Alex Hill
ecb59cc657
Fixed #26306 -- Fixed memory leak in cached template loader.
2016-03-16 12:37:57 -04:00
Collin Anderson
93a135d111
Fixed #26158 -- Rewrote http.parse_cookie() to better match browsers.
2016-03-15 12:24:06 -04:00
Vincenzo Pandolfo
d0fe6c9156
Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields.
2016-03-14 20:20:24 -04:00
Jakub Wilk
402da9ab7b
Fixed typos in docs.
2016-03-13 19:48:24 +01:00
Tim Graham
4f0cd0fd16
Fixed #26324 -- Fixed DurationField with fractional seconds on SQLite.
2016-03-10 12:18:29 -05:00
Przemysław Suliga
96ec67a7cf
Fixed #26332 -- Fixed a race condition in BaseCache.get_or_set().
2016-03-08 11:44:37 -05:00
Bas Westerbaan
b4250ea04a
Fixed #26033 -- Added Argon2 password hasher.
2016-03-08 11:22:18 -05:00
Saúl Ibarra Corretgé
6c33e73333
Fixed #26289 -- Enabled shell tab completion on systems using libedit.
2016-03-08 08:37:14 -05:00
Krzysztof Urbaniak
839a955d08
Fixed #25933 -- Allowed an unprefixed default language in i18n_patterns().
2016-03-08 08:14:10 -05:00
John-Mark Bell
4b129ac81f
Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an empty string.
2016-03-07 13:19:39 -05:00
Jon Dufresne
1845bc1d10
Refs #26315 -- Cleaned up argparse options in commands.
...
* Removed type coercion. Options created by argparse are already coerced
to the correct type.
* Removed fallback default values. Options created by argparse already
have a default value.
* Used direct indexing. Options created by argparse are always set. This
eliminates the need to use dict.get().
2016-03-05 13:19:29 -05:00
Jon Dufresne
4115288b4f
Fixed #26315 -- Allowed call_command() to accept a Command object as the first argument.
2016-03-05 13:05:10 -05:00
Tim Graham
bc0410d98a
Fixed typo in docs/releases/1.8.12.txt.
2016-03-05 10:02:29 -05:00
Tim Graham
c960af4adb
Added stub release notes for 1.9.5/1.8.12.
2016-03-05 10:00:40 -05:00
Claude Paroz
552f03869e
Added safety to URL decoding in is_safe_url() on Python 2
...
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218
and ada7a4aef
.
2016-03-04 23:33:35 +01:00
Claude Paroz
ada7a4aefb
Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()
...
This fixes a regression introduced by c5544d2892
.
Thanks John Eskew for the reporti and Tim Graham for the review.
2016-03-04 21:14:14 +01:00
Tim Graham
cecbf1bdef
Fixed typo in docs/releases/1.9.1.txt.
2016-03-04 14:16:56 -05:00
Tim Graham
2f0c785a4c
Added stub release notes for 1.8.11.
2016-03-04 09:47:43 -05:00
Simon Charette
d0451e4cad
Fixed #26295 -- Allowed using i18n_patterns() in any root URLconf.
...
Thanks Tim for the review.
2016-03-03 12:08:49 -05:00
Alasdair Nicol
2404d209a5
Fixed #26309 -- Documented that login URL settings no longer support dotted paths.
2016-03-03 07:34:14 -05:00
Simon Charette
c92123cc1d
Fixed #26226 -- Made related managers honor the queryset used for prefetching their results.
...
Thanks Loïc for the suggested improvements and Tim for the review.
2016-03-02 16:10:18 -05:00
Marc Tamlyn
8ddc79a799
Fixed #26285 -- Deprecated the MySQL-specific __search lookup.
2016-03-02 14:41:56 -05:00
acrefoot
04240b2365
Refs #19527 -- Allowed QuerySet.bulk_create() to set the primary key of its objects.
...
PostgreSQL support only.
Thanks Vladislav Manchev and alesasnouski for working on the patch.
2016-03-02 14:29:09 -05:00
Dmitry Dygalo
5155c2b458
Fixed typo in 1.9.3/1.8.10 release date.
2016-03-02 07:08:36 -05:00
Tim Graham
2e895d2870
Added stub release notes for 1.9.4.
2016-03-01 12:39:01 -05:00
Tim Graham
24fc935218
Added CVE-2016-2512/2513 to security release archive.
2016-03-01 12:32:42 -05:00
Florian Apolloner
67b46ba701
Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
Mark Striemer
c5544d2892
Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
Tim Graham
f43291639b
Added stub release notes for security issues.
2016-03-01 11:25:28 -05:00
Simon Charette
0223e213dd
Fixed #26186 -- Documented how app relative relationships of abstract models behave.
...
This partially reverts commit bc7d201bdb
.
Thanks Tim for the review.
Refs #25858 .
2016-02-29 22:07:05 -05:00
chenesan
b84f5ab4ec
Fixed #26230 -- Made default_related_name affect related_query_name.
2016-02-27 08:48:32 -05:00
Simon Charette
3938b3ccaa
Fixed #26286 -- Prevented content type managers from sharing their cache.
...
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.
Thanks Tim for the review.
Refs #23822 .
2016-02-26 16:18:16 -05:00
Adam Chainz
ef33bc2d4d
Fixed #25279 -- Made prefetch_related_objects() public.
2016-02-26 14:55:01 -05:00
Simon Charette
766afc22a1
Fixed #24793 -- Unified temporal difference support.
2016-02-26 12:25:12 -05:00
Ivan Tsouvarev
8890c533e0
Fixed #26280 -- Fixed cached template loader crash when loading nonexistent template.
2016-02-26 08:02:10 -05:00
Sjoerd Job Postmus
bbe136e1a2
Fixed #26231 -- Used .get_username in admin login template.
2016-02-25 19:29:53 -05:00
Olivier Le Thanh Duong
10781b4c6f
Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
...
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.
Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
Claude Paroz
c5517b9e74
Fixed #26266 -- Output the primary key in the GeoJSON serializer properties
...
Thanks Tim Graham for the review.
2016-02-24 16:10:46 +01:00
Jon Dufresne
b412681359
Fixed #26267 -- Fixed BoundField to reallow slices of subwidgets.
2016-02-24 07:02:51 -05:00
James Aylett
1ff6e37de4
Fixed #23832 -- Added timezone aware Storage API.
...
New Storage.get_{accessed,created,modified}_time() methods convert the
naive time from now-deprecated {accessed,created_modified}_time()
methods into aware objects in UTC if USE_TZ=True.
2016-02-23 18:51:43 -05:00
Andrew Kuchev
e81d1c995c
Fixed #25670 -- Allowed dictsort to sort a list of lists.
...
Thanks Tim Graham for the review.
2016-02-23 12:15:08 -05:00
Tim Graham
cdbd8745f6
Fixed #26263 -- Deprecated Context.has_key()
2016-02-23 08:08:55 -05:00
Claude Paroz
b46c0ea6c8
Fixed #26190 -- Returned handle() result from call_command
...
Thanks Tim Graham for the review.
2016-02-23 09:12:12 +01:00
Tim Graham
47b5a6a43c
Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS.
2016-02-22 18:59:23 -05:00
Tim Graham
33a4040d07
Refs #26253 -- Forwardported release note.
2016-02-22 17:19:08 -05:00
Tim Graham
b1afebf882
Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator.
...
Thanks Shai Berger for the review.
2016-02-18 19:06:49 -05:00
Akshesh
d58aaa24e3
Fixed #26107 -- Added option to int_list_validator() to allow negative integers.
2016-02-18 18:58:18 -05:00
Akshesh
fdccc02576
Fixed #26219 -- Fixed crash when filtering by Decimal in RawQuery.
2016-02-17 13:56:42 -05:00
Jakub Paczkowski
d4dc775620
Fixed #25735 -- Added support for test tags to DiscoverRunner.
...
Thanks Carl Meyer, Claude Paroz, and Simon Charette for review.
2016-02-17 09:44:18 -05:00
Claude Paroz
928c12eb1a
Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values
...
Also added tests for HStoreField and JSONField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
2016-02-16 21:07:05 +01:00
Alexey Kotlyarov
b59f963ad2
Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable.
2016-02-15 11:44:29 -05:00
Jon Dufresne
fcd08c1757
Fixed #11665 -- Made TestCase check deferrable constraints after each test.
2016-02-13 06:53:39 -05:00
Mounir Messelmeni
50931dfa53
Fixed #25304 -- Allowed management commands to check if migrations are applied.
2016-02-12 13:34:56 -05:00
Anssi Kääriäinen
46ecfb9b3a
Fixed #26196 -- Made sure __in lookups use to_field as default.
...
Thanks Simon Charette for the test.
2016-02-11 11:09:08 -05:00
ZachLiuGIS
04e13c8913
Fixed #26179 -- Removed null assignment check for non-nullable foreign key fields.
2016-02-11 10:07:39 -05:00
Anssi Kääriäinen
353aecbf8c
Fixed #26153 -- Reallowed Q-objects in ForeignObject.get_extra_descriptor_filter().
2016-02-11 08:59:43 -05:00
Curtis Maloney
6f1318734f
Fixed #26014 -- Added WSGIRequest content_type and content_params attributes.
...
Parsed the CONTENT_TYPE header once and recorded it on the request.
2016-02-10 18:19:23 -05:00
Brobin
dca8b916ff
Fixed #26154 -- Deprecated CommaSeparatedIntegerField
2016-02-10 17:57:43 -05:00
Shai Berger
bb51dc902d
Refs #26112 -- Fixed aggregate GIS test on Oracle.
...
Made sure the test doesn't try to aggregate over MultiPolygonField and made
AreaField turn decimals into floats on the way from the DB.
Thanks Daniel Wiesmann, Jani Tiainen, and Tim Graham for review and discussion.
2016-02-09 10:04:54 -05:00
Simon Charette
a325fb1f9b
Fixed #26162 -- Checked query name clashes of hidden relationships.
...
Although reverse accessor clashes should be skipped query name can't be hidden.
Thanks to Ian Foote and Tim Graham for the review.
2016-02-08 09:59:27 -05:00
Tim Graham
10a162809f
Refs #24007 -- Removed an apps.populate() call in model unpickling that can cause deadlocks.
2016-02-08 08:28:48 -05:00
Tim Graham
97eb3356b2
Fixed #26177 -- Fixed a PostgreSQL crash with TIME_ZONE=None and USE_TZ=False.
2016-02-08 07:21:54 -05:00
Shai Berger
28f60ef3b8
Fixed title formatting in backwards-incompat section of 1.10 release notes
2016-02-06 21:10:36 +02:00
Tim Graham
d6337e65ed
Added stub release notes for 1.8.10.
2016-02-06 09:24:20 -05:00
Pankrat
f91a04621e
Fixed #25833 -- Added support for non-atomic migrations.
...
Added the Migration.atomic attribute which can be set to False
for non-atomic migrations.
2016-02-05 09:09:05 -05:00
Yoong Kang Lim
0edb8a146f
Fixed #26144 -- Warned when dumping proxy model without concrete parent.
2016-02-04 19:40:12 -05:00
Simon Charette
6eb3ce11e4
Fixed #26089 -- Removed custom user test models from public API.
...
Thanks to Tim Graham for the review.
2016-02-04 12:30:34 -05:00
Hugo Osvaldo Barrera
dcee1dfc79
Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
...
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
Carl Meyer
a0ce4c09ff
Fix typos in 1.8 release notes.
2016-02-03 13:05:35 -07:00
jpic
926e90132d
Fixed #25731 -- Removed unused choices kwarg for Select.render()
2016-02-02 18:03:19 -05:00
rynomster
468d8211df
Fixed #23971 -- Added "Has date"/"No date" choices for DateFieldListFilter.
2016-02-02 12:04:14 -05:00
Tim Graham
1e9150443e
Refs #26089 -- Removed obsolete docs about custom user model testing.
2016-02-02 08:12:08 -05:00
Buddy Lindsey, Jr
731bdfe68a
Fixed #26155 -- Skipped URL checks if no ROOTURL_CONF setting.
2016-02-01 13:51:38 -05:00
Tim Graham
ecd502cfdb
Added CVE-2016-2048 to the security archive.
2016-02-01 12:42:37 -05:00
Tim Graham
59654d5efe
Added stub release notes for 1.9.3.
2016-02-01 12:39:18 -05:00
Tim Graham
11fae7c9e4
Added release dates for 1.9.2 and 1.8.9.
2016-02-01 12:02:16 -05:00
Myk Willis
62f3acc70a
Fixed incorrect permissions check for admin's "Save as new".
...
This is a security fix.
2016-02-01 11:57:00 -05:00
Tim Graham
8ce8beb3f2
Unified some doc links to OneToOneField and ManyToManyField.
2016-02-01 11:02:26 -05:00
Hugo Osvaldo Barrera
8bf8d0e0ec
Fixed #7923 -- Added links to objects displayed by ModelAdmin.raw_id_fields.
2016-02-01 07:36:10 -05:00
Greg Chapple
8dea9f089d
Fixed #26120 -- Made HStoreField cast keys and values to strings.
...
HStoreField now converts all keys and values to string before they're
saved to the database.
2016-01-29 09:51:23 -05:00
Tim Graham
04564eb74d
Fixed #26129 -- Made invalid forms display initial values of disabled fields.
2016-01-28 18:43:48 -05:00
Tim Graham
19d1cb1451
Fixed #20415 -- Ensured srid isn't localized in OpenLayers JavaScript.
2016-01-28 17:46:55 -05:00
James Pulec
f05722a08a
Fixed #25354 -- Added class/app_label interpolation for related_query_name.
2016-01-28 11:10:47 -05:00
Claude Paroz
54236a2c1c
Fixed #26138 -- Ensured geometry_field's geometry is always serialized
...
Thanks Bernd Schlapsi for the report.
2016-01-28 08:50:38 +01:00
Ben Kraft
13023ba867
Fixed #26122 -- Fixed copying a LazyObject
...
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4
.
2016-01-26 06:56:21 -05:00
Preston Timmons
cfda1fa3f8
Fixed #25848 -- Set template origin on each node.
...
Prior to 55f12f8709
, the template origin was available on each node via
`self.token.source[0]`. This behavior was removed when debug handling was
simplified, but 3rd-party debugging tools still depend on its presence.
This updates the Parser to set origin on individual nodes. This enables the
source template to be determined even when template extending or including is
used.
2016-01-26 06:23:27 -05:00
Simon Charette
4dcaa5871b
Fixed #26135 -- Adjusted the migration questioner's handling of disabled apps.
...
This was causing an issue when calling the `migrate` command in a test case with
the `available_apps` attribute pointing to an application with migrations
disabled using the `MIGRATION_MODULES` setting.
Thanks to Tim Graham for the review.
Refs #24919
2016-01-25 21:38:36 -05:00
Chris Lamb
abc0777b63
Fixed #25968 -- Changed project/app templates to use a "py-tpl" suffix.
...
Debian packages unconditionally byte-compile .py files on installation and
do not silence errors by design. Therefore, we need a way of shipping these
invalid .py files without a .py extension but ensuring that when we
template them, they end up as .py.
We don't special-case .py files so that the all the TemplateCommand
command-line options (eg. extra_files and extensions) still work entirely
as expected and it may even be useful for other formats too.
2016-01-25 12:39:06 -05:00
Tim Graham
5e8685c1b1
Refs #26034 -- Added another case fixed by this ticket to release notes.
2016-01-25 08:35:58 -05:00
Tim Graham
497b5d6fee
Refs #26034 -- Added another case fixed by this ticket to release notes.
...
Thanks Shai Berger for the report.
2016-01-25 08:33:02 -05:00
Simon Charette
729e0b086d
Fixed #24109 -- Allowed RunSQL and RunPython operations to be elided.
...
Thanks to Markus Holtermann and Tim Graham for their review.
2016-01-23 14:19:03 -05:00
Preston Timmons
c00ae7f58c
Fixed #26118 -- Added 'is' operator to if template tag.
2016-01-22 15:35:28 -05:00
Elif T. Kus
bca9faae95
Fixed #26020 -- Normalized header stylings in docs.
2016-01-22 12:12:17 -05:00
Alexander Gaevsky
9a33d3d764
Fixed #26060 -- Fixed crash with reverse OneToOneField in ModelAdmin.readonly_fields.
2016-01-21 13:21:28 -05:00
Aymeric Augustin
f91b5a7e4b
Fixed #26063 -- Crash when passing > 2000 params.
...
If SQLITE_MAX_VARIABLE_NUMBER (default = 999) is changed at compile time
to be greater than SQLITE_MAX_COLUMN (default = 2000), which Debian does
by setting the former to 250000, Django raised an exception on queries
containing more than 2000 parameters when DEBUG = True.
2016-01-21 10:47:15 +01:00
Anssi Kääriäinen
ee596888e1
Fixed #26092 -- Fixed QuerySet.order_by() regression with an M2M through model.
2016-01-20 19:13:05 -05:00
chemary
2d28144c95
Fixed #26094 -- Fixed CSRF behind a proxy (settings.USE_X_FORWARDED_PORT=True).
2016-01-20 18:19:24 -05:00
Tim Graham
073dd4ce79
Refs #26096 -- Forwardported 1.9.2 release note.
2016-01-19 07:35:48 -05:00
Tim Graham
e519aab43a
Fixed #23868 -- Added support for non-unique django-admin-options in docs.
...
Also documented missing short command line options to fix #24134 . This bumps
the minimum sphinx version required to build the docs to 1.3.4.
Thanks Simon Charette for review.
2016-01-14 18:21:33 -05:00
Simon Charette
fd1c5bb041
Fixed a typo in the 1.9.2 release notes.
2016-01-14 17:46:48 -05:00