Commit Graph

5554 Commits

Author SHA1 Message Date
Jon Dufresne 0a627dbe73
Removed unused Downcoder.chars.
Unused -- other than as a local variable -- since its introduction in
953badbea5
2020-05-13 21:07:14 +02:00
Claude Paroz d4c5ef3ebb Renamed PROJ.4 to PROJ. 2020-05-13 10:30:30 +02:00
Mariusz Felisiak f2187a227f Increased the default PBKDF2 iterations for Django 3.2. 2020-05-13 09:07:51 +02:00
Sergey Fedoseev 91e287cce0
Refs #30678 -- Added support for GDAL 3.1.
OSRSetAxisMappingStrategy() really returns void, so no errcheck is
needed. Previously set errcheck was raising positive false exceptions
on GDAL 3.1.
2020-05-12 11:25:19 +02:00
Claude Paroz 58f1b07e49 Fixed #30678 -- Added support for GDAL 3. 2020-05-12 09:06:06 +02:00
Mariusz Felisiak 0668164b4a
Fixed E128, E741 flake8 warnings. 2020-05-12 08:52:23 +02:00
Claude Paroz e6ec76d245
Updated JS admin translation catalog. 2020-05-11 22:59:27 +02:00
Claude Paroz 33f26339b7
Updated source translation catalogs. 2020-05-11 21:34:46 +02:00
Tom Carrick 46fe506445 Corrected indentation of #main div in admin base template. 2020-05-11 18:16:38 +02:00
Tom Carrick d24ba1be7a Fixed #31034 -- Added a navigation sidebar to the admin.
Co-authored-by: elky <elky@users.noreply.github.com>
Co-authored-by: Goetz <goetz.buerkle@gmail.com>
2020-05-11 18:16:38 +02:00
Jon Dufresne d6aff369ad Refs #30116 -- Simplified regex match group access with Match.__getitem__().
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
2020-05-11 12:01:28 +02:00
Sergey Fedoseev 23f6fbdd93
Simplified GDAL version parsing. 2020-05-11 11:57:22 +02:00
Hasan Ramezani 87faeee4e0 Fixed #31528 -- Made collectstatic management command run staticfiles checks. 2020-05-08 12:47:57 +02:00
Mariusz Felisiak b23e3a1caa Refs #27661 -- Added Tags.staticfiles.
Follow up to 0ec4dc91e0.
2020-05-08 11:38:18 +02:00
dbxnr fc0f7f6c15 Fixed #31157 -- Fixed displaying read-only JSONField values in admin. 2020-05-08 09:44:42 +02:00
sage 6789ded0a6 Fixed #12990, Refs #27694 -- Added JSONField model field.
Thanks to Adam Johnson, Carlton Gibson, Mariusz Felisiak, and Raphael
Michel for mentoring this Google Summer of Code 2019 project and
everyone else who helped with the patch.

Special thanks to Mads Jensen, Nick Pope, and Simon Charette for
extensive reviews.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-05-08 07:23:31 +02:00
Jon Dufresne 6137ec2bf2
Changed selected attribute to HTML5 boolean syntax in SelectBox.js.
Per MDN, HTMLOptionElement.selected is a Boolean attribute.
2020-05-08 06:02:42 +02:00
Jon Dufresne 3c5a586ce9 Fixed #31542 -- Simplified admin JavaScript with "for … of" statements. 2020-05-07 18:09:32 +02:00
Mariusz Felisiak aff7a58aef
Updated admin's Select2 to 4.0.13. 2020-05-05 11:30:02 +02:00
Mariusz Felisiak 30083e0780 Fixed #31485 -- Updated admin's jQuery to 3.5.1. 2020-05-05 11:00:05 +02:00
Jon Dufresne f2051eb8a7
Removed invalid value from admin CSS.
The keyword value 'none' is not a valid value for padding-bottom.
2020-05-05 07:01:06 +02:00
Adam Johnson d17b380653 Refs #30573 -- Rephrased "Of Course" and "Obvious(ly)" in documentation and comments. 2020-05-04 12:10:47 +02:00
François Freitag e0998a460a Optimized collectstatic when verbosity is 0.
Avoid the dict lookup and length computation when command is not run in
verbose mode.
2020-05-02 20:36:14 +02:00
Mariusz Felisiak 909b5cd1aa Refs #31032 -- Removed obsolete CSS workaround for IE in openlayers template. 2020-05-02 14:31:20 +02:00
Ian Foote b4068bc656 Fixed #31455 -- Added support for deferrable exclusion constraints on PostgreSQL. 2020-05-01 09:08:36 +02:00
Jon Dufresne e972752504
Removed unused CSS in admin.
.system-message, .system-message-title are unused since their
introduction in ce0d0cd9e2.
.float-right, .float-left, .align-left, .align-right, and .example are
unused since 6eb4f25692.
2020-05-01 07:00:00 +02:00
Jon Dufresne 448cdde935
Removed CSS workarounds for IE7 in admin. 2020-05-01 06:33:24 +02:00
Jon Dufresne 29e35b9a3e
Refs #31032 -- Removed unnecessary vendor prefixes from admin CSS.
The CSS properties have been standardized and are available in all
supported browsers.
2020-05-01 06:26:36 +02:00
Mariusz Felisiak 54646a423b
Refs #27468 -- Made user sessions use SHA-256 algorithm. 2020-04-29 16:45:00 +02:00
Jon Dufresne 5869afe32b Removed unnecessary &nbsp; entities from the admin.
Normal spaces are fine when used as a single spaced separation. For
larger spacing, CSS is used.
2020-04-29 11:40:24 +02:00
Jon Dufresne 7271c8def4 Refs #31493 -- Changed IIFE to ES6 blocks. 2020-04-29 10:22:41 +02:00
Jon Dufresne 5d37cc703b Fixed #31493 -- Replaced var with const and let keywords in JavaScript.
The eslint configuration and the admin script compress.py have been
updated for ES6.

The unused fallback of globals.django in jquery.init.js was removed. It
is always included before jsi18n-mocks.test.js and it always sets the
global value.
2020-04-29 10:22:41 +02:00
Jon Dufresne 0dafadadb9 Refs #30400 -- Improved typography of user facing strings in admin changelist. 2020-04-29 07:01:46 +02:00
François Freitag 9ef4a18dbe Changed django.forms.ValidationError imports to django.core.exceptions.ValidationError.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-04-28 10:49:00 +02:00
Richard Campen 67b334fbaf Fixed #31517 -- Fixed HashedFilesMixin.hashed_name() if hash of the file is None. 2020-04-28 08:25:07 +02:00
François Freitag 71d9876e39 Refs #18325 -- Removed unnecessary line endings in management commands.
The OutputWrapper automatically adds \n when it’s not present.
2020-04-27 10:10:36 +02:00
François Freitag abea86f9e4 Removed unnecessary tuple wrapping of single format string argument. 2020-04-27 08:30:16 +02:00
Jon Dufresne f48a1990fb
Made compress.py script use the official google-closure-compiler release.
The script previously used the PyPI package closure, which is slightly
out of date and not maintained by Google.

The JavaScript contribution docs and the compress.py script now runs the
google-closure-compiler package in the recommended way. Google's
documentation on usage and installation can be found at:

https://github.com/google/closure-compiler-npm/tree/master/packages/google-closure-compiler#usage

This also makes the usage simpler as the package now runs through npm's
npx utility, which will automatically install google-closure-compiler to
a per-user cache.
2020-04-22 16:19:27 +02:00
Jon Dufresne f27482f147 Fixed #31483 -- Rewrote change_form.js without jQuery.
The use of $(document).ready() was removed. The script is loaded at the
end of the document. Therefore, the referenced DOM elements are already
available and the script does not need to wait for the full DOM to be
ready before continuing.

Now that the script has no external dependencies, it can be loaded
asynchronously. As such, the async attribute was added to the script
element.
2020-04-22 15:44:55 +02:00
Jon Dufresne a8bb53dbd2 Refs #31483 -- Removed CSS and JavaScript for unused HTML class add-another.
The HTML class was removed in 07988744b3.
As such, the CSS and JavaScript is unused.
2020-04-22 15:44:55 +02:00
Mariusz Felisiak fb9b1c245d
Updated admin's XRegExp to 3.2.0. 2020-04-22 08:45:14 +02:00
Jon Dufresne 0f2885e3f6
Simplified collapse.js with Element.closest(). 2020-04-22 06:13:58 +02:00
hashlash dfbd9ca065 Fixed #30311 -- Restored ability to override global admin actions. 2020-04-17 20:23:00 +02:00
Hasan Ramezani 96c6f9c61c Fixed #31441 -- Ensured TabluarInline expands when child inputs have errors. 2020-04-16 12:17:49 +02:00
Hasan Ramezani b4e7bf5284 Refs #31441 -- Added red border to inputs with errors for TabluarInline. 2020-04-16 12:17:49 +02:00
Nick Pope daabb102c0 Fixed #31470 -- Fixed fieldset admin CSS to prevent overflowing <pre> elements.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-04-16 10:47:42 +02:00
007 d51c50d836 Fixed #31462 -- Allowed overriding autocomplete/raw_id_fields/filter widgets for ManyToManyFields with formfield_overrides. 2020-04-15 08:33:40 +02:00
Sergey Fedoseev b9e2355eb0 Fixed #31196 -- Added support for PostGIS 3. 2020-04-14 13:19:59 +02:00
François Freitag e03eb8db93 Fixed #31428 -- Allowed empty message in management command self.stdout/err proxies. 2020-04-07 08:45:11 +02:00
Mariusz Felisiak 5c24c16e68
Refs #12990 -- Moved PostgresSimpleLookup to the django.db.models.lookups.PostgresOperatorLookup. 2020-04-01 10:55:53 +02:00
Hasan Ramezani 8aa71f4e87 Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes or strings. 2020-03-31 10:52:56 +02:00
zriv b9336b78cf Fixed #31404 -- Changed selector-chosen's multiple attribute to HTML5 boolean syntax. 2020-03-27 08:38:58 +01:00
Hasan Ramezani 55cdf6c52d Fixed #29724 -- Fixed timezone handling in ModelAdmin.date_hierarchy queries.
Thanks Alexander Holmbäck for the initial patch.
2020-03-25 21:03:41 +01:00
Jon Dufresne be648d1c45 Fixed #31391 -- Removed jQuery usage in cancel.js
Now that cancel.js has no dependencies, it can be loaded asynchronously.

Co-Authored-By: François Freitag <mail@franek.fr>
2020-03-24 11:09:29 +01:00
Jon Dufresne 3a807a6f59 Fixed #31365 -- Removed jQuery usage in SelectFilter2.js. 2020-03-24 09:14:22 +01:00
Hannes Ljungberg 0b51a4f894 Fixed #28194 -- Added support for normalization and cover density to SearchRank. 2020-03-23 11:00:55 +01:00
Jon Dufresne f982f0bdb8
Refs #31032 -- Removed unsupported browsers workarounds and comments in admin's JavaScript.
Since 8b30360322, the admin documentation
is explicit that only modern evergreen browsers are supported. This
allows removing several long standing workarounds for IE and Opera older
versions.

Since 2013, Opera is based on the Chromium blink engine.
2020-03-23 06:19:10 +01:00
gowthamk63 142ab6846a Fixed #31123 -- Added --include-stale-apps option to the remove_stale_contenttypes management command.
Co-Authored-By: Javier Buzzi <buzzi.javier@gmail.com>
2020-03-19 11:48:10 +01:00
Jon Dufresne 13993e0f38 Removed unused default value None to matches_patterns().
An iterable is always passed.
2020-03-19 11:06:33 +01:00
Jon Dufresne 6b61b8b904 Used modern idiom in collectstatic command.
Replaced set(<generator expression>) with set comprehension.
2020-03-19 11:04:33 +01:00
Andrew Godwin fc0fa72ff4 Fixed #31224 -- Added support for asynchronous views and middleware.
This implements support for asynchronous views, asynchronous tests,
asynchronous middleware, and an asynchronous test client.
2020-03-18 19:59:12 +01:00
Ryan Petrello 5f8495a40a Fixed #31371 -- Increased User.first_name max_length to 150 characters. 2020-03-18 08:22:49 +01:00
Jon Dufresne 25d450c852 Removed unused return values in SelectFilter2.js. 2020-03-17 13:52:29 +01:00
Jon Dufresne 9cf4e40b84 Simplified SelectFilter2 with Element.closest().
https://developer.mozilla.org/en-US/docs/Web/API/Element/closest
2020-03-17 12:04:14 +01:00
Baptiste Mispelon 3baf92cf82 Fixed #31340 -- Allowed query expressions in SearchQuery.value and __search lookup. 2020-03-16 10:27:23 +01:00
jay20162016 924c01ba09 Fixed #31363 -- Added support for negative integers to intword template filter. 2020-03-16 08:44:43 +01:00
Jon Dufresne 3857a08bdb Fixed #31361 -- Fixed invalid action="" in admin forms.
The attribute action="" (empty string) on the <form> element is invalid
HTML5. The spec (https://html.spec.whatwg.org/#attr-fs-action) says:

> The action and formaction content attributes, if specified, must have
> a value that is a valid non-empty URL potentially surrounded by
> spaces.

Emphasis on non-empty. The action attribute is allowed to be omitted, in
which case the current URL is used which is the same behavior as now.
2020-03-16 07:31:19 +01:00
Baptiste Mispelon dd704c6705 Refs #31340 -- Simplified SearchQuery by making it subclass Func. 2020-03-13 11:38:43 +01:00
Baptiste Mispelon b62c58d5fc Removed unnecessary SearchQuery._combine().
Unnecessary since its introduction in 2d877da855.
2020-03-13 11:22:51 +01:00
Claude Paroz e663f695fb Fixed #31359 -- Deprecated get_random_string() calls without an explicit length. 2020-03-11 13:16:44 +01:00
Jon Dufresne eb77e80de0 Fixed #31349 -- Used :nth-child() CSS pseudo-class to style alternative rows in admin. 2020-03-09 12:34:32 +01:00
Hasan Ramezani ec292f261d Fixed #31347 -- Checked allow_migrate() in CreateExtension operation. 2020-03-09 12:13:18 +01:00
Simon Charette 7c8b043a03 Refs #31304 -- Made __search lookup default to its rhs' config.
This make the SearchLookup lookup more coherent with its
SearchVectorExact base which configures its rhs SearchQuery with its
lhs' config.
2020-03-06 10:23:39 +01:00
Hasan Ramezani 7e15795bf0 Fixed #30489 -- Fixed RasterField deserialization with pixeltype flags.
Thanks Ivor Bosloper for the original patch.
2020-03-05 09:44:44 +01:00
Jon Dufresne 769cee5252 Fixed #31327 -- Deprecated providing_args argument for Signal. 2020-03-05 09:38:52 +01:00
Ivor Bosloper 828e3b1335 Refs #30489 -- Made from_pgraster()/to_pgraster() use BANDTYPE_FLAG_HASNODATA and bitwise operators for nodata flag. 2020-03-04 14:09:59 +01:00
Mariusz Felisiak 6695d29b1c Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle.
Thanks to Norbert Szetei for the report.
2020-03-04 09:04:50 +01:00
Hannes Ljungberg 65ab4f9f03 Fixed #31147 -- Added SearchHeadline to django.contrib.postgres. 2020-03-03 15:39:52 +01:00
Claude Paroz d4fff711d4 Fixed #31274 -- Used signing infrastructure in SessionBase.encode()/decode().
Thanks Mariusz Felisiak and Florian Apolloner for the reviews.
2020-03-02 12:16:48 +01:00
007gzs a4881f5e5d Fixed #31307 -- Fixed filter_horizontal add/remove SVG :hover positioning. 2020-02-27 15:39:13 +01:00
aryan fba5d3b6e6 Fixed #31289 -- Added hint for USERNAME_FIELD/REQUIRED_FIELDS system check. 2020-02-26 08:40:36 +01:00
Simon Charette 5637933268 Simplified handling of weights in SearchRank. 2020-02-26 08:16:22 +01:00
Simon Charette 1138ca4c57 Formalized SearchVector and SearchRank signatures. 2020-02-26 08:12:45 +01:00
Simon Charette d0f1c03331 Refs #31211 -- Prevented SearchConfig nesting in SearchVector and SearchQuery init.
Passing a SearchConfig instance directly to SearchVector and
SearchQuery would result in nested SearchConfig instance.
2020-02-26 08:03:46 +01:00
Simon Charette 3d62ddb026 Refs #3254 -- Removed unnecessary truth check in SearchVectorExact.as_sql().
Direct usage of the @@ operator is perfectly allowed.
2020-02-26 07:51:19 +01:00
Diederik van der Boor 84e35f4679 Fixed #31292 -- Fixed django.contrib.gis.gdal.gdal_full_version() crash. 2020-02-24 13:28:51 +01:00
Fabio Sangiovanni b457068cf2 Fixed #31187 -- Fixed detecting of existing total ordering in admin changelist when using Meta.constraints.
Detection of existing total ordering in admin changelist now takes into
account non-partial unique constraints.
2020-02-19 09:36:23 +01:00
Claude Paroz 4d973f5939 Refs #26601 -- Deprecated passing None as get_response arg to middleware classes.
This is the new contract since middleware refactoring in Django 1.10.

Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-18 20:03:44 +01:00
Claude Paroz da4923ea87 Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm. 2020-02-12 21:46:56 +01:00
=Pratik Kumar 20ba3ce4ac Fixed #30846 -- Made PostGIS backend respect Index's name argument. 2020-02-10 13:25:32 +01:00
Hannes Ljungberg adcf1a7308 Fixed #31248 -- Added missing space before USING SQL on PostGIS. 2020-02-10 11:20:45 +01:00
adamb70 4c6ab1f2aa Fixed #28528 -- Allowed combining SearchVectors with different configs. 2020-02-06 07:52:50 +01:00
Nick Pope 335c9c94ac Simplified imports from django.db and django.contrib.gis.db. 2020-02-04 13:20:06 +01:00
Florian Apolloner 75daea2fc2 Refs #27604 -- Fixed loading of legacy cookie hashes when CookieStorage.key_salt is changed.
This partially reverts bcc9fa2528 to
not break legacy hashes when key_salt is actually changed.
2020-02-04 09:06:55 +01:00
Claude Paroz 8ae84156d6 Fixed #27604 -- Used the cookie signer to sign message cookies.
Co-authored-by: Craig Anderson <craiga@craiga.id.au>
2020-02-04 08:05:02 +01:00
Claude Paroz bcc9fa2528 Refs #27604 -- Added CookieStorage.key_salt to allow customization. 2020-02-04 08:05:02 +01:00
Simon Charette eb31d84532 Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter. 2020-02-03 08:49:13 +01:00
Claude Paroz 5dabb6002e Updated translations from Transifex.
Forwardport of ca4f87027e from stable/3.0.x
2020-01-31 20:59:10 +01:00
Claude Paroz e7d62e97eb
Refs #22426 -- Removed pre-Django 1.5 messages compatibility code and test.
This reverts commit f286721f7f.
2020-01-31 11:11:24 +01:00
Mariusz Felisiak b7a3a6c9ef
Used model's Options.label/label_lower where applicable. 2020-01-29 12:09:20 +01:00
Hannes Ljungberg a69b6e006b Fixed #31211 -- Added SearchConfig expression.
Thanks Simon Charette for the review.
2020-01-29 08:12:10 +01:00
Hasan Ramezani 2633c5341e Fixed #22261 -- Fixed resolving namespaced URLs for flatpages. 2020-01-28 13:14:23 +01:00
Hannes Ljungberg 7edd06a9cf Improved SearchVectorCombinable and SearchQueryCombinable error messages. 2020-01-27 15:09:47 +01:00
Hasan Ramezani 5d654e1e71 Refs #27888 -- Removed redundant {% if %} in admin changelist filters. 2020-01-24 20:31:09 +01:00
Hasan Ramezani b94764e178 Fixed #27888 -- Added link to clear all filters in the admin changelist view. 2020-01-23 14:14:54 +01:00
Michael Mulholland 5a68a223c7 Fixed #31200 -- Added system checks for permissions codenames max length. 2020-01-23 12:22:59 +01:00
Sergey Fedoseev 486a8dae2d Removed unused **kwargs from GEOSFuncFactory.__call__(). 2020-01-22 15:40:39 +05:00
Sergey Fedoseev 7b77505bc9 Removed unused *args and **kwargs from GEOSFuncFactory.__init__().
Follow-up to ff17ef1ada.
2020-01-22 15:19:34 +05:00
Sergey Fedoseev a905891159 Removed unneeded int() call in GEOSCoordSeq.__len__(). 2020-01-22 14:25:32 +05:00
Eugene Hatsko 0b013564ef Fixed #31190 -- Fixed prefetch_related() crash for GenericForeignKey with custom ContentType foreign key.
Regression in dffa3e1992.
2020-01-22 07:54:16 +01:00
Sergey Fedoseev b753e0e750 Removed unused GEOSFuncFactory subclasses.
Unused since 2d18c60fbb.
2020-01-21 22:54:22 +01:00
Sergey Fedoseev f2a725fba3 Fixed #30274 -- Prevented segmentation fault on LineString iteration.
This reverts commit 138a78ec8c and adds
a test for the regression.
2020-01-21 21:46:47 +01:00
Sergey Fedoseev a920c0b852 Fixed #31142 -- Fixed MakeValid.output_field when geometry type is changed.
Regression in 2ef4b4795e.
2020-01-20 08:59:45 +01:00
Daniel Hahler 68e018010b Optimized ModelAdmin._changeform_view() by avoiding multiple get_fieldsets() calls.
Co-authored-by: Hasan Ramezani <hasan.r67@gmail.com>
2020-01-17 16:00:04 +01:00
Mariusz Felisiak 266c853e10
Fixed #31162 -- Prevented error logs when using WKT strings in lookups.
Thanks dbxnr for the initial patch.

Regression in 6f44f714c9.
2020-01-16 14:34:54 +01:00
Owen T. Heisler 77d335e5ab Fixed #31160 -- Fixed admin CSS for ordered lists' descendants in unordered list. 2020-01-13 09:13:33 +01:00
Adam Donaghy 8b3e714ecf Fixed #30980 -- Improved error message when checking uniqueness of admin actions' __name__.
Thanks Keshav Kumar for the initial patch.
2020-01-10 14:00:28 +01:00
Federico Jaramillo Martínez 372eaa395f Fixed #28991 -- Added EmptyFieldListFilter class in admin.filters.
Thanks Simon Charette and Carlton Gibson for reviews.

Co-Authored-By: Jonas Haag <jonas@lophus.org>
Co-Authored-By: Christophe Baldy <christophe.baldy@polyconseil.fr>
2020-01-03 07:58:04 +01:00
David Wobrock 2f565f84ac Fixed #31097 -- Fixed crash of ArrayAgg and StringAgg with filter when used in Subquery. 2019-12-31 10:35:43 +01:00
Sjbrgsn b2bd08bb7a Fixed #30892 -- Fixed slugify() and admin's URLify.js for "İ".
Thanks Luis Nell for the implementation idea and very detailed report.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-12-30 20:47:22 +01:00
Farhaan Bukhsh cf5d4701dc Fixed #30819 -- Fixed year determination in admin calendar widget for two-digit years.
Two-digit years in the range of [00, 68] are in the current century,
while [69,99] are in the previous century, according to the Open Group
Specification.
2019-12-30 13:06:29 +01:00
Mike Hansen 35d36d9462 Refs #30585 -- Updated project templates and tests to use (block)translate tags. 2019-12-18 13:15:38 +01:00
Simon Charette 5b1fbcef7a Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
2019-12-18 09:11:39 +01:00
James Turk ff00a05347 Fixed #31088 -- Added support for websearch searching in SearchQuery. 2019-12-16 14:59:59 +01:00
Jon Dufresne e703b93a65 Fixed #31080 -- Removed redundant type="text/javascript" attribute from <script> tags. 2019-12-11 09:49:54 +01:00
Baptiste Mispelon 3df3c5e670 Fixed #26480 -- Fixed crash of contrib.auth.authenticate() on decorated authenticate() methods of authentication backends.
The Signature API (PEP 362) has better support for decorated functions
(by default, it follows the __wrapped__ attribute set by
functools.wraps for example).
2019-12-10 09:36:30 +01:00
Hasan Ramezani 5d674eac87 Fixed #31039 -- Added support for contained_by lookup with AutoFields, SmallIntegerField, and DecimalField. 2019-12-05 15:50:39 +01:00
Hasan Ramezani 664521c56a Refs #31039 -- Removed unnecessary registration of contained_by lookup for BigIntegerField.
It's already registered for IntegerField.
2019-12-05 15:02:18 +01:00
Jon Dufresne 65285d1e7d Refs #29892 -- Made Selenium tests wait for popups to be ready. 2019-12-02 15:06:36 +01:00
Carlton Gibson 6376278a90 Updated contrib translations from Transifex.
Forward port of 4afa0e5d2a from stable/3.0.x
2019-12-02 11:25:23 +01:00
Carlton Gibson 11c5e0609b Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin.
Thank you to Shen Ying for reporting this issue.
2019-12-02 08:56:08 +01:00
Baptiste Mispelon f47ba7e780 Fixed #30255 -- Fixed admindocs errors when rendering docstrings without leading newlines.
Used inspect.cleandoc() which implements PEP-257 instead of an internal
hook.
2019-11-29 12:47:42 +01:00
Mariusz Felisiak e8fcdaad5c Fixed #31021 -- Fixed proxy model permissions data migration crash with a multiple databases setup.
Regression in 98296f86b3.
2019-11-29 08:23:01 +01:00
Jon Dufresne 46a0edc3ba Fixed #31028 -- Used classList API to check, add and remove DOM classes.
Thanks to Claude Paroz for review.
2019-11-28 15:21:37 +01:00
Jon Dufresne c8bd37a860 Fixed #31042 -- Removed AdminSeleniumTestCase.get_css_value() in favor of Selenium .is_displayed().
All instances of AdminSeleniumTestCase.get_css_value() were used to
inspect the display property.
2019-11-28 15:10:13 +01:00
Johannes Hoppe 249a6190ae Fixed #30975 -- Replaced custom get_select_option with Selenium's select_by_value. 2019-11-27 16:34:07 +01:00
Johannes Hoppe 69dbb6b708 Fixed #30973 -- Converted selenium tests wait_page_loaded to context manager. 2019-11-27 14:36:26 +01:00
Jon Dufresne cab3661832 Fixed #31027 -- Replaced .getAttribute()/.setAttribute() usage with DOM properties. 2019-11-27 07:53:04 +01:00
Baptiste Mispelon 52936eface Fixed #31031 -- Fixed data loss in admin changelist view when formset's prefix contains regex special chars.
Regression in b18650a263.
2019-11-26 08:48:10 +01:00
Johannes Hoppe ef93fd4683 Fixed #31013 -- Removed jQuery usage in SelectBox.js. 2019-11-25 13:35:20 +01:00
Simon Charette 0290e01d5a Fixed #31002 -- Fixed GIS lookups crash against a subquery annotation.
Thanks Vasileios Bouzas for the report.
2019-11-25 12:30:33 +01:00
Sergey Fedoseev a5855c8f0f Fixed #30996 -- Added AsWKB and AsWKT GIS functions. 2019-11-22 13:40:48 +01:00
Jon Dufresne 62254c5202 Simplified TemplateDetailView with pathlib.Path.read_text(). 2019-11-21 15:14:03 +01:00
Simon Charette 306b687520 Refs #11964 -- Removed SimpleCol in favor of Query(alias_cols).
This prevent having to pass simple_col through multiple function calls
by defining whether or not references should be resolved with aliases
at the Query level.
2019-11-21 11:56:35 +01:00
Hasan Ramezani 0284a26af9 Fixed #30981 -- Fixed admin changelist crash when using F() or OrderBy() expressions in admin_order_field. 2019-11-19 15:40:04 +01:00
Daniel Izquierdo 89abecc75d Fixed #27272 -- Added an on_delete RESTRICT handler to allow cascading deletions while protecting direct ones. 2019-11-19 10:55:05 +01:00
Caio Ariede 555bebe774 Fixed #30987 -- Added models.PositiveBigIntegerField. 2019-11-19 09:34:11 +01:00
Jon Dufresne aa12cf07c9 Removed unnecessary numeric indexes in format strings. 2019-11-19 08:29:47 +01:00
Sergey Fedoseev f95b59a1b3 Fixed #30994 -- Added Oracle support for AsGeoJSON GIS function. 2019-11-18 15:32:44 +01:00
Jon Dufresne e649d691f8 Removed unnecessary parentheses in various code. 2019-11-18 15:25:59 +01:00
Dulmandakh 24b9f50823 Fixed #29916 -- Added lower_inc, lower_inf, upper_inc, and upper_inf lookups for RangeFields.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-11-14 22:27:29 +01:00
Mariusz Felisiak 6e99585c19 Fixed #30941 -- Reverted "Simplified AuthenticationMiddleware a bit."
This reverts commit 2f010795e6.
2019-11-13 16:33:25 +01:00
Hasan Ramezani 4cec3cc82a Fixed #30977 -- Optimized PasswordResetForm.save() a bit.
Moved site variables assignment outside of the loop.
2019-11-11 10:40:04 +01:00
Nick Pope 02983c5242 Fixed #30943 -- Added BloomIndex to django.contrib.postgres. 2019-11-07 11:23:53 +01:00
Jon Dufresne 77aa74cb70 Refs #29983 -- Added support for using pathlib.Path in all settings. 2019-11-07 10:26:22 +01:00
Mariusz Felisiak 4c45b627f8 Removed unused import of ACTION_CHECKBOX_NAME in django.contrib.admin.
Unused since e651b3095c.
2019-11-06 12:49:42 +01:00
Jon Dufresne edeec1247e Passed strict=True to Path.resolve() to enforce that the path must exist. 2019-11-05 14:22:20 +01:00
Hasan Ramezani 47379d027b Fixed #30095 -- Fixed system check for RangeField/ArrayField.choices with lists and tuples. 2019-11-05 11:48:44 +01:00
Jon Dufresne b9fe7f9294 Fixed #30947 -- Changed tuples to lists in model Meta options in django.contrib modules.
The Django "Model Meta options" docs provide examples and generally
point the reader to use lists for the unique_together and ordering
options. Follow our own advice for contrib models.

More generally, lists should be used for homogeneous sequences of
arbitrary lengths of which both unique_together and ordering are.
2019-11-05 08:16:31 +01:00
Jon Dufresne 607004f81a Simplified consecutive calls to pathlib.Path.parent. 2019-11-04 09:59:34 +01:00
Sergey Fedoseev 2f010795e6 Simplified AuthenticationMiddleware a bit.
SimpleLazyObject already caches value in _wrapped.
2019-10-29 13:20:13 +01:00
Erwin Junge a6cb8ec389 Fixed #30922 -- Fixed ModelAdmin.date_hierarchy queries with DST changes.
There was an issue where admin date_hierarchy didn't render last day of
a month in DST-switch month.
2019-10-29 11:21:03 +01:00
Hasan Ramezani e3d0b4d550 Fixed #30899 -- Lazily compiled import time regular expressions. 2019-10-29 09:22:26 +01:00
Pavel Dedik 711a7d4d50 Fixed #30907 -- Fixed SplitArrayField.has_changed() with removal of empty trailing values. 2019-10-28 10:32:34 +01:00
Pavel Dedik bcfbb71c63 Refs #30907 -- Added SplitArrayField._remove_trailing_nulls() hook. 2019-10-28 10:32:09 +01:00
Sergey Fedoseev 6bbf9a20e2 Fixed #29770 -- Added LinearRing.is_counterclockwise property. 2019-10-25 14:28:26 +02:00
Carlton Gibson 24e540fbd7 Fixed #29087 -- Added delete buttons for unsaved admin inlines on validation error. 2019-10-25 13:28:08 +02:00
Carlton Gibson 6ea3aadd17 Refs #29087 -- Refactored admin inlines.js.
Split logic into separate functions to clarify and allow reuse.
2019-10-25 13:28:08 +02:00
Sergey Fedoseev 0315c18fe1 Refs #26601 -- Removed obsolete workarounds for MIDDLEWARE_CLASSES setting. 2019-10-23 08:18:48 +02:00
Sergey Fedoseev 909c59f290 Fixed typo in XViewMiddleware.process_view() docstring. 2019-10-22 14:30:52 +02:00
Sergey Fedoseev af8dbbe0d5 Updated link to GEOS C API header. 2019-10-21 15:25:49 +02:00
Mariusz Felisiak 3a8af298b9 Fixed #30890 -- Added MariaDB support for the relate lookup. 2019-10-18 07:46:31 +02:00
sage 6f82df69ef Refs #12990 -- Moved CheckFieldDefaultMixin to the django.db.models.fields.mixins. 2019-10-17 12:30:29 +02:00
Louise Grandjonc 7d1bf29977 Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform.
Regression in 6c3dfba892.
2019-10-11 10:55:22 +02:00
Simon Charette 26c66f4519 Fixed #30856 -- Combined fast-delete queries by model during cascade deletion.
Reduced the number of queries required when performing cascade deletion
for a model referenced multiple time by another one by performing an
union of reference lookups.
2019-10-09 09:49:53 +02:00
ElizabethU 54ea290e5b Fixed #30651 -- Made __eq__() methods return NotImplemented for not implemented comparisons.
Changed __eq__ to return NotImplemented instead of False if compared to
an object of the same type, as is recommended by the Python data model
reference. Now these models can be compared to ANY (or other objects
with __eq__ overwritten) without returning False automatically.
2019-10-01 17:58:19 +02:00
pablo fa8fe09e4e Fixed #30802 -- Prevented manifest creation when running collectstatic in dry run mode. 2019-09-27 23:01:41 +02:00
Hasan Ramezani 226ebb1729 Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS. 2019-09-20 13:52:04 +02:00
Sam Reynolds 6c9778a58e Fixed #30776 -- Restored max length validation on AuthenticationForm.UsernameField.
Regression in 5ceaf14686.

Thanks gopackgo90 for the report and Mariusz Felisiak for tests.
2019-09-18 11:37:38 +02:00
Min ho Kim b1d6b35e14 Fixed #30725 -- Fixed width of DateTimeField inputs in admin tabular inline.
"width" of DateTimeField inputs in admin tabular inline wasn't set
correctly what caused displaying too small inputs with responsive CSS
when timezone warning wasn't present.
2019-09-17 14:30:33 +02:00
Nasir Hussain faf4b988fe Fixed #30758 -- Made RangeFields use multiple hidden inputs for initial data. 2019-09-17 12:08:49 +02:00
Hasan Ramezani b9db423d3c Fixed #29376 -- Allowed hiding "Save and Add Another" button in admin. 2019-09-16 11:37:09 +02:00
Simon Charette 6c3dfba892 Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.
This was a regression introduced by 7deeabc7c7
to address CVE-2019-14234.

Thanks Tim Kleinschmidt for the report and Mariusz for the tests.
2019-09-16 08:24:40 +02:00
Carlton Gibson b5db65c4fb Increased the default PBKDF2 iterations for Django 3.1. 2019-09-12 17:24:01 +02:00
Mads Jensen b616908ce1 Used Statement in PostGISSchemaEditor._create_index_sql(). 2019-09-11 07:51:31 +02:00
Mariusz Felisiak d17be88afd Refs #30037 -- Required the RemoteUserBackend.configure_user() to have request as the first positional argument.
Per deprecation timeline.
2019-09-10 12:01:00 +02:00
Mariusz Felisiak f1894bae30 Refs #28606 -- Removed CachedStaticFilesStorage per deprecation timeline. 2019-09-10 12:01:00 +02:00
Mariusz Felisiak 3d716467a9 Refs #29817 -- Removed settings.FILE_CHARSET per deprecation timeline. 2019-09-10 12:01:00 +02:00
Mariusz Felisiak b47bb4c4a7 Refs #29598 -- Removed FloatRangeField per deprecation timeline. 2019-09-10 12:01:00 +02:00
Claude Paroz 5495ea3ae0 Updated translation catalogs 2019-09-08 17:35:32 +02:00
Carlton Gibson 4f61810751 Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme(). 2019-09-02 15:32:23 +02:00
Nick Pope 999891bd80 Refs #29379 -- Moved autocomplete attribute to UsernameField.
Moving the autocomplete attribute into UsernameField allows this to work
for custom forms making use of UsernameField, removes some duplication
in the code, and keeps consistency with the autocapitalize attribute
that is already defined on UsernameField.
2019-09-02 10:50:56 +02:00
Alan Crosswell 03fa846c6a Fixed #30731 -- Fixed handling trailing groups in simplify_regex().
Previously simplify_regex() didn't handle trailing groups for regexp
without the end of string character ("$").
2019-08-30 12:43:39 +02:00
Berker Peksag 400ec5125e Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods.
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-29 19:32:12 +02:00
daniel a rios b5a5c92c72 Fixed #30066 -- Enabled super user creation without email and password 2019-08-29 12:49:16 +02:00
Jon Dufresne a44d80f88e Adjusted subprocess.run() calls to use arg list, rather than string.
The Python docs recommend passing a sequence to subprocess.run() when
possible. Doing so allows for automatic escaping and quoting of
arguments.

https://docs.python.org/3/library/subprocess.html#frequently-used-arguments

> args is required for all calls and should be a string, or a sequence
> of program arguments. Providing a sequence of arguments is generally
> preferred, as it allows the module to take care of any required
> escaping and quoting of arguments (e.g. to permit spaces in file
> names).

Also removed `shell=True` where unnecessary.
2019-08-28 10:19:30 +02:00
Federico Jaramillo Martínez 8f6860863e Fixed #30722 -- Added default rate-limiting requests to admin's Select2 widget. 2019-08-27 13:47:36 +02:00
Hasan Ramezani 03dbdfd9bb Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS. 2019-08-26 14:48:40 +02:00
Simon Charette bb9e82f274 Fixed #29955 -- Added support for distance expression to the dwithin lookup.
This was missed when adding support to other distance lookups in
refs #25499.

Thanks Peter Bex for the report and Mariusz for testcases.
2019-08-23 21:28:28 +02:00
Dulmandakh 06372a8d27 Fixed #30507 -- Updated admin's jQuery to 3.4.1. 2019-08-23 11:00:16 +02:00
Claude Paroz 9386586f31 Replaced subprocess commands by run() wherever possible. 2019-08-23 10:53:36 +02:00
Mariusz Felisiak 521308e575 Fixed #30715 -- Fixed crash of ArrayField lookups on ArrayAgg annotations over AutoField. 2019-08-23 10:43:08 +02:00
Mariusz Felisiak b1f669406f Reduced code duplication in ArrayField's lookups. 2019-08-23 10:43:08 +02:00
Carlton Gibson 5b4c6b58a0
Fixed #30064 -- Added form to validate admin search fields query input. 2019-08-22 14:09:49 +02:00
Nasir Hussain 6b16c91157 Fixed #30712 -- Allowed BLOB/TEXT defaults on MySQL 8.0.13+. 2019-08-22 12:23:10 +02:00
Mads Jensen 85ac838d9e Fixed #21039 -- Added AddIndexConcurrently/RemoveIndexConcurrently operations for PostgreSQL.
Thanks to Simon Charettes for review.

Co-Authored-By: Daniel Tao <daniel.tao@gmail.com>
2019-08-21 13:10:06 +02:00
Adam Johnson 7da6a28a44 Fixed #27676 -- Allowed BLOB/TEXT defaults on MariaDB 10.2.1+. 2019-08-16 11:39:37 +02:00
zeyneloz 8289fc55ff Refs #30449 -- Made RelatedOnlyFieldListFilter respect ModelAdmin.ordering. 2019-08-15 10:29:10 +02:00
Mariusz Felisiak 1f8382d34d
Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params.
Regression in 4f5b58f5cd.

Thanks Florian Apolloner for the report and helping with tests.
2019-08-14 15:25:35 +02:00
Claude Paroz eed2e740f7 Fixed #30461 -- Made GeoIP2 and GEOIP_PATH setting accept pathlib.Path as library path.
Thanks Nikita Krokosh for the initial patch.
2019-08-13 19:44:10 +02:00
Mariusz Felisiak c19ad2da4b
Fixed #30704 -- Fixed crash of JSONField nested key and index transforms on expressions with params.
Thanks Florian Apolloner for the report and helping with tests.
2019-08-13 08:42:17 +02:00
Simon Charette fff5186d32 Refs #25367 -- Moved select_format hook to BaseExpression.
This will expose an intermediary hook for expressions that need special
formatting when used in a SELECT clause.
2019-08-13 06:48:14 +02:00
Jon Dufresne 5b57798513 Removed unnecessary StatAggregate.resolve_expression().
This method only calls the parent method, but without the for_save
argument. The parent class, Aggregate, already ignores the for_save
argument so there is no need for special handling.

Unnecessary since its introduction in e4cf8c8420.
2019-08-08 22:34:25 +02:00
Min ho Kim 65e86948b8 Corrected several typos in string literals and test names. 2019-08-07 11:23:14 +02:00
Mariusz Felisiak 05964b2198 Moved indexes in ArrayField's Index and Slice transforms to SQL params.
Follow up to 7deeabc7c7.

These lookups aren't vulnerable to SQL injection because both accept
only integer indexes. It is a part of good practices.
2019-08-05 14:16:35 +02:00
Nick Pope 194d1dfc18 Fixed #30661 -- Added models.SmallAutoField. 2019-08-02 11:39:01 +02:00
zeyneloz 955b382600 Fixed #30599 -- Prevented ManifestFilesMixin.read_manifest() from silencing errors other than FileNotFoundError. 2019-08-02 08:35:28 +02:00
Mariusz Felisiak 7deeabc7c7 Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-08-01 09:24:54 +02:00
Claude Paroz 3c6d32e0b2 Fixed #30552 -- Fixed loss of SRID when calling reverse() on LineString/Point.
Thanks Mariusz Felisiak for contributing the Point part.
2019-07-27 20:12:46 +02:00
Jon Dufresne 93ffa81bc5 Refs #30657 -- Made DeferredAttribute.__init__() to take a field instance instead of a field name. 2019-07-25 07:24:52 +02:00
Min ho Kim 9f11939dd1 Fixed typos in comments and a test name. 2019-07-19 18:24:06 +02:00
Mads Jensen a3417282ac Fixed #29824 -- Added support for database exclusion constraints on PostgreSQL.
Thanks to Nick Pope and Mariusz Felisiak for review.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-07-16 18:04:41 +02:00
Mads Jensen 7174cf0b00 Refs #29824 -- Added RangeOperators helper class. 2019-07-16 16:57:46 +02:00
Mariusz Felisiak 858cfd74e9
Simplified RangeContainedBy by making it subclass PostgresSimpleLookup. 2019-07-13 10:55:19 +02:00
Mariusz Felisiak 70c2b90d95
Simplified DateTimeRangeContains by making it subclass PostgresSimpleLookup. 2019-07-12 17:27:49 +02:00
Johannes Hoppe 00d4e6f8b5 Updated Select2 to version 4.0.7. 2019-07-10 12:31:16 +02:00
Hasan Ramezani ed668796f6 Fixed #30543 -- Fixed checks of ModelAdmin.list_display for fields accessible only via instance.
Co-Authored-By: Andrew Simons <andrewsimons@bubblegroup.com>
2019-07-10 10:37:34 +02:00
Mariusz Felisiak 7991111af1
Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type.
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson the review.

Regression in 6b048b364c.
2019-07-10 10:33:36 +02:00
Chason Chaffin c238e65e29 Fixed #30596 -- Fixed SplitArrayField.has_changed() for non-string base fields.
Thanks to Evgeniy Krysanov for the report and the idea to use to_python.
Thanks to Mariusz Felisiak for the test case.
2019-07-03 13:35:51 +02:00
Hasan Ramezani a5308514fb Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields. 2019-07-02 12:55:09 +02:00
Min ho Kim fbb83fefd4 Fixed typos in comments and docs. 2019-07-02 09:36:17 +02:00
Claude Paroz d54baf6970 Updated translations from Transifex
Forward port of b3f7262e6e from stable/2.2.x
2019-06-29 16:17:16 +02:00
Jon Dufresne 42b9a23267 Fixed #30400 -- Improved typography of user facing strings.
Thanks Claude Paroz for assistance with translations.
2019-06-28 16:46:18 +02:00
Markus Holtermann ad7b438002 Bumped minimum ESLint version to 4.18.2. 2019-06-21 17:57:35 +02:00
Andrew Godwin a415ce70be Fixed #30451 -- Added ASGI handler and coroutine-safety.
This adds an ASGI handler, asgi.py file for the default project layout,
a few async utilities and adds async-safety to many parts of Django.
2019-06-20 12:29:43 +02:00
Sanyam Khurana 87f5d07eed Fixed #12952 -- Adjusted admin log change messages to use form labels instead of field names. 2019-06-14 18:20:29 +02:00
Mariusz Felisiak b616f65855
Added missing support for PointOnSurface function on MariaDB. 2019-06-12 10:51:43 +02:00
Jon Dufresne 9e38ed0536 Fixed #27486 -- Fixed Python 3.7 DeprecationWarning in intword and filesizeformat filters.
intword and filesizeformat passed floats to ngettext() which is
deprecated in Python 3.7. The rationale for this warning is documented
in BPO-28692: https://bugs.python.org/issue28692.

For filesizeformat, the filesize value is expected to be an int -- it
fills %d string formatting placeholders. It was likely coerced to a
float to ensure floating point division on Python 2. Python 3 always
does floating point division, so coerce to an int instead of a float to
fix the warning.

For intword, the number may contain a decimal component. In English, a
decimal component makes the noun plural. A helper function,
round_away_from_one(), was added to convert the float to an integer that
is appropriate for ngettext().
2019-06-11 20:34:59 +02:00
Aymeric Augustin 3ee0834a46 Fixed #30556 -- Avoided useless query and hasher call in ModelBackend.authenticate() when credentials aren't provided.
There's no need to fetch a user instance from the database unless
a username and a password are provided as credentials.
2019-06-10 11:12:31 +02:00
Hasan Ramezani dcb8f00d06 Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields.
Thank you to Nick Pope for review.

Co-authored-by: CHI Cheng <cloudream@gmail.com>
2019-06-07 12:44:39 +02:00
Hasan Ramezani 661e6cc2c9 Fixed #29706 -- Made RenameContentType._rename() save to the correct database. 2019-06-06 12:09:01 +02:00
Tobias Bengfort 581a0f4545 Refs #30226 -- Added User.get_user_permissions() method.
Added to mirror the existing User.get_group_permissions().
2019-06-05 13:56:37 +02:00
Tobias Bengfort 75337a6050 Fixed #30226 -- Added BaseBackend for authentication. 2019-06-05 13:39:46 +02:00
Jones Ambrosi f9561144d7 Fixed #30520 -- Fixed crash of admin model inlines on custom fields without labels. 2019-06-04 10:27:12 +02:00
Nathan Gaberel b27c9c953b Fixed #28604 -- Prevented ManifestStaticFilesStorage from leaving intermediate files. 2019-06-03 13:11:55 +02:00
Carlton Gibson 34ec52269a Applied jQuery patch for CVE-2019-11358. 2019-06-03 11:36:12 +02:00
Carlton Gibson deeba6d920 Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before rendering clickable link. 2019-06-03 11:36:12 +02:00
can dffa3e1992 Fixed #30493 -- Fixed prefetch_related() for GenericRelation with different content types.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>

Thanks Simon Charette for the review.
2019-05-31 18:11:55 +02:00
Mariusz Felisiak f66021f3f7 Refs #30493 -- Added GenericRelatedObjectManager.get_content_type() hook. 2019-05-31 18:11:51 +02:00
Daniel Hahler 59f04d6b8f Simplified SessionMiddleware.process_response() a bit. 2019-05-29 14:10:11 +02:00