Commit Graph

129 Commits

Author SHA1 Message Date
Jacob Kaplan-Moss 0e5faf225c Security fix. Announcement forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8877 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 21:10:00 +00:00
Brian Rosner ce47d4ab83 Fixed #8648 -- Admin no longer ignores to_field. Thanks for the help Karen Tracey and SmileyChris.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8823 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-01 22:43:38 +00:00
Jacob Kaplan-Moss 15416a9016 Fixed #7881: Support `__in` lookups in `limit_choices_to` and `raw_id_admin`. Thanks, jamesturk.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8700 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-29 16:13:17 +00:00
Russell Keith-Magee 27b0077a48 Fixed #8509: Cleaned up handling of test cookies in admin logins. Thanks to rajeshd for the report of a problem case.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8509 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-24 06:34:18 +00:00
Brian Rosner 417a4d66df Removed some checks for Model._meta.one_to_one_field to prevent list_filter and the show_result_count in search_form.html. Fixes #2145.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8388 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15 19:15:20 +00:00
Gary Wilson Jr dd842ad34d Refs #7742 -- Changed the `django.contrib.admin.views.template.template_validator` view to use newforms instead of oldforms.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8294 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-11 04:31:55 +00:00
Jacob Kaplan-Moss 4747347385 Fixed #5801: admin requests with GET args now get properly bounced through login with those args intact. Thanks for the patch, Rozza.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8271 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-09 17:35:19 +00:00
Gary Wilson Jr c85c8f8891 Fixed #7919 -- md5 and sha modules are deprecated since Python 2.5, use hashlib module when available. Patch from Karen Tracey.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8193 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-02 05:56:57 +00:00
Adrian Holovaty 29f0e8182f Fixed #7847 -- Removed a whole bunch of unused imports from throughout the codebase. Thanks, julien
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8046 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-22 03:24:09 +00:00
Brian Rosner a19ed8aea3 Merged the newforms-admin branch into trunk.
This is a backward incompatible change. The admin contrib app has been
refactored. The newforms module has several improvements including FormSets
and Media definitions.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@7967 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-18 23:54:34 +00:00
Malcolm Tredinnick 409ed9468f Fixed #7670 -- Fixed a couple of missed changes from [7865]. Patch from jshaffer.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7869 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-08 05:29:23 +00:00
Adrian Holovaty 4406d283e1 Fixed #7478 -- Rolled QuerySetPaginator into the Paginator class, to simplify things. QuerySetPaginator still exists as an alias, for backwards compatibility. Thanks for the suggestion, batiste@dosimple.ch
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7865 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-08 02:08:33 +00:00
Luke Plant 6f76b9f58d Simplified control flow for change made in r7535
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7536 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-05-16 22:53:39 +00:00
Luke Plant 7e4718f8d5 Fixed bug in staff_member_required decorator for the case where users share an email address.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7535 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-05-15 22:10:53 +00:00
Russell Keith-Magee 41635d2176 Removed mark_safe from the saved request path on the admin login form. This prevents a potential XSS attack. Formal announcement will be forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7521 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-05-10 13:19:19 +00:00
Malcolm Tredinnick a1e4b15f15 Fixed #3002 -- Fixed a problem with ordering by related models in the admin
interface. Patch from Ramiro Morales.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7491 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-04-28 02:40:57 +00:00
Malcolm Tredinnick 9c52d56f6f Merged the queryset-refactor branch into trunk.
This is a big internal change, but mostly backwards compatible with existing
code. Also adds a couple of new features.

Fixed #245, #1050, #1656, #1801, #2076, #2091, #2150, #2253, #2306, #2400, #2430, #2482, #2496, #2676, #2737, #2874, #2902, #2939, #3037, #3141, #3288, #3440, #3592, #3739, #4088, #4260, #4289, #4306, #4358, #4464, #4510, #4858, #5012, #5020, #5261, #5295, #5321, #5324, #5325, #5555, #5707, #5796, #5817, #5987, #6018, #6074, #6088, #6154, #6177, #6180, #6203, #6658


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7477 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-04-27 02:50:16 +00:00
Adrian Holovaty 054c2e4af3 Fixed #6852 -- Converted the admin to use the new paginator, to remove DeprecationWarnings. Thanks for the patch, nickefford
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7363 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-25 05:20:55 +00:00
Gary Wilson Jr 5ca0b9203b Fixed #5701 -- Fixed decorators to take the name, attributes, and docstring of the function they decorate by adding a modified version of the `functools.wraps` function from Python 2.5. `wraps` has been altered to work with Django's `curry` function and with Python 2.3, which doesn't allow assignment of a function's `__name__` attribute. This fixes severaly annoyances, such as the online documentation for template filters served by the admin app. This change is backwards incompatible if, for some reason, you were relying on the name of a Django decorator instead of the function it decorates.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7153 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-02-25 06:02:35 +00:00
Malcolm Tredinnick f1a24be01c Fixed #6481 -- Fixed a bunch of import problems (and some whitespace cleanups).
Found by Bastian Kleineidam with help from pyflakes. Thanks.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7131 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-02-19 00:08:08 +00:00
Gary Wilson Jr 38d972b9ec Fixed #5880 -- Fixed an XSS hole in the admin interface.
* Escaped text that gets sent after saving the admin foreignkey popup form.
 * Added quotes around the second argument passed to `opener.dismissAddAnotherPopup` to make the function also work when a text field is used as the primary key.
 * Added a `html_unescape` javascript function to unescape the strings passed in to the `dismissAddAnotherPopup` function so that the added choice displays correctly in the dropdown box.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-18 06:51:20 +00:00
Malcolm Tredinnick b58c55fc80 Fixed #5944 -- Added safe string markings to admin error messages in one place
that was missed.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 22:58:24 +00:00
Malcolm Tredinnick 356662cf74 Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359
See documentation in templates.txt and templates_python.txt for how everything
works.

Backwards incompatible if you're inserting raw HTML output via template variables.

Based on an original design from Simon Willison and with debugging help from Michael Radziej.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 12:58:53 +00:00
Malcolm Tredinnick e9656180ea Fixed #1394 -- Fixed an admin crash when saving models with pk db column != pk attname.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-16 12:14:48 +00:00
Malcolm Tredinnick 4b610f42d3 Added a get_host() method to HttpRequest. There is still an http.get_host() version in place, so this is fully backwards compatible.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6296 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15 17:46:03 +00:00
Gary Wilson Jr 212ee65be7 Fixed #2101 -- Renamed `maxlength` argument to `max_length` for oldforms `FormField`s and db model `Field`s. This is fully backwards compatible at the moment since the legacy `maxlength` argument is still supported. Using `maxlength` will, however, issue a `PendingDeprecationWarning` when used.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5803 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-08-05 05:14:46 +00:00
Gary Wilson Jr 919205ef85 Refs #3397 -- Corrected the Exception that is caught when ordering by non-fields (added in [4596]), thanks glin@seznam.cz.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5799 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-08-04 14:41:49 +00:00
Malcolm Tredinnick 0145e71ceb Fixed #4846 -- Fixed some Python 2.3 encoding problems in the admin interface.
Based on a patch from daybreaker12@gmail.com.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-13 11:05:01 +00:00
Malcolm Tredinnick 953badbea5 Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.

Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 12:11:04 +00:00
Malcolm Tredinnick 08aa5c585b Fixed #4607 -- Tweaked checks for features missing in Python 2.3 to not assume
things Python does not guarantee. Patch from SmileyChris.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5514 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-06-23 03:18:22 +00:00
Malcolm Tredinnick 92c35a0617 Fixed #2365, #3324 -- Renamed FloatField to DecimalField and changed the code
to return Decimal instances in Python for this field. Backwards incompatible
change.

Added a real FloatField (stores floats in the database) and support for
FloatField and DecimalField in newforms (analogous to IntegerField).

Included decimal.py module (as django.utils._decimal) from Python 2.4. This is
license compatible with Django and included for Python 2.3 compatibility only.

Large portions of this work are based on patches from Andy Durdin and Jorge
Gajon.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@5302 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-05-21 01:29:58 +00:00
Malcolm Tredinnick 4bce3c17ec Revert [5092], since this should only have been applied to newforms-admin.
Refs #1576.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5097 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-26 14:58:38 +00:00
Malcolm Tredinnick 6c18ba8c91 Fixed #1576 -- Fixed incorrect SQL generated when using descending ordering
from related models. Patch from SmileyChris.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5092 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-26 13:48:31 +00:00
Malcolm Tredinnick 439cb4047f Fixed #4040 -- Changed uses of has_key() to "in". Slight performance
improvement and forward-compatible with future Python releases. Patch from Gary
Wilson.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5091 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-26 13:30:48 +00:00
Malcolm Tredinnick 74bab89178 Fixed #3379 -- Changed login() so that we update last_login when a user
logs in. Thanks, arvin.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5074 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-25 09:44:06 +00:00
Malcolm Tredinnick b1eea1af40 Fixed #3410 -- Edited a few i18n markups for completeness and to remove some
warnings from recent gettext versions. Refs #3704. Thanks, Michael Radziej,
mirrorballu2@gmail.com and baptiste.goupil@gmail.com.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@4704 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-03-12 08:35:15 +00:00
Jacob Kaplan-Moss f3cc581f3a Fixed #2828, a TypeError when deleting objects with m2m relations to self. Thanks, Brian Beck.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4616 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-26 19:12:31 +00:00
Jacob Kaplan-Moss abf79841fe Fixed #3397: You can now order by non-DB fields in the admin by telling Django which field to actually order by. Thanks, marcink@elksoft.pl
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4596 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-26 05:37:24 +00:00
Malcolm Tredinnick 6c4757729b Revert [4485] in order to fix accidental mod_python breakage. Refs #2920.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4486 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-11 23:50:35 +00:00
Russell Keith-Magee 0e924c70b1 Refs #2920 -- Replaced implicit uses of _() with explicit imports or calls to gettext(). At some point post 0.96, we need to remove the calls that put _ into the builtins.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4485 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-11 06:20:52 +00:00
Adrian Holovaty d04a2e792c Fixed typo in a docstring in django/contrib/admin/views/main.py
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4269 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-30 07:48:11 +00:00
Adrian Holovaty 7180207328 Fixed #3166 -- Added admin 'Change user password' view. Thanks for the patch, SmileyChris
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4266 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-30 07:16:25 +00:00
Adrian Holovaty 706fcec164 Copied django.forms to django.oldforms and changed all code to reference django.oldforms instead of django.forms. Updated docs/forms.txt to add 'Forwards-compatibility' section that says you should not be using django.oldforms for any new projects.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4208 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-15 18:00:50 +00:00
Adrian Holovaty 545ebf4395 Improved [4180] to add HTML escaping on the primary-key value in the error message
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4181 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-07 15:14:35 +00:00
Adrian Holovaty 201704be3d Added improved error message in admin views/main.py when loading ChangeManipulator. Also took the opportunity to convert all Http404 exceptions to use proper exception raising syntax
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4180 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-07 15:09:24 +00:00
Adrian Holovaty 41d11a685f Fixed #2968 -- Changed arguments to __import__ to use empty dictionary instead of empty string, for stricter compliance with Python library reference. Thanks for the patch, Yasushi Masuda
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3951 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-10-30 20:50:27 +00:00
Adrian Holovaty 1c4ac051ce Fixed #2925 -- Added missing exception import to admin.views.auth. Thanks, SmileyChris
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3925 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-10-24 16:46:46 +00:00
Adrian Holovaty b0a8a75fc3 Fixed #2955 -- Fixed incorrect verbose-name display in admin delete_stage message. Thanks for the patch, mattimustang@gmail.com
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3921 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-10-24 16:35:04 +00:00
Russell Keith-Magee 14fb13da7e Disabled access to the admin site for inactive accounts, and clarified documentation regarding User.is_active. Thanks to Enrico <rico.bl@gmail.com> for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3884 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-09-29 13:37:58 +00:00
Malcolm Tredinnick 96bc9ec79d Fixed #2520 -- Fixed a problem with invalid SQL being generated by admin
interface in certain circumstances. Patch from favo@exoweb.net.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@3794 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-09-22 13:10:46 +00:00