Commit Graph

4491 Commits

Author SHA1 Message Date
Tim Graham 93c538694e Fixed XSS in admin's add/change related popup.
This is a security fix.
2016-07-18 11:17:01 -04:00
akki 767849b765 Removed unnecessary looping in sqlite3 SchemaEditor. 2016-07-18 08:47:30 -04:00
Claude Paroz 255fb99284 Fixed #17209 -- Added password reset/change class-based views
Thanks Tim Graham for the review.
2016-07-16 10:36:12 +02:00
Claude Paroz 92c48a392f Updated contrib.postgres translation catalog
Forward port of cb78011402 from stable/1.10.x.
2016-07-15 09:48:57 +02:00
Andrew Nester 08ed3cc6d1 Fixed #26671 -- Made HashedFilesMixin ignore the 'chrome' scheme. 2016-07-12 08:20:39 -04:00
Kenneth 2f587737d7 Fixed #26872 -- Fixed text overflow in ModelAdmin.list_filter. 2016-07-09 08:06:42 -04:00
Erik Romijn 8db889eaf7 Fixed #18682 -- Expanded explanation in stale content type deletion. (#6869) 2016-07-03 15:55:14 +02:00
Claude Paroz 490107f14d Added Upper/Lower Sorbian translations 2016-06-29 21:11:30 +02:00
Lh4cKg 18571aefe6 Added Georgian mapping to contrib/admin/static/admin/js/urlify.js 2016-06-29 09:59:03 -04:00
David Sanders 7ca6007bd2 Fixed #26811 -- Added addButton option to admin inlines JavaScript. 2016-06-28 15:19:53 -04:00
Shabda Raaj b0acb1e73e Fixed #26779 -- Added extra_context parameter to admin's i18n_javascript view. 2016-06-27 15:37:32 -04:00
Bang Dao + Tam Huynh 09119dff14 Fixed #26719 -- Normalized email in AbstractUser.clean(). 2016-06-24 10:37:38 -04:00
Claude Paroz 78963495d0 Refs #17209 -- Added LoginView and LogoutView class-based views
Thanks Tim Graham for the review.
2016-06-24 10:45:13 +02:00
Tim Graham 39805686b3 Refs #21379, #26719 -- Moved username normalization to AbstractBaseUser.
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
2016-06-21 16:19:37 -04:00
Sergey Fedoseev 5ce660cd65 Fixed #25940 -- Added OGRGeometry.from_gml() and GEOSGeometry.from_gml(). 2016-06-21 15:46:27 -04:00
Paulo 9c2d5a8d33 Fixed #26729 -- Allowed overriding a form field's label/help_text in Form.__init__() for TabularInline. 2016-06-21 14:26:47 -04:00
Sergey Fedoseev ea4665066b Fixed #26785 -- Made Oracle return None rather than empty string for empty geometries. 2016-06-21 14:06:29 -04:00
Jon Dufresne d13881bd34 Fixed #26783 -- Fixed SessionMiddleware's empty cookie deletion when using SESSION_COOKIE_PATH. 2016-06-21 11:03:25 -04:00
Claude Paroz 140c235026 Fixed #26750 -- Fixed introspection for geography point field with dim=3
Thanks Yegor Kazantsev for the report and the initial patch.
2016-06-21 15:22:21 +02:00
Claude Paroz 8ba44ecda0 Fixed #26775 -- Supported dim=3 geography fields
Thanks François-Xavier Thomas for the report.
2016-06-18 21:48:32 +02:00
Claude Paroz f7a363ee1d Fixed #26753 -- Made GDAL a required dependency for contrib.gis
Thanks Tim Graham for the review.
2016-06-18 10:58:02 +02:00
Carl Meyer 7d1b69dbe7 Refs #26601 -- Improved backwards-compatibility of DEP 5 middleware exception handling. 2016-06-17 10:00:39 -07:00
Tim Graham 9c3fbf5423 Used SQL from DB backend in GeomValue.
This avoids the deprecated GeomFromText on MySQL (refs #26134).

Thanks Claude Paroz for the review.
2016-06-16 19:51:13 -04:00
Tim Graham ea34426ae7 Fixed flake8 2.6 warnings. 2016-06-16 09:12:50 -04:00
Ville Skyttä 96f97691ad Fixed broken links in docs and comments. 2016-06-15 21:20:23 -04:00
Sergey Fedoseev cee534228c Refs #25645 -- Removed SpatiaLite 3.x compatibility in gis.db.models.functions.Translate.
Complements 47f22e8286.
2016-06-13 10:32:07 -04:00
Charlie Denton f2c0eb19e9 Fixed #26748 -- Allowed overriding JSONField's widget with an attribute. 2016-06-13 08:09:54 -04:00
Sergey Fedoseev 6928ad184e Fixed #26736 -- Fixed crashes in SpatialReference with non-ASCII characters. 2016-06-11 21:03:22 -04:00
Dmitry Medvinsky 0451dcc2eb Fixed #26742 -- Fixed action select color in admin changelist. 2016-06-10 11:39:11 -04:00
Oliver Sauder 5d8375fe66 Fixed #4548 -- Added username hint to admin's change_password form. 2016-06-09 12:18:15 -04:00
krishbharadwaj f6681393d3 Fixing #26524 -- Made a foreign key id reference in ModelAdmin.list_display display the id. 2016-06-08 17:20:03 -04:00
Brett Haydon 5e3f4c2e53 Fixed #26716 -- Made CurrentSiteMiddleware compatible with new-style middleware. 2016-06-07 09:46:22 -04:00
Pyie Zone 054e74420b Refs #16501, #26474 -- Added xregexp.js source file. 2016-06-06 09:25:02 -04:00
Vytis Banaitis 2f9c4e2b6f Fixed #19963 -- Added support for date_hierarchy across relations. 2016-06-04 12:14:02 -04:00
Brad Melin f6517a5335 Fixed #26672 -- Fixed HStoreField to raise ValidationError instead of crashing on non-dict JSON input. 2016-06-02 16:28:01 -04:00
Rustam Kashapov df8412d2e5 Fixed #26617 -- Added distinct argument to contrib.postgres's StringAgg. 2016-06-02 13:48:35 -04:00
Sergey Fedoseev a20671c489 Refs #25645 -- Removed SpatiaLite 3.x compatibility in SpatialiteSpatialRefSys.wkt.
Complements 47f22e8286.
2016-06-01 10:49:55 -04:00
Tim Graham bc84278615 Fixed #26675 -- Dropped support for PostgreSQL 9.2/PostGIS 2.0. 2016-06-01 07:45:22 -04:00
Tim Graham 47f22e8286 Fixed #25645 -- Dropped support for SpatiaLite < 4.0. 2016-05-31 11:31:51 -04:00
Tim Graham 16a842b379 Refs #26621 -- Added tests for admindocs.views.simplify_regex(). 2016-05-30 09:50:02 -04:00
Daniel Wiesmann 9bb1b4b7f6 Refs #25588 -- Fixed GDAL dependency in spatial lookups. 2016-05-27 17:43:17 +01:00
Aleksey a247c1d789 Added missing quotes in openlayers.html template. 2016-05-25 09:12:55 -04:00
Tim Graham 92f88206d0 Refs #26134 -- Updated deprecated MySQL GIS function names. 2016-05-24 11:34:15 -04:00
Tim Graham 1915a7e5c5 Increased the default PBKDF2 iterations. 2016-05-20 09:19:19 -04:00
Alex Hill 2ff7ef15b0 Refs #26421 -- Refactored Apps.lazy_model_operation() for better checks and tests 2016-05-19 21:33:36 -04:00
Josh Smeaton 2a4af0ea43 Fixed #25774 -- Refactor datetime expressions into public API 2016-05-18 20:14:58 +10:00
Claude Paroz 5ccee815ff Updated translation catalogs 2016-05-17 23:21:35 +02:00
Simon Charette f179113e6c
Fixed #24067 -- Renamed content types upon model renaming.
Thanks to Tim for the extensive review.
2016-05-17 12:14:58 -04:00
Florian Apolloner 9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Tim Graham c999c8d8f6 Updated admin's jQuery to 2.2.3. 2016-05-17 07:20:06 -04:00
Loïc Bistuer ed0ff913c6 Fixed #10506, #13793, #14891, #25201 -- Introduced new APIs to specify models' default and base managers.
This deprecates use_for_related_fields.

Old API:

class CustomManager(models.Model):
    use_for_related_fields = True

class Model(models.Model):
    custom_manager = CustomManager()

New API:

class Model(models.Model):
    custom_manager = CustomManager()

    class Meta:
        base_manager_name = 'custom_manager'

Refs #20932, #25897.

Thanks Carl Meyer for the guidance throughout this work.
Thanks Tim Graham for writing the docs.
2016-05-17 12:07:22 +07:00
Claude Paroz 9935f97cd2 Refs #21379 -- Normalized unicode username inputs 2016-05-16 19:38:02 +02:00
Claude Paroz 526575c641 Fixed #21379 -- Created auth-specific username validators
Thanks Tim Graham for the review.
2016-05-16 19:37:57 +02:00
Daniel Wiesmann 078eb87626 Refs #26592 -- Fixed band statistics for empty bands and GDAL 2.1 2016-05-16 18:43:04 +02:00
Simon Charette 61a16e0270 Fixed #24075 -- Used post-migration models in contrib apps receivers.
Thanks Markus and Tim for the review.
2016-05-15 19:51:16 -04:00
Tim Graham 094ea69e07 Fixed #26614 -- Used constant_time_compare() in checking session auth hash in login(). 2016-05-13 18:26:10 -04:00
Matthew Somerville 1962a96a30 Fixed #24938 -- Added PostgreSQL trigram support. 2016-05-13 12:38:21 -04:00
Nicolas Noé e158ec0ba0 Fixed #26333 -- Made GIS Geometry classes deconstructible. 2016-05-13 11:30:19 -04:00
David Sanders 14c952d581 Fixed #26612 -- Fixed SelectFilter2 buttons changing URL. 2016-05-13 09:06:20 -04:00
eltronix 996cadfa5f Prevented findstatic argument from appearing as multiple options. 2016-05-12 20:26:33 -04:00
Vincenzo Pandolfo 069319396f Fixed #26277 -- Added support for null values in ChoicesFieldListFilter. 2016-05-12 12:40:14 -04:00
Collin Anderson 38c43b2a5c Refs #24227 -- Partially reverted replacement of M2M isinstance checks by field.many_to_many.
This fixes django-taggit and reflects some places where duck-typing may not
be appropriate.
2016-05-11 10:29:01 -04:00
marysia b9290b1d49 Fixed #26449 -- Merged admin's FORMFIELD_FOR_DBFIELD_DEFAULTS with formfield_overrides.
Useful for overriding the DateTimeField widget.
2016-05-07 19:52:45 -04:00
Dan Watson ad403ffa45 Fixed #26582 -- Added prettier admin display for list values. 2016-05-07 15:49:41 -04:00
Claude Paroz b26fedacef Fixed #26544 -- Delayed translations of SetPasswordForm help_texts
Thanks Michael Bitzi for the reporti and Tim Graham for the review.
2016-05-07 10:17:49 +02:00
Daniel Wiesmann bbfad84dd9 Fixed #25588 -- Added spatial lookups to RasterField.
Thanks Tim Graham for the review.
2016-05-06 09:17:18 -04:00
Tim Graham 03efa304bc Refs #25847 -- Added system check for UserModel.is_anonymous/is_authenticated methods. 2016-05-06 08:56:06 -04:00
Claude Paroz 388bb5bd9a Fixed #22936 -- Obsoleted Field.get_prep_lookup()/get_db_prep_lookup()
Thanks Tim Graham for completing the initial patch.
2016-05-04 20:02:01 +02:00
Dan Stephenson 1206eea11e Fixed #26558 -- Removed need for request context processor on admin login page. 2016-05-04 09:43:24 -04:00
Simon Charette ad0f536e1c Fixed #26577 -- Disabled implicit wait of Selenium tests where appropriate. 2016-05-03 23:19:24 -04:00
David Sanders e00d77c483 Fixed #26575 -- Disabled SelectFilter buttons when inactive. 2016-05-03 13:09:07 -04:00
David Sanders fb68674ea4 Fixed #26561 -- Improved admin's JavaScript SelectBox performance on large lists. 2016-05-03 10:24:22 -04:00
Michal Petrucha b9f8635f58 Refs #16508 -- Added invalidation of stale cached instances of GenericForeignKey targets. 2016-05-03 09:29:05 -04:00
Michal Petrucha 8a47ba679d Refs #16508 -- Made Model.__init__() aware of virtual fields.
It's no longer necessary for GenericForeignKey (and any other virtual fields)
to intercept the field's values using the pre_init signal.
2016-05-03 09:06:26 -04:00
bgaechter 4e2ee86627 Fixed #26569 -- Updated OSM Mapnik constructor 2016-05-02 18:06:03 +02:00
Tim Graham 32969c3931 Refs 2bd1bbc -- Made GeometryField.get_db_prep_lookup() a private (deprecated) method. 2016-05-02 09:40:02 -04:00
Claude Paroz 8dcf352c03 Pulled translations from Transifex 2016-04-30 14:27:07 +02:00
Claude Paroz d9a00ad16b Removed deprecated Chinese language codes for contrib apps
Refs #18149.
2016-04-30 14:26:47 +02:00
Claude Paroz b0068af5ff Fixed source path in contrib.admin translation catalog
Refs #26341.
2016-04-30 12:21:54 +02:00
Anssi Kääriäinen 7f51876f99 Fixed #26207 -- Replaced dynamic classes with non-data descriptors for deferred instance loading. 2016-04-29 13:06:32 -04:00
Tim Graham f945fb24a3 Fixed #26554 -- Updated docs URLs to readthedocs.io 2016-04-28 10:09:57 -04:00
Conrad Kramer c112198332 Fixed #26542 -- Fixed quoting in CreateExtension operation. 2016-04-27 09:30:55 -04:00
Bas Westerbaan a5033dbc58 Refs #26033 -- Added password hasher support for Argon2 v1.3.
The previous version of Argon2 uses encoded hashes of the form:
   $argon2d$m=8,t=1,p=1$<salt>$<data>

The new version of Argon2 adds its version into the hash:
   $argon2d$v=19$m=8,t=1,p=1$<salt>$<data>

This lets Django handle both version properly.
2016-04-25 21:17:53 -04:00
Tim Graham 901dc90db0 Removed unused/untested Field.get_choices_default()/value_to_string() methods. 2016-04-25 08:05:27 -04:00
Tim Graham 859eeaa0f0 Fixed #26533 -- Renamed Widget._format_value() to format_value(). 2016-04-23 13:15:45 -04:00
Marc Tamlyn 2d877da855 Refs #3254 -- Added full text search to contrib.postgres.
Adds a reasonably feature complete implementation of full text search
using the built in PostgreSQL engine. It uses public APIs from
Expression and Lookup.

With thanks to Tim Graham, Simon Charettes, Josh Smeaton, Mikey Ariel
and many others for their advice and review. Particular thanks also go
to the supporters of the contrib.postgres kickstarter.
2016-04-22 10:44:37 +01:00
Claude Paroz f4c2b8e04a Fixed #20189 -- Allowed customizing staticfiles ignored_patterns list
Thanks Tim Graham for the review.
2016-04-22 09:56:06 +02:00
Tobias Kroenke b040ac06eb Fixed #26520 -- Fixed a regression where SessionBase.pop() didn't return a KeyError. 2016-04-20 13:06:47 -04:00
Markus Amalthea Magnuson 08cd6a0e56 Fixed #16327 -- Redirected "Save as new" to change view instead of the changelist. 2016-04-20 11:31:44 -04:00
Michal Petrucha cb65e62c84 Fixed typo in GenericRelatedObjectManager.add() error message. 2016-04-20 10:06:49 -04:00
Nicolas Noé 23fbd3ff48 Fixed #26512 -- Added tests for SpatialRefSysMixin.get_units(). 2016-04-19 11:19:44 -04:00
Claude Paroz 9686c888d6 Fixed #25951 -- Trimmed default representation of GEOSGeometry
Thanks Sergey Fedoseev for the report.
2016-04-17 15:31:12 +02:00
dani poni d29d11b026 Fixed #26085 -- Fixed contenttypes shortcut() view crash with a null fk to Site.
Thanks Fabien Schwob for the initial patch.
2016-04-16 17:27:44 -04:00
krishbharadwaj e494b9ffb6 Fixed #26509 -- Deprecated the contrib.gis.utils.precision_wkt() function. 2016-04-16 16:47:04 -04:00
Claude Paroz 10c53385f8 Fixed #26510 -- Allowed dim/trim/precision as WKTWriter init arguments
Thanks Tim Graham for the review.
2016-04-16 19:51:00 +02:00
Claude Paroz 05d08367d7 Set WKTWriter trim/precision only when changed 2016-04-16 19:51:00 +02:00
Claude Paroz d419b0c9bd Converted property syntax of WKBWriter 2016-04-16 19:51:00 +02:00
Tim Graham 74675a15d0 Removed unused wk_col property of SpatialRefSys models.
Unused since ae7cb577dd.
2016-04-15 13:17:09 -04:00
Claude Paroz de40cfbe74 Fixed #19567 -- Added JavaScriptCatalog and JSONCatalog class-based views
Thanks Cristiano Coelho and Tim Graham for the reviews.
2016-04-15 17:28:54 +02:00
Tim Graham 5cc8261c39 Removed unused AdminCommaSeparatedIntegerFieldWidget.
Unused since f212b24b64.
2016-04-15 11:05:11 -04:00
Michal Petrucha c339a5a6f7 Refs #16508 -- Renamed the current "virtual" fields to "private".
The only reason why GenericForeignKey and GenericRelation are stored
separately inside _meta is that they need to be cloned for every model
subclass, but that's not true for any other virtual field. Actually,
it's only true for GenericRelation.
2016-04-13 10:10:53 -04:00
Opa- 461f74ab19 Fixed #26432 -- Fixed size tuple order when using numpy reshape on a GDALBand. 2016-04-12 10:12:19 -04:00
Jeremy Lainé c1aec0feda Fixed #25847 -- Made User.is_(anonymous|authenticated) properties. 2016-04-09 14:54:18 -04:00
Daniel Wiesmann c12a00e554 Fixed #26455 -- Allowed filtering and repairing invalid geometries.
Added the IsValid and MakeValid database functions, and the isvalid lookup,
all for PostGIS.

Thanks Tim Graham for the review.
2016-04-09 09:22:30 -04:00
Tim Graham df8d8d4292 Fixed E128 flake8 warnings in django/. 2016-04-08 09:51:06 -04:00
Simon Charette a872194802 Fixed #26470 -- Converted auth permission validation to system checks.
Thanks Tim for the review.
2016-04-06 22:40:43 -04:00
Tim Graham 7d6e6e8367 Fixed #26473 -- chmod -x on django/contrib/admin/static/admin/fonts/LICENSE.txt 2016-04-06 12:36:07 -04:00
akoskaaa ab2d34ba3f Fixed #25856 -- Added %B support to Date.strftime.
This enables the admin to display the correct localized month name if %B
is used in the date format.
2016-04-06 10:41:58 -04:00
Tim Graham 6448873197 Fixed E402 flake8 warnings. 2016-04-04 17:14:27 -04:00
Tim Graham 2cd2d18851 Fixed W503 flake8 warnings. 2016-04-04 17:14:26 -04:00
Jon Dufresne 5faf745999 Refs #21608 -- Fixed incorrect cache key in cache session backend's save().
The bug was introduced commit 3389c5ea22.
2016-04-04 07:41:59 -04:00
anna b28c60529b Fixed #26101 -- Allowed introspection of base_field.model in RangeField
Used the same test and fix as in #25867.
This required initializing base_field in RangeField.__init__,
not when setting the attribute.
2016-04-03 16:32:30 +02:00
Claude Paroz db19619545 Fixed #25532 -- Properly redisplayed JSONField form input values
Thanks David Szotten for the report and Tommy Beadle for code inspiration.
Thanks Tim Graham for the review.
2016-04-01 09:04:20 +02:00
Claude Paroz edcecaf0de Fixed #19670 -- Applied CachedFilesMixin patterns to specific extensions
Thanks Simon Meers for the initial patch, and Tim Graham for the review.
2016-03-30 14:34:41 +02:00
Daniel Wiesmann 870dd1d38b Fixed #26417 -- Allowed setting GDALBand data with partial values. 2016-03-29 11:08:36 -04:00
Daniel Wiesmann f1db8c36e9 Fixed #26415 -- Allowed deleting nodata value on GDALBands. 2016-03-29 08:06:31 -04:00
Akshesh a7c813ba04 Fixed #21734 -- Handled ProtectedError in a POST to admin's delete_selected action. 2016-03-29 07:42:23 -04:00
Tim Graham acfaec3db5 Fixed #26387 -- Restored the functionality of the admin's raw_id_fields in list_editable. 2016-03-25 13:47:42 -04:00
Collin Anderson b55c77ed18 Removed unused xmlhttp from admin's core.js. 2016-03-24 17:27:53 -04:00
Alexander Gaevsky e0a3d93730 Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users. 2016-03-23 09:01:48 -04:00
Tim Graham 1243fdf5cb Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module. 2016-03-22 11:22:21 -04:00
Akshesh 49ac10b4de Fixed #26235 -- Handled ProtectedError in a POST to admin's delete_view(). 2016-03-21 19:25:27 -04:00
Berker Peksag efa9539787 Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD. 2016-03-21 12:32:42 -04:00
Claude Paroz 983c158da7 Refs #24227 -- Replaced M2M isinstance checks by field.many_to_many
Thanks Markus Holtermann, Collin Anderson and Tim Graham for the reviews.
2016-03-19 09:24:27 +01:00
Berker Peksag 28bcff82c5 Fixed #26297 -- Fixed `collectstatic --clear` crash if storage doesn't implement path(). 2016-03-17 09:49:57 -04:00
Akshesh 44c0ecdd92 Fixed #25364 -- Added generic way to test on all browsers supported by selenium.
Browser names should be passed as a comma separated list to the --selenium flag.

Thanks Tim Graham, Simon Charette and Moritz Sichert for review and discussion.
2016-03-15 13:10:32 -04:00
Matt C e7e5d9b338 Fixed #25579 -- Fixed ArrayField.get_db_prep_value() to allow complex types. 2016-03-15 11:23:38 -04:00
Vincenzo Pandolfo d0fe6c9156 Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields. 2016-03-14 20:20:24 -04:00
quaspas 91f87b8f91 Fixed #26283 -- Fixed removal of trailing nulls for SplitArrayField. 2016-03-12 17:22:25 -05:00
ieatkittens ab8af342b1 Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied. 2016-03-12 16:44:39 -05:00
Fernando Miranda 2495023a4c Fixed #25143 -- Added ArrayField.from_db_value().
Thanks Karan Lyons for contributing to the patch.
2016-03-12 09:14:35 -05:00
Noenglish Professorbut f8d20da047 Fixed a few docstring typos. 2016-03-12 08:45:06 -05:00
Tim Graham 9027fac841 Removed unneeded GeoManagers in tests. 2016-03-11 13:09:24 -05:00
Sergey Fedoseev 1f035e6283 Fixed #25865 -- Made OSMGeoAdmin require GDAL only if transformation is needed. 2016-03-11 12:33:00 -05:00
Tim Graham 09e5409cb5 Fixed a dead link in django/contrib/sitemaps/__init__.py. 2016-03-08 13:16:11 -05:00
Bas Westerbaan b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Jon Dufresne 1845bc1d10 Refs #26315 -- Cleaned up argparse options in commands.
* Removed type coercion. Options created by argparse are already coerced
  to the correct type.
* Removed fallback default values. Options created by argparse already
  have a default value.
* Used direct indexing. Options created by argparse are always set. This
  eliminates the need to use dict.get().
2016-03-05 13:19:29 -05:00
Simon Charette c92123cc1d Fixed #26226 -- Made related managers honor the queryset used for prefetching their results.
Thanks Loïc for the suggested improvements and Tim for the review.
2016-03-02 16:10:18 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
This is a security fix.
2016-03-01 11:25:28 -05:00
Alasdair Nicol 65bd053f11 Fixed #26229 -- Improved check for model admin check admin.E124
Refs #22792
2016-03-01 08:20:14 -05:00
Tore Lundqvist 3389c5ea22 Fixed #21608 -- Prevented logged out sessions being resurrected by concurrent requests.
Thanks Simon Charette for the review.
2016-02-26 18:56:56 -05:00
Simon Charette 3938b3ccaa Fixed #26286 -- Prevented content type managers from sharing their cache.
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.

Thanks Tim for the review.

Refs #23822.
2016-02-26 16:18:16 -05:00
Sjoerd Job Postmus bbe136e1a2 Fixed #26231 -- Used .get_username in admin login template. 2016-02-25 19:29:53 -05:00
Olivier Le Thanh Duong 10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
Claude Paroz c5517b9e74 Fixed #26266 -- Output the primary key in the GeoJSON serializer properties
Thanks Tim Graham for the review.
2016-02-24 16:10:46 +01:00
James Aylett 1ff6e37de4 Fixed #23832 -- Added timezone aware Storage API.
New Storage.get_{accessed,created,modified}_time() methods convert the
naive time from now-deprecated {accessed,created_modified}_time()
methods into aware objects in UTC if USE_TZ=True.
2016-02-23 18:51:43 -05:00
Aymeric Augustin 7f6fbc906a Prevented static file corruption when URL fragment contains '..'.
When running collectstatic with a hashing static file storage backend,
URLs referencing other files were normalized with posixpath.normpath.
This could corrupt URLs: for example 'a.css#b/../c' became just 'c'.

Normalization seems to be an artifact of the historical implementation.
It contained a home-grown implementation of posixpath.join which relied
on counting occurrences of .. and /, so multiple / had to be collapsed.

The new implementation introduced in the previous commit doesn't suffer
from this issue. So it seems safe to remove the normalization.

There was a test for this normalization behavior but I don't think it's
a good test. Django shouldn't modify CSS that way. If a developer has
rendundant /s, it's mostly an aesthetic issue and it isn't Django's job
to fix it. Conversely, if the user wants a series of /s, perhaps in the
URL fragment, Django shouldn't destroy it.

Refs #26249.
2016-02-23 19:35:16 +01:00
Aymeric Augustin 706b33fef8 Fixed #26249 -- Fixed collectstatic crash for files in STATIC_ROOT referenced by absolute URL.
collectstatic crashed when:

* a hashing static file storage backend was used
* a static file referenced another static file located directly in
  STATIC_ROOT (not a subdirectory) with an absolute URL (which must
  start with STATIC_URL, which cannot be empty)

It seems to me that the current code reimplements relative path joining
and doesn't handle edge cases correctly. I suspect it assumes that
STATIC_URL is of the form r'/[^/]+/'.

Throwing out that code in favor of the posixpath module makes the logic
easier to follow. Handling absolute paths correctly also becomes easier.
2016-02-23 19:34:21 +01:00
Claude Paroz 269b5f262c Used call_command return value in staticfiles tests
Refs #26190.
2016-02-23 09:12:12 +01:00
Akshesh 6670da75ff Fixed #25653 -- Made --selenium run only the selenium tests. 2016-02-19 14:21:00 -05:00
Claude Paroz 928c12eb1a Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values
Also added tests for HStoreField and JSONField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
2016-02-16 21:07:05 +01:00
Mounir Messelmeni 50931dfa53 Fixed #25304 -- Allowed management commands to check if migrations are applied. 2016-02-12 13:34:56 -05:00
Tim Graham 004ba0f99e Removed unneeded hint=None/obj=None in system check messages. 2016-02-12 13:01:25 -05:00
Tim Graham 926d41f0e7 Updated some comments for BCryptSHA256PasswordHasher. 2016-02-11 11:57:12 -05:00
Florian Apolloner 9332497701 Merge pull request #6121 from meshy/patch-1
Fix typo in comment
2016-02-11 12:29:09 +01:00
Charlie Denton 46c13fef46 Fix typo in comment 2016-02-11 11:14:06 +00:00
Shai Berger bb51dc902d Refs #26112 -- Fixed aggregate GIS test on Oracle.
Made sure the test doesn't try to aggregate over MultiPolygonField and made
AreaField turn decimals into floats on the way from the DB.

Thanks Daniel Wiesmann, Jani Tiainen, and Tim Graham for review and discussion.
2016-02-09 10:04:54 -05:00
Tim Graham 406675b1a0 Fixed #26176 -- Fixed E123 flake8 warnings. 2016-02-05 15:11:07 -05:00
Simon Charette 6eb3ce11e4 Fixed #26089 -- Removed custom user test models from public API.
Thanks to Tim Graham for the review.
2016-02-04 12:30:34 -05:00
Federico Capoano e972a7d03d Fixed #13875 -- Made admin's submit_row template tag pass whole context. 2016-02-04 11:56:16 -05:00
Hugo Osvaldo Barrera dcee1dfc79 Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
jpic 926e90132d Fixed #25731 -- Removed unused choices kwarg for Select.render() 2016-02-02 18:03:19 -05:00
rynomster 468d8211df Fixed #23971 -- Added "Has date"/"No date" choices for DateFieldListFilter. 2016-02-02 12:04:14 -05:00
Tim Graham 37f7ef41fb Fixed #24316 -- Made ModelAdmin.list_display callables use an appropriate CSS class name.
Thanks Berker Peksag for the review.
2016-02-02 10:22:59 -05:00
bphillips 917cc288a3 Fixed #11313 -- Made ModelAdmin.list_editable more resilient to concurrent edits.
Allowed admin POSTed bulk-edit data to use modeladmin.get_queryset()
so that the ids in the POST data have a chance to match up even if
the objects on the current page changed based on the ordering.
2016-02-01 16:05:01 -05:00
Myk Willis 62f3acc70a Fixed incorrect permissions check for admin's "Save as new".
This is a security fix.
2016-02-01 11:57:00 -05:00
Hugo Osvaldo Barrera 8bf8d0e0ec Fixed #7923 -- Added links to objects displayed by ModelAdmin.raw_id_fields. 2016-02-01 07:36:10 -05:00
Alexander Gaevsky c79852acee Fixed #14402 -- Removed clearing of help_text for ManyToManyField's raw_id_fields. 2016-01-30 12:42:47 -05:00
Claude Paroz c47364ef0c Fixed #26134 -- Used new OpenGIS names for recent MySQL
Thanks František Malina for the report.
2016-01-29 23:25:23 +01:00
Greg Chapple 8dea9f089d Fixed #26120 -- Made HStoreField cast keys and values to strings.
HStoreField now converts all keys and values to string before they're
saved to the database.
2016-01-29 09:51:23 -05:00
Tim Graham 19d1cb1451 Fixed #20415 -- Ensured srid isn't localized in OpenLayers JavaScript. 2016-01-28 17:46:55 -05:00
Claude Paroz 54236a2c1c Fixed #26138 -- Ensured geometry_field's geometry is always serialized
Thanks Bernd Schlapsi for the report.
2016-01-28 08:50:38 +01:00
Nik Nyby 275d11fbc5 Corrected comment about SelectFilter2's dependencies. 2016-01-25 14:33:59 -05:00
userimack 60586dd737 Fixed #26125 -- Fixed E731 flake warnings. 2016-01-25 14:23:43 -05:00
Alexander Rudakov 002a4f72c4 Fixed #25989 -- Corrected sitemap's Last-Modified header to use the latest lastmod of all sitemaps.
Previously, the lastmod of the last sitemap was always used.
All sitemaps are required to have a lastmod.
2016-01-23 08:48:31 -05:00
Vincenzo Pandolfo 0490d72f2a Fixed #24116 -- Moved AdminSite.check_dependencies() to system checks. 2016-01-22 18:29:56 -05:00
Jan Pieter Waagmeester 95648eb5c1 Lowercased "actions" of "Recent actions" and "My actions" in admin index sidebar. 2016-01-22 15:43:03 -05:00
Daniel Wiesmann a08d2463d2 Fixed #26112 -- Error when computing aggregate of GIS areas.
Thanks Simon Charette and Claude Paroz for the reviews.
2016-01-22 19:38:34 +01:00
Alexander Gaevsky 9a33d3d764 Fixed #26060 -- Fixed crash with reverse OneToOneField in ModelAdmin.readonly_fields. 2016-01-21 13:21:28 -05:00
Raphael Michel ae9f08882f Fixed an incorrectly used translation string in admin changeform.
This uses a translation string that already exists (used in the
<title> of the same page) and fixes a grammer mistake for German
and possibly other languages.
2016-01-14 19:19:57 -05:00
Tim Graham 99d2469e75 Refs #494 -- Fixed a flaky admin_inlines tests. 2016-01-11 14:16:17 -05:00
Tim Graham 294d0d8815 Fixed #26048 -- Made admin selenium tests use implicitly_wait() 2016-01-11 14:16:17 -05:00
Tim Graham 3541ca1504 Refs #25165 -- Fixed JSON serialization for delete popup in the admin. 2016-01-09 13:35:58 -05:00
Matt Robenolt 8048411c97 Fixed a typo in BCryptPasswordHasher docstring
There is no BCryptSHA512PasswordHasher.
2016-01-09 12:14:51 -05:00
Thomas Grainger cbaa3ee3ee Refs #25165 -- Removed unnecessary HTML unescaping in admin add/edit popups.
Because we now load data into the page via JSON, we don't need to
unescape it anymore.
2016-01-08 18:24:04 -05:00
Collin Anderson 780bddf75b Fixed #20846 -- Decreased User.username max_length to 150 characters. 2016-01-08 18:06:44 -05:00
Alexander Gaevsky ea7542891a Refs #24980 -- Fixed incorrect timezone handling in admin calendar widget. 2016-01-08 17:21:47 -05:00
Claude Paroz 7b8d2dcd75 Updated contrib.admin translations for new tests 2016-01-08 20:34:59 +01:00
Claude Paroz cf7894be88 Fixed #21113 -- Made LogEntry.change_message language independent
Thanks Tim Graham for the review.
2016-01-08 20:34:59 +01:00
Alexander Gaevsky ade54ffa34 Refs #25165 -- Fixed JSON serialization for add/edit popup in the admin.
Forwardport of test in o839d71d8562abe0b245024e55ca1d02a45e58fd from stable/1.9.x
(refs #25997).
2016-01-08 12:28:32 -05:00
Tim Graham 822a03b3e4 Refs #25165 -- Fixed failure of admin's "Add another" popup to close.
Thanks Thomas Grainger for the fix.
2016-01-08 11:41:01 -05:00
Tim Graham 59ef6559a3 Reverted #25961 -- Removed handling of thread-non-safe GEOS functions.
This reverts commit 312fc1af7b as it seems
to cause segmentation faults as described in the ticket.
2016-01-07 18:54:41 -05:00
Alexander Gaevsky 44930cc466 Fixed #24980 -- Fixed day determination in admin calendar widget. 2016-01-07 11:13:05 -05:00
Paulo Poiati b643386668 Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
Added an optional `backend` argument to login().
2016-01-07 08:56:07 -05:00
Simon Charette a08fda2111 Fixed #25746 -- Isolated inlined test models registration.
Thanks to Tim for the review.
2016-01-06 20:00:07 -05:00
Scott Pashley 7cc2efc2d6 Fixed #26035 -- Prevented user-tools from appearing on admin logout page. 2016-01-06 13:48:02 -05:00
Benjamin Bach 8ad18103a1 Replaced dict.setdefault() usage to avoid unnecessary object instantiations. 2016-01-05 13:06:23 -05:00
Tim Graham f0ad641628 Fixed #26016 -- Restored contrib.auth hashers compatibility with py-bcrypt.
Reverted "Explicitly passed rounds as rounds to bcrypt.gensalt()"

This reverts commit 23529fb195.
2016-01-02 06:54:13 -05:00
Tim Graham 98839e9066 Removed British/Austrialian word: whilist. 2015-12-31 14:29:52 -05:00
Marten Kenbeek 16411b8400 Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
Thanks to Tim Graham for the review.
2015-12-31 14:21:29 -05:00
Claude Paroz f14ab700c3 Updated translations from Transifex
Forward port of 59f3590ca7 from stable/1.9.x.
2015-12-31 15:53:02 +01:00
Claude Paroz 00cb9e13b4 Fixed #15165 -- Prevented wrong results with perimeter on geodetic fields. 2015-12-30 18:07:02 -05:00
Alexander Gaevsky 69208a5a1c Fixed #25465 -- Restored line breaks conversion in admin readonly fields. 2015-12-29 19:31:43 -05:00
Tim Graham dbb0df2a0e Fixed #25985 -- Updated signature of ModelAdmin.formfield_for_* to make request a positional argument. 2015-12-29 12:49:14 -05:00
Nick Sandford ff19df9c2d Fixed #19536 -- Included object-tools when ModelAdmin.has_add_permission() is False. 2015-12-29 12:10:44 -05:00
Akshesh 0d855990f7 Fixed #25967 -- Indicated required fields in admin.TabularInline headers. 2015-12-28 12:50:46 -05:00
Ville Skyttä e6ca15c13f Passed logging message parameters as arguments instead of interpolating them. 2015-12-26 18:35:42 -05:00
Alexander Sosnovskiy 2a7ce34600 Fixed #14286 -- Added models.BigAutoField. 2015-12-25 20:01:31 -05:00
Tim Graham 4d83b0163e Fixed #25969 -- Replaced render_to_response() with render() in docs examples. 2015-12-23 09:14:32 -05:00
Sergey Fedoseev 312fc1af7b Fixed #25961 -- Removed handling of thread-non-safe GEOS functions. 2015-12-23 08:02:37 -05:00
Sergey Fedoseev 5d348bba31 Fixed #25950 -- Added support for GEOSisClosed. 2015-12-22 16:54:02 -05:00
Karen Tracey 5399ccc0f4 Fixed #494 -- Added ability to specify classes on admin inline fieldsets.
This includes the ability to collapse inlines by specifying a class named
'collapse'.
2015-12-21 13:50:06 -05:00
Tim Graham 541000773a Replaced some usage of django.jQuery with $. 2015-12-21 09:29:58 -05:00
Tim Graham f18b08748a Fixed #25903 -- Fixed the admin's list_editable add/change buttons. 2015-12-21 09:29:57 -05:00
Sergey Fedoseev c984e2bc15 Fixed #25869 -- Added trim and precision properties to WKTWriter. 2015-12-18 19:44:43 +01:00
Simon Charette 3738e4ac46 Fixed #25841 -- Handled base array fields validation errors with params.
Thanks to Trac alias benzid-wael for the report.
2015-12-17 20:25:04 -05:00
Ian Foote 86eccdc8b6 Fixed #25544 -- Removed duplicate ids in prefetch_related() queries. 2015-12-17 19:08:30 -05:00
Sven Grunewaldt 9af40f5df1 Fixed #25845 -- Fixed incorrect timezone warnings in custom admin templates. 2015-12-17 14:35:13 -05:00
Sergey Fedoseev 5146e2cf98 Fixed #25662 -- Allowed creation of empty GEOS geometries. 2015-12-14 13:29:38 -05:00
Sergey Fedoseev a6c803a2e3 Fixed #25932 -- Made predicates of OGRGeometry return bool instead of int. 2015-12-14 11:30:36 -05:00
Anssi Kääriäinen cd0ba8053d Fixed #12885 -- Fixed queries with GenericRelations to multi-table inheritance child models. 2015-12-14 10:48:01 -05:00
Sergey Fedoseev ed7b1bdf01 Fixed #25926 -- Removed gis.utils.ogrinfo.sample backwards compatibility alias. 2015-12-12 12:00:24 -05:00
Sergey Fedoseev f7889b83b0 Fixed #25924 -- Removed gis.utils.srs.add_postgis_srs() backwards-compatibility alias. 2015-12-12 10:49:04 -05:00
Sergey Fedoseev d40a38b335 Unwrapped gdal.Envelope import from try-except as fail of `import ctypes` is not expected. 2015-12-12 09:52:59 -05:00
Sergey Fedoseev 8ab58b8052 Fixed #25883 -- Fixed admin deletion page summary counts for related objects. 2015-12-10 18:09:03 -05:00
Johannes Hoppe cf546e11ac Fixed #21221 -- Made form Media and static template tag use staticfiles if installed. 2015-12-10 14:30:19 -05:00
Claude Paroz cd40d9e721 Fixed #25657 -- Ignored exceptions when destroying geometry objects
Due to randomness of garbage collection with geometry objects, it's
easier to simply ignore AttributeError/TypeError generally raised when
parts of objects are already garbage-collected.
Thanks Sergey Fedoseev and Tim Graham for reviewing the patch.
2015-12-08 22:06:34 +01:00
Sergey Fedoseev a8614fb438 Fixed #25876 -- Removed OGRGeometry.transform_to() backwards-compatibility method. 2015-12-08 10:05:38 +05:00
Simon Charette 59b57e672c Fixed #25867 -- Fixed a system check crash with nested ArrayFields.
Thanks to Jean Gourds for the report, Tim and Claude for the review.
2015-12-07 14:45:22 -05:00
Thomas Grainger d638cdc42a Fixed #25165 -- Removed inline JavaScript from the admin.
This allows setting a Content-Security-Policy HTTP header
(refs #15727).

Special thanks to blighj, the original author of this patch.
2015-12-05 15:51:57 -05:00
Sergey Fedoseev 25f5b5c19d Fixed #25853 -- Added support for GeoHash function on SpatiaLite. 2015-12-04 08:09:21 -05:00
bphillips 7f663aeccf Fixed #25820 -- Allowed whitespace in admin's calendar.js month/weekday names.
This is useful for certain language translations.
2015-12-03 19:44:15 -05:00
Sergey Fedoseev 717a54c883 Fixed #25797 -- Fixed regex for getting units from SRS WKT. 2015-12-03 19:03:28 -05:00
Claude Paroz b52b9cf6f2 Refs #25655 -- Made HAS_GEOS depend on a minimum version.
This skips some tests on systems with GEOS < 3.3 (the minimum
supported version).
2015-12-03 18:22:58 -05:00
Josh Soref 93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Ville Skyttä 4d0f8831a7 Fixed #25667 -- Fixed admindocs initial_header_level. 2015-12-02 17:56:38 -05:00
Sergey Fedoseev 0825f77f76 Fixed #25836 -- Added support for MakeLine aggregate on SpatiaLite. 2015-12-02 17:25:33 -05:00
Claude Paroz 273ce8aa6a Pulled contrib translations from Transifex
Forward port of 6a4649c27e from stable/1.9.x
2015-12-01 20:37:57 +01:00
gunchleoc 89b6856aa6 Fixed #25823 -- Made some titles consistent in admindocs. 2015-11-30 11:17:48 -05:00
Sergey Fedoseev 49f1cc54e6 Fixed #25835 -- Removed Adaptor alias from spatial operations classes. 2015-11-30 08:57:15 -05:00
elky 2084aed20c Fixed #25827 -- Removed extra spacing in admin's DateTimeField. 2015-11-30 08:46:22 -05:00
Claude Paroz 867faeda9e Added two translator comments in contrib apps
Thanks GunChleoc for the suggestions.
2015-11-27 09:37:31 +01:00
Tim Graham 2c0be9045b Fixed #25806 -- Removed name mangling from syndication.Feed's _get_dynamic_attr().
It doesn't seem to serve any purpose.
2015-11-25 17:46:58 -05:00
Sergey Fedoseev f920be7c32 Fixed #25773 -- Deprecated the geos.MultiPolygon.cascaded_union property. 2015-11-25 17:31:24 -05:00
Attila Tovt 88fc9e2826 Fixed #25772 -- Corrected __len lookup on ArrayField for empty arrays. 2015-11-25 16:53:05 -05:00
Daniel Wiesmann 8f5904560a Fixed #25734 -- Made GDALBand min and max properties use GDALComputeRasterStatistics.
Thanks Sergey Fedoseev and Tim Graham for the review.
2015-11-25 13:40:39 -05:00
Sergey Fedoseev 229fc793a0 Refs #25663 -- Fixed checking of the number of points for LineString if initialized from numpy.array. 2015-11-23 17:36:06 -05:00
Johannes Ammon 2ab244ff3a Made ListFilter.choices() argument name more explicit. 2015-11-23 12:39:48 -05:00
Alex Morozov 6ca163d7cc Fixed #25784 -- Prevented an exception on collectstatic help
Made the `manage.py help collectstatic` don't fail if the `STATIC_ROOT`
setting is empty.
2015-11-22 20:32:14 +01:00
Sergey Fedoseev ccc8f67b77 Fixed #25722 -- Added the GEOSGeometry.covers() method. 2015-11-20 12:36:03 -05:00