Commit Graph

156 Commits

Author SHA1 Message Date
Luke Plant c24bdf044b Fixed #15103 - SuspiciousOperation with limit_choices_to and raw_id_fields
Thanks to natrius for the report.

This patch also fixes some unicode bugs in affected code.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15347 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-28 14:08:25 +00:00
Jannis Leidel 7a89d3d503 Fixed #11700 -- Stopped admin actions and list_editable fields to show up in popups. Thanks to Simon Meers for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15129 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-02 01:32:40 +00:00
Alex Gaynor 732198ed5c Fix a security issue in the admin. Disclosure and new release forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15031 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-23 03:44:38 +00:00
Jannis Leidel af5ad1116c Rectified bugs that were accidentally committed in r14997. Thanks for the heads-up, Alex Gaynor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15011 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-21 19:19:04 +00:00
Jannis Leidel 98e1a71ceb Fixed #14900 -- Added ability to override the paginator class used in a ModelAdmin. Thanks, Adam Vandenberg.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14997 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-21 14:57:29 +00:00
Jannis Leidel d8165ce156 Fixed #14312 -- Raising an ``IncorrectLookupParameters`` if the page number given to an admin change list exceeds the number of the last page. Thanks, mk.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14889 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-12 22:58:47 +00:00
Jannis Leidel cc64fb5c4b Fixed #8342 -- Removed code from the admin that assumed that you can't login with an email address (nixed by r12634). Also refactored login code slightly to be DRY by using more of auth app's forms and views.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14769 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-02 00:44:35 +00:00
Honza Král dc334a2ba8 Fixed #3400 -- Support for lookup separator with list_filter admin option. Thanks to DrMeers and vitek_pliska for the patch!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14674 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-21 19:29:15 +00:00
Chris Beaven e509c1527a Fixed #14425 -- Unused imports in contrib.admin. Thanks robhudson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14175 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 01:03:53 +00:00
Ramiro Morales 8058cc2e25 Fixed #12872 -- Removed vestiges of mythic old template validation admin app functionality.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14055 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 03:58:32 +00:00
Russell Keith-Magee 5211f48ae3 Fixed #12164 -- Removed the Python 2.3 compatibility imports and workarounds. Thanks to timo and claudep for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13094 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-04 14:00:30 +00:00
Karen Tracey 883329ecb3 Fixed #12105: Corrected handling of isnull=False lookups in admin. Thanks marcob, Travis Cline, gabrielhurley.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12795 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-16 19:01:40 +00:00
Adrian Holovaty 5ceed0a053 Changed a whole bunch of places to raise exception instances instead of old-style raising exception classes plus a comma. Good for the future Python 3 conversion
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12180 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 18:36:20 +00:00
Adrian Holovaty 19b72077f7 Fixed #8049 -- Fixed inconsistency in admin site is_active checks. Thanks for patch and tests, isagalaev
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12159 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 16:51:13 +00:00
Adrian Holovaty 933b9e8de7 Fixed #6991 -- Removed some redundant user.is_authenticated() calls in various places. Thanks, alexkoshelev, Liang Feng and Ivan Sagalaev
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12142 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-09 20:11:01 +00:00
Luke Plant 25020ddb05 Fixed #4604 - Configurable message passing system, supporting anonymous users
This deprecates User.message_set in favour of a configurable messaging
system, with backends provided for cookie storage, session storage and
backward compatibility.

Many thanks to Tobias McNulty for the bulk of the work here, with
contributions from Chris Beaven (SmileyChris) and lots of code review from
Russell Keith-Magee, and input from many others.  Also credit to the authors
of various messaging systems for Django whose ideas may have been pinched
:-)



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11804 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-09 16:57:23 +00:00
Jacob Kaplan-Moss 3da3716252 Fixed #10348: ChangeList no longer overwrites a select_related provided by `ModelAdmin.queryset()`.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10782 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 15:09:33 +00:00
Russell Keith-Magee b5f0aff922 Fixed #10516 -- Corrected admin search when the search_fields definition contains multiple fields on the same base model. Thanks to Zain Memon for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10684 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-07 12:52:43 +00:00
Jacob Kaplan-Moss 855a58f963 Fixed a needless list() coercion in in ChangeList. Refs #10163.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10624 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-22 22:16:32 +00:00
Malcolm Tredinnick 3bd384aa62 Fixed #10645 -- Added some robustness around some admin and modelform params.
Fieldset dictionary names, search fields and unique_together attribute
names all have to be convertible to strings (that has always been true).
If somebody passes in a unicode object, Python barfs because Django uses
those values as keyword argument names and function calls require
parameter names to be str objects. We now convert thing to strs
automatically.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10510 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-11 07:41:59 +00:00
Jacob Kaplan-Moss c485e236bd Fixed #8193: all dynamic imports in Django are now done correctly. I know this because Brett Cannon borrowed the time machine and brought Python 2.7's '`importlib` back for inclusion in Django. Thanks for the patch-from-the-future, Brett!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10088 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-18 16:55:59 +00:00
Jacob Kaplan-Moss 7bc0878922 Fixed #8939: added a `list_editable` option to `ModelAdmin`; fields declared `list_editable` may be edited, in bulk, on the changelist page. Thanks, Alex Gaynor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10077 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-17 20:51:47 +00:00
James Bennett bb6d5dc69b Fixed #9795: Since related-object selection widgets take limit_choices_to into account, the offending code is no longer necessary and can simply be removed.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9641 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-11 07:06:25 +00:00
James Bennett 3ba235a348 OneToOne filtering should only apply in a popup selection from the related model.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9507 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-20 19:01:40 +00:00
Karen Tracey 30241385d5 Fixed #9252 -- Moved the try/except protecting against incorrect lookup params to where the error is now raised, and added a test for this case.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9245 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-22 23:09:35 +00:00
Karen Tracey 05d695908c Fixed #9053 -- Allowed for sorting of callable and ModelAdmin methods specified in list_display (added in r8352). Previously attempting to sort on the former would raise an exception and the latter simply didn't sort. Also added tests for this function. Thanks rgl and jenan.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9211 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-08 14:47:01 +00:00
Karen Tracey fd366a8531 Fixed #7582: Removed checks that prevented null=True ForeignKey fields from being sortable in Admin. Post queryset-refactor there seems no reason to disallow this.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9080 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-21 16:57:26 +00:00
Jacob Kaplan-Moss 0e5faf225c Security fix. Announcement forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8877 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 21:10:00 +00:00
Brian Rosner ce47d4ab83 Fixed #8648 -- Admin no longer ignores to_field. Thanks for the help Karen Tracey and SmileyChris.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8823 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-01 22:43:38 +00:00
Jacob Kaplan-Moss 15416a9016 Fixed #7881: Support `__in` lookups in `limit_choices_to` and `raw_id_admin`. Thanks, jamesturk.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8700 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-29 16:13:17 +00:00
Russell Keith-Magee 27b0077a48 Fixed #8509: Cleaned up handling of test cookies in admin logins. Thanks to rajeshd for the report of a problem case.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8509 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-24 06:34:18 +00:00
Brian Rosner 417a4d66df Removed some checks for Model._meta.one_to_one_field to prevent list_filter and the show_result_count in search_form.html. Fixes #2145.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8388 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15 19:15:20 +00:00
Gary Wilson Jr dd842ad34d Refs #7742 -- Changed the `django.contrib.admin.views.template.template_validator` view to use newforms instead of oldforms.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8294 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-11 04:31:55 +00:00
Jacob Kaplan-Moss 4747347385 Fixed #5801: admin requests with GET args now get properly bounced through login with those args intact. Thanks for the patch, Rozza.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8271 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-09 17:35:19 +00:00
Gary Wilson Jr c85c8f8891 Fixed #7919 -- md5 and sha modules are deprecated since Python 2.5, use hashlib module when available. Patch from Karen Tracey.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8193 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-02 05:56:57 +00:00
Adrian Holovaty 29f0e8182f Fixed #7847 -- Removed a whole bunch of unused imports from throughout the codebase. Thanks, julien
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8046 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-22 03:24:09 +00:00
Brian Rosner a19ed8aea3 Merged the newforms-admin branch into trunk.
This is a backward incompatible change. The admin contrib app has been
refactored. The newforms module has several improvements including FormSets
and Media definitions.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@7967 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-18 23:54:34 +00:00
Malcolm Tredinnick 409ed9468f Fixed #7670 -- Fixed a couple of missed changes from [7865]. Patch from jshaffer.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7869 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-08 05:29:23 +00:00
Adrian Holovaty 4406d283e1 Fixed #7478 -- Rolled QuerySetPaginator into the Paginator class, to simplify things. QuerySetPaginator still exists as an alias, for backwards compatibility. Thanks for the suggestion, batiste@dosimple.ch
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7865 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-08 02:08:33 +00:00
Luke Plant 6f76b9f58d Simplified control flow for change made in r7535
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7536 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-05-16 22:53:39 +00:00
Luke Plant 7e4718f8d5 Fixed bug in staff_member_required decorator for the case where users share an email address.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7535 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-05-15 22:10:53 +00:00
Russell Keith-Magee 41635d2176 Removed mark_safe from the saved request path on the admin login form. This prevents a potential XSS attack. Formal announcement will be forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7521 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-05-10 13:19:19 +00:00
Malcolm Tredinnick a1e4b15f15 Fixed #3002 -- Fixed a problem with ordering by related models in the admin
interface. Patch from Ramiro Morales.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7491 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-04-28 02:40:57 +00:00
Malcolm Tredinnick 9c52d56f6f Merged the queryset-refactor branch into trunk.
This is a big internal change, but mostly backwards compatible with existing
code. Also adds a couple of new features.

Fixed #245, #1050, #1656, #1801, #2076, #2091, #2150, #2253, #2306, #2400, #2430, #2482, #2496, #2676, #2737, #2874, #2902, #2939, #3037, #3141, #3288, #3440, #3592, #3739, #4088, #4260, #4289, #4306, #4358, #4464, #4510, #4858, #5012, #5020, #5261, #5295, #5321, #5324, #5325, #5555, #5707, #5796, #5817, #5987, #6018, #6074, #6088, #6154, #6177, #6180, #6203, #6658


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7477 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-04-27 02:50:16 +00:00
Adrian Holovaty 054c2e4af3 Fixed #6852 -- Converted the admin to use the new paginator, to remove DeprecationWarnings. Thanks for the patch, nickefford
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7363 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-25 05:20:55 +00:00
Gary Wilson Jr 5ca0b9203b Fixed #5701 -- Fixed decorators to take the name, attributes, and docstring of the function they decorate by adding a modified version of the `functools.wraps` function from Python 2.5. `wraps` has been altered to work with Django's `curry` function and with Python 2.3, which doesn't allow assignment of a function's `__name__` attribute. This fixes severaly annoyances, such as the online documentation for template filters served by the admin app. This change is backwards incompatible if, for some reason, you were relying on the name of a Django decorator instead of the function it decorates.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7153 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-02-25 06:02:35 +00:00
Malcolm Tredinnick f1a24be01c Fixed #6481 -- Fixed a bunch of import problems (and some whitespace cleanups).
Found by Bastian Kleineidam with help from pyflakes. Thanks.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7131 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-02-19 00:08:08 +00:00
Gary Wilson Jr 38d972b9ec Fixed #5880 -- Fixed an XSS hole in the admin interface.
* Escaped text that gets sent after saving the admin foreignkey popup form.
 * Added quotes around the second argument passed to `opener.dismissAddAnotherPopup` to make the function also work when a text field is used as the primary key.
 * Added a `html_unescape` javascript function to unescape the strings passed in to the `dismissAddAnotherPopup` function so that the added choice displays correctly in the dropdown box.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-18 06:51:20 +00:00
Malcolm Tredinnick b58c55fc80 Fixed #5944 -- Added safe string markings to admin error messages in one place
that was missed.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 22:58:24 +00:00
Malcolm Tredinnick 356662cf74 Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359
See documentation in templates.txt and templates_python.txt for how everything
works.

Backwards incompatible if you're inserting raw HTML output via template variables.

Based on an original design from Simon Willison and with debugging help from Michael Radziej.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 12:58:53 +00:00