Jacob Kaplan-Moss
0e5faf225c
Security fix. Announcement forthcoming.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8877 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 21:10:00 +00:00
Brian Rosner
ce47d4ab83
Fixed #8648 -- Admin no longer ignores to_field. Thanks for the help Karen Tracey and SmileyChris.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8823 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-01 22:43:38 +00:00
Jacob Kaplan-Moss
15416a9016
Fixed #7881 : Support `__in` lookups in `limit_choices_to` and `raw_id_admin`. Thanks, jamesturk.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8700 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-29 16:13:17 +00:00
Russell Keith-Magee
27b0077a48
Fixed #8509 : Cleaned up handling of test cookies in admin logins. Thanks to rajeshd for the report of a problem case.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8509 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-24 06:34:18 +00:00
Brian Rosner
417a4d66df
Removed some checks for Model._meta.one_to_one_field to prevent list_filter and the show_result_count in search_form.html. Fixes #2145 .
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8388 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15 19:15:20 +00:00
Gary Wilson Jr
dd842ad34d
Refs #7742 -- Changed the `django.contrib.admin.views.template.template_validator` view to use newforms instead of oldforms.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8294 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-11 04:31:55 +00:00
Jacob Kaplan-Moss
4747347385
Fixed #5801 : admin requests with GET args now get properly bounced through login with those args intact. Thanks for the patch, Rozza.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8271 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-09 17:35:19 +00:00
Gary Wilson Jr
c85c8f8891
Fixed #7919 -- md5 and sha modules are deprecated since Python 2.5, use hashlib module when available. Patch from Karen Tracey.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8193 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-02 05:56:57 +00:00
Adrian Holovaty
29f0e8182f
Fixed #7847 -- Removed a whole bunch of unused imports from throughout the codebase. Thanks, julien
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8046 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-22 03:24:09 +00:00
Brian Rosner
a19ed8aea3
Merged the newforms-admin branch into trunk.
...
This is a backward incompatible change. The admin contrib app has been
refactored. The newforms module has several improvements including FormSets
and Media definitions.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7967 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-18 23:54:34 +00:00
Malcolm Tredinnick
409ed9468f
Fixed #7670 -- Fixed a couple of missed changes from [7865]. Patch from jshaffer.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7869 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-08 05:29:23 +00:00
Adrian Holovaty
4406d283e1
Fixed #7478 -- Rolled QuerySetPaginator into the Paginator class, to simplify things. QuerySetPaginator still exists as an alias, for backwards compatibility. Thanks for the suggestion, batiste@dosimple.ch
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7865 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-08 02:08:33 +00:00
Luke Plant
6f76b9f58d
Simplified control flow for change made in r7535
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7536 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-05-16 22:53:39 +00:00
Luke Plant
7e4718f8d5
Fixed bug in staff_member_required decorator for the case where users share an email address.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7535 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-05-15 22:10:53 +00:00
Russell Keith-Magee
41635d2176
Removed mark_safe from the saved request path on the admin login form. This prevents a potential XSS attack. Formal announcement will be forthcoming.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7521 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-05-10 13:19:19 +00:00
Malcolm Tredinnick
a1e4b15f15
Fixed #3002 -- Fixed a problem with ordering by related models in the admin
...
interface. Patch from Ramiro Morales.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7491 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-04-28 02:40:57 +00:00
Malcolm Tredinnick
9c52d56f6f
Merged the queryset-refactor branch into trunk.
...
This is a big internal change, but mostly backwards compatible with existing
code. Also adds a couple of new features.
Fixed #245 , #1050 , #1656 , #1801 , #2076 , #2091 , #2150 , #2253 , #2306 , #2400 , #2430 , #2482 , #2496 , #2676 , #2737 , #2874 , #2902 , #2939 , #3037 , #3141 , #3288 , #3440 , #3592 , #3739 , #4088 , #4260 , #4289 , #4306 , #4358 , #4464 , #4510 , #4858 , #5012 , #5020 , #5261 , #5295 , #5321 , #5324 , #5325 , #5555 , #5707 , #5796 , #5817 , #5987 , #6018 , #6074 , #6088 , #6154 , #6177 , #6180 , #6203 , #6658
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7477 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-04-27 02:50:16 +00:00
Adrian Holovaty
054c2e4af3
Fixed #6852 -- Converted the admin to use the new paginator, to remove DeprecationWarnings. Thanks for the patch, nickefford
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7363 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-25 05:20:55 +00:00
Gary Wilson Jr
5ca0b9203b
Fixed #5701 -- Fixed decorators to take the name, attributes, and docstring of the function they decorate by adding a modified version of the `functools.wraps` function from Python 2.5. `wraps` has been altered to work with Django's `curry` function and with Python 2.3, which doesn't allow assignment of a function's `__name__` attribute. This fixes severaly annoyances, such as the online documentation for template filters served by the admin app. This change is backwards incompatible if, for some reason, you were relying on the name of a Django decorator instead of the function it decorates.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7153 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-02-25 06:02:35 +00:00
Malcolm Tredinnick
f1a24be01c
Fixed #6481 -- Fixed a bunch of import problems (and some whitespace cleanups).
...
Found by Bastian Kleineidam with help from pyflakes. Thanks.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7131 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-02-19 00:08:08 +00:00
Gary Wilson Jr
38d972b9ec
Fixed #5880 -- Fixed an XSS hole in the admin interface.
...
* Escaped text that gets sent after saving the admin foreignkey popup form.
* Added quotes around the second argument passed to `opener.dismissAddAnotherPopup` to make the function also work when a text field is used as the primary key.
* Added a `html_unescape` javascript function to unescape the strings passed in to the `dismissAddAnotherPopup` function so that the added choice displays correctly in the dropdown box.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-18 06:51:20 +00:00
Malcolm Tredinnick
b58c55fc80
Fixed #5944 -- Added safe string markings to admin error messages in one place
...
that was missed.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 22:58:24 +00:00
Malcolm Tredinnick
356662cf74
Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359
...
See documentation in templates.txt and templates_python.txt for how everything
works.
Backwards incompatible if you're inserting raw HTML output via template variables.
Based on an original design from Simon Willison and with debugging help from Michael Radziej.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 12:58:53 +00:00
Malcolm Tredinnick
e9656180ea
Fixed #1394 -- Fixed an admin crash when saving models with pk db column != pk attname.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-16 12:14:48 +00:00
Malcolm Tredinnick
4b610f42d3
Added a get_host() method to HttpRequest. There is still an http.get_host() version in place, so this is fully backwards compatible.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6296 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15 17:46:03 +00:00
Gary Wilson Jr
212ee65be7
Fixed #2101 -- Renamed `maxlength` argument to `max_length` for oldforms `FormField`s and db model `Field`s. This is fully backwards compatible at the moment since the legacy `maxlength` argument is still supported. Using `maxlength` will, however, issue a `PendingDeprecationWarning` when used.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5803 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-08-05 05:14:46 +00:00
Gary Wilson Jr
919205ef85
Refs #3397 -- Corrected the Exception that is caught when ordering by non-fields (added in [4596]), thanks glin@seznam.cz.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5799 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-08-04 14:41:49 +00:00
Malcolm Tredinnick
0145e71ceb
Fixed #4846 -- Fixed some Python 2.3 encoding problems in the admin interface.
...
Based on a patch from daybreaker12@gmail.com .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-13 11:05:01 +00:00
Malcolm Tredinnick
953badbea5
Merged Unicode branch into trunk (r4952:5608). This should be fully
...
backwards compatible for all practical purposes.
Fixed #2391 , #2489 , #2996 , #3322 , #3344 , #3370 , #3406 , #3432 , #3454 , #3492 , #3582 , #3690 , #3878 , #3891 , #3937 , #4039 , #4141 , #4227 , #4286 , #4291 , #4300 , #4452 , #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 12:11:04 +00:00
Malcolm Tredinnick
08aa5c585b
Fixed #4607 -- Tweaked checks for features missing in Python 2.3 to not assume
...
things Python does not guarantee. Patch from SmileyChris.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5514 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-06-23 03:18:22 +00:00
Malcolm Tredinnick
92c35a0617
Fixed #2365 , #3324 -- Renamed FloatField to DecimalField and changed the code
...
to return Decimal instances in Python for this field. Backwards incompatible
change.
Added a real FloatField (stores floats in the database) and support for
FloatField and DecimalField in newforms (analogous to IntegerField).
Included decimal.py module (as django.utils._decimal) from Python 2.4. This is
license compatible with Django and included for Python 2.3 compatibility only.
Large portions of this work are based on patches from Andy Durdin and Jorge
Gajon.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5302 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-05-21 01:29:58 +00:00
Malcolm Tredinnick
4bce3c17ec
Revert [5092], since this should only have been applied to newforms-admin.
...
Refs #1576 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5097 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-26 14:58:38 +00:00
Malcolm Tredinnick
6c18ba8c91
Fixed #1576 -- Fixed incorrect SQL generated when using descending ordering
...
from related models. Patch from SmileyChris.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5092 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-26 13:48:31 +00:00
Malcolm Tredinnick
439cb4047f
Fixed #4040 -- Changed uses of has_key() to "in". Slight performance
...
improvement and forward-compatible with future Python releases. Patch from Gary
Wilson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5091 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-26 13:30:48 +00:00
Malcolm Tredinnick
74bab89178
Fixed #3379 -- Changed login() so that we update last_login when a user
...
logs in. Thanks, arvin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5074 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-25 09:44:06 +00:00
Malcolm Tredinnick
b1eea1af40
Fixed #3410 -- Edited a few i18n markups for completeness and to remove some
...
warnings from recent gettext versions. Refs #3704 . Thanks, Michael Radziej,
mirrorballu2@gmail.com and baptiste.goupil@gmail.com .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4704 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-03-12 08:35:15 +00:00
Jacob Kaplan-Moss
f3cc581f3a
Fixed #2828 , a TypeError when deleting objects with m2m relations to self. Thanks, Brian Beck.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4616 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-26 19:12:31 +00:00
Jacob Kaplan-Moss
abf79841fe
Fixed #3397 : You can now order by non-DB fields in the admin by telling Django which field to actually order by. Thanks, marcink@elksoft.pl
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4596 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-26 05:37:24 +00:00
Malcolm Tredinnick
6c4757729b
Revert [4485] in order to fix accidental mod_python breakage. Refs #2920 .
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4486 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-11 23:50:35 +00:00
Russell Keith-Magee
0e924c70b1
Refs #2920 -- Replaced implicit uses of _() with explicit imports or calls to gettext(). At some point post 0.96, we need to remove the calls that put _ into the builtins.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4485 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-11 06:20:52 +00:00
Adrian Holovaty
d04a2e792c
Fixed typo in a docstring in django/contrib/admin/views/main.py
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4269 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-30 07:48:11 +00:00
Adrian Holovaty
7180207328
Fixed #3166 -- Added admin 'Change user password' view. Thanks for the patch, SmileyChris
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4266 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-30 07:16:25 +00:00
Adrian Holovaty
706fcec164
Copied django.forms to django.oldforms and changed all code to reference django.oldforms instead of django.forms. Updated docs/forms.txt to add 'Forwards-compatibility' section that says you should not be using django.oldforms for any new projects.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4208 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-15 18:00:50 +00:00
Adrian Holovaty
545ebf4395
Improved [4180] to add HTML escaping on the primary-key value in the error message
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4181 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-07 15:14:35 +00:00
Adrian Holovaty
201704be3d
Added improved error message in admin views/main.py when loading ChangeManipulator. Also took the opportunity to convert all Http404 exceptions to use proper exception raising syntax
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4180 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-07 15:09:24 +00:00
Adrian Holovaty
41d11a685f
Fixed #2968 -- Changed arguments to __import__ to use empty dictionary instead of empty string, for stricter compliance with Python library reference. Thanks for the patch, Yasushi Masuda
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3951 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-10-30 20:50:27 +00:00
Adrian Holovaty
1c4ac051ce
Fixed #2925 -- Added missing exception import to admin.views.auth. Thanks, SmileyChris
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3925 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-10-24 16:46:46 +00:00
Adrian Holovaty
b0a8a75fc3
Fixed #2955 -- Fixed incorrect verbose-name display in admin delete_stage message. Thanks for the patch, mattimustang@gmail.com
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3921 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-10-24 16:35:04 +00:00
Russell Keith-Magee
14fb13da7e
Disabled access to the admin site for inactive accounts, and clarified documentation regarding User.is_active. Thanks to Enrico <rico.bl@gmail.com> for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3884 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-09-29 13:37:58 +00:00
Malcolm Tredinnick
96bc9ec79d
Fixed #2520 -- Fixed a problem with invalid SQL being generated by admin
...
interface in certain circumstances. Patch from favo@exoweb.net .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3794 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-09-22 13:10:46 +00:00