Tim Graham
1913c1ac21
Added today's security issues to the archive.
2015-01-13 14:44:08 -05:00
Tim Graham
7ecd654497
Removed blank lines from docs/releases/security.txt
2015-01-13 14:37:30 -05:00
Tim Graham
cbbe6a6abb
Added dates to release notes.
2015-01-13 13:08:57 -05:00
Tim Graham
baf2542c4f
Fixed DoS possibility in ModelMultipleChoiceField.
...
This is a security fix. Disclosure following shortly.
Thanks Keryn Knight for the report and initial patch.
2015-01-13 13:03:06 -05:00
Tim Graham
a3bebfdc34
Ensured views.static.serve() doesn't use large memory on large files.
...
This issue was fixed in master by refs #24072 .
2015-01-13 13:03:06 -05:00
Tim Graham
69b5e66738
Fixed is_safe_url() to handle leading whitespace.
...
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Carl Meyer
316b8d4974
Stripped headers containing underscores to prevent spoofing in WSGI environ.
...
This is a security fix. Disclosure following shortly.
Thanks to Jedediah Smith for the report.
2015-01-13 13:03:05 -05:00
Tim Graham
958aeda4b5
Added stub release notes for security releases.
2015-01-13 13:03:05 -05:00
Collin Anderson
e7771ec380
Fixed bad model example in admin docs.
2015-01-13 11:53:03 -05:00
Claude Paroz
e084ff01f2
Fixed #24136 -- Prevented crash when convert_extent input is None
...
Thanks Max Demars for the report.
2015-01-13 17:27:11 +01:00
Michał Modzelewski
65246de7b1
Fixed #24031 -- Added CASE expressions to the ORM.
2015-01-12 18:15:34 -05:00
Shai Berger
aa8ee6a573
Fixed test failures in Oracle introspection
...
Refs #17785
2015-01-13 01:00:09 +02:00
Tim Graham
5d7217dce3
Fixed typo in docs/release/1.8.txt & added word for spelling check.
2015-01-12 17:53:32 -05:00
Josh Schneier
3844ccc958
Fixed #24138 -- Added modelform_factory to __all__.
2015-01-12 17:44:06 -05:00
Josh Smeaton
21b858cb67
Fixed #24060 -- Added OrderBy Expressions
2015-01-13 09:39:55 +11:00
Claude Paroz
f48e2258a9
Fixed #24133 -- Replaced formatting syntax in success_url placeholders
...
Thanks Laurent Payot for the report, and Markus Holtermann, Tim Graham
for the reviews.
2015-01-12 22:51:22 +01:00
Aymeric Augustin
5f7230e12f
Fixed #24124 (again) -- Updated tests with new default context_processors.
...
Thanks Collin for the review.
2015-01-12 22:31:44 +01:00
Aymeric Augustin
511a53b314
Avoided exceptions in admindocs' template detail view.
...
This is marginally better than crashing when several Django template
engines are configured in a project.
Refs #24125 .
2015-01-12 21:01:34 +01:00
Aymeric Augustin
3bba4b420e
Avoided exceptions in a non-critical check in the admin.
...
This change makes it possible to configure several Django template
engines in a project and still use the admin. On the flip side the
check is silently skipped when no Django template engine is configured.
2015-01-12 21:01:34 +01:00
Aymeric Augustin
6b5113ec94
Made debug views not crash when there isn't a default template engine.
2015-01-12 21:01:34 +01:00
Aymeric Augustin
79deb6a071
Accounted for multiple template engines in template responses.
2015-01-12 21:01:34 +01:00
Aymeric Augustin
a3e783fe11
Deprecated passing a Context to a generic Template.render.
...
A deprecation path is required because the return type of
django.template.loader.get_template changed during the
multiple template engines refactor.
test_csrf_token_in_404 was incorrect: it tested the case when the
hardcoded template was rendered, and that template doesn't depend on the
CSRF token. This commit makes it test the case when a custom template is
rendered.
2015-01-12 21:01:34 +01:00
Aymeric Augustin
71b7668b75
Rewrapped TemplateSyntaxError in Jinja2 backend.
...
Changed import style to avoid confusion between Django's and Jinja2's
APIs.
2015-01-12 21:01:34 +01:00
Claude Paroz
4c413e231c
Fixed #17785 -- Preferred column names in get_relations introspection
...
Thanks Thomas Güttler for the report and the initial patch, and
Tim Graham for the review.
2015-01-12 19:58:47 +01:00
Muthiah Annamalai
b75c707943
Fixed #24089 -- Added check for when ModelAdmin.fieldsets[1]['fields'] isn't a list/tuple.
2015-01-12 13:47:58 -05:00
Markus Holtermann
eeb88123e7
Fixed #24129 -- Added indicator that migrations are rendering the initial state
...
Thanks Tim Graham for the review.
2015-01-12 19:23:46 +01:00
Tim Graham
9f51d0c86d
Fixed test from refs #23913 when running tests in reverse.
2015-01-12 13:20:44 -05:00
Collin Anderson
26a92619f6
Fixed #24124 -- Changed context_processors in the default settings.py
2015-01-12 13:17:44 -05:00
Markus Holtermann
bbbed99f62
Fixed #24123 -- Used all available migrations to generate the initial migration state
...
Thanks Collin Anderson for the input when creating the patch and Tim Graham for the review.
2015-01-12 18:39:18 +01:00
Ng Zhi An
8f5d6c77b6
Fixed #23878 -- Moved Query and Prefetch documentation
2015-01-12 11:35:20 -05:00
Collin Anderson
58833f5197
Made Django's templates get their own LANGUAGE_* variables.
...
Refs #24117
2015-01-12 10:54:59 -05:00
Pavel Shpilev
a7c256cb54
Fixed #9893 -- Allowed using a field's max_length in the Storage.
2015-01-12 09:09:18 -05:00
Marc Tamlyn
b5c1a85b50
Fixed #24118 -- Added --debug-sql option for tests.
...
Added a --debug-sql option for tests and runtests.py which outputs the
SQL logger for failing tests. When combined with --verbosity=2, it also
outputs the SQL for passing tests.
Thanks to Berker, Tim, Markus, Shai, Josh and Anssi for review and
discussion.
2015-01-12 08:16:08 +00:00
Claude Paroz
68a439a18d
Removed supports_binary_field flag as all backends support them
...
It was mainly for MySQL on Python 3, but now the current
recommended MySQL driver for Python 3 (mysqlclient) does support
binary fields, it is unneeded. Refs #20377 .
2015-01-11 23:34:47 +01:00
Ola Sitarska
d563e3be68
Fixed #23913 -- Deprecated the `=` comparison in `if` template tag.
2015-01-11 15:21:01 -05:00
Claude Paroz
412066e71e
Revert "Marked a test as an expected failure on MySQL and Python 3.2."
...
This reverts commit 832b4a5722
.
We officially don't support MySQL on Python 3.2. Refs #20380 .
2015-01-11 20:59:07 +01:00
Tim Graham
28de5cd4de
Fixed spelling errors in docs.
2015-01-11 13:24:13 -05:00
Markus Holtermann
be158e3625
Refs #24110 -- Added a more descriptive release note and fixed a spelling mistake.
2015-01-11 00:30:47 +01:00
Markus Holtermann
fdc2cc9487
Fixed #24110 -- Rewrote migration unapply to preserve intermediate states
2015-01-10 23:14:15 +01:00
Aymeric Augustin
d89019a84d
Improved template ugrading docs.
...
Recommending Template(template_code) was dumb. Described alternatives.
2015-01-10 21:11:58 +01:00
Aymeric Augustin
f01306a6d8
Updated templates API reference.
...
Accounted for multiple template engines and made a few small fixes.
2015-01-10 20:17:22 +01:00
Aymeric Augustin
4797af2bb8
Updated custom template tags how-to.
...
Accounted for multiple template engines and made a few small fixes.
2015-01-10 20:17:22 +01:00
Aymeric Augustin
3d495cfd77
Added release notes and upgrade instructions for templates.
2015-01-10 20:17:20 +01:00
Aymeric Augustin
ee8d5b91e9
Wrote main documentation for templates.
2015-01-10 20:16:19 +01:00
Aymeric Augustin
6c392bb2c0
Moved doc on the DTL's syntax to the ref/ section.
...
This makes room for a more general introduction about templating.
Updated some links to point to the new location, but kept those that
didn't talk specifically about the DTL.
2015-01-10 19:41:14 +01:00
Claude Paroz
b86107ced1
Fixed #24114 -- Improved error message in GEOSGeometry constructor
2015-01-10 18:53:55 +01:00
Simon Charette
07988744b3
Fixed #13165 -- Added edit and delete links to admin foreign key widgets.
...
Thanks to Collin Anderson for the review and suggestions and Tim for the
final review.
2015-01-10 12:24:52 -05:00
Marc Tamlyn
48ad288679
Fixed #24001 -- Added range fields for PostgreSQL.
...
Added support for PostgreSQL range types to contrib.postgres.
- 5 new model fields
- 4 new form fields
- New validators
- Uses psycopg2's range type implementation in python
2015-01-10 16:18:19 +00:00
Marc Tamlyn
916e38802f
Move % addition to lookups, refactor postgres lookups.
...
These refactorings making overriding some text based lookup names on
other fields (specifically `contains`) much cleaner. It also removes a
bunch of duplication in the contrib.postgres lookups.
2015-01-10 16:18:19 +00:00
Serafeim Papastefanos
74f02557e0
Fixed #23967 -- Added formats for Greek
2015-01-10 11:10:26 -05:00