Commit Graph

4186 Commits

Author SHA1 Message Date
Simon Charette a872194802 Fixed #26470 -- Converted auth permission validation to system checks.
Thanks Tim for the review.
2016-04-06 22:40:43 -04:00
Tim Graham 7d6e6e8367 Fixed #26473 -- chmod -x on django/contrib/admin/static/admin/fonts/LICENSE.txt 2016-04-06 12:36:07 -04:00
akoskaaa ab2d34ba3f Fixed #25856 -- Added %B support to Date.strftime.
This enables the admin to display the correct localized month name if %B
is used in the date format.
2016-04-06 10:41:58 -04:00
Tim Graham 6448873197 Fixed E402 flake8 warnings. 2016-04-04 17:14:27 -04:00
Tim Graham 2cd2d18851 Fixed W503 flake8 warnings. 2016-04-04 17:14:26 -04:00
Jon Dufresne 5faf745999 Refs #21608 -- Fixed incorrect cache key in cache session backend's save().
The bug was introduced commit 3389c5ea22.
2016-04-04 07:41:59 -04:00
anna b28c60529b Fixed #26101 -- Allowed introspection of base_field.model in RangeField
Used the same test and fix as in #25867.
This required initializing base_field in RangeField.__init__,
not when setting the attribute.
2016-04-03 16:32:30 +02:00
Claude Paroz db19619545 Fixed #25532 -- Properly redisplayed JSONField form input values
Thanks David Szotten for the report and Tommy Beadle for code inspiration.
Thanks Tim Graham for the review.
2016-04-01 09:04:20 +02:00
Claude Paroz edcecaf0de Fixed #19670 -- Applied CachedFilesMixin patterns to specific extensions
Thanks Simon Meers for the initial patch, and Tim Graham for the review.
2016-03-30 14:34:41 +02:00
Daniel Wiesmann 870dd1d38b Fixed #26417 -- Allowed setting GDALBand data with partial values. 2016-03-29 11:08:36 -04:00
Daniel Wiesmann f1db8c36e9 Fixed #26415 -- Allowed deleting nodata value on GDALBands. 2016-03-29 08:06:31 -04:00
Akshesh a7c813ba04 Fixed #21734 -- Handled ProtectedError in a POST to admin's delete_selected action. 2016-03-29 07:42:23 -04:00
Tim Graham acfaec3db5 Fixed #26387 -- Restored the functionality of the admin's raw_id_fields in list_editable. 2016-03-25 13:47:42 -04:00
Collin Anderson b55c77ed18 Removed unused xmlhttp from admin's core.js. 2016-03-24 17:27:53 -04:00
Alexander Gaevsky e0a3d93730 Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users. 2016-03-23 09:01:48 -04:00
Tim Graham 1243fdf5cb Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module. 2016-03-22 11:22:21 -04:00
Akshesh 49ac10b4de Fixed #26235 -- Handled ProtectedError in a POST to admin's delete_view(). 2016-03-21 19:25:27 -04:00
Berker Peksag efa9539787 Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD. 2016-03-21 12:32:42 -04:00
Claude Paroz 983c158da7 Refs #24227 -- Replaced M2M isinstance checks by field.many_to_many
Thanks Markus Holtermann, Collin Anderson and Tim Graham for the reviews.
2016-03-19 09:24:27 +01:00
Berker Peksag 28bcff82c5 Fixed #26297 -- Fixed `collectstatic --clear` crash if storage doesn't implement path(). 2016-03-17 09:49:57 -04:00
Akshesh 44c0ecdd92 Fixed #25364 -- Added generic way to test on all browsers supported by selenium.
Browser names should be passed as a comma separated list to the --selenium flag.

Thanks Tim Graham, Simon Charette and Moritz Sichert for review and discussion.
2016-03-15 13:10:32 -04:00
Matt C e7e5d9b338 Fixed #25579 -- Fixed ArrayField.get_db_prep_value() to allow complex types. 2016-03-15 11:23:38 -04:00
Vincenzo Pandolfo d0fe6c9156 Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields. 2016-03-14 20:20:24 -04:00
quaspas 91f87b8f91 Fixed #26283 -- Fixed removal of trailing nulls for SplitArrayField. 2016-03-12 17:22:25 -05:00
ieatkittens ab8af342b1 Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied. 2016-03-12 16:44:39 -05:00
Fernando Miranda 2495023a4c Fixed #25143 -- Added ArrayField.from_db_value().
Thanks Karan Lyons for contributing to the patch.
2016-03-12 09:14:35 -05:00
Noenglish Professorbut f8d20da047 Fixed a few docstring typos. 2016-03-12 08:45:06 -05:00
Tim Graham 9027fac841 Removed unneeded GeoManagers in tests. 2016-03-11 13:09:24 -05:00
Sergey Fedoseev 1f035e6283 Fixed #25865 -- Made OSMGeoAdmin require GDAL only if transformation is needed. 2016-03-11 12:33:00 -05:00
Tim Graham 09e5409cb5 Fixed a dead link in django/contrib/sitemaps/__init__.py. 2016-03-08 13:16:11 -05:00
Bas Westerbaan b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Jon Dufresne 1845bc1d10 Refs #26315 -- Cleaned up argparse options in commands.
* Removed type coercion. Options created by argparse are already coerced
  to the correct type.
* Removed fallback default values. Options created by argparse already
  have a default value.
* Used direct indexing. Options created by argparse are always set. This
  eliminates the need to use dict.get().
2016-03-05 13:19:29 -05:00
Simon Charette c92123cc1d Fixed #26226 -- Made related managers honor the queryset used for prefetching their results.
Thanks Loïc for the suggested improvements and Tim for the review.
2016-03-02 16:10:18 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
This is a security fix.
2016-03-01 11:25:28 -05:00
Alasdair Nicol 65bd053f11 Fixed #26229 -- Improved check for model admin check admin.E124
Refs #22792
2016-03-01 08:20:14 -05:00
Tore Lundqvist 3389c5ea22 Fixed #21608 -- Prevented logged out sessions being resurrected by concurrent requests.
Thanks Simon Charette for the review.
2016-02-26 18:56:56 -05:00
Simon Charette 3938b3ccaa Fixed #26286 -- Prevented content type managers from sharing their cache.
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.

Thanks Tim for the review.

Refs #23822.
2016-02-26 16:18:16 -05:00
Sjoerd Job Postmus bbe136e1a2 Fixed #26231 -- Used .get_username in admin login template. 2016-02-25 19:29:53 -05:00
Olivier Le Thanh Duong 10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
Claude Paroz c5517b9e74 Fixed #26266 -- Output the primary key in the GeoJSON serializer properties
Thanks Tim Graham for the review.
2016-02-24 16:10:46 +01:00
James Aylett 1ff6e37de4 Fixed #23832 -- Added timezone aware Storage API.
New Storage.get_{accessed,created,modified}_time() methods convert the
naive time from now-deprecated {accessed,created_modified}_time()
methods into aware objects in UTC if USE_TZ=True.
2016-02-23 18:51:43 -05:00
Aymeric Augustin 7f6fbc906a Prevented static file corruption when URL fragment contains '..'.
When running collectstatic with a hashing static file storage backend,
URLs referencing other files were normalized with posixpath.normpath.
This could corrupt URLs: for example 'a.css#b/../c' became just 'c'.

Normalization seems to be an artifact of the historical implementation.
It contained a home-grown implementation of posixpath.join which relied
on counting occurrences of .. and /, so multiple / had to be collapsed.

The new implementation introduced in the previous commit doesn't suffer
from this issue. So it seems safe to remove the normalization.

There was a test for this normalization behavior but I don't think it's
a good test. Django shouldn't modify CSS that way. If a developer has
rendundant /s, it's mostly an aesthetic issue and it isn't Django's job
to fix it. Conversely, if the user wants a series of /s, perhaps in the
URL fragment, Django shouldn't destroy it.

Refs #26249.
2016-02-23 19:35:16 +01:00
Aymeric Augustin 706b33fef8 Fixed #26249 -- Fixed collectstatic crash for files in STATIC_ROOT referenced by absolute URL.
collectstatic crashed when:

* a hashing static file storage backend was used
* a static file referenced another static file located directly in
  STATIC_ROOT (not a subdirectory) with an absolute URL (which must
  start with STATIC_URL, which cannot be empty)

It seems to me that the current code reimplements relative path joining
and doesn't handle edge cases correctly. I suspect it assumes that
STATIC_URL is of the form r'/[^/]+/'.

Throwing out that code in favor of the posixpath module makes the logic
easier to follow. Handling absolute paths correctly also becomes easier.
2016-02-23 19:34:21 +01:00
Claude Paroz 269b5f262c Used call_command return value in staticfiles tests
Refs #26190.
2016-02-23 09:12:12 +01:00
Akshesh 6670da75ff Fixed #25653 -- Made --selenium run only the selenium tests. 2016-02-19 14:21:00 -05:00
Claude Paroz 928c12eb1a Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values
Also added tests for HStoreField and JSONField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
2016-02-16 21:07:05 +01:00
Mounir Messelmeni 50931dfa53 Fixed #25304 -- Allowed management commands to check if migrations are applied. 2016-02-12 13:34:56 -05:00
Tim Graham 004ba0f99e Removed unneeded hint=None/obj=None in system check messages. 2016-02-12 13:01:25 -05:00
Tim Graham 926d41f0e7 Updated some comments for BCryptSHA256PasswordHasher. 2016-02-11 11:57:12 -05:00
Florian Apolloner 9332497701 Merge pull request #6121 from meshy/patch-1
Fix typo in comment
2016-02-11 12:29:09 +01:00