Commit Graph

2219 Commits

Author SHA1 Message Date
Alex Hill ecb59cc657 Fixed #26306 -- Fixed memory leak in cached template loader. 2016-03-16 12:37:57 -04:00
Collin Anderson 93a135d111 Fixed #26158 -- Rewrote http.parse_cookie() to better match browsers. 2016-03-15 12:24:06 -04:00
Vincenzo Pandolfo d0fe6c9156 Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields. 2016-03-14 20:20:24 -04:00
Jakub Wilk 402da9ab7b Fixed typos in docs. 2016-03-13 19:48:24 +01:00
Tim Graham 4f0cd0fd16 Fixed #26324 -- Fixed DurationField with fractional seconds on SQLite. 2016-03-10 12:18:29 -05:00
Przemysław Suliga 96ec67a7cf Fixed #26332 -- Fixed a race condition in BaseCache.get_or_set(). 2016-03-08 11:44:37 -05:00
Bas Westerbaan b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Saúl Ibarra Corretgé 6c33e73333 Fixed #26289 -- Enabled shell tab completion on systems using libedit. 2016-03-08 08:37:14 -05:00
Krzysztof Urbaniak 839a955d08 Fixed #25933 -- Allowed an unprefixed default language in i18n_patterns(). 2016-03-08 08:14:10 -05:00
John-Mark Bell 4b129ac81f Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an empty string. 2016-03-07 13:19:39 -05:00
Jon Dufresne 1845bc1d10 Refs #26315 -- Cleaned up argparse options in commands.
* Removed type coercion. Options created by argparse are already coerced
  to the correct type.
* Removed fallback default values. Options created by argparse already
  have a default value.
* Used direct indexing. Options created by argparse are always set. This
  eliminates the need to use dict.get().
2016-03-05 13:19:29 -05:00
Jon Dufresne 4115288b4f Fixed #26315 -- Allowed call_command() to accept a Command object as the first argument. 2016-03-05 13:05:10 -05:00
Tim Graham bc0410d98a Fixed typo in docs/releases/1.8.12.txt. 2016-03-05 10:02:29 -05:00
Tim Graham c960af4adb Added stub release notes for 1.9.5/1.8.12. 2016-03-05 10:00:40 -05:00
Claude Paroz 552f03869e Added safety to URL decoding in is_safe_url() on Python 2
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
2016-03-04 23:33:35 +01:00
Claude Paroz ada7a4aefb Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()
This fixes a regression introduced by c5544d2892.
Thanks John Eskew for the reporti and Tim Graham for the review.
2016-03-04 21:14:14 +01:00
Tim Graham cecbf1bdef Fixed typo in docs/releases/1.9.1.txt. 2016-03-04 14:16:56 -05:00
Tim Graham 2f0c785a4c Added stub release notes for 1.8.11. 2016-03-04 09:47:43 -05:00
Simon Charette d0451e4cad Fixed #26295 -- Allowed using i18n_patterns() in any root URLconf.
Thanks Tim for the review.
2016-03-03 12:08:49 -05:00
Alasdair Nicol 2404d209a5 Fixed #26309 -- Documented that login URL settings no longer support dotted paths. 2016-03-03 07:34:14 -05:00
Simon Charette c92123cc1d Fixed #26226 -- Made related managers honor the queryset used for prefetching their results.
Thanks Loïc for the suggested improvements and Tim for the review.
2016-03-02 16:10:18 -05:00
Marc Tamlyn 8ddc79a799 Fixed #26285 -- Deprecated the MySQL-specific __search lookup. 2016-03-02 14:41:56 -05:00
acrefoot 04240b2365 Refs #19527 -- Allowed QuerySet.bulk_create() to set the primary key of its objects.
PostgreSQL support only.

Thanks Vladislav Manchev and alesasnouski for working on the patch.
2016-03-02 14:29:09 -05:00
Dmitry Dygalo 5155c2b458 Fixed typo in 1.9.3/1.8.10 release date. 2016-03-02 07:08:36 -05:00
Tim Graham 2e895d2870 Added stub release notes for 1.9.4. 2016-03-01 12:39:01 -05:00
Tim Graham 24fc935218 Added CVE-2016-2512/2513 to security release archive. 2016-03-01 12:32:42 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
This is a security fix.
2016-03-01 11:25:28 -05:00
Mark Striemer c5544d2892 Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
This is a security fix.
2016-03-01 11:25:28 -05:00
Tim Graham f43291639b Added stub release notes for security issues. 2016-03-01 11:25:28 -05:00
Simon Charette 0223e213dd Fixed #26186 -- Documented how app relative relationships of abstract models behave.
This partially reverts commit bc7d201bdb.

Thanks Tim for the review.

Refs #25858.
2016-02-29 22:07:05 -05:00
chenesan b84f5ab4ec Fixed #26230 -- Made default_related_name affect related_query_name. 2016-02-27 08:48:32 -05:00
Simon Charette 3938b3ccaa Fixed #26286 -- Prevented content type managers from sharing their cache.
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.

Thanks Tim for the review.

Refs #23822.
2016-02-26 16:18:16 -05:00
Adam Chainz ef33bc2d4d Fixed #25279 -- Made prefetch_related_objects() public. 2016-02-26 14:55:01 -05:00
Simon Charette 766afc22a1 Fixed #24793 -- Unified temporal difference support. 2016-02-26 12:25:12 -05:00
Ivan Tsouvarev 8890c533e0 Fixed #26280 -- Fixed cached template loader crash when loading nonexistent template. 2016-02-26 08:02:10 -05:00
Sjoerd Job Postmus bbe136e1a2 Fixed #26231 -- Used .get_username in admin login template. 2016-02-25 19:29:53 -05:00
Olivier Le Thanh Duong 10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
Claude Paroz c5517b9e74 Fixed #26266 -- Output the primary key in the GeoJSON serializer properties
Thanks Tim Graham for the review.
2016-02-24 16:10:46 +01:00
Jon Dufresne b412681359 Fixed #26267 -- Fixed BoundField to reallow slices of subwidgets. 2016-02-24 07:02:51 -05:00
James Aylett 1ff6e37de4 Fixed #23832 -- Added timezone aware Storage API.
New Storage.get_{accessed,created,modified}_time() methods convert the
naive time from now-deprecated {accessed,created_modified}_time()
methods into aware objects in UTC if USE_TZ=True.
2016-02-23 18:51:43 -05:00
Andrew Kuchev e81d1c995c Fixed #25670 -- Allowed dictsort to sort a list of lists.
Thanks Tim Graham for the review.
2016-02-23 12:15:08 -05:00
Tim Graham cdbd8745f6 Fixed #26263 -- Deprecated Context.has_key() 2016-02-23 08:08:55 -05:00
Claude Paroz b46c0ea6c8 Fixed #26190 -- Returned handle() result from call_command
Thanks Tim Graham for the review.
2016-02-23 09:12:12 +01:00
Tim Graham 47b5a6a43c Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS. 2016-02-22 18:59:23 -05:00
Tim Graham 33a4040d07 Refs #26253 -- Forwardported release note. 2016-02-22 17:19:08 -05:00
Tim Graham b1afebf882 Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator.
Thanks Shai Berger for the review.
2016-02-18 19:06:49 -05:00
Akshesh d58aaa24e3 Fixed #26107 -- Added option to int_list_validator() to allow negative integers. 2016-02-18 18:58:18 -05:00
Akshesh fdccc02576 Fixed #26219 -- Fixed crash when filtering by Decimal in RawQuery. 2016-02-17 13:56:42 -05:00
Jakub Paczkowski d4dc775620 Fixed #25735 -- Added support for test tags to DiscoverRunner.
Thanks Carl Meyer, Claude Paroz, and Simon Charette for review.
2016-02-17 09:44:18 -05:00
Claude Paroz 928c12eb1a Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values
Also added tests for HStoreField and JSONField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
2016-02-16 21:07:05 +01:00
Alexey Kotlyarov b59f963ad2 Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable. 2016-02-15 11:44:29 -05:00
Jon Dufresne fcd08c1757 Fixed #11665 -- Made TestCase check deferrable constraints after each test. 2016-02-13 06:53:39 -05:00
Mounir Messelmeni 50931dfa53 Fixed #25304 -- Allowed management commands to check if migrations are applied. 2016-02-12 13:34:56 -05:00
Anssi Kääriäinen 46ecfb9b3a Fixed #26196 -- Made sure __in lookups use to_field as default.
Thanks Simon Charette for the test.
2016-02-11 11:09:08 -05:00
ZachLiuGIS 04e13c8913 Fixed #26179 -- Removed null assignment check for non-nullable foreign key fields. 2016-02-11 10:07:39 -05:00
Anssi Kääriäinen 353aecbf8c Fixed #26153 -- Reallowed Q-objects in ForeignObject.get_extra_descriptor_filter(). 2016-02-11 08:59:43 -05:00
Curtis Maloney 6f1318734f Fixed #26014 -- Added WSGIRequest content_type and content_params attributes.
Parsed the CONTENT_TYPE header once and recorded it on the request.
2016-02-10 18:19:23 -05:00
Brobin dca8b916ff Fixed #26154 -- Deprecated CommaSeparatedIntegerField 2016-02-10 17:57:43 -05:00
Shai Berger bb51dc902d Refs #26112 -- Fixed aggregate GIS test on Oracle.
Made sure the test doesn't try to aggregate over MultiPolygonField and made
AreaField turn decimals into floats on the way from the DB.

Thanks Daniel Wiesmann, Jani Tiainen, and Tim Graham for review and discussion.
2016-02-09 10:04:54 -05:00
Simon Charette a325fb1f9b Fixed #26162 -- Checked query name clashes of hidden relationships.
Although reverse accessor clashes should be skipped query name can't be hidden.

Thanks to Ian Foote and Tim Graham for the review.
2016-02-08 09:59:27 -05:00
Tim Graham 10a162809f Refs #24007 -- Removed an apps.populate() call in model unpickling that can cause deadlocks. 2016-02-08 08:28:48 -05:00
Tim Graham 97eb3356b2 Fixed #26177 -- Fixed a PostgreSQL crash with TIME_ZONE=None and USE_TZ=False. 2016-02-08 07:21:54 -05:00
Shai Berger 28f60ef3b8 Fixed title formatting in backwards-incompat section of 1.10 release notes 2016-02-06 21:10:36 +02:00
Tim Graham d6337e65ed Added stub release notes for 1.8.10. 2016-02-06 09:24:20 -05:00
Pankrat f91a04621e Fixed #25833 -- Added support for non-atomic migrations.
Added the Migration.atomic attribute which can be set to False
for non-atomic migrations.
2016-02-05 09:09:05 -05:00
Yoong Kang Lim 0edb8a146f Fixed #26144 -- Warned when dumping proxy model without concrete parent. 2016-02-04 19:40:12 -05:00
Simon Charette 6eb3ce11e4 Fixed #26089 -- Removed custom user test models from public API.
Thanks to Tim Graham for the review.
2016-02-04 12:30:34 -05:00
Hugo Osvaldo Barrera dcee1dfc79 Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
Carl Meyer a0ce4c09ff Fix typos in 1.8 release notes. 2016-02-03 13:05:35 -07:00
jpic 926e90132d Fixed #25731 -- Removed unused choices kwarg for Select.render() 2016-02-02 18:03:19 -05:00
rynomster 468d8211df Fixed #23971 -- Added "Has date"/"No date" choices for DateFieldListFilter. 2016-02-02 12:04:14 -05:00
Tim Graham 1e9150443e Refs #26089 -- Removed obsolete docs about custom user model testing. 2016-02-02 08:12:08 -05:00
Buddy Lindsey, Jr 731bdfe68a Fixed #26155 -- Skipped URL checks if no ROOTURL_CONF setting. 2016-02-01 13:51:38 -05:00
Tim Graham ecd502cfdb Added CVE-2016-2048 to the security archive. 2016-02-01 12:42:37 -05:00
Tim Graham 59654d5efe Added stub release notes for 1.9.3. 2016-02-01 12:39:18 -05:00
Tim Graham 11fae7c9e4 Added release dates for 1.9.2 and 1.8.9. 2016-02-01 12:02:16 -05:00
Myk Willis 62f3acc70a Fixed incorrect permissions check for admin's "Save as new".
This is a security fix.
2016-02-01 11:57:00 -05:00
Tim Graham 8ce8beb3f2 Unified some doc links to OneToOneField and ManyToManyField. 2016-02-01 11:02:26 -05:00
Hugo Osvaldo Barrera 8bf8d0e0ec Fixed #7923 -- Added links to objects displayed by ModelAdmin.raw_id_fields. 2016-02-01 07:36:10 -05:00
Greg Chapple 8dea9f089d Fixed #26120 -- Made HStoreField cast keys and values to strings.
HStoreField now converts all keys and values to string before they're
saved to the database.
2016-01-29 09:51:23 -05:00
Tim Graham 04564eb74d Fixed #26129 -- Made invalid forms display initial values of disabled fields. 2016-01-28 18:43:48 -05:00
Tim Graham 19d1cb1451 Fixed #20415 -- Ensured srid isn't localized in OpenLayers JavaScript. 2016-01-28 17:46:55 -05:00
James Pulec f05722a08a Fixed #25354 -- Added class/app_label interpolation for related_query_name. 2016-01-28 11:10:47 -05:00
Claude Paroz 54236a2c1c Fixed #26138 -- Ensured geometry_field's geometry is always serialized
Thanks Bernd Schlapsi for the report.
2016-01-28 08:50:38 +01:00
Ben Kraft 13023ba867 Fixed #26122 -- Fixed copying a LazyObject
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4.
2016-01-26 06:56:21 -05:00
Preston Timmons cfda1fa3f8 Fixed #25848 -- Set template origin on each node.
Prior to 55f12f8709, the template origin was available on each node via
`self.token.source[0]`. This behavior was removed when debug handling was
simplified, but 3rd-party debugging tools still depend on its presence.
This updates the Parser to set origin on individual nodes. This enables the
source template to be determined even when template extending or including is
used.
2016-01-26 06:23:27 -05:00
Simon Charette 4dcaa5871b Fixed #26135 -- Adjusted the migration questioner's handling of disabled apps.
This was causing an issue when calling the `migrate` command in a test case with
the `available_apps` attribute pointing to an application with migrations
disabled using the `MIGRATION_MODULES` setting.

Thanks to Tim Graham for the review.

Refs #24919
2016-01-25 21:38:36 -05:00
Chris Lamb abc0777b63 Fixed #25968 -- Changed project/app templates to use a "py-tpl" suffix.
Debian packages unconditionally byte-compile .py files on installation and
do not silence errors by design. Therefore, we need a way of shipping these
invalid .py files without a .py extension but ensuring that when we
template them, they end up as .py.

We don't special-case .py files so that the all the TemplateCommand
command-line options (eg. extra_files and extensions) still work entirely
as expected and it may even be useful for other formats too.
2016-01-25 12:39:06 -05:00
Tim Graham 5e8685c1b1 Refs #26034 -- Added another case fixed by this ticket to release notes. 2016-01-25 08:35:58 -05:00
Tim Graham 497b5d6fee Refs #26034 -- Added another case fixed by this ticket to release notes.
Thanks Shai Berger for the report.
2016-01-25 08:33:02 -05:00
Simon Charette 729e0b086d Fixed #24109 -- Allowed RunSQL and RunPython operations to be elided.
Thanks to Markus Holtermann and Tim Graham for their review.
2016-01-23 14:19:03 -05:00
Preston Timmons c00ae7f58c Fixed #26118 -- Added 'is' operator to if template tag. 2016-01-22 15:35:28 -05:00
Elif T. Kus bca9faae95 Fixed #26020 -- Normalized header stylings in docs. 2016-01-22 12:12:17 -05:00
Alexander Gaevsky 9a33d3d764 Fixed #26060 -- Fixed crash with reverse OneToOneField in ModelAdmin.readonly_fields. 2016-01-21 13:21:28 -05:00
Aymeric Augustin f91b5a7e4b Fixed #26063 -- Crash when passing > 2000 params.
If SQLITE_MAX_VARIABLE_NUMBER (default = 999) is changed at compile time
to be greater than SQLITE_MAX_COLUMN (default = 2000), which Debian does
by setting the former to 250000, Django raised an exception on queries
containing more than 2000 parameters when DEBUG = True.
2016-01-21 10:47:15 +01:00
Anssi Kääriäinen ee596888e1 Fixed #26092 -- Fixed QuerySet.order_by() regression with an M2M through model. 2016-01-20 19:13:05 -05:00
chemary 2d28144c95 Fixed #26094 -- Fixed CSRF behind a proxy (settings.USE_X_FORWARDED_PORT=True). 2016-01-20 18:19:24 -05:00
Tim Graham 073dd4ce79 Refs #26096 -- Forwardported 1.9.2 release note. 2016-01-19 07:35:48 -05:00
Tim Graham e519aab43a Fixed #23868 -- Added support for non-unique django-admin-options in docs.
Also documented missing short command line options to fix #24134. This bumps
the minimum sphinx version required to build the docs to 1.3.4.

Thanks Simon Charette for review.
2016-01-14 18:21:33 -05:00
Simon Charette fd1c5bb041 Fixed a typo in the 1.9.2 release notes. 2016-01-14 17:46:48 -05:00