Commit Graph

34 Commits

Author SHA1 Message Date
Shai Berger 17d3a6d804 Fixed catastrophic backtracking in URLValidator.
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Tim Graham 014247ad19 Prevented newlines from being accepted in some validators.
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
2015-07-08 15:23:03 -04:00
Carl Meyer df049ed77a Fixed #19324 -- Avoided creating a session record when loading the session.
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Tim Graham 125eaa19b2 Added security release note stubs. 2015-07-08 15:23:03 -04:00
Chris Bainbridge e5cfa394d7 Refs #23882 -- Added detection for moved files when using inotify polling
Commit 15f82c7 ("used pyinotify as change detection system when
available") introduced a regression where editing a file in vim with
default settings (writebackup=auto) no longer causes the dev server
to be restarted. On a write, vim moves the monitored file to a backup
path and then creates a new file in the original. The new file is not
monitored as it has a different inode. Fixed this by also watching for
inotify events IN_DELETE_SELF and IN_MOVE_SELF.
2015-07-07 12:23:04 -04:00
Alexey Sveshnikov bc98bc56a5 Fixed #25059 -- Allowed Punycode TLDs in URLValidator 2015-07-06 15:08:43 -04:00
Noam e291fc4757 Fixed #25031 -- Fixed a regression in the unordered_list template filter. 2015-06-27 09:37:41 -04:00
Jason Hoos a50b66da30 Fixed #24958 -- Fixed inline forms using UUID-PK parents with auto-PK children. 2015-06-26 09:09:09 -04:00
薛丞宏 d3e12c9017 Fixed #25016 -- Reallowed non-ASCII values for ForeignKey.related_name on Python 3. 2015-06-26 08:30:05 -04:00
Tim Graham aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap.
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Markus Holtermann d3d66d4722 Fixed #24940 -- Made model managers hashable
Thanks Federico Jaramillo Martínez for the report and Tim Graham for the
test and review.
2015-06-19 19:02:01 +02:00
Andriy Sokolovskiy cf6ce279c7 Fixed #24948 -- Fixed crash when uploading bitmap images in forms.ImageField 2015-06-16 14:37:58 -04:00
Adam Brenecki 65296b3be3 Fixed #24972 -- Fixed removing unique_together indexes on MySQL. 2015-06-15 17:28:13 -04:00
Brian King bfb5b7150f Fixed #24912 -- Fixed prefetch_related failure for UUIDField primary keys
This resolves a problem on databases besides PostgreSQL when using
prefetch_related with a source model that uses a UUID primary key.
2015-06-15 09:37:38 -04:00
Rivo Laks a0047c6242 Fixed #24769 -- Cast optparse verbosity argument to an integer for better backwards compatibility.
Using `BaseCommand.options_list` makes Django use the legacy optparse
parser, which does not set the verbosity attribute correctly. Now the
verbosity argument is always cast to int. Regression in 8568638 (#19973).

Initial report and patch from blueyed.
2015-06-09 19:03:23 -04:00
Tim Graham 90c59db7a3 Forwardported release notes for refs #24903. 2015-06-09 17:57:21 -04:00
Andriy Sokolovskiy 08232ef84d Fixed #24744 - Fixed relabeled_clone for the Transform 2015-06-06 09:04:53 -04:00
Mark Lavin 541f4ea546 Fixed #24924 -- Join promotion for multiple Case expressions 2015-06-05 12:22:43 -04:00
Andriy Sokolovskiy 286d0e6ab1 Refs #24833 -- Forwardported some of "Fixed Case expressions with exclude()."
Partial forwardport of 469f1e362b from stable/1.8.x
as the issue was already fixed in master.
2015-06-05 11:21:31 -04:00
Carl Meyer 492537ac18 Fixed #24628 -- Fixed applied status for squashed migrations. 2015-06-02 16:15:13 -06:00
Carl Meyer 84522c0d16 Fixed #24895 -- Fixed loading a pair of squashed migrations with a dependency. 2015-06-02 12:07:54 -06:00
zauddelig 262d4db8c4 Fixed #24897 -- Allowed using choices longer than 1 day with DurationField 2015-06-02 12:39:34 -04:00
Andriy Sokolovskiy 2913d6b77d Fixed #24831 -- Fixed pickling queryset with prefetch_related() after deleting objects. 2015-06-02 09:54:53 -04:00
Tim Graham e1e6399c2c Fixed #24893 -- Fixed lack of unique constraint when changing a field from primary_key=True to unique=True 2015-06-02 09:25:47 -04:00
Tim Graham 5ab8680983 Fixed #24892 -- Fixed quoting of SQL when renaming a field to AutoField in PostgreSQL 2015-06-02 09:13:55 -04:00
Tim Graham ad0f0daf8c Fixed #24851 -- Fixed crash with reverse one-to-one relation in ModelAdmin.list_display
Forwardport of 2456276b02 from stable/1.8.x
2015-05-28 10:52:50 -04:00
Andriy Sokolovskiy 80ad5472ce Fixed #24817 -- Prevented loss of null info in MySQL field renaming. 2015-05-28 10:07:52 -04:00
Paweł Marczewski 300e8baf94 Fixed #24847 -- Prevented items set on a RequestContext from being lost. 2015-05-27 10:04:57 -04:00
Tim Graham 70be31bba7 Fixed #24836 -- Made force_text() resolve lazy objects. 2015-05-27 09:48:53 -04:00
Tim Graham f4cb350c79 Added release notes for refs #24844. 2015-05-25 21:03:41 -04:00
Paweł Marczewski 801a84ae32 Fixed #24835 -- Fixed QuerySet.exists() after an annotation with Count()
QuerySet.exists() incorrectly handled query.group_by = True
case (grouping by all select fields), causing GROUP BY
expressions to be wiped along with select fields.
2015-05-25 20:46:20 -04:00
Marten Kenbeek d73176a842 Fixed #24848 -- Fixed ValueError for faulty migrations module.
Added apps to unmigrated apps if the migrations module is a file
or a folder missing __init__.py.

Thanks to Ernest0x for the bug report.
2015-05-25 13:47:50 -04:00
Villiers Strauss 614bec41b5 Fixed #24841 -- Made BaseRangeField.prepare_value() call base_field's prepare_value() 2015-05-25 12:06:55 -04:00
Tim Graham 7b8008a078 Added stub release notes for 1.8.3. 2015-05-20 14:17:59 -04:00