Previously when collecting static files, the directories would receive permissions
from the global umask. Now the default permission comes from FILE_UPLOAD_DIRECTORY_PERMISSIONS
and there's an option to specify the permissions by subclassing any of the
static files storage classes and setting the directory_permissions_mode parameter.
The `remove()` and `clear()` methods of the related managers created by
`ForeignKey`, `GenericForeignKey`, and `ManyToManyField` suffered from a
number of issues. Some operations ran multiple data modifying queries without
wrapping them in a transaction, and some operations didn't respect default
filtering when it was present (i.e. when the default manager on the related
model implemented a custom `get_queryset()`).
Fixing the issues introduced some backward incompatible changes:
- The implementation of `remove()` for `ForeignKey` related managers changed
from a series of `Model.save()` calls to a single `QuerySet.update()` call.
The change means that `pre_save` and `post_save` signals aren't called anymore.
- The `remove()` and `clear()` methods for `GenericForeignKey` related
managers now perform bulk delete so `Model.delete()` isn't called anymore.
- The `remove()` and `clear()` methods for `ManyToManyField` related
managers perform nested queries when filtering is involved, which may
or may not be an issue depending on the database and the data itself.
Refs. #3871, #21174.
Thanks Anssi Kääriäinen and Tim Graham for the reviews.
Updated ModelAdmin to use form.instance when passing parent model to
child inlines for add_view. There is effectively no change in the
change_view since the previously passed 'obj' is the same as form.instance.
Thanks to meshy for report, and EvilDMP and timo for review.
Since Python 2.5, KeyboardInterrupt and SystemExit are not subclasses of
Exception, so explicitly reraising them before the “except Exception” clause
is not necessary anymore.
This was particularly problematic in the chain get_wsgi_application
-> db.connections import -> signal connection -> settings configuration.
Thanks Jon Dufresne for the report.
Problem were users calling messages.debug/info/* with a wrong argument
and getting the error "You cannot add messages without installing
MessageMiddleware"
Thanks to trac-user merb for the report.
Fixed#20187 -- Allowed repeated iteration of HttpResponse.
All this became possible when support for old-style streaming responses was
finally removed.
Removed multiple locales separated by commas variation (that wasn't
working as documented) in favor of simply allowing use of the
``--locale``/``-l`` options more than once for ``makemessages`` and
``compilemessages``.
Thanks Romain Beylerian for the report and Claude, Simon for their help.
8750296918 from stable/1.6.x.
Thanks Curtis Malony and Florian Apolloner.
Squashed commit of the following:
commit 3380495e93
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sat Nov 23 14:18:07 2013 +0100
Looked up the template_fragments cache at runtime.
commit 905a74f52b
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sat Nov 23 14:19:48 2013 +0100
Removed all uses of create_cache.
Refactored the cache tests significantly.
Made it safe to override the CACHES setting.
commit 35e289fe92
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sat Nov 23 12:23:57 2013 +0100
Removed create_cache function.
commit 8e274f747a
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sat Nov 23 12:04:52 2013 +0100
Updated docs to describe a simplified cache backend API.
commit ee7eb0f73e
Author: Curtis Maloney <curtis@tinbrain.net>
Date: Sat Oct 19 09:49:24 2013 +1100
Fixed#21012 -- Thread-local caches, like databases.
Requests made with django.test.Client.login() and logout() respect
defaults defined in django.test.Client instantiation and are processed
through middleware.
Thanks to Loic for the reviews.
On Python 3 sorting Fields mixed with GenericForeignKeys doesn't work
as GenericForeignKey isn't a subclass of django.db.models.fields.Field.
Refs #21428.
The GenericRelation refactoring removed GenericRelations from
model._meta.many_to_many. This had the side effect of disallowing
editable GenericRelations in ModelForms. Editable GenericRelations
aren't officially supported, but if we don't fix this we don't offer any
upgrade path for those who used the ability to set editable=True
in GenericRelation subclass.
Thanks to Trac alias joshcartme for the report and stephencmd and Loic
for working on this issue.
Also added some tests for HttpRequest.__repr__.
Note that the added tests don't actually catch the accidental code
removal (see ticket) but they do cover a codepath that wasn't tested
before.
Thanks to Tom Christie for the report and the original patch.
Unfortunately, escape sequences (\x.. or \u....) do not fit well
with the gettext toolchain. Falling back to using literal char,
even if visibility is not ideal.
Exposing the level name (e.g. "info") makes it possible to prepend
something to the class name. For example, Twitter Bootstrap has
an alert-info class. This class can now be added to the message
using `class="alert-{{ message.level_tag }}".
Because the level_tag was on the end of the `tags` property, it
could not be used in this fashion when extra_tags were given.
Replaced the custom, untested memoize with a similar decorator from Python's
3.2 stdlib. Although some minor performance degradation (see ticket), it is
expected that in the long run lru_cache will outperform memoize once it is
implemented in C.
Thanks to EvilDMP for the report and Baptiste Mispelon for the idea of
replacing memoize with lru_cache.
Filtering out static file requests in runserver has been judged
arbitrary and can hide some debugging-related activity.
Thanks Roy Smith for the report and Aymeric Augustin for the
review.
``get_template_from_string`` default arguments were breaking
``assertTemplateUsed``. The solution has been to return only the names of the
templates with a ``name`` attribute distinct of ``None``. The default ``name``
kwarg of ``Template`` has been changed to ``None``, more pythonic than ``'<Unknown
Template>'``.
Add the trimmed option to the blocktrans tag to trim any newlines and
whitespace from its content.
This allows the developer to indent the blocktrans tag without adding
new lines and whitespace to the msgid in the PO file.
Thanks to mpessas for the initial patch and Dmitri Fedortchenko for the
report.
Scheme is handled correctly when making comparisons between two URLs. If
there isn't any scheme specified in the location where we are redirected to,
the original request's scheme is used. If present, the scheme in
``expected_url`` is the one used to make the comparations to.
* Safer for use in multiprocess environments
* Better random culling
* Cache files use less disk space
* Safer delete behavior
Also fixed#15806, fixed#15825.
This patch introduces the Prefetch object which allows customizing prefetch
operations.
This enables things like filtering prefetched relations, calling select_related
from a prefetched relation, or prefetching the same relation multiple times
with different querysets.
When a Prefetch instance specifies a to_attr argument, the result is stored
in a list rather than a QuerySet. This has the fortunate consequence of being
significantly faster. The preformance improvement is due to the fact that we
save the costly creation of a QuerySet instance.
Thanks @akaariai for the original patch and @bmispelon and @timgraham
for the reviews.
This commit introduced a new class JoinPromoter that can be used to
abstract away join promotion problems for complex filter conditions.
Query._add_q() and Query.combine() now use the new class.
Also, added a lot of comments about why join promotion is done the way
it is.
Thanks to Tim Graham for original report and testing the changes, and
for Loic Bistuer for review.
Language codes for Chinese are zh_Hans (Simplified) and zh_Hant (Traditional).
Added support for browsers that still send the deprecated language codes.
Thanks to Olli Wang for the report.
Otherwise the kqueue-based autoreloader may not see changes to files
that weren't imported when the server started.
Thanks Bouke Haarsma for the report and Loïc Bistuer for locating the
problem.
LiveServerThread.join() now behaves like threading.Thread.join().
LiveServerThread.terminate() is instead used to ask live http server to
terminate and close.
model_to_dict() (used when rendering forms) queries the database
to get the list of primary keys for ManyToMany fields. This is
unnecessary if the field queryset has been prefetched, all the
keys are already in memory and can be obtained with a simple
iteration.
All request methods of ``django.test.client.Client`` receive a ``secure``
argument that defaults to ``False`` indicating whether or not to make the
request through https.
Thanks Aymeric Augustin for the review.
When a formset contained deletion for an existing instance, and the
instance was already deleted, django threw an exception. A common cause for
this was resubmit of the formset.
Original patch by Trac alias olau.
In addition this commit cleaned some code in _construct_form(). This
was needed as the primary key value the user submitted wasn't converted
correctly to python value in case the primary key field was also a
related field.
Used pyinotify (when available) to replace the "pool-every-one-second"
mechanism in `django.utils.autoreload`.
Thanks Chris Lamb and Pascal Hartig for work on the patch.
``ModelAdmin.view_on_site`` defines wether to show a link to the object on the
admin detail page. If ``True``, cleverness (i.e. ``Model.get_absolute_url``) is
used to get the url. If it's a callable, the callable is called with the object
as the only parameter. If ``False``, not link is displayed.
With the aim of maitaining backwards compatibility, ``True`` is the default.
Previously, when collecting static files, the files would receive permission
from FILE_UPLOAD_PERMISSIONS. Now, there's an option to give different
permission from uploaded files permission by subclassing any of the static
files storage classes and setting the file_permissions_mode parameter.
Thanks dblack at atlassian.com for the suggestion.
Thanks dan at dlo.me for the initial patch.
- Added __pow__ and __rpow__ to ExpressionNode
- Added oracle and mysql specific power expressions
- Added used-defined power function for sqlite
The old 'django_language' variable will still be read from in order
to migrate users. The backwards-compatability shim will be removed in
Django 1.8.
Thanks to jdunck for the report and stugots for the initial patch.
This shows itself with Python 3 under Windows where UTF-8 usually isn't
the default file I/O encoding and caused one failure and three errors
in our test suite under that platform setup.
When listing available management commands, only core commands are
listed if settings have any error. This commit adds a note in this
case so errors are not totally silently skipped.
Thanks Peter Davis for the report.
The typo could have consequences in exceptional cases, but I didn't
figure out a way to actually produce such a case, so not tests.
Report & patch by Michael Manfre.
select_related('foo').select_related('bar') is now equivalent to
select_related('foo', 'bar').
Also reworded docs to recommend select_related(*fields) over select_related()
When both parent and child classes are decorated with override_settings,
child class settings should take precedence.
Thanks Sephi for the report and Marc Tamlyn for the review.
`HttpRequest.scheme` is `https` if `settings.SECURE_PROXY_SSL_HEADER` is
appropriately set and falls back to `HttpRequest._get_scheme()` (a hook
for subclasses to implement) otherwise.
`WSGIRequest._get_scheme()` makes use of the `wsgi.url_scheme` WSGI
environ variable to determine the request scheme.
`HttpRequest.is_secure()` simply checks if `HttpRequest.scheme` is
`https`.
This provides a way to check the current scheme in templates, for example.
It also allows us to deal with other schemes.
Thanks nslater for the suggestion.
The idea is that if an object implements __html__ which returns a string this is
used as HTML representation (eg: on escaping). If the object is a str or unicode
subclass and returns itself the object is a safe string type.
This is an updated patch based on jbalogh and ivank patches.
Added a validation error check when creating the permissions for model, to avoid
cryptic database error when the verbose_name is longer than 39 characters
thanks elena for reporting it
Added ``--natural-foreign`` and ``--natural-primary`` options and
deprecated the ``--natural`` option to the ``dumpdata`` management
command.
Added ``use_natural_foreign_keys`` and ``use_natural_primary_keys``
arguments and deprecated the ``use_natural_keys`` argument to
``django.core.serializers.Serializer.serialize()``.
Thanks SmileyChris for the suggestion.
The package renaming restores the older package names (which were also the
documented package names). This doesn't affect test discovery because the
module in question doesn't contain any tests.
Thanks to Carl for the design discussion.
Don't set a global default interpreted role function for reStructuredText.
Instead, use the `default-role` directive to change the default only within
the `parse_rst()` function.
Thanks Malcolm Tredinnick for the report.
Literals from source files with Django template language syntax don't
have a '.py' suffix anymore.
Also, the '.\' prefix is preserved to respect GNU gettext behavior on
that platform.
Refs #16903.
The precision of time.time() is OS specific and it is possible for the
resolution to be low enough to allow reading a cache key previously set
with a timeout of 0.
Squashed commit of the following:
commit 63ddb271a44df389b2c302e421fc17b7f0529755
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sun Sep 29 22:51:00 2013 +0200
Clarified interactions between atomic and exceptions.
commit 2899ec299228217c876ba3aa4024e523a41c8504
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sun Sep 22 22:45:32 2013 +0200
Fixed TransactionManagementError in tests.
Previous commit introduced an additional check to prevent running
queries in transactions that will be rolled back, which triggered a few
failures in the tests. In practice using transaction.atomic instead of
the low-level savepoint APIs was enough to fix the problems.
commit 4a639b059ea80aeb78f7f160a7d4b9f609b9c238
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Tue Sep 24 22:24:17 2013 +0200
Allowed nesting constraint_checks_disabled inside atomic.
Since MySQL handles transactions loosely, this isn't a problem.
commit 2a4ab1cb6e83391ff7e25d08479e230ca564bfef
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sat Sep 21 18:43:12 2013 +0200
Prevented running queries in transactions that will be rolled back.
This avoids a counter-intuitive behavior in an edge case on databases
with non-atomic transaction semantics.
It prevents using savepoint_rollback() inside an atomic block without
calling set_rollback(False) first, which is backwards-incompatible in
tests.
Refs #21134.
commit 8e3db393853c7ac64a445b66e57f3620a3fde7b0
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sun Sep 22 22:14:17 2013 +0200
Replaced manual savepoints by atomic blocks.
This ensures the rollback flag is handled consistently in internal APIs.
Previously, if a database request spanned a related object manager, the
first manager encountered would cause a request to the router, and this
would bind all subsequent queries to the same database returned by the
router. Unfortunately, the first router query would be performed using
a read request to the router, resulting in bad routing information being
used if the subsequent query was actually a write.
This change defers the call to the router until the final query is acutally
made.
It includes a small *BACKWARDS INCOMPATIBILITY* on an edge case - see the
release notes for details.
Thanks to Paul Collins (@paulcollinsiii) for the excellent debugging
work and patch.
DatabaseCache uses raw cursors to bypass the ORM. This prevents it from
being used by database backends that require special handling of datetime
values.
There is no easy way to test this, so no tests added.
This reverts commit aae5a96d57.
This fix is no longer necessary, our pbkdf2 (see next commit) implementation
no longer rehashes the password every iteration.
Our WSGIServer rewrapped the socket errors from server_bind into
WSGIServerExceptions, which is used later on to provide nicer
error messages in runserver and used by the liveserver to see if
the port is already in use. But wrapping server_bind isn't enough since
it only binds to the socket, socket.listen (which is called from
server_activate) could also raise "Address already in use".
Instead of overriding server_activate too I chose to just catch socket
errors, which seems to make more sense anyways and should be more robust
against changes in wsgiref.
- Noted that this does not allow for reading and writing the same open
file in different processes under Windows.
- Noted that the keyword arguments to NamedTemporaryFile no longer
match the Python version.
tearDownClass is not called if setUpClass throws an exception, in our case
this means that LiveServerTestCase leaks LiveServerThread sockets if the
test happens to be skipped later on, and AdminSeleniumWebDriverTestCase
doesn't close it's already open browser window. To prevent this leakage
we catch errors where needed and manually call _tearDownClassInternal.
_tearDownClassInternal should be written as defensively as possible since
it is not allowed to make any assumptions on how far setUpClass got.
This patch should fix the sporadic "Address already in use"-errors on jenkins
and also the "This code isn't under transaction management"-error for sqlite
(also just on jenkins).
After discussion with koniiiik, jezdez, kmtracey, tos9, lifeless, nedbat and
voidspace it was decided that this is the safest approach (thanks to everyone
for their comments and help). Manually calling tearDownClass was shut down
cause we don't know how our users override our classes.
This is a private and very specialized API on purpose and should not be used
without a strong reason!
This patch partially reverts the earlier attempts to fix those issues,
namely:
2fa0dd73b1 and
3c5775d36f
Final note: If this patch breaks in a later version of Django, please be
very careful on how you fix it, you might not see test failures locally.
That said, this patch hopefully doesn't produce even more failures.
* Limit the password length to 4096 bytes
* Password hashers will raise a ValueError
* django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change
Thanks to Josh Wright for the report, and Donald Stufft for the patch.
This is a security fix; disclosure to follow shortly.
If setUpClass throws an exception (in this case "Address already in use" if the
super call can't find any open port to bind too) tearDownClass is not called.
This results in open browser windows from the webdriver, hence we only construct
it once we are sure there is no code afterwards which could error out.
The use of OrderedDict (even an empty one) was surprisingly slow. By
initializing OrderedDict only when needed it is possible to save
non-trivial amount of computing time (Model.save() is around 30% faster
for example).
This commit targetted sql.Query only, there are likely other places
which could use similar optimizations.
We want to be able to use it for instance for discovering `tasks.py` modules
inside the INSTALLED_APPS.
This commit therefore moves the logic to `autodiscover_modules` method in
django.utils.module_loading.
Baptiste Mispelon
Alex Gaynor
Roger Hu
pegler
Ramiro Morales
Andrew Godwin
Claude Paroz
maurycyp
Bouke Haarsma
Aymeric Augustin
Loic Bistuer
Krzysztof Jurewicz
Tim Graham
Alex Hill
Vajrasky Kok
Simon Charette
Christopher Medrela
Anssi Kääriäinen
Richard Xia
Jay Leadbetter
Joel Bohman
Florian Apolloner
Denis Cornehl
Curtis Maloney
Pablo Martín
xuxiang
Unai Zalakain
glts
Matt Robenolt
Sjoerd Langkemper
Jaap Roes
Jason Myers
Jim Bailey
Milton Mazzarri
Ray Ashman Jr
coagulant
Boryslav Larin
Andrey Antukh
SusanTan
Kevin Christopher Henry
Renato Oliveira
Alasdair Nicol
Florian Hahn
Ramiro Morales
Alasdair Nicol
Kathryn Killebrew
Javed Khan
Marc Tamlyn
Ryan Allen
Larry O'Neill
joaoxsouls
Tai Lee
crccheck
Russell Keith-Magee
Chris Adams
Étienne Loks
Ryan Kaskel
Emil Stenström
Anentropic
tschilling
Michael Manfre
Adam Haney
Christopher Babiak
Erik Romijn
Giles Richard Greenway
Andrei Picus
Michał Lech
Helen ST
Paul McMillan
yokomizor
Paul McMillan
Brian Holdefehr
Berker Peksag
Markus Holtermann
Beshr Kayali
Juan Catalano
e0ne
Daniel Sokolowski
Keryn Knight