Commit Graph

19691 Commits

Author SHA1 Message Date
Tim Graham 1913c1ac21 Added today's security issues to the archive. 2015-01-13 14:44:08 -05:00
Tim Graham 7ecd654497 Removed blank lines from docs/releases/security.txt 2015-01-13 14:37:30 -05:00
Tim Graham cbbe6a6abb Added dates to release notes. 2015-01-13 13:08:57 -05:00
Tim Graham baf2542c4f Fixed DoS possibility in ModelMultipleChoiceField.
This is a security fix. Disclosure following shortly.

Thanks Keryn Knight for the report and initial patch.
2015-01-13 13:03:06 -05:00
Tim Graham a3bebfdc34 Ensured views.static.serve() doesn't use large memory on large files.
This issue was fixed in master by refs #24072.
2015-01-13 13:03:06 -05:00
Tim Graham 69b5e66738 Fixed is_safe_url() to handle leading whitespace.
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Carl Meyer 316b8d4974 Stripped headers containing underscores to prevent spoofing in WSGI environ.
This is a security fix. Disclosure following shortly.

Thanks to Jedediah Smith for the report.
2015-01-13 13:03:05 -05:00
Tim Graham 958aeda4b5 Added stub release notes for security releases. 2015-01-13 13:03:05 -05:00
Collin Anderson e7771ec380 Fixed bad model example in admin docs. 2015-01-13 11:53:03 -05:00
Claude Paroz e084ff01f2 Fixed #24136 -- Prevented crash when convert_extent input is None
Thanks Max Demars for the report.
2015-01-13 17:27:11 +01:00
Michał Modzelewski 65246de7b1 Fixed #24031 -- Added CASE expressions to the ORM. 2015-01-12 18:15:34 -05:00
Shai Berger aa8ee6a573 Fixed test failures in Oracle introspection
Refs #17785
2015-01-13 01:00:09 +02:00
Tim Graham 5d7217dce3 Fixed typo in docs/release/1.8.txt & added word for spelling check. 2015-01-12 17:53:32 -05:00
Josh Schneier 3844ccc958 Fixed #24138 -- Added modelform_factory to __all__. 2015-01-12 17:44:06 -05:00
Josh Smeaton 21b858cb67 Fixed #24060 -- Added OrderBy Expressions 2015-01-13 09:39:55 +11:00
Claude Paroz f48e2258a9 Fixed #24133 -- Replaced formatting syntax in success_url placeholders
Thanks Laurent Payot for the report, and Markus Holtermann, Tim Graham
for the reviews.
2015-01-12 22:51:22 +01:00
Aymeric Augustin 5f7230e12f Fixed #24124 (again) -- Updated tests with new default context_processors.
Thanks Collin for the review.
2015-01-12 22:31:44 +01:00
Aymeric Augustin 511a53b314 Avoided exceptions in admindocs' template detail view.
This is marginally better than crashing when several Django template
engines are configured in a project.

Refs #24125.
2015-01-12 21:01:34 +01:00
Aymeric Augustin 3bba4b420e Avoided exceptions in a non-critical check in the admin.
This change makes it possible to configure several Django template
engines in a project and still use the admin. On the flip side the
check is silently skipped when no Django template engine is configured.
2015-01-12 21:01:34 +01:00
Aymeric Augustin 6b5113ec94 Made debug views not crash when there isn't a default template engine. 2015-01-12 21:01:34 +01:00
Aymeric Augustin 79deb6a071 Accounted for multiple template engines in template responses. 2015-01-12 21:01:34 +01:00
Aymeric Augustin a3e783fe11 Deprecated passing a Context to a generic Template.render.
A deprecation path is required because the return type of
django.template.loader.get_template changed during the
multiple template engines refactor.

test_csrf_token_in_404 was incorrect: it tested the case when the
hardcoded template was rendered, and that template doesn't depend on the
CSRF token. This commit makes it test the case when a custom template is
rendered.
2015-01-12 21:01:34 +01:00
Aymeric Augustin 71b7668b75 Rewrapped TemplateSyntaxError in Jinja2 backend.
Changed import style to avoid confusion between Django's and Jinja2's
APIs.
2015-01-12 21:01:34 +01:00
Claude Paroz 4c413e231c Fixed #17785 -- Preferred column names in get_relations introspection
Thanks Thomas Güttler for the report and the initial patch, and
Tim Graham for the review.
2015-01-12 19:58:47 +01:00
Muthiah Annamalai b75c707943 Fixed #24089 -- Added check for when ModelAdmin.fieldsets[1]['fields'] isn't a list/tuple. 2015-01-12 13:47:58 -05:00
Markus Holtermann eeb88123e7 Fixed #24129 -- Added indicator that migrations are rendering the initial state
Thanks Tim Graham for the review.
2015-01-12 19:23:46 +01:00
Tim Graham 9f51d0c86d Fixed test from refs #23913 when running tests in reverse. 2015-01-12 13:20:44 -05:00
Collin Anderson 26a92619f6 Fixed #24124 -- Changed context_processors in the default settings.py 2015-01-12 13:17:44 -05:00
Markus Holtermann bbbed99f62 Fixed #24123 -- Used all available migrations to generate the initial migration state
Thanks Collin Anderson for the input when creating the patch and Tim Graham for the review.
2015-01-12 18:39:18 +01:00
Ng Zhi An 8f5d6c77b6 Fixed #23878 -- Moved Query and Prefetch documentation 2015-01-12 11:35:20 -05:00
Collin Anderson 58833f5197 Made Django's templates get their own LANGUAGE_* variables.
Refs #24117
2015-01-12 10:54:59 -05:00
Pavel Shpilev a7c256cb54 Fixed #9893 -- Allowed using a field's max_length in the Storage. 2015-01-12 09:09:18 -05:00
Marc Tamlyn b5c1a85b50 Fixed #24118 -- Added --debug-sql option for tests.
Added a --debug-sql option for tests and runtests.py which outputs the
SQL logger for failing tests. When combined with --verbosity=2, it also
outputs the SQL for passing tests.

Thanks to Berker, Tim, Markus, Shai, Josh and Anssi for review and
discussion.
2015-01-12 08:16:08 +00:00
Claude Paroz 68a439a18d Removed supports_binary_field flag as all backends support them
It was mainly for MySQL on Python 3, but now the current
recommended MySQL driver for Python 3 (mysqlclient) does support
binary fields, it is unneeded. Refs #20377.
2015-01-11 23:34:47 +01:00
Ola Sitarska d563e3be68 Fixed #23913 -- Deprecated the `=` comparison in `if` template tag. 2015-01-11 15:21:01 -05:00
Claude Paroz 412066e71e Revert "Marked a test as an expected failure on MySQL and Python 3.2."
This reverts commit 832b4a5722.
We officially don't support MySQL on Python 3.2. Refs #20380.
2015-01-11 20:59:07 +01:00
Tim Graham 28de5cd4de Fixed spelling errors in docs. 2015-01-11 13:24:13 -05:00
Markus Holtermann be158e3625 Refs #24110 -- Added a more descriptive release note and fixed a spelling mistake. 2015-01-11 00:30:47 +01:00
Markus Holtermann fdc2cc9487 Fixed #24110 -- Rewrote migration unapply to preserve intermediate states 2015-01-10 23:14:15 +01:00
Aymeric Augustin d89019a84d Improved template ugrading docs.
Recommending Template(template_code) was dumb. Described alternatives.
2015-01-10 21:11:58 +01:00
Aymeric Augustin f01306a6d8 Updated templates API reference.
Accounted for multiple template engines and made a few small fixes.
2015-01-10 20:17:22 +01:00
Aymeric Augustin 4797af2bb8 Updated custom template tags how-to.
Accounted for multiple template engines and made a few small fixes.
2015-01-10 20:17:22 +01:00
Aymeric Augustin 3d495cfd77 Added release notes and upgrade instructions for templates. 2015-01-10 20:17:20 +01:00
Aymeric Augustin ee8d5b91e9 Wrote main documentation for templates. 2015-01-10 20:16:19 +01:00
Aymeric Augustin 6c392bb2c0 Moved doc on the DTL's syntax to the ref/ section.
This makes room for a more general introduction about templating.

Updated some links to point to the new location, but kept those that
didn't talk specifically about the DTL.
2015-01-10 19:41:14 +01:00
Claude Paroz b86107ced1 Fixed #24114 -- Improved error message in GEOSGeometry constructor 2015-01-10 18:53:55 +01:00
Simon Charette 07988744b3 Fixed #13165 -- Added edit and delete links to admin foreign key widgets.
Thanks to Collin Anderson for the review and suggestions and Tim for the
final review.
2015-01-10 12:24:52 -05:00
Marc Tamlyn 48ad288679 Fixed #24001 -- Added range fields for PostgreSQL.
Added support for PostgreSQL range types to contrib.postgres.

- 5 new model fields
- 4 new form fields
- New validators
- Uses psycopg2's range type implementation in python
2015-01-10 16:18:19 +00:00
Marc Tamlyn 916e38802f Move % addition to lookups, refactor postgres lookups.
These refactorings making overriding some text based lookup names on
other fields (specifically `contains`) much cleaner. It also removes a
bunch of duplication in the contrib.postgres lookups.
2015-01-10 16:18:19 +00:00
Serafeim Papastefanos 74f02557e0 Fixed #23967 -- Added formats for Greek 2015-01-10 11:10:26 -05:00