Reverts to changeset 435, and just add {% csrf_token %} to template forgot_pw.html, since CSRF protection seems to be only here (surely because of django.contrib.auth.views).

Fix side effects with csrf token, add csrf_token to every post form + add ajax (see http://stackoverflow.com/questions/5100539/django-csrf-check-failing-with-an-ajax-post-request), remove django.middleware.csrf.CsrfViewMiddleware ?!

Avoids HTTP 403 on login and reset/change password, seehttps://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ref-contrib-csrf.

Avoids HTTP 403 on reset password, seehttps://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ref-contrib-csrf.

Fixed comments filter by name when name is empty

Fixed bad string for export to ms-word 2007.

Added export in .doc and .docx formats.

Respect order by scope in show all comments or show all detached comments.

Fixed sort with y is NoneType.

CSS for filter.

Fixed author when there is none.

Still use --sanitize-html for pandoc 1.5.1.1.

Smaller size for text input form elements in filter.

Added 'me' and 'author' in filter by name.

Fix some javascript error with IE8 (getElementsByClassName() is unknown).

Removes <a> tags inside toc + adjusts height of toc.

Better positionning of table of contents.

Hides button if table of contents is empty.

Adds a table of content.

Prevents javascript error, when iframe is not ready and therefore iframe_onload function is not available.

Still use --sanitize-html for pandoc 1.5.1.1.

Just a typo.

After investigations, commit the proposed patch by kklimonda presented with the following introduction : cm/templates/site/login_form.html template uses a relative url for the form action, which seems to break deployment in the subfolder when trailing slash is missing (the form redirects to the upper folder breaking login). Using {% url login %} (as in the attached patch) instead would fix the issue.

Adds rtfas input formats when converting with abiword.