innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
22,218 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

13348 Commits

Author SHA1 Message Date
Matthew Schinckel 60633ef3de Fixed #26304 -- Ignored unmanaged through model in table introspection. 2016-03-02 13:54:27 -05:00
Jon Dufresne fb3540d6a4 Removed obsolete, unused option 'hide_empty' from loaddata command. 
Unused since 67235fd4ef.
 2016-03-01 19:48:32 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login. 
This is a security fix.
 2016-03-01 11:25:28 -05:00
Mark Striemer c5544d2892 Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth. 
This is a security fix.
 2016-03-01 11:25:28 -05:00
Alasdair Nicol 65bd053f11 Fixed #26229 -- Improved check for model admin check admin.E124 
Refs #22792
 2016-03-01 08:20:14 -05:00
Simon Charette 0223e213dd Fixed #26186 -- Documented how app relative relationships of abstract models behave. 
This partially reverts commit bc7d201bdb.

Thanks Tim for the review.

Refs #25858.
 2016-02-29 22:07:05 -05:00
Adam Chainz 6a383f773a Removed unused 'Between' lookup. 
It was added in 20bab2cf9d and stopped being
used for `Range` in 00aa562884 when
`bilateral` was added to `Transform`.
 2016-02-29 08:00:04 -05:00
chenesan b84f5ab4ec Fixed #26230 -- Made default_related_name affect related_query_name. 2016-02-27 08:48:32 -05:00
Attila Tovt 5e2c4d7afb Fixed #26264 -- Fixed prefetch_related() crashes with values_list(flat=True) 2016-02-26 19:26:15 -05:00
Tore Lundqvist 3389c5ea22 Fixed #21608 -- Prevented logged out sessions being resurrected by concurrent requests. 
Thanks Simon Charette for the review.
 2016-02-26 18:56:56 -05:00
Simon Charette 3938b3ccaa Fixed #26286 -- Prevented content type managers from sharing their cache. 
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.

Thanks Tim for the review.

Refs #23822.
 2016-02-26 16:18:16 -05:00
Adam Chainz ef33bc2d4d Fixed #25279 -- Made prefetch_related_objects() public. 2016-02-26 14:55:01 -05:00
Yoong Kang Lim d5f89ff6e8 Fixed #24974 -- Fixed inheritance of formfield_callback for modelform_factory forms. 2016-02-26 12:27:27 -05:00
Simon Charette 766afc22a1 Fixed #24793 -- Unified temporal difference support. 2016-02-26 12:25:12 -05:00
zshimanchik 65aa94200b Fixed #24653 -- Fixed MySQL database introspection when using read_default_file. 2016-02-26 12:02:13 -05:00
Ivan Tsouvarev 8890c533e0 Fixed #26280 -- Fixed cached template loader crash when loading nonexistent template. 2016-02-26 08:02:10 -05:00
Edwar Baron eb44172760 Fixed #25811 -- Added a helpful error when making _in queries across different databases. 2016-02-26 07:31:56 -05:00
Sjoerd Job Postmus bbe136e1a2 Fixed #26231 -- Used .get_username in admin login template. 2016-02-25 19:29:53 -05:00
Nick Malakhov ee69789f45 Fixed #26269 -- Prohibited spaces in is_valid_ipv6_address(). 2016-02-25 18:52:50 -05:00
Yoong Kang Lim 4b1529e2cb Fixed #26151 -- Refactored MigrationWriter.serialize() 
Thanks Markus Holtermann for review.
 2016-02-25 14:01:06 -05:00
Scott Sexton fc584f0685 Fixed #26117 -- Consulted database routers in initial migration detection. 
Thanks Simon Charette for help.
 2016-02-25 09:56:00 -05:00
Olivier Le Thanh Duong 10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view. 
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
 2016-02-25 07:18:33 -05:00
Claude Paroz 4c18a8a378 Fixed #14098 -- Prevented crash for introspection errors in inspectdb 
Thanks Tim Graham for the review.
 2016-02-25 08:43:56 +01:00
Claude Paroz c5517b9e74 Fixed #26266 -- Output the primary key in the GeoJSON serializer properties 
Thanks Tim Graham for the review.
 2016-02-24 16:10:46 +01:00
Jon Dufresne b412681359 Fixed #26267 -- Fixed BoundField to reallow slices of subwidgets. 2016-02-24 07:02:51 -05:00
James Aylett 1ff6e37de4 Fixed #23832 -- Added timezone aware Storage API. 
New Storage.get_{accessed,created,modified}_time() methods convert the
naive time from now-deprecated {accessed,created_modified}_time()
methods into aware objects in UTC if USE_TZ=True.
 2016-02-23 18:51:43 -05:00
Aymeric Augustin 7f6fbc906a Prevented static file corruption when URL fragment contains '..'. 
When running collectstatic with a hashing static file storage backend,
URLs referencing other files were normalized with posixpath.normpath.
This could corrupt URLs: for example 'a.css#b/../c' became just 'c'.

Normalization seems to be an artifact of the historical implementation.
It contained a home-grown implementation of posixpath.join which relied
on counting occurrences of .. and /, so multiple / had to be collapsed.

The new implementation introduced in the previous commit doesn't suffer
from this issue. So it seems safe to remove the normalization.

There was a test for this normalization behavior but I don't think it's
a good test. Django shouldn't modify CSS that way. If a developer has
rendundant /s, it's mostly an aesthetic issue and it isn't Django's job
to fix it. Conversely, if the user wants a series of /s, perhaps in the
URL fragment, Django shouldn't destroy it.

Refs #26249.
 2016-02-23 19:35:16 +01:00
Aymeric Augustin 706b33fef8 Fixed #26249 -- Fixed collectstatic crash for files in STATIC_ROOT referenced by absolute URL. 
collectstatic crashed when:

* a hashing static file storage backend was used
* a static file referenced another static file located directly in
  STATIC_ROOT (not a subdirectory) with an absolute URL (which must
  start with STATIC_URL, which cannot be empty)

It seems to me that the current code reimplements relative path joining
and doesn't handle edge cases correctly. I suspect it assumes that
STATIC_URL is of the form r'/[^/]+/'.

Throwing out that code in favor of the posixpath module makes the logic
easier to follow. Handling absolute paths correctly also becomes easier.
 2016-02-23 19:34:21 +01:00
Andrew Kuchev e81d1c995c Fixed #25670 -- Allowed dictsort to sort a list of lists. 
Thanks Tim Graham for the review.
 2016-02-23 12:15:08 -05:00
Tim Graham cdbd8745f6 Fixed #26263 -- Deprecated Context.has_key() 2016-02-23 08:08:55 -05:00
Claude Paroz 269b5f262c Used call_command return value in staticfiles tests 
Refs #26190.
 2016-02-23 09:12:12 +01:00
Claude Paroz b46c0ea6c8 Fixed #26190 -- Returned handle() result from call_command 
Thanks Tim Graham for the review.
 2016-02-23 09:12:12 +01:00
Tim Graham 47b5a6a43c Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS. 2016-02-22 18:59:23 -05:00
Claude Paroz d43156e1e9 Fixed #26238 -- Raised explicit error for non-editable field in ModelForm 
Thanks Luke Crouch for the report and Simon Charette for the review.
 2016-02-21 00:24:20 +01:00
Akshesh 6670da75ff Fixed #25653 -- Made --selenium run only the selenium tests. 2016-02-19 14:21:00 -05:00
Tim Graham 032f5a7896 Refs #25735 -- Made @tag decorator importable from django.test. 2016-02-19 14:21:00 -05:00
haxoza 375e1cfe2b Fixed #25349 -- Allowed a ModelForm to unset a fields with blank=True, required=False. 2016-02-19 14:18:53 -05:00
Tim Graham b1afebf882 Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator. 
Thanks Shai Berger for the review.
 2016-02-18 19:06:49 -05:00
Akshesh d58aaa24e3 Fixed #26107 -- Added option to int_list_validator() to allow negative integers. 2016-02-18 18:58:18 -05:00
Tim Graham 70d3f81ca4 Fixed #26233 -- Fixed invalid reSt in models.Q docstring. 2016-02-18 08:45:55 -05:00
Akshesh fdccc02576 Fixed #26219 -- Fixed crash when filtering by Decimal in RawQuery. 2016-02-17 13:56:42 -05:00
Jakub Paczkowski d4dc775620 Fixed #25735 -- Added support for test tags to DiscoverRunner. 
Thanks Carl Meyer, Claude Paroz, and Simon Charette for review.
 2016-02-17 09:44:18 -05:00
Claude Paroz 928c12eb1a Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values 
Also added tests for HStoreField and JSONField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
 2016-02-16 21:07:05 +01:00
Berker Peksag 043383e3f3 Fixed #24727 -- Prevented ClearableFileInput from masking exceptions on Python 2 2016-02-15 22:51:46 +02:00
Alexey Kotlyarov b59f963ad2 Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable. 2016-02-15 11:44:29 -05:00
Jon Dufresne dec334cb66 Fixed #26193 -- Made urlize() trim multiple trailing punctuation. 2016-02-15 09:10:15 -05:00
Jon Dufresne fcd08c1757 Fixed #11665 -- Made TestCase check deferrable constraints after each test. 2016-02-13 06:53:39 -05:00
Mounir Messelmeni 50931dfa53 Fixed #25304 -- Allowed management commands to check if migrations are applied. 2016-02-12 13:34:56 -05:00
Tim Graham 004ba0f99e Removed unneeded hint=None/obj=None in system check messages. 2016-02-12 13:01:25 -05:00
Markus Holtermann 18afd50a2b Updated allow_migrate() signature in check framework tests 2016-02-12 14:31:27 +11:00