Commit Graph

4170 Commits

Author SHA1 Message Date
Akshesh 49ac10b4de Fixed -- Handled ProtectedError in a POST to admin's delete_view(). 2016-03-21 19:25:27 -04:00
Berker Peksag efa9539787 Fixed -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD. 2016-03-21 12:32:42 -04:00
Claude Paroz 983c158da7 Refs -- Replaced M2M isinstance checks by field.many_to_many
Thanks Markus Holtermann, Collin Anderson and Tim Graham for the reviews.
2016-03-19 09:24:27 +01:00
Berker Peksag 28bcff82c5 Fixed -- Fixed `collectstatic --clear` crash if storage doesn't implement path(). 2016-03-17 09:49:57 -04:00
Akshesh 44c0ecdd92 Fixed -- Added generic way to test on all browsers supported by selenium.
Browser names should be passed as a comma separated list to the --selenium flag.

Thanks Tim Graham, Simon Charette and Moritz Sichert for review and discussion.
2016-03-15 13:10:32 -04:00
Matt C e7e5d9b338 Fixed -- Fixed ArrayField.get_db_prep_value() to allow complex types. 2016-03-15 11:23:38 -04:00
Vincenzo Pandolfo d0fe6c9156 Fixed -- Removed whitespace stripping from contrib.auth password fields. 2016-03-14 20:20:24 -04:00
quaspas 91f87b8f91 Fixed -- Fixed removal of trailing nulls for SplitArrayField. 2016-03-12 17:22:25 -05:00
ieatkittens ab8af342b1 Fixed -- Sent user_login_failed signal if an auth backend raises PermissionDenied. 2016-03-12 16:44:39 -05:00
Fernando Miranda 2495023a4c Fixed -- Added ArrayField.from_db_value().
Thanks Karan Lyons for contributing to the patch.
2016-03-12 09:14:35 -05:00
Noenglish Professorbut f8d20da047 Fixed a few docstring typos. 2016-03-12 08:45:06 -05:00
Tim Graham 9027fac841 Removed unneeded GeoManagers in tests. 2016-03-11 13:09:24 -05:00
Sergey Fedoseev 1f035e6283 Fixed -- Made OSMGeoAdmin require GDAL only if transformation is needed. 2016-03-11 12:33:00 -05:00
Tim Graham 09e5409cb5 Fixed a dead link in django/contrib/sitemaps/__init__.py. 2016-03-08 13:16:11 -05:00
Bas Westerbaan b4250ea04a Fixed -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Jon Dufresne 1845bc1d10 Refs -- Cleaned up argparse options in commands.
* Removed type coercion. Options created by argparse are already coerced
  to the correct type.
* Removed fallback default values. Options created by argparse already
  have a default value.
* Used direct indexing. Options created by argparse are always set. This
  eliminates the need to use dict.get().
2016-03-05 13:19:29 -05:00
Simon Charette c92123cc1d Fixed -- Made related managers honor the queryset used for prefetching their results.
Thanks Loïc for the suggested improvements and Tim for the review.
2016-03-02 16:10:18 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
This is a security fix.
2016-03-01 11:25:28 -05:00
Alasdair Nicol 65bd053f11 Fixed -- Improved check for model admin check admin.E124
Refs 
2016-03-01 08:20:14 -05:00
Tore Lundqvist 3389c5ea22 Fixed -- Prevented logged out sessions being resurrected by concurrent requests.
Thanks Simon Charette for the review.
2016-02-26 18:56:56 -05:00
Simon Charette 3938b3ccaa Fixed -- Prevented content type managers from sharing their cache.
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.

Thanks Tim for the review.

Refs .
2016-02-26 16:18:16 -05:00
Sjoerd Job Postmus bbe136e1a2 Fixed -- Used .get_username in admin login template. 2016-02-25 19:29:53 -05:00
Olivier Le Thanh Duong 10781b4c6f Fixed -- Allowed redirecting authenticated users away from the login view.
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
Claude Paroz c5517b9e74 Fixed -- Output the primary key in the GeoJSON serializer properties
Thanks Tim Graham for the review.
2016-02-24 16:10:46 +01:00
James Aylett 1ff6e37de4 Fixed -- Added timezone aware Storage API.
New Storage.get_{accessed,created,modified}_time() methods convert the
naive time from now-deprecated {accessed,created_modified}_time()
methods into aware objects in UTC if USE_TZ=True.
2016-02-23 18:51:43 -05:00
Aymeric Augustin 7f6fbc906a Prevented static file corruption when URL fragment contains '..'.
When running collectstatic with a hashing static file storage backend,
URLs referencing other files were normalized with posixpath.normpath.
This could corrupt URLs: for example 'a.css#b/../c' became just 'c'.

Normalization seems to be an artifact of the historical implementation.
It contained a home-grown implementation of posixpath.join which relied
on counting occurrences of .. and /, so multiple / had to be collapsed.

The new implementation introduced in the previous commit doesn't suffer
from this issue. So it seems safe to remove the normalization.

There was a test for this normalization behavior but I don't think it's
a good test. Django shouldn't modify CSS that way. If a developer has
rendundant /s, it's mostly an aesthetic issue and it isn't Django's job
to fix it. Conversely, if the user wants a series of /s, perhaps in the
URL fragment, Django shouldn't destroy it.

Refs .
2016-02-23 19:35:16 +01:00
Aymeric Augustin 706b33fef8 Fixed -- Fixed collectstatic crash for files in STATIC_ROOT referenced by absolute URL.
collectstatic crashed when:

* a hashing static file storage backend was used
* a static file referenced another static file located directly in
  STATIC_ROOT (not a subdirectory) with an absolute URL (which must
  start with STATIC_URL, which cannot be empty)

It seems to me that the current code reimplements relative path joining
and doesn't handle edge cases correctly. I suspect it assumes that
STATIC_URL is of the form r'/[^/]+/'.

Throwing out that code in favor of the posixpath module makes the logic
easier to follow. Handling absolute paths correctly also becomes easier.
2016-02-23 19:34:21 +01:00
Claude Paroz 269b5f262c Used call_command return value in staticfiles tests
Refs .
2016-02-23 09:12:12 +01:00
Akshesh 6670da75ff Fixed -- Made --selenium run only the selenium tests. 2016-02-19 14:21:00 -05:00
Claude Paroz 928c12eb1a Fixed -- Fixed RangeField/ArrayField serialization with None values
Also added tests for HStoreField and JSONField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
2016-02-16 21:07:05 +01:00
Mounir Messelmeni 50931dfa53 Fixed -- Allowed management commands to check if migrations are applied. 2016-02-12 13:34:56 -05:00
Tim Graham 004ba0f99e Removed unneeded hint=None/obj=None in system check messages. 2016-02-12 13:01:25 -05:00
Tim Graham 926d41f0e7 Updated some comments for BCryptSHA256PasswordHasher. 2016-02-11 11:57:12 -05:00
Florian Apolloner 9332497701 Merge pull request from meshy/patch-1
Fix typo in comment
2016-02-11 12:29:09 +01:00
Charlie Denton 46c13fef46 Fix typo in comment 2016-02-11 11:14:06 +00:00
Shai Berger bb51dc902d Refs -- Fixed aggregate GIS test on Oracle.
Made sure the test doesn't try to aggregate over MultiPolygonField and made
AreaField turn decimals into floats on the way from the DB.

Thanks Daniel Wiesmann, Jani Tiainen, and Tim Graham for review and discussion.
2016-02-09 10:04:54 -05:00
Tim Graham 406675b1a0 Fixed -- Fixed E123 flake8 warnings. 2016-02-05 15:11:07 -05:00
Simon Charette 6eb3ce11e4 Fixed -- Removed custom user test models from public API.
Thanks to Tim Graham for the review.
2016-02-04 12:30:34 -05:00
Federico Capoano e972a7d03d Fixed -- Made admin's submit_row template tag pass whole context. 2016-02-04 11:56:16 -05:00
Hugo Osvaldo Barrera dcee1dfc79 Fixed -- Added LOGOUT_REDIRECT_URL setting.
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
jpic 926e90132d Fixed -- Removed unused choices kwarg for Select.render() 2016-02-02 18:03:19 -05:00
rynomster 468d8211df Fixed -- Added "Has date"/"No date" choices for DateFieldListFilter. 2016-02-02 12:04:14 -05:00
Tim Graham 37f7ef41fb Fixed -- Made ModelAdmin.list_display callables use an appropriate CSS class name.
Thanks Berker Peksag for the review.
2016-02-02 10:22:59 -05:00
bphillips 917cc288a3 Fixed -- Made ModelAdmin.list_editable more resilient to concurrent edits.
Allowed admin POSTed bulk-edit data to use modeladmin.get_queryset()
so that the ids in the POST data have a chance to match up even if
the objects on the current page changed based on the ordering.
2016-02-01 16:05:01 -05:00
Myk Willis 62f3acc70a Fixed incorrect permissions check for admin's "Save as new".
This is a security fix.
2016-02-01 11:57:00 -05:00
Hugo Osvaldo Barrera 8bf8d0e0ec Fixed -- Added links to objects displayed by ModelAdmin.raw_id_fields. 2016-02-01 07:36:10 -05:00
Alexander Gaevsky c79852acee Fixed -- Removed clearing of help_text for ManyToManyField's raw_id_fields. 2016-01-30 12:42:47 -05:00
Claude Paroz c47364ef0c Fixed -- Used new OpenGIS names for recent MySQL
Thanks František Malina for the report.
2016-01-29 23:25:23 +01:00
Greg Chapple 8dea9f089d Fixed -- Made HStoreField cast keys and values to strings.
HStoreField now converts all keys and values to string before they're
saved to the database.
2016-01-29 09:51:23 -05:00
Tim Graham 19d1cb1451 Fixed -- Ensured srid isn't localized in OpenLayers JavaScript. 2016-01-28 17:46:55 -05:00