cms, csrf.js (github revision that I used). Place it in media/cms/js/.

6) Add csrf.js to cms/admin/widgets.py in PluginEditor.media, around line 17:

    class Media:  
        js = [join(settings.CMS_MEDIA_URL, path) for path in (  
            'js/lib/jquery.js',  
            'js/lib/ui.core.js',  
            'js/lib/ui.sortable.js',  
            'js/csrf.js',  
            'js/plugin_editor.js',  
        )]

7) Add this around line 97 in cms/media/cms/js/change_list.js:

    $(document).ready(function() {  
        $.fn.cmsPatchCSRF();  
        selected_page = false;  
        action = false;

8) Do the same in cms/media/cms/js/plugin_editor.js at the first line:

$(document).ready(function() {  
    $.fn.cmsPatchCSRF();

9) Do the same in cms/plugins/text/templates/cms/plugins/widgets/wymeditor.html line 12:

$(document).ready(function() {  
    $.fn.cmsPatchCSRF();

10) ...and also in cms/plugins/text/templates/cms/plugins/widgets/wymeditor.html line 2, insert:

11) In /cms/templates/admin/cms/page/change_list.html you should also include csrf.js, around line 33:

<script type="text/javascript" src="{{ CMS_MEDIA_URL }}js/csrf.js"></script>  
<script type="text/javascript" src="{{ CMS_MEDIA_URL }}js/change_list.js"></script>