Luke Plant
c24bdf044b
Fixed #15103 - SuspiciousOperation with limit_choices_to and raw_id_fields
...
Thanks to natrius for the report.
This patch also fixes some unicode bugs in affected code.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15347 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-28 14:08:25 +00:00
Jannis Leidel
7a89d3d503
Fixed #11700 -- Stopped admin actions and list_editable fields to show up in popups. Thanks to Simon Meers for the initial patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15129 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-02 01:32:40 +00:00
Alex Gaynor
732198ed5c
Fix a security issue in the admin. Disclosure and new release forthcoming.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15031 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-23 03:44:38 +00:00
Jannis Leidel
af5ad1116c
Rectified bugs that were accidentally committed in r14997. Thanks for the heads-up, Alex Gaynor.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15011 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-21 19:19:04 +00:00
Jannis Leidel
98e1a71ceb
Fixed #14900 -- Added ability to override the paginator class used in a ModelAdmin. Thanks, Adam Vandenberg.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14997 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-21 14:57:29 +00:00
Jannis Leidel
d8165ce156
Fixed #14312 -- Raising an ``IncorrectLookupParameters`` if the page number given to an admin change list exceeds the number of the last page. Thanks, mk.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14889 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-12 22:58:47 +00:00
Jannis Leidel
cc64fb5c4b
Fixed #8342 -- Removed code from the admin that assumed that you can't login with an email address (nixed by r12634). Also refactored login code slightly to be DRY by using more of auth app's forms and views.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14769 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-02 00:44:35 +00:00
Honza Král
dc334a2ba8
Fixed #3400 -- Support for lookup separator with list_filter admin option. Thanks to DrMeers and vitek_pliska for the patch!
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14674 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-21 19:29:15 +00:00
Chris Beaven
e509c1527a
Fixed #14425 -- Unused imports in contrib.admin. Thanks robhudson.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14175 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 01:03:53 +00:00
Ramiro Morales
8058cc2e25
Fixed #12872 -- Removed vestiges of mythic old template validation admin app functionality.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14055 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 03:58:32 +00:00
Russell Keith-Magee
5211f48ae3
Fixed #12164 -- Removed the Python 2.3 compatibility imports and workarounds. Thanks to timo and claudep for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13094 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-04 14:00:30 +00:00
Karen Tracey
883329ecb3
Fixed #12105 : Corrected handling of isnull=False lookups in admin. Thanks marcob, Travis Cline, gabrielhurley.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12795 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-16 19:01:40 +00:00
Adrian Holovaty
5ceed0a053
Changed a whole bunch of places to raise exception instances instead of old-style raising exception classes plus a comma. Good for the future Python 3 conversion
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12180 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 18:36:20 +00:00
Adrian Holovaty
19b72077f7
Fixed #8049 -- Fixed inconsistency in admin site is_active checks. Thanks for patch and tests, isagalaev
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12159 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 16:51:13 +00:00
Adrian Holovaty
933b9e8de7
Fixed #6991 -- Removed some redundant user.is_authenticated() calls in various places. Thanks, alexkoshelev, Liang Feng and Ivan Sagalaev
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12142 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-09 20:11:01 +00:00
Luke Plant
25020ddb05
Fixed #4604 - Configurable message passing system, supporting anonymous users
...
This deprecates User.message_set in favour of a configurable messaging
system, with backends provided for cookie storage, session storage and
backward compatibility.
Many thanks to Tobias McNulty for the bulk of the work here, with
contributions from Chris Beaven (SmileyChris) and lots of code review from
Russell Keith-Magee, and input from many others. Also credit to the authors
of various messaging systems for Django whose ideas may have been pinched
:-)
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11804 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-09 16:57:23 +00:00
Jacob Kaplan-Moss
3da3716252
Fixed #10348 : ChangeList no longer overwrites a select_related provided by `ModelAdmin.queryset()`.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10782 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 15:09:33 +00:00
Russell Keith-Magee
b5f0aff922
Fixed #10516 -- Corrected admin search when the search_fields definition contains multiple fields on the same base model. Thanks to Zain Memon for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10684 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-07 12:52:43 +00:00
Jacob Kaplan-Moss
855a58f963
Fixed a needless list() coercion in in ChangeList. Refs #10163 .
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10624 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-22 22:16:32 +00:00
Malcolm Tredinnick
3bd384aa62
Fixed #10645 -- Added some robustness around some admin and modelform params.
...
Fieldset dictionary names, search fields and unique_together attribute
names all have to be convertible to strings (that has always been true).
If somebody passes in a unicode object, Python barfs because Django uses
those values as keyword argument names and function calls require
parameter names to be str objects. We now convert thing to strs
automatically.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10510 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-11 07:41:59 +00:00
Jacob Kaplan-Moss
c485e236bd
Fixed #8193 : all dynamic imports in Django are now done correctly. I know this because Brett Cannon borrowed the time machine and brought Python 2.7's '`importlib` back for inclusion in Django. Thanks for the patch-from-the-future, Brett!
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10088 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-18 16:55:59 +00:00
Jacob Kaplan-Moss
7bc0878922
Fixed #8939 : added a `list_editable` option to `ModelAdmin`; fields declared `list_editable` may be edited, in bulk, on the changelist page. Thanks, Alex Gaynor.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10077 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-17 20:51:47 +00:00
James Bennett
bb6d5dc69b
Fixed #9795 : Since related-object selection widgets take limit_choices_to into account, the offending code is no longer necessary and can simply be removed.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9641 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-11 07:06:25 +00:00
James Bennett
3ba235a348
OneToOne filtering should only apply in a popup selection from the related model.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9507 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-20 19:01:40 +00:00
Karen Tracey
30241385d5
Fixed #9252 -- Moved the try/except protecting against incorrect lookup params to where the error is now raised, and added a test for this case.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9245 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-22 23:09:35 +00:00
Karen Tracey
05d695908c
Fixed #9053 -- Allowed for sorting of callable and ModelAdmin methods specified in list_display (added in r8352). Previously attempting to sort on the former would raise an exception and the latter simply didn't sort. Also added tests for this function. Thanks rgl and jenan.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9211 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-08 14:47:01 +00:00
Karen Tracey
fd366a8531
Fixed #7582 : Removed checks that prevented null=True ForeignKey fields from being sortable in Admin. Post queryset-refactor there seems no reason to disallow this.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9080 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-21 16:57:26 +00:00
Jacob Kaplan-Moss
0e5faf225c
Security fix. Announcement forthcoming.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8877 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 21:10:00 +00:00
Brian Rosner
ce47d4ab83
Fixed #8648 -- Admin no longer ignores to_field. Thanks for the help Karen Tracey and SmileyChris.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8823 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-01 22:43:38 +00:00
Jacob Kaplan-Moss
15416a9016
Fixed #7881 : Support `__in` lookups in `limit_choices_to` and `raw_id_admin`. Thanks, jamesturk.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8700 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-29 16:13:17 +00:00
Russell Keith-Magee
27b0077a48
Fixed #8509 : Cleaned up handling of test cookies in admin logins. Thanks to rajeshd for the report of a problem case.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8509 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-24 06:34:18 +00:00
Brian Rosner
417a4d66df
Removed some checks for Model._meta.one_to_one_field to prevent list_filter and the show_result_count in search_form.html. Fixes #2145 .
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8388 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15 19:15:20 +00:00
Gary Wilson Jr
dd842ad34d
Refs #7742 -- Changed the `django.contrib.admin.views.template.template_validator` view to use newforms instead of oldforms.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8294 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-11 04:31:55 +00:00
Jacob Kaplan-Moss
4747347385
Fixed #5801 : admin requests with GET args now get properly bounced through login with those args intact. Thanks for the patch, Rozza.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8271 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-09 17:35:19 +00:00
Gary Wilson Jr
c85c8f8891
Fixed #7919 -- md5 and sha modules are deprecated since Python 2.5, use hashlib module when available. Patch from Karen Tracey.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8193 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-02 05:56:57 +00:00
Adrian Holovaty
29f0e8182f
Fixed #7847 -- Removed a whole bunch of unused imports from throughout the codebase. Thanks, julien
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8046 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-22 03:24:09 +00:00
Brian Rosner
a19ed8aea3
Merged the newforms-admin branch into trunk.
...
This is a backward incompatible change. The admin contrib app has been
refactored. The newforms module has several improvements including FormSets
and Media definitions.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7967 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-18 23:54:34 +00:00
Malcolm Tredinnick
409ed9468f
Fixed #7670 -- Fixed a couple of missed changes from [7865]. Patch from jshaffer.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7869 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-08 05:29:23 +00:00
Adrian Holovaty
4406d283e1
Fixed #7478 -- Rolled QuerySetPaginator into the Paginator class, to simplify things. QuerySetPaginator still exists as an alias, for backwards compatibility. Thanks for the suggestion, batiste@dosimple.ch
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7865 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-08 02:08:33 +00:00
Luke Plant
6f76b9f58d
Simplified control flow for change made in r7535
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7536 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-05-16 22:53:39 +00:00
Luke Plant
7e4718f8d5
Fixed bug in staff_member_required decorator for the case where users share an email address.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7535 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-05-15 22:10:53 +00:00
Russell Keith-Magee
41635d2176
Removed mark_safe from the saved request path on the admin login form. This prevents a potential XSS attack. Formal announcement will be forthcoming.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7521 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-05-10 13:19:19 +00:00
Malcolm Tredinnick
a1e4b15f15
Fixed #3002 -- Fixed a problem with ordering by related models in the admin
...
interface. Patch from Ramiro Morales.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7491 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-04-28 02:40:57 +00:00
Malcolm Tredinnick
9c52d56f6f
Merged the queryset-refactor branch into trunk.
...
This is a big internal change, but mostly backwards compatible with existing
code. Also adds a couple of new features.
Fixed #245 , #1050 , #1656 , #1801 , #2076 , #2091 , #2150 , #2253 , #2306 , #2400 , #2430 , #2482 , #2496 , #2676 , #2737 , #2874 , #2902 , #2939 , #3037 , #3141 , #3288 , #3440 , #3592 , #3739 , #4088 , #4260 , #4289 , #4306 , #4358 , #4464 , #4510 , #4858 , #5012 , #5020 , #5261 , #5295 , #5321 , #5324 , #5325 , #5555 , #5707 , #5796 , #5817 , #5987 , #6018 , #6074 , #6088 , #6154 , #6177 , #6180 , #6203 , #6658
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7477 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-04-27 02:50:16 +00:00
Adrian Holovaty
054c2e4af3
Fixed #6852 -- Converted the admin to use the new paginator, to remove DeprecationWarnings. Thanks for the patch, nickefford
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7363 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-25 05:20:55 +00:00
Gary Wilson Jr
5ca0b9203b
Fixed #5701 -- Fixed decorators to take the name, attributes, and docstring of the function they decorate by adding a modified version of the `functools.wraps` function from Python 2.5. `wraps` has been altered to work with Django's `curry` function and with Python 2.3, which doesn't allow assignment of a function's `__name__` attribute. This fixes severaly annoyances, such as the online documentation for template filters served by the admin app. This change is backwards incompatible if, for some reason, you were relying on the name of a Django decorator instead of the function it decorates.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7153 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-02-25 06:02:35 +00:00
Malcolm Tredinnick
f1a24be01c
Fixed #6481 -- Fixed a bunch of import problems (and some whitespace cleanups).
...
Found by Bastian Kleineidam with help from pyflakes. Thanks.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7131 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-02-19 00:08:08 +00:00
Gary Wilson Jr
38d972b9ec
Fixed #5880 -- Fixed an XSS hole in the admin interface.
...
* Escaped text that gets sent after saving the admin foreignkey popup form.
* Added quotes around the second argument passed to `opener.dismissAddAnotherPopup` to make the function also work when a text field is used as the primary key.
* Added a `html_unescape` javascript function to unescape the strings passed in to the `dismissAddAnotherPopup` function so that the added choice displays correctly in the dropdown box.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-18 06:51:20 +00:00
Malcolm Tredinnick
b58c55fc80
Fixed #5944 -- Added safe string markings to admin error messages in one place
...
that was missed.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 22:58:24 +00:00
Malcolm Tredinnick
356662cf74
Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359
...
See documentation in templates.txt and templates_python.txt for how everything
works.
Backwards incompatible if you're inserting raw HTML output via template variables.
Based on an original design from Simon Willison and with debugging help from Michael Radziej.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 12:58:53 +00:00