innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
15,297 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

2906 Commits

Author SHA1 Message Date
Florian Apolloner 50a811a170 Revert "[1.6.x] Ensure that passwords are never long enough for a DoS." 
This reverts commit 5ecc0f828e.

This fix is no longer necessary, our pbkdf2 (see next commit) implementation
no longer rehashes the password every iteration.
 2013-09-24 21:09:52 +02:00
Michał Lech 11dfb58131 [1.6.x] Marked PermissionsMixin.user_permissions help_text for translation 
Backport of 53c7d66869 from master
 2013-09-24 07:37:12 -04:00
Paul McMillan 85ba68cc14 [1.6.x] Increased default PBKDF2 iterations 
Increases the default PBKDF2 iterations, since computers have gotten
faster since 2011. In the future, we plan to increment by 10% per
major version.

Backport of a075e2ad0d from master
 2013-09-19 15:34:59 -04:00
Florian Apolloner 325b03ea84 [1.6.x] Final attempt to solve sporadic test failures. 
tearDownClass is not called if setUpClass throws an exception, in our case
this means that LiveServerTestCase leaks LiveServerThread sockets if the
test happens to be skipped later on, and AdminSeleniumWebDriverTestCase
doesn't close it's already open browser window. To prevent this leakage
we catch errors where needed and manually call _tearDownClassInternal.
_tearDownClassInternal should be written as defensively as possible since
it is not allowed to make any assumptions on how far setUpClass got.

This patch should fix the sporadic "Address already in use"-errors on jenkins
and also the "This code isn't under transaction management"-error for sqlite
(also just on jenkins).

After discussion with koniiiik, jezdez, kmtracey, tos9, lifeless, nedbat and
voidspace it was decided that this is the safest approach (thanks to everyone
for their comments and help). Manually calling tearDownClass was shut down
cause we don't know how our users override our classes.

This is a private and very specialized API on purpose and should not be used
without a strong reason!

This patch partially reverts the earlier attempts to fix those issues,
namely:
	2fa0dd73b1 and
	3c5775d36f

Final note: If this patch breaks in a later version of Django, please be
very careful on how you fix it, you might not see test failures locally.
That said, this patch hopefully doesn't produce even more failures.

Backport of 73a610d2a8 from master.
 2013-09-17 18:36:32 +02:00
Russell Keith-Magee 5ecc0f828e [1.6.x] Ensure that passwords are never long enough for a DoS. 
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
 * Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.

Backport of aae5a96d57 from master.
 2013-09-15 13:46:16 +08:00
Aymeric Augustin f9f792eb04 [1.6.x] Took advantage of django.utils.six.moves.urllib.*. 
Backport of 6a6428a36 from master.
 2013-09-10 21:29:31 +02:00
Eric Boersma 180b9955cc [1.6.x] Fixed #21035 -- Changed docs to treat the acronym SQL phonetically. 
The documentation and comments now all use 'an' to
refer to the word SQL and not 'a'.

Backport of 4d13cc56de from master
 2013-09-05 20:16:14 -04:00
Aymeric Augustin 2a14c08e71 Used six.moves.zip_longest, new in six 1.4.0. 2013-09-03 07:34:45 -05:00
Aymeric Augustin 115318051c [1.6.x] Replaced "not PY3" by "PY2", new in six 1.4.0. 
Conflicts:
	django/db/backends/oracle/base.py
	django/db/backends/sqlite3/base.py
	django/db/models/base.py

Backport of 365c3e8b from master.
 2013-09-03 07:34:45 -05:00
Claude Paroz 0514fbb2f3 [1.6.x] Fixed #21003 -- Ensured geometry widget return value has SRID 
Thanks Mathieu Leplatre for the report and initial patch.
Backport of dd656073ad from master.
 2013-09-03 13:55:20 +02:00
Claude Paroz bd0319a261 [1.6.x] Isolated map creation JS code 
Backport of 3550b27a8 from master.
 2013-09-03 13:54:50 +02:00
Claude Paroz b53ce2f31c [1.6.x] Prevented rendering attrs to be squashed in OSMWidget 
Backport of b6889c68d7 from master.
 2013-09-03 10:04:50 +02:00
Claude Paroz aa1c175687 [1.6.x] Fixed syntax error in OSMWidget 
Backport of 6ecbac21a from master.
 2013-09-03 09:08:25 +02:00
Claude Paroz 0c57868908 [1.6.x] Fixed gis test to run on non gis-enabled settings 
Refs #20998.
Backport of 973502c0 from master.
 2013-09-02 14:31:20 +02:00
Claude Paroz 4e3794dd1f [1.6.x] Fixed #20998 -- Allow custom (de)serialization for GIS widgets 
Thanks Mathieu Leplatre for the report and the initial patch.
Backport of 102f26c92 from master.
 2013-09-02 13:34:26 +02:00
Tim Graham ef1259342b [1.6.x] Fixed #16433 -- Fixed a help_text/read only field interaction that caused an admin crash. 
Thanks chris at cogdon.org for the report and admackin for the patch.

Backport of af953c45cc from master
 2013-08-29 09:45:02 -04:00
Tim Graham 5f061986b9 [1.6.x] Fixed #20922 -- Allowed customizing the serializer used by contrib.sessions 
Added settings.SESSION_SERIALIZER which is the import path of a serializer
to use for sessions.

Thanks apollo13, carljm, shaib, akaariai, charettes, and dstufft for reviews.

Backport of b0ce6fe656 from master
 2013-08-22 17:55:01 -04:00
Harm Geerts a6ac4f90d0 [1.6.x] Fixed #20829 -- Skip postgis metadata tables with introspection 
Backport of 24088618 from master.
 2013-08-16 21:21:41 +02:00
Claude Paroz 1b48de06c3 [1.6.x] Updated translation templates 2013-08-16 15:13:31 +02:00
Tim Graham c769c26601 [1.6.x] Revert "Fixed #18491 -- deleting a proxy doesn't show warning about cascade deletes" 
This reverts commit 2b48fcc607.

It introduced a regression (#20777) which we can't easily fix in 1.6.
 2013-08-16 07:59:16 -04:00
Alasdair Nicol 919934602f [1.6.x] Fixed #20895 -- Made check management command warn if a BooleanField does not have a default value 
Thanks to Collin Anderson for the suggestion and Tim Graham for
reviewing the patch.

Backport of 22c6497f99 from master
 2013-08-15 20:33:02 -04:00
Loic Bistuer 39db994790 [1.6.x] Fixed overflow for the "Recent Actions" widget on the admin index. 
Previously the CSS targeted "li.changelink" and therefore didn't
work for the "add" and "delete" actions.

Refs #14868.

Backport of 33fc083b0d from master
 2013-08-13 13:26:37 -04:00
Jacob Kaplan-Moss bfbae15c66 Apply autoescaping to AdminURLFieldWidget. 
This is a security fix; disclosure to follow shortly.
 2013-08-13 11:06:00 -05:00
Jacob Kaplan-Moss 79594b40c0 Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S. 
This is a security fix; disclosure to follow shortly.
 2013-08-13 11:05:41 -05:00
Collin Anderson e3e0cf8a0f [1.6.x] Fixed #20865 -- Fixed raw_id_fields to work with callable limit_choices_to. 
Backport of d53e574676 from master
 2013-08-06 13:44:31 -04:00
Tim Graham 90bdb42702 [1.6.x] Fixed backport error in previous commit; refs #15961 2013-08-04 07:30:30 -04:00
Loic Bistuer 9053c6da5f [1.6.x] Moved get_search_results from BaseModelAdmin to ModelAdmin. 
Refs #15961.

Backport of 470a9bb22d from master.
 2013-08-04 07:19:13 -04:00
Tim Graham 97254154ab [1.6.x] Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.auth 
Thanks Collin Anderson for the report.

Backport of 425d076d0c from master
 2013-08-02 14:46:51 -04:00
Petr Dlouhý 4e7745cc1c [1.6.x] Fixed LogEntry.get_admin_url() for non-existent models. 
Regression introduced by [369b6fa]; refs #18169.

Backport of 1b47508ac8 from master
 2013-08-02 12:51:46 -04:00
Loic Bistuer 4f8fb19994 [1.6.x] Fixed #18681 -- GenericInlineModelAdmin.get_formset() no longer bypasses get_fieldsets(). 
Refs 23e1b59 which already fixed this issue for ModelAdmin and InlineModelAdmin.

Backport of a0ed2f9260 from master
 2013-08-02 10:45:58 -04:00
Harm Geerts b0bde21884 [1.6.x] Fixed #20838 -- Fixed Geodjango spatialrefsys test failure with postgis-2.0.3 
Backport of fd0d486467 from master
 2013-08-02 10:45:27 -04:00
Claude Paroz f942554cf3 [1.6.x] Tweaked proj string regex in gis tests 
Backport of 4367c637d6 from master
 2013-08-02 10:45:12 -04:00
Aymeric Augustin 88e4a3a3d9 [1.6.x] Fixed a test that could fail depending on PASSWORD_HASHERS. 
Thanks Claude. Refs #20760.

Backport of 5b47a9c5a0 from master.
 2013-07-30 16:18:44 +02:00
Tim Graham dbbd2b1272 [1.6.x] Fixed #20805 -- Removed an extra colon beside checkboxes in the admin. 
Thanks CollinAnderson for the report.

Backport of 8676318d2d from master
 2013-07-26 14:47:58 -04:00
Tim Graham 5cc1ea4773 [1.6.x] Updated contrib.admin to use Email/URLInputs; refs #16630 
Backport of 2a979d2a7b from master
 2013-07-26 08:02:10 -04:00
Tim Graham 9abbad491a [1.6.x] Fixed #20679 -- Corrected CachedFilesMixin.post_process docstring. 
Thanks bmispelon for the report.

Backport of 9b88dd3809 from master
 2013-07-25 12:32:38 -04:00
Aymeric Augustin 4525eab077 [1.6.x] Fixed #20760 -- Reduced timing variation in ModelBackend. 
Thanks jpaglier and erikr.

Backport of 5dbca13f3b from master.
 2013-07-23 15:43:43 +02:00
Kirill Fomichev ad898453b7 [1.6.x] Fixed #19019 -- Fixed UserAdmin to log password change. 
Thanks Tuttle for the report.

Backport of 33242fe015 from master
 2013-07-23 08:33:38 -04:00
Claude Paroz 92f66a6134 [1.6.x] Fixed #20773 -- [gis] Fixed regression in GoogleMap output 
Thanks Martyn Clement for the report and the initial patch.
Backport of 27c1a7257 from master.
 2013-07-22 10:03:31 +02:00
Karen Tracey 706e542eb5 [1.6.x] Fixed #13696 -- ensured inline pk field is rendered 
Backport of 3aad955ea8 from master.
 2013-07-21 13:13:20 -04:00
Loic Bistuer c660f0e985 [1.6.x] Fixed #20767 -- Fixed ModelAdmin.preserve_filters for namespaced URLs. 
Thanks Collin Anderson for the report.

Backport of 2fc6c9472c from master.
 2013-07-18 18:23:21 -04:00
Claude Paroz e2c1e9ef55 [1.6.x] Partial revert of commit 2bf403ecbd 
Homework: write 100 times geoapp is not geogapp.
Backport of 57815e2630 from master.
 2013-07-09 14:34:16 +02:00
Claude Paroz a9dd6221af [1.6.x] Fixed #20224 -- Update docs examples which mention __unicode__ 
Thanks Marc Tamlyn and Tim Graham for the review.
Backport of 7442eb1a24 from master.
 2013-07-05 19:30:08 +02:00
Tim Graham 23748c483b [1.6.x] Fixed #20673 -- Clarified that HttpRequest.user uses AUTH_USER_MODEL. 
Thanks littlepig for the report.

Backport of f407f75aae from master.
 2013-07-04 09:34:02 -04:00
Simon Charette 2de0d4c452 [1.6.x] Fixed #20675 -- `check_password` should work when no password is specified. 
The regression was introduced by 2c4fe761a. refs #20593.

Backport of 8759778185 from master.
 2013-07-03 14:12:56 -04:00
Tim Graham 3c51962cab [1.6.x] Updated tests for deprecation of Option.get_(add|change|delete)_permission. 
refs #20642.

Backport of a6a905c619 from master.
 2013-07-01 09:21:07 -04:00
Tim Graham b930733a67 [1.6.x] Fixed #20677 - Typos in generic_inlineformset_factory docs. 
Thanks Riley Strong for the report.

Backport of 3fd0ee5b46 from master
 2013-06-29 14:16:36 -04:00
Aymeric Augustin 6908b65939 [1.6.x] Removed obsolete comment. Refs #20079. 
Thanks Gavin Wahl.
 2013-06-29 11:43:41 +02:00
Tim Graham 534ced5aad Fixed #20664 -- Fixed a bug with raw_id_fields on Python 3. 
Thanks jefftriplett for the report.
 2013-06-27 19:39:20 -04:00
Andrew Godwin f325f86971 Fixed #20244: PermissionsMixin now defines a related_query_name for M2Ms 2013-06-27 15:44:22 +01:00