Commit Graph

813 Commits

Author SHA1 Message Date
Florian Apolloner c9d07d251f Fixed loaddata for Django checkouts with non ASCII chars in the name. 2013-06-03 13:18:16 +02:00
Alex Gaynor 09d0568697 Switched to using some constants the hmac module exposes. 2013-06-02 10:31:38 -07:00
Danilo Bargen 127d9b2792 Added minor splitting optimization in django.utils.ipv6._unpack_ipv4 2013-06-01 07:08:13 -04:00
Ramiro Morales 0fa8d43e74 Replaced `and...or...` constructs with PEP 308 conditional expressions. 2013-05-26 23:47:50 -03:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Baptiste Mispelon 2ee447fb5f Fixed #20296 -- Allowed SafeData and EscapeData to be lazy 2013-05-25 16:06:44 +02:00
Claude Paroz b7cf44dde8 Fixed some minor translation-related issues 2013-05-25 14:32:44 +02:00
Claude Paroz c0439b6210 Removed obsolete attribute of DjangoTranslation 2013-05-25 14:01:52 +02:00
Claude Paroz b664cb818d Fixed #19237 (again) - Made strip_tags consistent between Python versions 2013-05-23 14:01:27 +02:00
Claude Paroz dc51ec8bc2 Fixed #19237 -- Used HTML parser to strip tags
The regex method used until now for the strip_tags utility is fast,
but subject to flaws and security issues. Consensus and good
practice lead use to use a slower but safer method.
2013-05-22 17:34:02 +02:00
Claude Paroz fd961941cc Imported copyreg from six.moves 2013-05-21 14:41:39 +02:00
Daniel Lindsley e24d486fbc Fixed #20212 - __reduce__ should only be defined for Py3+. 2013-05-21 00:49:21 -07:00
Łukasz Langa 26e3e7ecb5 Fixed #11915: generic Accept-Language matches country-specific variants 2013-05-19 12:50:09 +02:00
Marc Tamlyn 413735b239 Fix a typo in a comment. 2013-05-19 11:24:36 +02:00
Emil Stenström 7d77e9786a Fixed #20246 -- Added non-breaking spaces between values an units 2013-05-18 23:01:48 +02:00
Florian Apolloner acd0bb39df Fixed #14894 -- Ensure that activating a translation doesn't run into threading issues.
Thanks to maxbublis for the report and sergeykolosov for the patch.
2013-05-18 17:36:31 +02:00
Łukasz Langa 92ebb29c53 Fixes #19919: get_language_from_request() disregards "en-us" and "en" languages
when matching Accept-Language
2013-05-18 14:37:04 +02:00
Florian Apolloner 051cb1f4c6 Fixed #20411 -- Don't let invalid referers blow up CSRF same origin checks.
Thanks to edevil for the report and saz for the patch.
2013-05-18 12:32:47 +02:00
Aymeric Augustin 9c487b5974 Replaced an antiquated pattern.
Thanks Lennart Regebro for pointing it out.
2013-05-17 18:08:58 +02:00
Florian Apolloner 4ecc6da20b Removed unicode literals from PIL compat. 2013-05-15 09:00:09 +02:00
Daniel Lindsley 33793f7c3e Fixed #19934 - Use of Pillow is now preferred over PIL.
This starts the deprecation period for PIL (support to end in 1.8).
2013-05-14 19:32:04 -07:00
Carl Meyer 9012833af8 Fixed #17365, #17366, #18727 -- Switched to discovery test runner.
Thanks to Preston Timmons for the bulk of the work on the patch, especially
updating Django's own test suite to comply with the requirements of the new
runner. Thanks also to Jannis Leidel and Mahdi Yusuf for earlier work on the
patch and the discovery runner.

Refs #11077, #17032, and #18670.
2013-05-10 23:08:45 -04:00
Claude Paroz 4769db6b5f Fixed #20321 -- Added missing key name in MergeDict KeyError message
Thanks mark.harviston et gmail.com for the report.
2013-04-26 08:59:34 +02:00
Alex Gaynor 714161c864 Fix != operations on lazy objects. 2013-04-19 10:58:29 -07:00
Anton Baklanov 59d127e45f Fixed #20276 -- Implemented __bool__ for MergeDict
MergeDict evaluates now to False if all contained dicts are empty.
Thanks til for the report and the initial patch.
2013-04-19 10:08:16 +02:00
Baptiste Mispelon e7b9c11c3f Fixed #20231 -- Don't use allow_lazy on smart_split 2013-04-10 13:05:29 +02:00
Claude Paroz b474ffe63a Fixed #20172 -- Ensured urlize supports IPv4/IPv6 addresses
Thanks Marc Aymerich for the report and the initial patch.
2013-04-01 15:37:37 +02:00
Joe Friedl 2d0db67813 Fixed #20167 -- Preserve the traceback of `ImportError`s in `import_by_path`.
Thanks @carljm for the review.
2013-03-31 23:00:06 -04:00
Gavin Wahl ec04fd1344 Fixed spelling errors 2013-03-28 11:16:53 -06:00
Andreas 35cab0f8e4 Fixed #20016: worked around Jython not having a buffer. 2013-03-27 13:39:52 -05:00
Claude Paroz 164528acc8 Fixed #20108 -- Fixed filepath_to_uri decoding error
This was a regression due to unicode_literals usage. Thanks Ivan
Virabyan for the report and the initial patch.
2013-03-22 17:55:12 +01:00
Marc Tamlyn 829dc3c5a6 Fixed #20094 - Be more careful when checking for Iterator
Python 2.6 has some different behaviour when checking
isinstance(foo, collections.Iterator).
2013-03-22 17:31:29 +01:00
konarkmodi bc4111ba68 Fixed #18003 -- Preserved tracebacks when re-raising errors.
Thanks jrothenbuhler for draft patch, Konark Modi for updates.
2013-03-19 15:42:39 -07:00
Aymeric Augustin 9dc5702932 Fixed #19456 -- Avoid infinite recursion when tracing LazyObject.__init__.
Thanks blaze33 for the patch.
2013-03-18 11:22:43 +01:00
Aymeric Augustin 0efafa4c54 Fixed #18447 -- Made LazyObject unwrap on dict access.
Thanks Roman Gladkov and Zbigniew Siciarz.
2013-03-18 11:10:19 +01:00
Aymeric Augustin 7cf0f04230 Clarified that constant_time_compare doesn't protect string lengths. 2013-03-18 09:45:44 +01:00
Aymeric Augustin e11ccc76d3 Updated bundled version of six. 2013-03-17 10:44:28 +01:00
Claude Paroz 2f121dfe63 Fixed #17051 -- Removed some 'invalid' field error messages
When the 'invalid' error message is set at field level, it masks
the error message raised by the validator, if any.
2013-03-14 17:03:43 +01:00
Anssi Kääriäinen d3f00bd570 Refactored qs.add_q() and utils/tree.py
The sql/query.py add_q method did a lot of where/having tree hacking to
get complex queries to work correctly. The logic was refactored so that
it should be simpler to understand. The new logic should also produce
leaner WHERE conditions.

The changes cascade somewhat, as some other parts of Django (like
add_filter() and WhereNode) expect boolean trees in certain format or
they fail to work. So to fix the add_q() one must fix utils/tree.py,
some things in add_filter(), WhereNode and so on.

This commit also fixed add_filter to see negate clauses up the path.
A query like .exclude(Q(reversefk__in=a_list)) didn't work similarly to
.filter(~Q(reversefk__in=a_list)). The reason for this is that only
the immediate parent negate clauses were seen by add_filter, and thus a
tree like AND: (NOT AND: (AND: condition)) will not be handled
correctly, as there is one intermediary AND node in the tree. The
example tree is generated by .exclude(~Q(reversefk__in=a_list)).

Still, aggregation lost connectors in OR cases, and F() objects and
aggregates in same filter clause caused GROUP BY problems on some
databases.

Fixed #17600, fixed #13198, fixed #17025, fixed #17000, fixed #11293.
2013-03-13 10:44:49 +02:00
Aymeric Augustin 679af4058d Restricted a workaround for a bug in Python to the affected versions. 2013-03-12 14:05:10 +01:00
Loic Bistuer 6983a1a540 Fixed #15363 -- Renamed and normalized to `get_queryset` the methods that return a QuerySet. 2013-03-08 10:11:45 -05:00
Preston Holmes 876fc39128 PEP8 cleanup of functional.py 2013-03-06 16:14:46 -08:00
Preston Holmes 0ea5bf88dd Fixed #19543 -- implemented SimpleLazyObject.__repr__
Thanks to Florian Hahn for the patch
2013-03-06 16:13:12 -08:00
Claude Paroz 8e8c9b908a Fixed getting default encoding in get_system_username
Refs #19933.
2013-03-02 22:41:08 +01:00
Claude Paroz 384c180e41 Fixed #19917 -- Added microseconds in default TIME_INPUT_FORMATS
Thanks minddust for the report.
2013-03-02 18:11:10 +01:00
Claude Paroz d680a3f447 Added support for serializing BinaryField 2013-03-02 10:29:02 +01:00
Claude Paroz 8ee1eddb7e Add a BinaryField model field
Thanks Michael Jung, Charl Botha and Florian Apolloner for review
and help on the patch.
2013-03-02 10:29:02 +01:00
Łukasz Langa 40b9f4fb8b [py3] Always fed hashlib with bytes. 2013-02-27 10:02:07 +01:00
Łukasz Langa 6a057e1595 Fixed #18191 -- Don't consider Accept-Language redundantly in cache key.
Thanks to choongmin for the original patch.
2013-02-25 16:10:57 -07:00
Aymeric Augustin e76147a83a Fixed #19634 -- Added proper __hash__ methods.
Classes overriding __eq__ need a __hash__ such that equal objects have
the same hash.

Thanks akaariai for the report and regebro for the patch.
2013-02-25 23:05:20 +01:00