Commit Graph

12680 Commits

Author SHA1 Message Date
Tim Graham 8eeb566aca Fixed #25149 -- Replaced window.__admin_utc_offset__ with a data attribute. 2015-07-22 17:09:52 -04:00
Tim Graham 5cedef9b50 Fixed #25155 -- Removed an inner class in core.management.color for PyPy performance. 2015-07-21 13:07:45 -04:00
Luke Plant 8a5eadd140 Corrected HTML-escaping behaviour of url template tag.
Due to the URL encoding applied by the tag for all parameters that might be
partly controllable by an end-user, there are no XSS/security problems
caused by this bug, only invalid HTML.
2015-07-21 14:04:58 +01:00
lukasz.wojcik 927b30a6ab Fixed #24126 -- Deprecated current_app parameter to auth views. 2015-07-21 08:26:41 -04:00
Wim Feijen c082363527 Reworded contrib.auth forms' password confirmation help_text.
"As above" refers to a spatial orientation, which might
not be present, for example when the two password fields
are shown next to each other.
2015-07-20 15:51:50 -04:00
Claude Paroz 1da170a203 Fixed #25141 -- Diminished GDAL dependence during geojson serialization
Only require GDAL if contained geometries need coordinate transformations.
Thanks drepo for the report and Tim Graham for the review.
2015-07-20 20:22:29 +02:00
Tim Graham 774c16d16e Fixed #25052; refs #16860 -- Added password validation to UserCreationForm. 2015-07-20 13:44:34 -04:00
Tim Graham f5e9d67907 Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.
Thanks Carl Meyer for review.
2015-07-20 13:44:26 -04:00
Tim Graham d7848c11e0 Fixed #25147 -- Fixed debug view copy-paste/interactive toggle.
The whitespace added in 1101467ce0
broke the initial comparison.
2015-07-20 11:52:21 -04:00
Tim Graham 6e3fe089dd Replaced six.BytesIO with io.BytesIO 2015-07-20 08:19:47 -04:00
Tim Graham a131d9ce55 Fixed JavaScript "no-octal-escape" violations. 2015-07-18 06:57:10 -04:00
Tim Graham f8304ac33b Fixed JavaScript "no-multi-spaces" violations. 2015-07-18 06:57:10 -04:00
Tim Graham efc144aba0 Fixed JavaScript "space-infix-ops" violations. 2015-07-18 06:57:10 -04:00
Tim Graham ec6563f585 Fixed JavaScript "dot-notation" violations. 2015-07-18 06:57:10 -04:00
Tim Graham 8a99c01184 Fixed JavaScript "key-spacing" violations. 2015-07-18 06:57:10 -04:00
Tim Graham 2d6466c295 Fixed JavaScript "comma-spacing" violations. 2015-07-18 06:57:10 -04:00
Tim Graham b647d64408 Fixed JavaScript "indent" violations. 2015-07-18 06:57:10 -04:00
Tim Graham 8606bea3bc Fixed JavaScript space-before-function-paren violations. 2015-07-18 06:57:10 -04:00
Tim Graham ac6164948e Fixed JavaScript "curly" violations. 2015-07-18 06:57:10 -04:00
Tim Graham e25ba6e8bb Refs #25073 -- Copied recently added verbose_names to migrations. 2015-07-17 14:07:18 -04:00
Edward Henderson f8cc464452 Fixed #16501 -- Added an allow_unicode parameter to SlugField.
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00
Tim Graham adffff79a3 Allowed installing closure with pip for admin JavaScript compression. 2015-07-17 13:22:34 -04:00
Tim Graham 28ee511b7e Fixed db.utils.load_backend() on non-ASCII paths. 2015-07-17 08:21:43 -04:00
Claude Paroz 1ef4aeab40 Fixed #25078 -- Added support for disabled form fields
Thanks Keryn Knight and Tim Graham for the reviews.
2015-07-16 19:36:56 +02:00
Tim Graham 1fed8dd715 Fixed #25120 -- Deprecated egg template loader. 2015-07-16 09:32:42 -04:00
Tim Graham c52822e750 Fixed #25128 -- Fixed SQLite SchemaEditor crash when adding a ForeignObject field. 2015-07-15 15:22:52 -04:00
Tim Graham bbbb7ce115 Filtered out 'base' from database backend choices error message. 2015-07-15 10:51:26 -04:00
George Brocklehurst 48af591b2d Fixed #25124 -- Eased customization of SelectDateWidget subwidget. 2015-07-15 10:21:39 -04:00
rroskam ed514caed2 Fixed #24966 -- Added deployment system check for empty ALLOWED_HOSTS. 2015-07-15 09:18:58 -04:00
Keryn Knight c96f11257b Refs #24121 -- Added meaningful repr() to HttpResponse and subclasses. 2015-07-15 09:01:25 -04:00
Eric Carrillo 8ee6a3f1a8 Fixed #25085 -- Overrode Select widget's __deepcopy__() 2015-07-14 11:56:08 -04:00
Thomas Stephenson 035b0fa60d Fixed #24716 -- Deprecated Field._get_val_from_obj()
The method duplicates the functionality of Field.value_from_object()
and has the additional downside of being a privately named public
API method.
2015-07-14 09:13:22 -04:00
Simon Litchfield 0ffa3943fb Fixed #25097 -- Added BaseModelFormSet.delete_existing() hook. 2015-07-14 09:05:44 -04:00
Cesar Canassa 561c018d88 Fixed #25123 -- Corrected makemessages --extension help text 2015-07-14 07:35:27 -04:00
Vlastimil Zíma 8f8c54f70b Fixed #25099 -- Cleaned up HttpRequest representations in error reporting. 2015-07-13 19:22:39 -04:00
Tim Graham 6bdd3840be Improved whitespace in debug templates.
Removed extra blank lines in the template text debug template,
and prevented overindentation in the HTML debug template.
2015-07-13 19:22:39 -04:00
Daniel Roseman 24620d71f2 Fixed #25079 -- Added warning if both TEMPLATES and TEMPLATE_* settings are defined.
Django ignores the value of the TEMPLATE_* settings if TEMPLATES is also
set, which is confusing for users following older tutorials. This change
adds a system check that warns if any of the TEMPLATE_* settings have
changed from their defaults but the TEMPLATES dict is also non-empty.

Removed the TEMPLATE_DIRS from the test settings file; this was marked
for removal in 1.10 but no tests fail if it is removed now.
2015-07-13 17:50:22 -04:00
Andrei Kulakov db97a88495 Fixed #24375 -- Added Migration.initial attribute
The new attribute is checked when the `migrate --fake-initial` option
is used. initial will be set to True for all initial migrations (this
is particularly useful when initial migrations are split) as well as
for squashed migrations.
2015-07-13 15:57:40 -04:00
Razvan Andrei Ionescu 97bc875234 Fixed #25117 -- Added Romanian char map for Javascript slug generation 2015-07-13 13:31:12 -04:00
Ben Spaulding 915ef79b08 Fixed #25115 -- Made admindocs view bookmarklet reverse the URL rather than hardcode it. 2015-07-13 12:44:37 -04:00
Curtis Maloney 23529fb195 Explicitly passed rounds as rounds to bcrypt.gensalt() 2015-07-13 12:35:24 -04:00
Anssi Kääriäinen 6f403056f0 Fixed #24923 -- errored out nicely when using aggregates in order_by() 2015-07-13 08:36:25 -04:00
Ben Spaulding 83f6373030 Fixed #25116 -- Removed long-broken admindocs bookmarklets
These were broken back in commit 64e11a6.
2015-07-13 08:18:58 -04:00
Szilveszter Farkas f576b23a65 Fixed #25073 -- Added verbose_name to contrib's model fields that were missing it. 2015-07-12 13:44:16 -04:00
Claude Paroz d72f8862cb Fixed #25072 -- Prevented GDALRaster memory to be uncollectable
Setting GDALRaster.bands as a cached property was creating a circular
reference with objects having __del__ methods, which means the memory
could never be freed.
Thanks Daniel Wiesmann for the report and test, and Tim Graham for the review.
2015-07-10 19:56:17 +02:00
darkryder f675afa13c Fixed #25093 -- Added utils.datastructures.OrderedSet.__len__() 2015-07-09 21:20:52 -04:00
Simon Charette 07577a2d05 Fixed #25081 -- Prevented DISTINCT ON ordering from being cleared in get().
Thanks to pdewacht for the patch.
2015-07-09 16:00:52 -04:00
Shai Berger 17d3a6d804 Fixed catastrophic backtracking in URLValidator.
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Tim Graham 014247ad19 Prevented newlines from being accepted in some validators.
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
2015-07-08 15:23:03 -04:00
Carl Meyer df049ed77a Fixed #19324 -- Avoided creating a session record when loading the session.
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00