9888bb28ee
[1.6.x] Added missing "in" in sentence.
...
Backport of 2c5c422d34
2013-09-19 13:29:48 -04:00
538fdd2ae4
[1.6.x] Added __pycache__ to gitignore
...
Backport of 55b9bff07f
2013-09-19 06:37:53 -04:00
886e876c72
[1.6.x] Fixed #21121 : Added archive of security issues.
...
Backport of 9d3e60aa3e8e134c27c98b3bae9466c65ae7c969bbabc5325ca2e25e8a83
2013-09-19 15:02:52 +08:00
091ae7f172
Removed accidentally added pyc file.
...
Thanks Simon Charette for the report.
2013-09-18 20:27:07 -04:00
778d4da9cc
[1.6.x] Fixed #21098 -- Applied sensitive_post_parameters to MultiValueDict
...
Thanks simonpercivall for the report and bmispelon for the review.
Backport of 2daada800f
2013-09-18 09:56:01 -04:00
dbad65ded7
[1.6.x] Fixed bad backport in last commit; refs #21118
2013-09-18 09:52:29 -04:00
14e139ecdf
[1.6.x] Fixed #21118 -- Isolated a test that uses the database.
...
Thanks rmboggs for the report.
Backport of 4f40b97d97
2013-09-18 09:43:10 -04:00
275497c570
[1.6.x] Fixed #15625 -- Made message in MultiValueDictKeyError less verbose.
...
Thanks margieroginski for the suggestion.
Backport of 893198509e
2013-09-18 06:49:59 -04:00
325b03ea84
[1.6.x] Final attempt to solve sporadic test failures.
...
tearDownClass is not called if setUpClass throws an exception, in our case
this means that LiveServerTestCase leaks LiveServerThread sockets if the
test happens to be skipped later on, and AdminSeleniumWebDriverTestCase
doesn't close it's already open browser window. To prevent this leakage
we catch errors where needed and manually call _tearDownClassInternal.
_tearDownClassInternal should be written as defensively as possible since
it is not allowed to make any assumptions on how far setUpClass got.
This patch should fix the sporadic "Address already in use"-errors on jenkins
and also the "This code isn't under transaction management"-error for sqlite
(also just on jenkins).
After discussion with koniiiik, jezdez, kmtracey, tos9, lifeless, nedbat and
voidspace it was decided that this is the safest approach (thanks to everyone
for their comments and help). Manually calling tearDownClass was shut down
cause we don't know how our users override our classes.
This is a private and very specialized API on purpose and should not be used
without a strong reason!
This patch partially reverts the earlier attempts to fix those issues,
namely:
2fa0dd73b13c5775d36f73a610d2a8
2013-09-17 18:36:32 +02:00
5937f291c1
[1.6.x] Fixed #21109 -- made db cursor error wrapping faster
...
Backpatch of 9400142132
2013-09-17 12:31:13 +03:00
c0625a74ce
[1.6.x] Reworded a paragraph in the logging docs.
...
9d12f68a53
2013-09-16 17:52:13 -03:00
e96bcdd64f
[1.6.x] Cleaned up 1.5.4/1.4.8 release notes
...
Backport of 8d29005524
2013-09-15 14:22:24 -04:00
623c4916df
[1.6.x] Add release notes and bump version number for security release.
2013-09-15 00:36:03 -06:00
5ecc0f828e
[1.6.x] Ensure that passwords are never long enough for a DoS.
...
* Limit the password length to 4096 bytes
* Password hashers will raise a ValueError
* django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change
Thanks to Josh Wright for the report, and Donald Stufft for the patch.
This is a security fix; disclosure to follow shortly.
Backport of aae5a96d57
2013-09-15 13:46:16 +08:00
4c4954a3c1
[1.6.x] Added tests for double-pickling a QuerySet
...
Refs #21102 .
Backpatch of 74b91b3888
2013-09-14 10:36:48 +03:00
097fb98f81
[1.6.x] Fixed #21101 -- Updated urlize documentation to mention email addresses
...
Backport of 39b49fd339
2013-09-13 12:42:40 -04:00
7a2adec4d0
[1.6.x] Fixed #21100 -- Noted that Create/UpdateViews.fields is new in 1.6
...
Thanks AndrewIngram for the suggestion.
Backport of ec89e1725a
2013-09-13 09:35:22 -04:00
6e17534c89
[1.6.x] Fixed #21094 -- Updated reuseable apps tutorial to use pip for installation.
...
Thanks ylb415 at gmail.com for the suggestion.
Backport of e4aab1bb8d
2013-09-13 09:30:12 -04:00
c91ffd5f23
[1.6.x] Documentation -- added instructions on working with pull requests
...
Since non-core contributors are asked to review patches, instructions
on working with pull requests were added to the Working with Git and
GitHub page (based on the existing instructions in the core
committers page).
Backport of 990ce9aab9
2013-09-13 08:27:23 -04:00
a929adfd3b
[1.6.x] Fixed #21095 -- Documented new requirement for dates lookups.
...
Day, month, and week_day lookups now require time zone definitions in the database.
Backport of 9451d8d
2013-09-13 10:20:13 +02:00
66e6e2d146
[1.6.x] Fixed a couple of typos in GeoDjango docs.
...
8b366a50f4
2013-09-12 19:45:27 -03:00
e8bb41d05c
[1.6.x] Minor typo fix in django.contrib.auth.models.User docs
...
Backport of bd72c2acb6
2013-09-11 19:44:35 -04:00
b05639dcac
[1.6.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH.
...
Thanks EvilDMP for the report and Russell Keith-Magee
for the draft text.
Backport of da843e7dba
2013-09-11 08:18:48 -04:00
4f0ea1aca4
[1.6.x] Documentation -- Improved description of cache arguments
...
- Fixed some grammar and formatting mistakes
- Added the type and default for CULL_FREQUENCY
- Made the note on culling the entire cache more precise. (It's actually
slower on the filesystem backend.)
Backport of 5eca021d48
2013-09-11 07:43:24 -04:00
ed9b7b6295
[1.6.x] Bump version number for 1.6 beta 3 security release.
2013-09-10 20:32:14 -05:00
2f2731e67e
[1.6.x] Added 1.4.7/1.5.3 release notes
...
Backport of baec6a26dd
2013-09-10 21:08:27 -04:00
536cc64240
[1.6.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths.
...
Thanks Rainer Koirikivi for the report and draft patch.
This is a security fix; disclosure to follow shortly.
Backport of 7fe5b656c9
2013-09-10 21:03:51 -04:00
ef3604a085
[1.6.x] Fixed broken sphinx reference to staticfiles.
...
Backport of 751dc0a36b
2013-09-10 16:31:51 -04:00
f9f792eb04
[1.6.x] Took advantage of django.utils.six.moves.urllib.*.
...
Backport of 6a6428a36
2013-09-10 21:29:31 +02:00
960f5bc759
[1.6.x] Fixed #21075 - Improved doc for calling call_command with arguments.
...
Backport of fca4c4826e
2013-09-10 09:18:14 -04:00
01ad508514
[1.6.x] Fixed spelling; refs #16895 .
...
Thanks Panagiotis Issaris for the report.
Backport of fb51c9a0f2
2013-09-09 11:31:25 -04:00
276e053803
[1.6.x] Fixed #16895 -- Warned about cost of QuerySet ordering
...
Thanks outofculture at gmail.com for the suggestion.
Backport of cbf08c6b0c
2013-09-09 09:49:15 -04:00
e4274e3da1
[1.6.x] Fixed #20707 -- Added explicit quota assignment to Oracle test user
...
To enable testing on Oracle 12c
2013-09-09 14:02:21 +03:00
b085e7c303
[1.6.x] Further hardening. Refs #18766 .
...
Backport of c687bf0
2013-09-08 20:43:33 +02:00
0035a0ce2e
[1.6.x] Hardened the test introduced in ded11aa6. Refs #18766 .
...
Inputs acceptable to time.mktime are platform-dependent.
Backport of 1a1e1478
2013-09-08 19:41:34 +02:00
7c31e195db
[1.6.x] Fixed #18766 -- Pointed to pytz when LocalTimezone fails.
...
Thanks void for the report.
Backport of ded11aa6
2013-09-08 09:17:03 +02:00
c03848b540
[1.6.x] Fixed #21068 -- Added some docs for DiscoverRunner
...
Thanks jcd.
Backport of e4b012feeb
2013-09-07 16:11:03 -04:00
01edcf70f2
Fixed #20409 -- Clarified how unique_for_date works when USE_TZ is set.
2013-09-07 14:09:52 -05:00
be9930d7be
[1.6.x] Fixed deprecation warning on Python 3
...
Backport of b7451b72
2013-09-07 13:15:13 -05:00
63b95ca452
[1.6.x] Fixed 9244447c -- incomplete backport.
...
The test client had been refactored in the mean time. This commit
de-factors the fix. Refs #20530 .
2013-09-07 13:15:13 -05:00
7b8037f3aa
[1.6.x] Fixed #20005 -- Documented that Oracle databases need execute permission on SYS.DBMS_LOB.
...
Thanks jafula for the suggestion.
Backport of a86ecc80a2
2013-09-07 14:01:05 -04:00
17b67e17a3
[1.6.x] Fixed #20938 -- Added cached sessions note to deployment checklist.
...
Thanks mjtamlyn for the suggestion.
Backport of 4e784f337c
2013-09-07 13:08:45 -04:00
7fcd6aa669
[1.6.x] Fixed #20530 -- Properly decoded non-ASCII query strings on Python 3.
...
Thanks mitsuhiko for the report.
Backport of 65b6eff38aaca65
2013-09-07 12:06:38 -05:00
9244447cc4
[1.6.x] Fixed an encoding issue in the test client.
...
Refs #20530 .
Backport of 7bb62793476b0764
2013-09-07 12:06:19 -05:00
a357c854c9
[1.6.x] Fixed #16992 -- Added InnoDB warning regarding reuse of AUTO_INCREMENT values.
...
Thanks kent at nsc.liu.se for the report.
Backport of c54fa1a7bc
2013-09-07 12:16:43 -04:00
fac5735a3d
[1.6.x] Fixed #20557 -- Properly decoded non-ASCII cookies on Python 3.
...
Thanks mitsuhiko for the report.
Non-ASCII values are supported. Non-ASCII keys still aren't, because the
current parser mangles them. That's another bug.
Simplified backport of 8aaca651f5add47
2013-09-07 10:45:24 -05:00
f855058c35
[1.6.x] Fixed #11811 -- Data-loss bug in queryset.update.
...
It's now forbidden to call queryset.update(field=instance) when instance
hasn't been saved to the database ie. instance.pk is None.
Conflicts:
tests/queries/tests.py
Backport of b4cd8169
2013-09-06 21:59:28 -05:00
2a2ac5c140
Merge pull request #1566 from adamsc64/ticket_11857
...
Fixed #11857 -- Added missing 'closed' property on TemporaryFile class.
Backport of 926bc42
2013-09-06 19:44:25 -05:00
6ba01f64c1
[1.6.x] Fixed Python 3 syntax error introduced in [ c72392da]
...
Backport of 498014ccd5
2013-09-06 20:08:56 -04:00
3df9647ad9
[1.6.x] Merge pull request #1582 from rca/12756-missing-yaml-module-serializer-error-message
...
Fixed #12756 : Improved error message when yaml module is missing.
Backport of 4f5faa1916
2013-09-06 19:01:24 -05:00
Markus Amalthea Magnuson
Tim Graham
Russell Keith-Magee
Florian Apolloner
Anssi Kääriäinen
Ramiro Morales
James Bennett
Anssi Kääriäinen
Goetz
Kevin Christopher Henry
Matt Austin
Phaneendra Chiruvella
Tarjei Husøy
Aymeric Augustin
oz123
e0ne
Садовский Николай
Keith Edmiston