Commit Graph

993 Commits

Author SHA1 Message Date
Luke Plant c161bf21f0 Fixed #6552, #12031 - Make django.core.context_processors.auth lazy to avoid "Vary: Cookie"
Thanks to olau@iola.dk, Suor for the report



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11623 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-14 18:09:13 +00:00
Jacob Kaplan-Moss 9f8287a3f1 SECURITY ALERT: Corrected regular expressions for URL and email fields.
Certain email addresses/URLs could trigger a catastrophic backtracking situation, causing 100% CPU and server overload. If deliberately triggered, this could be the basis of a denial-of-service attack.

This security vulnerability was disclosed in public, so we're skipping our
normal security release process to get the fix out as soon as possible.

This is a security related update. A full announcement, as well as backports for the 1.1.X and 1.0.X series will follow.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11603 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-09 20:57:59 +00:00
Luke Plant 6e3a72585a Added 'key_prefix' keyword argument to cache_page()
This was available before r11586, but undocumented.  It has now been
re-added with documentation and explicit support, as it seems like a useful
feature and people were using it before.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11595 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-28 21:54:54 +00:00
Luke Plant a97648a7e0 Corrected regressions introduced in r11586 and r11593
I read the order of arguments in the docs incorrectly, doh!


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11594 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-26 19:39:42 +00:00
Luke Plant afeafcd492 Fixed #6371 - several decorators don't work with bound methods.
This involved changing the way the internal function
decorator_from_middleware works slightly, breaking some code that relied on
the old behaviour.  As a result, it is much simpler, but cache_page has been
made slightly more complex to cope with the change.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11586 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-21 22:31:51 +00:00
Russell Keith-Magee 0757607217 Fixed #11820 -- Corrected the spelling of Grace Hopper's name in a test. Thanks to shields@msrl.com for the report, and apologies to Admiral Hopper for the error.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11551 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 04:32:55 +00:00
Luke Plant 7c53c2618d Fixed #10968 - Form.errors should use Form.error_class.
Thanks for report and initial patch, matehat.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11498 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-11 10:47:40 +00:00
Luke Plant 84ef9dabfa Fixed #11061: Malformed POST request causes TypeError in AdminSite.login().
Thanks vvd


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11493 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-10 16:50:57 +00:00
Luke Plant a2b46ca5fd Fixed #11833: name conflict in filter test.
Thanks steveire



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11492 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-10 16:35:23 +00:00
Ian Kelly dcf3be7a62 Fixed #10566: Added support for cx_Oracle compiled with the WITH_UNICODE flag.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11477 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-24 15:45:48 +00:00
Matt Boersma e263cc0dc5 Fixed #11049: introspection on Oracle now identifies IntegerFields correctly.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11475 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-21 21:42:39 +00:00
Matt Boersma e0ce9d76e1 Fixed an assumed ordering in the queries regression tests by making it explicit.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11474 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-20 16:05:25 +00:00
Russell Keith-Magee 8bee4604a1 SECURITY ALERT: Corrected a problem with the Admin media handler that could lead to the exposure of system files. Thanks to Gary Wilson for the patch.
This is a security-related update. A full announcement, as well as backports for 1.0.X and 0.96.X will be forthcoming.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11351 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-29 02:40:14 +00:00
Russell Keith-Magee 3412860f89 Fixed #11428 -- Ensured that SQL generating commands and dumpdata don't include proxy models in their output. Thanks to Anssi Kaariainen for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11343 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-27 14:32:30 +00:00
Russell Keith-Magee 4a01812c15 Fixed #11546 -- Modified the mail regression test to avoid getting hung up on 32/64 bit differences. Thanks to Richard Davies for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11328 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-25 05:14:46 +00:00
Russell Keith-Magee 53d16b1175 Fixed #11532 -- Corrected the link used for edit_inline foreign keys in admin when the admin is deployed using the old style admin.root approach. Thanks to JP for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11314 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-23 14:31:33 +00:00
Ian Kelly bbac0cc965 Fixed #11487: pass long strings to Oracle as CLOB rather than NCLOB to prevent an encoding bug that occurs in some installations.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11285 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-21 21:20:18 +00:00
Russell Keith-Magee 8d48eaa064 Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:16:13 +00:00
Russell Keith-Magee e992e57d3e Fixed #11416 -- Restored use of the never_cache decorator on admin views. Thanks to Ramiro Morales and Michael Newmann for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11229 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-13 13:46:31 +00:00
Russell Keith-Magee 52bc782621 Fixed #11107 -- Corrected the generation of sequence reset SQL for m2m fields with an intermediate model. Thanks to J Clifford Dyer for the report and fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11215 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-11 14:22:52 +00:00
Russell Keith-Magee 7ecb8b08b3 Fixed #10922 -- Corrected handling of POST data to ensure that the right objects are updated on save when the ordering field is editable. Thanks to Alex Gaynor, Karen Tracy, and Will Hardy for their contributions to this patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 03:05:17 +00:00
Russell Keith-Magee 735309341e Fixed #10834 -- Added bucket condition to ensure that URL resolvers won't ever return None. Thanks to Chris Cahoon for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11120 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-29 14:02:17 +00:00
Russell Keith-Magee e522e61a80 Fixed #11392 -- Enforced a predictable result order for a couple of test cases. Thanks to Nathan Auch for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11119 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-29 12:29:48 +00:00
Russell Keith-Magee cbbe60c7fc Fixed #11270 -- Modified cache template tag to prevent the creation of very long cache keys. Thanks to 235 for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11068 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 15:04:00 +00:00
Russell Keith-Magee 8950a40cec Fixed #11270 -- Corrected naming conflict in templatetag test. Thanks to steveire for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11067 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 15:03:17 +00:00
Russell Keith-Magee 191203b48d Fixed #9023 -- Corrected a problem where cached attribute values would cause a delete to cascade to a related object even when the relationship had been set to None. Thanks to TheShark for the report and test case, and to juriejan and Jacob for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11009 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-15 14:30:51 +00:00
Russell Keith-Magee b38cf5db5c Fixed #11311 -- Reverted [10952], Refs #10785. Changeset [10952] caused problems with m2m relations between models that had non-integer primary keys. Thanks to Ronny for the report and test case.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11007 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-15 11:47:01 +00:00
Luke Plant 9294121d3c Fixed #9367 - EmailMultiAlternatives does not properly handle attachments.
Thanks to Loek Engels for the bulk of the patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@10983 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-12 13:56:40 +00:00
Russell Keith-Magee d3bd3203f9 Fixed #11286 -- Ensured that dumpdata uses the default manager, rather than always using the manager called `objects`. Thanks to Marc Remolt for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10967 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-09 13:14:40 +00:00
Brian Rosner 89df572c47 Fixed #11274 -- Corrected doctests to not cause test failures due to missing newlines. Thanks Honza Kral.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10941 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-07 18:07:53 +00:00
Russell Keith-Magee 151d88af4e Fixed #11082 -- Ensured that subqueries used in an exclude(X__in=) clause aren't pre-evaluated. Thanks to Henry Andrews for the report, and clement for the fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10929 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-06 13:35:33 +00:00
Russell Keith-Magee fa43a32bcb Fixed #10733 -- Added a regression test for queries with multiple references to multiple foreign keys in only() clauses. Thanks to mrts for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10928 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-06 12:16:06 +00:00
Russell Keith-Magee 2416e5fefe Fixed #9479 -- Corrected an edge case in bulk queryset deletion that could cause an infinite loop when using MySQL InnoDB.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10913 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-03 13:23:19 +00:00
Gary Wilson Jr 419747d1c8 Fixed a few Python 2.3 incompatibilities that were causing test failures.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10863 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-29 05:23:50 +00:00
Gary Wilson Jr c78554b216 Added test for pickling of a model with an `ImageField`, refs #11103.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10860 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-29 04:06:09 +00:00
Gary Wilson Jr d89ba464dd Changes to `ImageFileDescriptor` and `ImageField` to fix a few cases of setting image dimension fields.
* Moved dimension field update logic out of `ImageFileDescriptor.__set__` and into its own method on `ImageField`.
 * New `ImageField.update_dimension_fields` method is attached to model instance's `post_init` signal so that:
   * Dimension fields are set when defined before the ImageField.
   * Dimension fields are set when the field is assigned in the model constructor (fixes #11196), but only if the dimension fields don't already have values, so we avoid updating the dimensions every time an object is loaded from the database (fixes #11084).
 * Clear dimension fields when the ImageField is set to None, which also causes dimension fields to be cleared when `ImageFieldFile.delete()` is used.
 * Added many more tests for ImageField that test edge cases we weren't testing before, and moved the ImageField tests out of `file_storage` and into their own module within `model_fields`.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@10858 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-28 05:46:09 +00:00
Russell Keith-Magee 4567b44909 Modified a test from r10787 so that the comparison order is reliable. Thanks to Alex Gaynor and Tom Tobin for the report via IRC.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10828 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-20 00:19:13 +00:00
Karen Tracey 8c8625bde3 Fixed #11149 -- Don't call save_form_data on file-type fields multiple times when saving a model form.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10826 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-19 23:13:33 +00:00
Karen Tracey 50745cc31e Fixed #11066 -- Corrected 15 duplicate "the"s found in docs and code comments. Thanks kaikuehne.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10801 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-17 16:45:28 +00:00
Matt Boersma 56f3ed7f54 Fixed import statement in admin_views test to work with Python 2.3.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10789 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-15 15:01:40 +00:00
Russell Keith-Magee a00be66311 Fixed #11120 -- Corrected handling of inlines attached to inherited classes, broken by r10756. Thanks to George Song and Michael Strickland for the simultaneous reports.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10787 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-15 12:44:51 +00:00
James Bennett bcb0d124b4 Corrected tests from [10784]; instead of retrieving two comments, it was retrieving one comment twice.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10785 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-15 02:54:55 +00:00
Jacob Kaplan-Moss d246401552 Fixed #11113: fixed a couple of issues that slipped through the cracks when comment moderation was added to `django.contrib.comments`.
The is a potentially backwards-incompatible change for users already relying on the internals of comment moderaration. To wit:

   * The moderation system now listens to the new `comment_will_be_posted`/`comment_was_posted` signals instead of `pre/post_save`. This means that import request-based information is available to moderation as it should be.
   * Some experimental code from `django.contrib.comments.moderation` has been removed. It was never intended to be merged into Django, and was completely untested and likely buggy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10784 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 15:20:50 +00:00
Jacob Kaplan-Moss 3da3716252 Fixed #10348: ChangeList no longer overwrites a select_related provided by `ModelAdmin.queryset()`.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10782 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 15:09:33 +00:00
Jacob Kaplan-Moss e508bfd27f Fixed #10992: fixed a bug saving inlines with custom primary key fields. Thanks, Zain.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10777 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-14 02:23:53 +00:00
Russell Keith-Magee 7215ffe8a4 Fixed #10243, #11043 -- Corrected handling of formsets over a ForeignKey that uses to_field, and by extension, fixed the admin for handling fields of that type. Thanks to apollo13 for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10756 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-13 14:04:29 +00:00
Jacob Kaplan-Moss d20a0834ac Fixed #9751: admin scripts now calculate the project directory correctly when the settings module is a directory with an ``__init__.py``. Thanks to Eric Holscher.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10751 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-12 21:45:03 +00:00
Karen Tracey 14a6f6cf9a Fixed #11032: close() a file explictly open()'d in a test, so that deleting the file tree it is in doesn't fail on Windows. Thanks bthomas for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10741 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-11 16:13:29 +00:00
Jacob Kaplan-Moss 2b0903b2c4 Fixed #10404: ImageField height_field and width_field options no longer depend on putting the image field after the height/width fields as they did after r9766.
This bug actually exposed a related handful of inconsistancies in the underlying file handling and wraping, so a few related changes are in here as well:

    * Dimensions are also now calculated the moment the image is assigned to the field instead of upon save.
    * The base `File` object now when possible delegates its closed attribute down to the os-level file it wrapps.
    * In-memory files' `close()` now is a no-op. Without this certain APIs that should be able to handle in-memory files were failing.
    * Accessing `FieldFile.closed` used to open the file. That's silly, and it doesn't any more.
    * Some over-eager error handling was squishing some errors that would normally be raised. One unit test was incorrectly depending on this behavior, so the test was removed.

Thanks to Armin Ronacher for much of this work.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10737 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-11 09:57:19 +00:00
Russell Keith-Magee 8c2db4ab0f Fixed #10906 -- Added a check for PostgreSQL pre 8.2 when using StdDev/Variance aggregates. Thanks to Richard Davies for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10731 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-10 09:22:53 +00:00