Commit Graph

10754 Commits

Author SHA1 Message Date
Alex Gaynor 58176dee88 Use the stdlib's compare_digest for constant time comparisons when available 2014-04-22 14:45:00 -07:00
Florian Apolloner f286721f7f Fixed #22426 -- Added support old-style d.c.messages format.
Forward ported code from 1.5 that adds backwards compatibility with legacy message length.
See commit 9e7183073f for details.

Thanks to Ofir Ovadia for the initial patch.
2014-04-22 10:46:18 +02:00
Erik Romijn 75c0d4ea3a Fixed queries that may return unexpected results on MySQL due to typecasting.
This is a security fix; disclosure to follow shortly.
2014-04-21 18:11:26 -04:00
Aymeric Augustin c083e3815a Prevented leaking the CSRF token through caching.
This is a security fix. Disclosure will follow shortly.
2014-04-21 18:11:26 -04:00
Tim Graham 8b93b31487 Fixed a remote code execution vulnerabilty in URL reversing.
Thanks Benjamin Bach for the report and initial patch.

This is a security fix; disclosure to follow shortly.
2014-04-21 18:11:26 -04:00
Claude Paroz ab90c4707b Fixed table cleanup in GIS migration tests 2014-04-21 23:08:00 +02:00
Claude Paroz 1667e736a7 Fixed PostGIS remove_field implementation
Fixed bad code introduced in 2f9d1576e8.
2014-04-21 22:42:11 +02:00
Claude Paroz 2f9d1576e8 Fixed removal of GIS column in PostGIS 1.x migration
Refs #22481.
2014-04-21 21:17:14 +02:00
Claude Paroz fb09a489ca Fixed adding new GIS column in PostGIS 1.x migration
Refs #22451.
2014-04-21 20:58:09 +02:00
Florian Apolloner 405b13fe83 Fixed migrate when called inside a transaction.
This is useful for tests manually calling migrate inside a testcase,
for normal usage this should make no difference, since there is no
surrounding transaction after all. If there is one we still try to
leave the transaction in a useable state (for postgres at least).

If this commit turns out to be causing issues, settings savepoint=False
is probably the right fix :)
2014-04-21 15:37:12 +02:00
Aymeric Augustin 428c0bbe1b Appeased flake8 2.1.0. 2014-04-21 12:27:34 +02:00
Tim Graham 471fb04a30 Fixed flake8 errors. 2014-04-20 13:08:04 -04:00
Andrew Gorcester 956bd64424 Fixed #22397 -- Issues removing M2M field with explicit through model
Changed the migration autodetector to remove models last so that FK
and M2M fields will not be left as dangling references. Added a check
in the migration state renderer to error out in the presence of
dangling references instead of leaving them as strings. Fixed a bug
in the sqlite backend to handle the deletion of M2M fields with
"through" models properly (i.e., do nothing successfully).

Thanks to melinath for report, loic for tests and andrewgodwin and
charettes for assistance with architecture.
2014-04-18 16:44:47 -04:00
Claude Paroz 275811a93c Adapted fixture read mode to file type
Binary mode added in ed532a6a1e is not supported by ZipFile.
Refs #22399.
2014-04-18 18:54:46 +02:00
Claude Paroz ed532a6a1e Fixed #22399 -- Forced fixture reading in binary mode
This might help on systems where default encoding is not UTF-8 (and
on Python 3).
Thanks bacilla for the report.
2014-04-18 17:55:35 +02:00
amatellanes 8394e570ba Fixed #22465 -- New assertion assertJSONNotEqual 2014-04-18 15:11:08 +07:00
Simon Charette 0d397e5a5b Revert "Fixed #22397 -- Issues removing M2M field with explicit through model."
This reverts commit 00e3b9a2a9.

It's causing a regression when tested with the proxy_model_inheritance tests.
2014-04-18 01:27:30 -04:00
Moayad Mardini 214d1e1b0f Fixed #22454 - Changed compatibility warning hint
The warning hint of `_check_test_runner` of 1.6 compatibility had a link
to a general release note. The link should be edited to refer the
relevant "Backwards incompatible changes in 1.6" section that documents
the cause and the possible solutions and workarounds of the warning.
2014-04-17 20:41:25 -04:00
Tim Graham 11e30b684d Fixed a KeyError on login with legacy sessions; refs #21649.
Thanks Loic for the report.
2014-04-17 19:57:20 -04:00
Donald Stufft ecff136f69 Merge pull request #2582 from alex/stdlib-pbkdf2hmac
Use the stdlib's PBKDF2 implementation when available.
2014-04-17 16:01:17 -04:00
Claude Paroz c082f3c74c Fixed #22456 -- Replaced 900913 EPSG code by 3857 in some tests
3857 is now the official EPSG code for the Google spherical mercator
projection and some recent versions of GDAL do not recognize 900913
any longer.
Thanks Tim Graham for the report and initial patch.
2014-04-17 21:18:07 +02:00
Alex Gaynor 7283c21173 For another day 2014-04-17 11:07:19 -07:00
Alex Gaynor 21a1fddcc4 Typo fix 2014-04-17 11:04:57 -07:00
Alex Gaynor cb68eb3e6d Use the stdlib's PBKDF2 implementation when available.
This is a bit faster than ours, which is good, because it lets you increase
the iteration counts.

This will be used on Python 3.4+, and, pending the acceptance of PEP466, on
newer Python 2.7s.
2014-04-17 11:02:42 -07:00
Andrew Gorcester 00e3b9a2a9 Fixed #22397 -- Issues removing M2M field with explicit through model.
Changed the migration autodetector to remove models last so that FK
and M2M fields will not be left as dangling references. Added a check
in the migration state renderer to error out in the presence of
dangling references instead of leaving them as strings. Fixed a bug
in the sqlite backend to handle the deletion of M2M fields with
"through" models properly (i.e., do nothing successfully).

Thanks to melinath for report, loic for tests and andrewgodwin and
charettes for assistance with architecture.
2014-04-17 12:54:35 -04:00
Tim Graham 47927eb786 Revert "Fixed #22401 -- Deprecated regular expression parsing of initial SQL in favor of installing sqlparse."
This reverts commit 071c933775.

This introduced a regression on MySQL and custom SQL is deprecated.
2014-04-16 21:03:22 -04:00
Justin Hamade a13df671a5 Fixed #22434 -- Retain ordering on related sliced subqueries.
Thanks maciej.pawlisz for the report, and charettes for the review.
2014-04-16 17:57:11 -04:00
Simon Charette 79f05616fb Fixed flake8 warnings introduced in recent commits. 2014-04-16 16:49:37 -04:00
Motiejus Jakštys 0e45669fa9 Fixed #22460 -- Explicity remove constraints when dropping a related field. 2014-04-16 15:38:31 -04:00
Marc Egli 0bcc92c691 Fixed #22356 -- Added a check to make sure unique_together fields are local. 2014-04-14 16:49:40 -04:00
Jacob R. Rothenbuhler 17c1884456 Fixed #22369 -- Added count parameter to assertTemplateUsed 2014-04-14 15:55:10 -04:00
Simon Charette 72d3889db4 Fixed #22350 -- Consistently serialize bytes and text in migrations.
Thanks to @treyhunner and Loïc for their suggestions and review.
2014-04-13 18:22:26 -04:00
valtron d3b71b976d Fixed #21760 -- prefetch_related used an inefficient query for reverse FK.
Regression introduced by commit 9777442. Refs #21410.
2014-04-13 00:34:16 +07:00
Claude Paroz 3417ba0309 Also allowed a non-overridden setting to be deleted
Refs #20032, #18824. Thanks ztorstri at gmail.com for the report.
2014-04-12 15:33:22 +02:00
Claude Paroz 3e3a7372f5 Fixed #22102 -- Made SimpleTestCase tests run before unittest.TestCase ones
Thanks aptiko for the reporti and Tim Graham for the review.
2014-04-12 11:42:06 +02:00
Aymeric Augustin 476db08b16 Improved a comment. Thanks intgr for the report. 2014-04-11 23:01:00 +02:00
Aymeric Augustin ee837b9a22 Increased robustness of 58161e4e. Refs #22291. 2014-04-10 21:22:47 +02:00
Aymeric Augustin 8176150850 Fixed #21202 -- Maintained atomicity when the server disconnects.
Thanks intgr for the report.

This commit doesn't include a test because I don't know how to emulate a
database disconnection in a cross-database compatible way.

Also simplified a 'backends' test that was constrained by this problem.
2014-04-10 21:22:47 +02:00
Aymeric Augustin 25860096f9 Fixed #21239 -- Maintained atomicity when closing the connection.
Refs #15802 -- Reverted #7c657b24 as BaseDatabaseWrapper.close() now
has a proper "finally" clause that may need to preserve self.connection.
2014-04-10 20:57:43 +02:00
Aymeric Augustin 3becac8484 Fixed #22321 -- Wrapped exceptions in _set_autocommit.
Refs #21202.
2014-04-10 20:16:12 +02:00
John Paulett b5a9166f7e Fixed #22364 -- Sanitized getpass input in changepassword.
Python 2 getpass on Windows does not accept unicode, even
when containing on ASCII characters. Related #190807.
2014-04-10 13:15:37 -04:00
Tomasz Wysocki ea5a984704 Refactored some code in SelectDateWidget. 2014-04-10 13:03:23 -04:00
Tim Graham 395d75ea6b Fixed #22194 -- Added --list-tags option to check command.
Thanks Elvard for the patch.
2014-04-10 09:43:55 -04:00
Tim Graham b513fa5fc6 Fixed #22195 -- Used constants to define built-in tags for check framework.
Thanks Elvard for the patch.
2014-04-10 08:45:48 -04:00
Shai Berger f095356ba2 Fixed #22343 -- Disallowed select_for_update in autocommit mode
The ticket was originally about two failing tests, which are
fixed by putting their queries in transactions.

Thanks Tim Graham for the report, Aymeric Augustin for the fix,
and Simon Charette, Tim Graham & Loïc Bistuer for review.
2014-04-10 03:04:51 +03:00
julien 'pouete' Godin 071c933775 Fixed #22401 -- Deprecated regular expression parsing of initial SQL in favor of installing sqlparse. 2014-04-09 19:25:07 -04:00
Aymeric Augustin 5f2f47fdfc Fixed #21553 -- Ensured unusable database connections get closed. 2014-04-09 22:41:33 +02:00
Aymeric Augustin 2791fbf59d Used more specific test assertions. 2014-04-09 22:20:22 +02:00
e0ne 2aaa045c61 Fixed #13408 -- Deprecated silent unpacking exception passing in for template tag.
Thanks peterbe for the suggestion.
2014-04-08 13:55:17 -04:00
Tim Graham 3cba90f22a Fixed #21084 -- Used proxy model's content type for admin log entries.
(the previous commit included only the test)
2014-04-07 09:04:49 -04:00