Commit Graph

13906 Commits

Author SHA1 Message Date
Florian Apolloner 1fa8c612fc [1.5.x] Stopped a test from executing queries at the module level.
Currently module level queries are executed against the real database
(specified in NAME) instead of the test database; since it is to late
to fix this for 1.6, we at least ensures stable builds. Refs #21443.

Backport of 4fcc1e4ad8 from master.
2013-09-22 23:07:54 +02:00
Florian Apolloner 18fe77e4ed [1.5.x] Fixed "Address already in use" from liveserver.
Our WSGIServer rewrapped the socket errors from server_bind into
WSGIServerExceptions, which is used later on to provide nicer
error messages in runserver and used by the liveserver to see if
the port is already in use. But wrapping server_bind isn't enough since
it only binds to the socket, socket.listen (which is called from
server_activate) could also raise "Address already in use".

Instead of overriding server_activate too I chose to just catch socket
errors, which seems to make more sense anyways and should be more robust
against changes in wsgiref.

Backport of 2ca00faa91 from master
2013-09-22 22:08:59 +02:00
Ramiro Morales b5eddde095 [1.5.x] Reference Meta.index_together in DB performance guide.
9dc45efeba from master.
2013-09-22 14:07:36 -03:00
Ramiro Morales 8e51bea4fb [1.5.x] Fixed a couple of typos in GeoDjango docs.
8b366a50f4 from master.
2013-09-22 14:07:14 -03:00
mlissner 177270ea73 [1.5.x] Correct very minor typo
Just changed as to has.

Backport of d8f2d940cc from master
2013-09-21 18:18:46 -04:00
Michael DiBernardo 61b685847e [1.5.x] Fixed #21137 -- Documented best practice for URLconfs with repeated pattern prefixes.
Backport of 222460a994 from master
2013-09-21 18:18:26 -04:00
Curtis Maloney b8e7730f3e [1.5.x] Fixed #21133 -- Clarifed documentation about strftime formatting.
Backport of 43a2ec7999 from master
2013-09-21 06:56:17 -04:00
Markus Amalthea Magnuson b541cf24d0 [1.5.x] Added missing "in" in sentence.
Backport of 2c5c422d34 from master
2013-09-19 13:29:56 -04:00
Tim Graham 1ef9a296da [1.5.x] Added __pycache__ to gitignore
Backport of 55b9bff07f from master
2013-09-19 06:38:01 -04:00
Russell Keith-Magee 75c0aa43d3 [1.5.x] Fixed #21121: Added archive of security issues.
Backport of 9d3e60a, 8e134c2, 8b3bae9, c65ae7c, bbabc53,
and a2e25e8 from master.
2013-09-19 15:07:29 +08:00
Florian Apolloner 87c8de2a06 Revert "[1.5.x] Silenced last sporadic failure on 1.5."
This reverts commit 6a708cd654.

Reverted since it only moved the failures to some other tests and it apperently
only worked by accident. Patched selenium for now to include:
https://github.com/SeleniumHQ/selenium/pull/118
which seems to be the root cause for sporadic extra requests to the live server,
which then cause all sorts of issues.
2013-09-18 16:54:30 +02:00
Tim Graham 72f7932cfb [1.5.x] Fixed #21118 -- Isolated a test that uses the database.
Thanks rmboggs for the report.

Backport of 4f40b97d97 from master
2013-09-18 09:43:34 -04:00
Florian Apolloner 6a708cd654 [1.5.x] Silenced last sporadic failure on 1.5.
This commit is a last resort; technically the test is correct but our testsuite
has some threading issues when LiveServer is used. Since this will never get
fixed in 1.5 and apperently doesn't get triggered on 1.6 we just make sure the
test doesn't error out. I am not 100% sure why this actually fixes the issue,
but this is still better than having failing builds wheneever we do a security
release for 1.5.

(Tested on jenkins itself, should work (tm)).
2013-09-17 22:33:11 +02:00
Florian Apolloner 3c3b3fc10b [1.5.x] Final attempt to solve sporadic test failures.
tearDownClass is not called if setUpClass throws an exception, in our case
this means that LiveServerTestCase leaks LiveServerThread sockets if the
test happens to be skipped later on, and AdminSeleniumWebDriverTestCase
doesn't close it's already open browser window. To prevent this leakage
we catch errors where needed and manually call _tearDownClassInternal.
_tearDownClassInternal should be written as defensively as possible since
it is not allowed to make any assumptions on how far setUpClass got.

This patch should fix the sporadic "Address already in use"-errors on jenkins
and also the "This code isn't under transaction management"-error for sqlite
(also just on jenkins).

After discussion with koniiiik, jezdez, kmtracey, tos9, lifeless, nedbat and
voidspace it was decided that this is the safest approach (thanks to everyone
for their comments and help). Manually calling tearDownClass was shut down
cause we don't know how our users override our classes.

This is a private and very specialized API on purpose and should not be used
without a strong reason!

This patch partially reverts the earlier attempts to fix those issues,
namely:
	2fa0dd73b1 and
	3c5775d36f

Final note: If this patch breaks in a later version of Django, please be
very careful on how you fix it, you might not see test failures locally.
That said, this patch hopefully doesn't produce even more failures.

Backport of 73a610d2a8 from master.
2013-09-17 18:42:19 +02:00
Ramiro Morales efcf4d2bd9 [1.5.x] Reworded a paragraph in the logging docs.
9d12f68a53 from master.
2013-09-16 17:53:02 -03:00
Tim Graham 12a30e9221 [1.5.x] Cleaned up 1.5.4/1.4.8 release notes
Backport of 8d29005524 from master
2013-09-15 14:25:34 -04:00
Tim Graham ae5f4a04b4 [1.5.x] Bump version post-release. 2013-09-15 12:59:53 -04:00
Florian Apolloner 4770fc1c62 [1.5.x] (Hopefully) fixed a failure in a selenium test.
No forward port to 1.6 since it has new transactionmanagement. The
wait_page_loaded should ensure that the liveserver has time to tear
down properly after the submit.
2013-09-15 10:44:29 +02:00
James Bennett 4607c7325d [1.5.x] Add release notes and bump version numbers for 1.5.4 security release. 2013-09-15 00:29:31 -06:00
Russell Keith-Magee 22b74fa09d [1.5.x] Ensure that passwords are never long enough for a DoS.
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
 * Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.

Backport of aae5a96d57 from master.
2013-09-15 13:48:15 +08:00
Minjong Chung e66fe357b2 Fixed #21102 -- pickling a QuerySet with prefetches twice
Fixed the bug that a QuerySet that prefetches related objects cannot be
pickled and unpickled more than once (The second pickling attempt
raises an exception).

Added a new test for the queryset pickling idempotency.

The bug was introduced by
bac187c0d8.
2013-09-14 10:03:03 +03:00
Goetz dbc2e8eb73 [1.5.x] Fixed #21101 -- Updated urlize documentation to mention email addresses
Backport of 39b49fd339 from master
2013-09-13 12:42:47 -04:00
Tim Graham 61de57260b [1.5.x] Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.auth
Thanks Collin Anderson for the report.

Backport of 425d076d0c from master
2013-09-13 09:40:15 -04:00
Tim Graham 7cfb5243f1 [1.5.x] Fixed #21094 -- Updated reuseable apps tutorial to use pip for installation.
Thanks ylb415 at gmail.com for the suggestion.

Backport of e4aab1bb8d from master
2013-09-13 09:30:20 -04:00
Kevin Christopher Henry 61867e226d [1.5.x] Documentation -- added instructions on working with pull requests
Since non-core contributors are asked to review patches, instructions
on working with pull requests were added to the Working with Git and
GitHub page (based on the existing instructions in the core
committers page).

Backport of 990ce9aab9 from master
2013-09-13 08:27:28 -04:00
Tim Graham 169594f5ae [1.5.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH.
Thanks EvilDMP for the report and Russell Keith-Magee
for the draft text.

Backport of da843e7dba from master
2013-09-11 08:18:52 -04:00
Kevin Christopher Henry 2a7d3030f9 [1.5.x] Documentation -- Improved description of cache arguments
- Fixed some grammar and formatting mistakes
- Added the type and default for CULL_FREQUENCY
- Made the note on culling the entire cache more precise. (It's actually
  slower on the filesystem backend.)

Backport of 5eca021d48 from master
2013-09-11 07:43:29 -04:00
Tim Graham 91a073a337 [1.5.x] Bump version post-release. 2013-09-11 07:04:04 -04:00
James Bennett 0a34f39759 [1.5.x] Bump version numbers for 1.5.3 security release. 2013-09-10 20:25:27 -05:00
Tim Graham 42e8fabb59 [1.5.x] Added 1.4.7/1.5.3 release notes
Backport of baec6a26dd from master
2013-09-10 21:08:34 -04:00
Tim Graham 988b61c550 [1.5.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths.
Thanks Rainer Koirikivi for the report and draft patch.

This is a security fix; disclosure to follow shortly.

Backport of 7fe5b656c9 from master
2013-09-10 21:05:03 -04:00
oz123 693ebff1a4 [1.5.x] Fixed #21075 - Improved doc for calling call_command with arguments.
Backport of fca4c4826e from master
2013-09-10 09:18:20 -04:00
Садовский Николай aa50b7e837 [1.5.x] Fixed #20707 -- Added explicit quota assignment to Oracle test user
To enable testing on Oracle 12c
2013-09-09 13:07:39 +03:00
Tim Graham 9d3a66aa9f [1.5.x] Fixed #20005 -- Documented that Oracle databases need execute permission on SYS.DBMS_LOB.
Thanks jafula for the suggestion.

Backport of a86ecc80a2 from master
2013-09-07 14:01:10 -04:00
Keith Edmiston 37587624bf [1.5.x] Fixed #16992 -- Added InnoDB warning regarding reuse of AUTO_INCREMENT values.
Thanks kent at nsc.liu.se for the report.

Backport of c54fa1a7bc from master
2013-09-07 12:17:01 -04:00
Keith Edmiston afc624cab0 [1.5.x] Fixed #19295 -- Documented that CachedStaticFilesStorage isn't compatible with runserver --insecure.
Backport of 028db97503 from master
2013-09-06 17:31:04 -04:00
Tim Graham 5d029f2222 [1.5.x] Fixed #20646 -- Clarified the use of AbstractBaseUser.REQUIRED_FIELDS
Thanks craigbruce.

Backport of db3de52807 from master
2013-09-06 16:06:51 -04:00
micahhausler e62f391022 [1.5.x] Fixed #21047 -- Added CLA mesage on the new contributor advice doc
Backport of 93dd31cadf from master
2013-09-05 17:55:09 -04:00
Tim Graham d6b11b0abb [1.5.x] Fixed #20900 -- Documented RemoteUserBackend.authenticate
Backport of 7b62b80693 from master
2013-09-05 06:32:55 -04:00
Claude Paroz 406fd9f97f Fixed #19211 -- Adapted tutorial for Python 3
Backport of 7cc3acbb7 from master.
2013-09-05 08:53:24 +02:00
Tim Graham 8f4552adf1 [1.5.x] Fixed #20958 -- Documented that GenericForeignKey fields can't be accessed in forms.
Thanks marky1991.

Backport of 533d1ab334 from master
2013-09-04 13:19:46 -04:00
Tim Graham bc78ffa270 [1.5.x] Fixed #21002 -- Documented JSON session serialization requires string keys
Thanks jeroen.pulles at redslider.net for the report.

Backport of 3baf1d1042 from master.
2013-09-04 10:55:33 -04:00
Loic Bistuer c9a021b042 [1.5.x] Made the doc about translating string literals in templates more prominent.
Backport of 9885f07757 from master
2013-08-31 09:52:49 -04:00
Jorge C. Leitão 6f44ef16cb [1.5.x] Added links to file docs.
Backport of d72f83c410 from master
2013-08-29 12:49:32 -04:00
Phaneendra Chiruvella 50d9bed1d5 [1.5.x] Minor spelling correction in ModelForms docs
Backport of 2fbf949760 from master
2013-08-28 07:12:43 -04:00
Krzysztof Jurewicz d3b7b6a7a4 [1.5.x] Fixed #20981 -- Noted the default value of disable_existing_loggers.
Backport of 095643e691 from master
2013-08-27 10:27:49 -04:00
Jan Böcker 98635f2a0e [1.5.x] Fixed typo in docs/topics/conditional-view-processing.txt
Backport of 5fd2c979cb from master
2013-08-27 09:22:51 -04:00
Ramiro Morales 5547ba743c [1.5.x] Typos introduced in 57c82f909b. 2013-08-22 22:35:10 -03:00
Tim Graham 616a4d385a [1.5.x] Fixed #20922 -- Allowed customizing the serializer used by contrib.sessions
Added settings.SESSION_SERIALIZER which is the import path of a serializer
to use for sessions.

Thanks apollo13, carljm, shaib, akaariai, charettes, and dstufft for reviews.

Backport of b0ce6fe656 from master
2013-08-22 17:49:11 -04:00
Kevin Christopher Henry 1b236048b9 [1.5.x] Documentation -- Clarified use of 'view' in test client introduction.
Backport of 2e926b041c from master
2013-08-22 09:39:21 -04:00