Since this package is going to hold both the implementation of the Django
Template Language and the infrastructure for Multiple Template Engines,
it should be untied from the DTL as much as possible within our
backwards-compatibility policy.
Only public APIs (i.e. APIs mentioned in the documentation) were left.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.
The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.
Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.
Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.
Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.
Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:
if isinstance(text, SafeData):
return text
else:
return escape(text)
render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.
This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.
Thanks mitsuhiko for the report.
mark_safe and mark_for_escaping should have been kept similar.
On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
Added functions and tests
Added docs and more tests
Added TextField converter to mysql backend
Aliased Value as V in example docs and tests
Removed unicode_compatible in example
Fixed console emulation in examples
The migrations autodetector now issues AlterModelOptions operations for
Meta.managed changes instead of DeleteModel + CreateModel.
Thanks iambibhas for the report and Simon and Markus for review.
Use INTERVAL DAY(9) TO SECOND(6) for Durationfield on Oracle rather than
storing as a NUMBER(19) of microseconds.
There are issues with cx_Oracle which require some extra data
manipulation in the database backend when constructing queries, but it
handles the conversion back to timedelta objects cleanly.
Thanks to Shai for the review.
Made deconstruct path overwriting for ArrayField conditional,
so it only occurs when the deconstructed field is an instance
of ArrayField itself and not a subclass.
A field for storing periods of time - modeled in Python by timedelta. It
is stored in the native interval data type on PostgreSQL and as a bigint
of microseconds on other backends.
Also includes significant changes to the internals of time related maths
in expressions, including the removal of DateModifierNode.
Thanks to Tim and Josh in particular for reviews.
Previously Publisher.objects.filter(book=val) would target
book.object_id if book is a GenericRelation. This is inconsistent to
filtering over reverse foreign key relations, where the target is the
related model's primary key.
It was originally added to fix a test (refs #7514); but Site now has a
pre_save signal handler (refs #19698) to clear the cache which makes
this call redundant.
One handler in WSGIServer, to catch the error when raised from
SocketServer.BaseServer's finish_request, and one in WSGIRequestHandler
(by creating a subclass of ServerHandler), to catch the error when
raised in wsgiref.handlers.BaseHandler's finish_response.
Also removed Query.join_map. This structure was used to speed up join
reuse calculation. Initial benchmarking shows that this isn't actually
needed. If there are use cases where the removal has real-world
performance implications, it should be relatively straightforward to
reintroduce it as map {alias: [Join-like objects]}.
Aggregation over subquery produced syntactically incorrect queries in
some cases as Django didn't ensure that source expressions of the
aggregation were present in the subquery.
The .dates() queries were implemented by using custom Query, QuerySet,
and Compiler classes. Instead implement them by using expressions and
database converters APIs.
This change allows dynamically created inlines "Add related" button to work
correcly as long as their associated foreign key is pointing to the primary
key of the related model.
Thanks to amorce for the report, Julien Phalip for the initial patch,
and Collin Anderson for the review.
Previous algo only worked if the first item was a part of the loop,
and you would get an infinite loop otherwise (see test).
To fix this, it was much easier to do a pre-pass.
A bonus is that you now get an error message that actually helps you debug
the dependency problem.
When the test client detects a redirect to a URL seen in the
currently followed chain it will now raise a RedirectCycleError
instead of just returning the first repeated response.
It will also complain when a single chain of redirects is longer
than 20, as this often means a redirect loop with varying URLs,
and even if it's not actually one, such long chains are likely
to be treated as loops by browsers.
Thanks Preston Timmons, Berker Peksag, and Tim Graham for reviews.
This is useful for debugging side effects affecting tests that
are usually executed before a given test. Full suite and pair
tests sort cases more or less deterministically, thus some test
cross-dependencies are easier to reveal by reversing the order.
Thanks Preston Timmons for the review.
The Jython bug was fixed in http://bugs.jython.org/issue1518
(tested on Jython 2.7b3); also updated make_msgid() to be more like
the version in Python 3.2+; refs #23905.
Thanks Simon Charette for testing and review.
Since RequestContext doesn't know its Engine until it's passed to
Template.render() -- and cannot without breaking a widely used public
API -- an elaborate hack is required to apply context processors.
Passed the engine instance to loaders. This is a prerequisite for
looking up configuration on the engine instance instead of global
settings.
This is backwards incompatible for custom template loaders that override
__init__. However the documentation doesn't talk about __init__ and the
way to pass arguments to custom template loaders isn't specified. I'm
considering it a private API.
This reverts commit f36151ed16.
Adding kwargs to deconstructed objects does not achieve useful
forward-compatibility in general, since additional arguments are silently
dropped rather than having their intended effect. In fact, it can make the
failure more difficult to diagnose. Thanks Shai Berger for discussion.
I don't agree with flake8 here about the right indentation, but as long as
we're using it, we should stick to it. I don't want to disable its hanging
indent checks just because of this case.
This change preserves backwards-compatibility for a very common misuse
of render_to_response which even occurred in the official documentation.
It fixes that misuse wherever it happened in the code base and docs.
Context.__init__ is documented as accepting a dict and nothing else.
Since Context is dict-like, Context(Context({})) could work to some
extent. However, things get complicated with RequestContext and that
gets in the way of refactoring the template engine. This is the real
rationale for this change.
A lambda all_items_equal() replaced a reduce() that was broken for potential
3+-way merges. A reduce(operator.eq, ...) accumulates bools and can't
generically check equality of all items in a sequence:
>>> bool(reduce(operator.eq, [('migrations', '0001_initial')] * 3))
False
The code now counts the number of common ancestors to calculate slice offsets
for the branches. Each branch shares the same number of common ancestors.
The common_ancestor for loop statement had incomplete branch coverage.
Added relabeled_clone() method to sql.Query to fix the problem. It
manifested itself in rare cases where at least double nested subquery's
filter condition might target non-existing alias.
Thanks to Trac alias ris for reporting the problem.
This removes the concept of equality between operations to guarantee
compatilibity with Python 3.
Python 3 requires equality to result in identical object hashes. It's
impossible to implement a unique hash that preserves equality as
operations such as field creation depend on being able to accept
arbitrary dicts that cannot be hashed reliably.
Thanks Klaas van Schelven for the original patch in
13d613f800.
load_hashers cached its result regardless of its password_hashers
argument which required fragile cache invalidation. Remove that
argument in favor of @override_settings and triggering cache
invalidation with a signal.
Changed the handling of extensions to be used for gettext. Now
obeying the --extension argument. find_files now only find the
given or default extensions and puts only these in the
TranslatableFiles. As a result there are no more confusing messages
for filetypes (extension) not handled by makemessages.
They were deprecated in Django 1.2 but not all the supporting code was
removed in Django 1.4. Since the remaining code was unlikely to be
functional (pun intended) e.g. it would crash unless the loader
function had an is_usable attribute, this commit completes the removal
immediately instead of starting another deprecation path.
This change has the nice side effect of removing code that ran at import
time and depended on the app registry at module level -- a notorious
cause of AppRegistryNotReady exceptions.
Since it isn't branded as a test utility any more and could be used for
other purposes than test code, that prefix no longer makes sense.
It wasn't used anywhere either.
Reformatted the code of base.Loader according to modern standards.
Turned the test template loader into a regular locmem.Loader -- but
didn't document it.
Added a normal deprecation path for BaseLoader which is a public API.
Added an accelerated deprecation path for TestTemplateLoader which is
a private API.
That commit contained a mistake that resulted in the use_cached_loader
option of override_with_test_loader being ignored. As a consequence some
configurations weren't exercised any more by the test suite.
Default Memcached configuration allows for a maximum object of 1MB and
will fail to set the key if it is too large. The key will be deleted from
memcached if it fails to be set. This is needed to avoid an issue with
cache_db session backend using the old value stored in memcached, instead
of the newer value stored in the database.
Custom form fields having a `queryset` attribute but no
`limit_choices_to` could no longer be used in ModelForms.
Refs #2445.
Thanks to artscoop for the report.
Made _do_update behave more strictly according to its docs,
including a corner case when specific concurent updates are
executed and select_on_save is set.
Added a test for the condition safe_join is designed to prevent.
Previously, a generic ValueError was raised. It was impossible to tell
an intentional exception raised to implement safe_join's contract from
an unintentional exception caused by incorrect inputs or unexpected
conditions. That resulted in bizarre exception catching patterns, which
this patch removes.
Since safe_join is a private API and since the change is unlikely to
create security issues for users who use it anyway -- at worst, an
uncaught SuspiciousFileOperation exception will bubble up -- it isn't
documented.
Aymeric Augustin
Tim Graham
Claude Paroz
Josh Smeaton
Gavin Wahl
Niclas Olofsson
Thomas Tanner
Collin Anderson
Anssi Kääriäinen
Marc Tamlyn
Thomas Chaumeny
Oscar Ramirez
Josh Schneier
Jernej Kos
Anssi Kääriäinen
Mosson, Andrew
Andriy Sokolovskiy
Berker Peksag
Markus Holtermann
Shai Berger
JuneHyeon Bae
Michael Hall
Carl Meyer
Kevin Marsh
Thomas Chaumeny
Grzegorz Slusarek
Sergey Parkhomenko
Markus Amalthea Magnuson
Jon Dufresne
Diego Guimarães
Eric Rouleau
Daniel Wiesmann
Kamil Braun
jerry dumblauskas
wrwrwr
Matthew Somerville
sdeprez
Tim Heap
Martin Blech
MattBlack85
Simon Charette
Baptiste Mispelon
Redouane Zait
Luke Plant
Sergey Fedoseev
Tom V
Matt Robenolt
Andrzej Pragacz
Brad Walker
Patryk Zawadzki
Stratos Moros
Anton Baklanov
Tillmann Karras
twidi
Ilja Maas
Karen Tracey
Andrew Godwin
Erik Romijn
Niels Kouwenhoven
Yigit Guler
Daan Vielen
Klaas van Schelven
Grzegorz Slusarek
Michael Manfre
Jozef Knaperek
averybigant