Florian Apolloner
37aea82b1c
[1.6.x] Fixed #21253 -- PBKDF2 with cached HMAC key
...
This gives a 2x speed increase compared to the existing implementation.
Thanks to Steve Thomas for the initial patch and Tim Graham for finishing it.
Backport of 1e4f53a6eb
from master.
2013-10-21 19:55:28 +02:00
Aymeric Augustin
5591fe6829
[1.6.x] Fixed #21256 -- Error in datetime_safe.datetime.combine.
...
Backport of d9b6fb8
from master
2013-10-13 19:11:43 +02:00
Aymeric Augustin
f0c7649b16
Fixed #21198 -- Prevented invalid use of @python_2_unicode_compatible.
...
Thanks jpic for the report and chmodas for working on a patch.
Reverts 2ea80b94
. Refs #19362 .
Conflicts:
tests/utils_tests/test_encoding.py
2013-10-13 18:25:21 +02:00
Baptiste Mispelon
15bdc85117
[1.6.x] Fix #21185 : Added tests for unescape_entities.
...
Also fixed a py3 incompatibility.
Thanks to brutasse for the report.
Backport of 3754f4ad41
from master.
2013-09-27 18:06:28 +02:00
Florian Apolloner
e5dc08f2db
[1.6.x] Fixed #21138 -- Increased the performance of our PBKDF2 implementation.
...
Thanks go to Michael Gebetsroither for pointing out this issue and help on
the patch.
Backport of 68540fe4df
from master.
2013-09-24 21:10:21 +02:00
Paul McMillan
85ba68cc14
[1.6.x] Increased default PBKDF2 iterations
...
Increases the default PBKDF2 iterations, since computers have gotten
faster since 2011. In the future, we plan to increment by 10% per
major version.
Backport of a075e2ad0d
from master
2013-09-19 15:34:59 -04:00
Tim Graham
275497c570
[1.6.x] Fixed #15625 -- Made message in MultiValueDictKeyError less verbose.
...
Thanks margieroginski for the suggestion.
Backport of 893198509e
from master
2013-09-18 06:49:59 -04:00
Aymeric Augustin
f9f792eb04
[1.6.x] Took advantage of django.utils.six.moves.urllib.*.
...
Backport of 6a6428a36
from master.
2013-09-10 21:29:31 +02:00
Aymeric Augustin
7c31e195db
[1.6.x] Fixed #18766 -- Pointed to pytz when LocalTimezone fails.
...
Thanks void for the report.
Backport of ded11aa6
from master.
2013-09-08 09:17:03 +02:00
Max Burstein
92e89452f1
[1.6.x] Fixed #21049 -- Fixed autoreload for Python 3
...
Changed th system module values check to return a list.
In Python 3 it returns a dict_view which could occassionally produce
a runtime error of "dictionary changed size during iteration".
Backport of 559cb826b8
from master
2013-09-06 17:32:08 -04:00
Aymeric Augustin
7c1efc2fa6
Updated six to version 1.4.1.
2013-09-04 15:23:24 -05:00
Aymeric Augustin
115318051c
[1.6.x] Replaced "not PY3" by "PY2", new in six 1.4.0.
...
Conflicts:
django/db/backends/oracle/base.py
django/db/backends/sqlite3/base.py
django/db/models/base.py
Backport of 365c3e8b
from master.
2013-09-03 07:34:45 -05:00
Aymeric Augustin
50012577f3
[1.6.x] Updated the bundled version of six to 1.4.0.
...
Backport of 42920970
from master.
2013-09-03 07:34:44 -05:00
Simon Charette
e7a6eaf5fe
[1.6.x] Correctly format missing Pillow/PIL exceptions messages. refs #19934
...
Backport of b9590a6935
from master.
2013-08-19 18:51:22 -04:00
Jacob Kaplan-Moss
79594b40c0
Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S.
...
This is a security fix; disclosure to follow shortly.
2013-08-13 11:05:41 -05:00
Florian Apolloner
081a27c358
[1.6.x] Simplified smart_urlquote and added some basic tests.
...
Backport of b70c371fc1
from master.
2013-07-28 10:07:01 +02:00
SusanTan
40d2687787
[1.6.x] Fixed #20711 -- Fixed broken link in timesince.py docstring
...
Backport of d63327d843
from master.
2013-07-07 12:40:44 -04:00
Tim Graham
1184d07789
Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk.
...
uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.
Thanks jonash for the initial patch and claudep for the review.
2013-06-26 13:11:47 -04:00
Aymeric Augustin
ffcf24c9ce
Removed several unused imports.
2013-06-19 17:18:40 +02:00
Loic Bistuer
ee77d4b253
Fixed #20199 -- Allow ModelForm fields to override error_messages from model fields
2013-06-18 08:01:17 -04:00
Florian Apolloner
c9d07d251f
Fixed loaddata for Django checkouts with non ASCII chars in the name.
2013-06-03 13:18:16 +02:00
Alex Gaynor
09d0568697
Switched to using some constants the hmac module exposes.
2013-06-02 10:31:38 -07:00
Danilo Bargen
127d9b2792
Added minor splitting optimization in django.utils.ipv6._unpack_ipv4
2013-06-01 07:08:13 -04:00
Ramiro Morales
0fa8d43e74
Replaced `and...or...` constructs with PEP 308 conditional expressions.
2013-05-26 23:47:50 -03:00
Preston Holmes
d228c1192e
Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
...
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.
Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Baptiste Mispelon
2ee447fb5f
Fixed #20296 -- Allowed SafeData and EscapeData to be lazy
2013-05-25 16:06:44 +02:00
Claude Paroz
b7cf44dde8
Fixed some minor translation-related issues
2013-05-25 14:32:44 +02:00
Claude Paroz
c0439b6210
Removed obsolete attribute of DjangoTranslation
2013-05-25 14:01:52 +02:00
Claude Paroz
b664cb818d
Fixed #19237 (again) - Made strip_tags consistent between Python versions
2013-05-23 14:01:27 +02:00
Claude Paroz
dc51ec8bc2
Fixed #19237 -- Used HTML parser to strip tags
...
The regex method used until now for the strip_tags utility is fast,
but subject to flaws and security issues. Consensus and good
practice lead use to use a slower but safer method.
2013-05-22 17:34:02 +02:00
Claude Paroz
fd961941cc
Imported copyreg from six.moves
2013-05-21 14:41:39 +02:00
Daniel Lindsley
e24d486fbc
Fixed #20212 - __reduce__ should only be defined for Py3+.
2013-05-21 00:49:21 -07:00
Łukasz Langa
26e3e7ecb5
Fixed #11915 : generic Accept-Language matches country-specific variants
2013-05-19 12:50:09 +02:00
Marc Tamlyn
413735b239
Fix a typo in a comment.
2013-05-19 11:24:36 +02:00
Emil Stenström
7d77e9786a
Fixed #20246 -- Added non-breaking spaces between values an units
2013-05-18 23:01:48 +02:00
Florian Apolloner
acd0bb39df
Fixed #14894 -- Ensure that activating a translation doesn't run into threading issues.
...
Thanks to maxbublis for the report and sergeykolosov for the patch.
2013-05-18 17:36:31 +02:00
Łukasz Langa
92ebb29c53
Fixes #19919 : get_language_from_request() disregards "en-us" and "en" languages
...
when matching Accept-Language
2013-05-18 14:37:04 +02:00
Florian Apolloner
051cb1f4c6
Fixed #20411 -- Don't let invalid referers blow up CSRF same origin checks.
...
Thanks to edevil for the report and saz for the patch.
2013-05-18 12:32:47 +02:00
Aymeric Augustin
9c487b5974
Replaced an antiquated pattern.
...
Thanks Lennart Regebro for pointing it out.
2013-05-17 18:08:58 +02:00
Florian Apolloner
4ecc6da20b
Removed unicode literals from PIL compat.
2013-05-15 09:00:09 +02:00
Daniel Lindsley
33793f7c3e
Fixed #19934 - Use of Pillow is now preferred over PIL.
...
This starts the deprecation period for PIL (support to end in 1.8).
2013-05-14 19:32:04 -07:00
Carl Meyer
9012833af8
Fixed #17365 , #17366 , #18727 -- Switched to discovery test runner.
...
Thanks to Preston Timmons for the bulk of the work on the patch, especially
updating Django's own test suite to comply with the requirements of the new
runner. Thanks also to Jannis Leidel and Mahdi Yusuf for earlier work on the
patch and the discovery runner.
Refs #11077 , #17032 , and #18670 .
2013-05-10 23:08:45 -04:00
Claude Paroz
4769db6b5f
Fixed #20321 -- Added missing key name in MergeDict KeyError message
...
Thanks mark.harviston et gmail.com for the report.
2013-04-26 08:59:34 +02:00
Alex Gaynor
714161c864
Fix != operations on lazy objects.
2013-04-19 10:58:29 -07:00
Anton Baklanov
59d127e45f
Fixed #20276 -- Implemented __bool__ for MergeDict
...
MergeDict evaluates now to False if all contained dicts are empty.
Thanks til for the report and the initial patch.
2013-04-19 10:08:16 +02:00
Baptiste Mispelon
e7b9c11c3f
Fixed #20231 -- Don't use allow_lazy on smart_split
2013-04-10 13:05:29 +02:00
Claude Paroz
b474ffe63a
Fixed #20172 -- Ensured urlize supports IPv4/IPv6 addresses
...
Thanks Marc Aymerich for the report and the initial patch.
2013-04-01 15:37:37 +02:00
Joe Friedl
2d0db67813
Fixed #20167 -- Preserve the traceback of `ImportError`s in `import_by_path`.
...
Thanks @carljm for the review.
2013-03-31 23:00:06 -04:00
Gavin Wahl
ec04fd1344
Fixed spelling errors
2013-03-28 11:16:53 -06:00
Andreas
35cab0f8e4
Fixed #20016 : worked around Jython not having a buffer.
2013-03-27 13:39:52 -05:00