Commit Graph

15297 Commits

Author SHA1 Message Date
Michael Manfre a979a2fea5 [1.6.x] Fixed #21146 - DatabaseCache converts expires to python value
DatabaseCache uses raw cursors to bypass the ORM. This prevents it from
being used by database backends that require special handling of datetime
values.

There is no easy way to test this, so no tests added.

Backport of d5606b5763 from master
2013-09-26 13:42:32 +03:00
Tim Graham d1047c8b4c [1.6.x] Fixed #21116 -- Made usage of manage.py in docs more consistent.
Thanks daniel.quattro at gmail.com for the report.

d1c9802811 from master.
2013-09-25 21:11:17 -03:00
Anssi Kääriäinen d7ae0bc372 [1.6.x] Fixed #21126 -- QuerySet value conversion failure
A .annotate().select_related() query resulted in misaligned rows vs
columns for compiler.resolve_columns() method.

Report & patch by Michael Manfre.

Backpatch of 83554b018e from master.
2013-09-25 20:50:48 +03:00
Baptiste Mispelon 5207928151 [1.6.X] Fixed wording in unit tests documentation.
Backport of 42b9feb2e7 from master.
2013-09-25 18:31:03 +02:00
Florian Apolloner e5dc08f2db [1.6.x] Fixed #21138 -- Increased the performance of our PBKDF2 implementation.
Thanks go to Michael Gebetsroither for pointing out this issue and help on
the patch.

Backport of 68540fe4df from master.
2013-09-24 21:10:21 +02:00
Florian Apolloner 50a811a170 Revert "[1.6.x] Ensure that passwords are never long enough for a DoS."
This reverts commit 5ecc0f828e.

This fix is no longer necessary, our pbkdf2 (see next commit) implementation
no longer rehashes the password every iteration.
2013-09-24 21:09:52 +02:00
Anssi Kääriäinen 1a922870ea [1.6.x] Fixed #21150 -- Improved Query.add_fields() join promotion logic
Thanks to Eivind Fonn for the report and test case.
2013-09-24 19:04:42 +03:00
Tim Graham d30d66b907 [1.6.x] Fixed #21137 -- Corrected ULRconf include example.
Thanks marfire for the report.

Backport of 77f6b468e5 from master
2013-09-24 09:41:39 -04:00
Michał Lech 11dfb58131 [1.6.x] Marked PermissionsMixin.user_permissions help_text for translation
Backport of 53c7d66869 from master
2013-09-24 07:37:12 -04:00
Brett Koonce db98c48884 [1.6.x] Removed extra p (topppings->toppings)
Backport of 946a2226ea from master
2013-09-23 19:25:07 -04:00
Tim Graham 34f4053409 [1.6.x] Removed implication that six is part of Python stdlib.
Backport of 45969bdeb5 from master
2013-09-23 18:30:18 -04:00
Louis Fill a6a5c8b06d [1.6.x] Fixed #21070 -- Added a more complex database configuration example.
Thanks joejasinski for the suggestion.

Backport of e15f7f31d0 from master
2013-09-23 12:18:47 -04:00
Daley Chetwynd 5e549e7efe [1.6.x] Fixed #20830 -- Clarified that Django uses a customized version of six.
Thanks glarrain for the suggestion.

Backport of a53caf28bf from master
2013-09-23 11:07:36 -04:00
Ben Huckvale cdb56725d4 [1.6.x] Fixed #21120 -- Added more explicit text on using validators and link to writing validators.
Thanks nicolas at niconomicon.net for the suggestion.

Backport of 98e0453f00 from master
2013-09-23 10:39:10 -04:00
Tim Garner 6e6d1b1ba8 [1.6.x] Fixed #21702 -- Added different bullet styles for nested lists.
Thanks moc at mocpa.com for the suggestion.

Backport of c81b6f7b83 from master
2013-09-23 07:40:01 -04:00
Florian Apolloner eb32de2614 [1.6.x] Stopped a test from executing queries at the module level.
Currently module level queries are executed against the real database
(specified in NAME) instead of the test database; since it is to late
to fix this for 1.6, we at least ensures stable builds. Refs #21443.

Backport of 4fcc1e4ad8 from master.
2013-09-22 23:05:16 +02:00
Florian Apolloner 56201fe5a8 [1.6.x] Fixed "Address already in use" from liveserver.
Our WSGIServer rewrapped the socket errors from server_bind into
WSGIServerExceptions, which is used later on to provide nicer
error messages in runserver and used by the liveserver to see if
the port is already in use. But wrapping server_bind isn't enough since
it only binds to the socket, socket.listen (which is called from
server_activate) could also raise "Address already in use".

Instead of overriding server_activate too I chose to just catch socket
errors, which seems to make more sense anyways and should be more robust
against changes in wsgiref.

Backport of 2ca00faa91 from master.
2013-09-22 22:04:50 +02:00
Ramiro Morales b2876c0c91 [1.6.x] A few doc additions for changes from d228c1192e.
ce0c5c38ea from master.
2013-09-22 13:54:54 -03:00
Ramiro Morales aef809f90c [1.6.x] Reference Meta.index_together in DB performance guide.
9dc45efeba from master.
2013-09-22 13:54:02 -03:00
mlissner 14f76b15c4 [1.6.x] Correct very minor typo
Just changed as to has.

Backport of d8f2d940cc from master
2013-09-21 18:18:42 -04:00
Michael DiBernardo bb8a087949 [1.6.x] Fixed #21137 -- Documented best practice for URLconfs with repeated pattern prefixes.
Backport of 222460a994 from master
2013-09-21 18:18:16 -04:00
Aymeric Augustin e76dd4cd1a [1.6.x] Fixed #21074 -- Added tests for localized datetime fields.
Fields must render values in the current time zone.

This commit only contains tests because this ticket was just a symptom of
a regression from #18777 that was fixed separately.

Backport of 5444a9c from master.
2013-09-21 23:11:04 +02:00
Florian Apolloner ece8d65217 [1.6.x] Ensured that BoundField.as_widget always returns properly localized fields.
This is a follow-up to #18777 which improperly converted to strings in
prepare_value and as such caused regressions like #21074.

Refs #18777, #21074

Backport of 56743cf9e3 from master.
2013-09-21 22:58:18 +02:00
Curtis Maloney e94efee946 [1.6.x] Fixed #21133 -- Clarifed documentation about strftime formatting.
Backport of 43a2ec7999 from master
2013-09-21 06:56:00 -04:00
Aymeric Augustin 0ad178c43d [1.6.x] Clarified why one must not catch database errors inside atomic.
Backport of 4db2752 from master.
2013-09-20 21:57:39 +02:00
Paul McMillan 85ba68cc14 [1.6.x] Increased default PBKDF2 iterations
Increases the default PBKDF2 iterations, since computers have gotten
faster since 2011. In the future, we plan to increment by 10% per
major version.

Backport of a075e2ad0d from master
2013-09-19 15:34:59 -04:00
Markus Amalthea Magnuson 9888bb28ee [1.6.x] Added missing "in" in sentence.
Backport of 2c5c422d34 from master
2013-09-19 13:29:48 -04:00
Tim Graham 538fdd2ae4 [1.6.x] Added __pycache__ to gitignore
Backport of 55b9bff07f from master
2013-09-19 06:37:53 -04:00
Russell Keith-Magee 886e876c72 [1.6.x] Fixed #21121: Added archive of security issues.
Backport of 9d3e60aa3e, 8e134c27c9, 8b3bae9466, c65ae7c969, bbabc5325c,
and a2e25e8a83 from master.
2013-09-19 15:02:52 +08:00
Tim Graham 091ae7f172 Removed accidentally added pyc file.
Thanks Simon Charette for the report.
2013-09-18 20:27:07 -04:00
Tim Graham 778d4da9cc [1.6.x] Fixed #21098 -- Applied sensitive_post_parameters to MultiValueDict
Thanks simonpercivall for the report and bmispelon for the review.

Backport of 2daada800f from master
2013-09-18 09:56:01 -04:00
Tim Graham dbad65ded7 [1.6.x] Fixed bad backport in last commit; refs #21118 2013-09-18 09:52:29 -04:00
Tim Graham 14e139ecdf [1.6.x] Fixed #21118 -- Isolated a test that uses the database.
Thanks rmboggs for the report.

Backport of 4f40b97d97 from master
2013-09-18 09:43:10 -04:00
Tim Graham 275497c570 [1.6.x] Fixed #15625 -- Made message in MultiValueDictKeyError less verbose.
Thanks margieroginski for the suggestion.

Backport of 893198509e from master
2013-09-18 06:49:59 -04:00
Florian Apolloner 325b03ea84 [1.6.x] Final attempt to solve sporadic test failures.
tearDownClass is not called if setUpClass throws an exception, in our case
this means that LiveServerTestCase leaks LiveServerThread sockets if the
test happens to be skipped later on, and AdminSeleniumWebDriverTestCase
doesn't close it's already open browser window. To prevent this leakage
we catch errors where needed and manually call _tearDownClassInternal.
_tearDownClassInternal should be written as defensively as possible since
it is not allowed to make any assumptions on how far setUpClass got.

This patch should fix the sporadic "Address already in use"-errors on jenkins
and also the "This code isn't under transaction management"-error for sqlite
(also just on jenkins).

After discussion with koniiiik, jezdez, kmtracey, tos9, lifeless, nedbat and
voidspace it was decided that this is the safest approach (thanks to everyone
for their comments and help). Manually calling tearDownClass was shut down
cause we don't know how our users override our classes.

This is a private and very specialized API on purpose and should not be used
without a strong reason!

This patch partially reverts the earlier attempts to fix those issues,
namely:
	2fa0dd73b1 and
	3c5775d36f

Final note: If this patch breaks in a later version of Django, please be
very careful on how you fix it, you might not see test failures locally.
That said, this patch hopefully doesn't produce even more failures.

Backport of 73a610d2a8 from master.
2013-09-17 18:36:32 +02:00
Anssi Kääriäinen 5937f291c1 [1.6.x] Fixed #21109 -- made db cursor error wrapping faster
Backpatch of 9400142132 from master.
2013-09-17 12:31:13 +03:00
Ramiro Morales c0625a74ce [1.6.x] Reworded a paragraph in the logging docs.
9d12f68a53 from master.
2013-09-16 17:52:13 -03:00
Tim Graham e96bcdd64f [1.6.x] Cleaned up 1.5.4/1.4.8 release notes
Backport of 8d29005524 from master
2013-09-15 14:22:24 -04:00
James Bennett 623c4916df [1.6.x] Add release notes and bump version number for security release. 2013-09-15 00:36:03 -06:00
Russell Keith-Magee 5ecc0f828e [1.6.x] Ensure that passwords are never long enough for a DoS.
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
 * Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.

Backport of aae5a96d57 from master.
2013-09-15 13:46:16 +08:00
Anssi Kääriäinen 4c4954a3c1 [1.6.x] Added tests for double-pickling a QuerySet
Refs #21102.

Backpatch of 74b91b3888
2013-09-14 10:36:48 +03:00
Goetz 097fb98f81 [1.6.x] Fixed #21101 -- Updated urlize documentation to mention email addresses
Backport of 39b49fd339 from master
2013-09-13 12:42:40 -04:00
Tim Graham 7a2adec4d0 [1.6.x] Fixed #21100 -- Noted that Create/UpdateViews.fields is new in 1.6
Thanks AndrewIngram for the suggestion.

Backport of ec89e1725a from master
2013-09-13 09:35:22 -04:00
Tim Graham 6e17534c89 [1.6.x] Fixed #21094 -- Updated reuseable apps tutorial to use pip for installation.
Thanks ylb415 at gmail.com for the suggestion.

Backport of e4aab1bb8d from master
2013-09-13 09:30:12 -04:00
Kevin Christopher Henry c91ffd5f23 [1.6.x] Documentation -- added instructions on working with pull requests
Since non-core contributors are asked to review patches, instructions
on working with pull requests were added to the Working with Git and
GitHub page (based on the existing instructions in the core
committers page).

Backport of 990ce9aab9 from master
2013-09-13 08:27:23 -04:00
Matt Austin a929adfd3b [1.6.x] Fixed #21095 -- Documented new requirement for dates lookups.
Day, month, and week_day lookups now require time zone definitions in the database.

Backport of 9451d8d from master.
2013-09-13 10:20:13 +02:00
Ramiro Morales 66e6e2d146 [1.6.x] Fixed a couple of typos in GeoDjango docs.
8b366a50f4 from master.
2013-09-12 19:45:27 -03:00
Phaneendra Chiruvella e8bb41d05c [1.6.x] Minor typo fix in django.contrib.auth.models.User docs
Backport of bd72c2acb6 from master
2013-09-11 19:44:35 -04:00
Tim Graham b05639dcac [1.6.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH.
Thanks EvilDMP for the report and Russell Keith-Magee
for the draft text.

Backport of da843e7dba from master
2013-09-11 08:18:48 -04:00
Kevin Christopher Henry 4f0ea1aca4 [1.6.x] Documentation -- Improved description of cache arguments
- Fixed some grammar and formatting mistakes
- Added the type and default for CULL_FREQUENCY
- Made the note on culling the entire cache more precise. (It's actually
  slower on the filesystem backend.)

Backport of 5eca021d48 from master
2013-09-11 07:43:24 -04:00