innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
23,467 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

4389 Commits

Author SHA1 Message Date
Claude Paroz 255fb99284 Fixed #17209 -- Added password reset/change class-based views 
Thanks Tim Graham for the review.
 2016-07-16 10:36:12 +02:00
Claude Paroz 92c48a392f Updated contrib.postgres translation catalog 
Forward port of cb78011402 from stable/1.10.x.
 2016-07-15 09:48:57 +02:00
Andrew Nester 08ed3cc6d1 Fixed #26671 -- Made HashedFilesMixin ignore the 'chrome' scheme. 2016-07-12 08:20:39 -04:00
Kenneth 2f587737d7 Fixed #26872 -- Fixed text overflow in ModelAdmin.list_filter. 2016-07-09 08:06:42 -04:00
Erik Romijn 8db889eaf7 Fixed #18682 -- Expanded explanation in stale content type deletion. (#6869) 2016-07-03 15:55:14 +02:00
Claude Paroz 490107f14d Added Upper/Lower Sorbian translations 2016-06-29 21:11:30 +02:00
Lh4cKg 18571aefe6 Added Georgian mapping to contrib/admin/static/admin/js/urlify.js 2016-06-29 09:59:03 -04:00
David Sanders 7ca6007bd2 Fixed #26811 -- Added addButton option to admin inlines JavaScript. 2016-06-28 15:19:53 -04:00
Shabda Raaj b0acb1e73e Fixed #26779 -- Added extra_context parameter to admin's i18n_javascript view. 2016-06-27 15:37:32 -04:00
Bang Dao + Tam Huynh 09119dff14 Fixed #26719 -- Normalized email in AbstractUser.clean(). 2016-06-24 10:37:38 -04:00
Claude Paroz 78963495d0 Refs #17209 -- Added LoginView and LogoutView class-based views 
Thanks Tim Graham for the review.
 2016-06-24 10:45:13 +02:00
Tim Graham 39805686b3 Refs #21379, #26719 -- Moved username normalization to AbstractBaseUser. 
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
 2016-06-21 16:19:37 -04:00
Sergey Fedoseev 5ce660cd65 Fixed #25940 -- Added OGRGeometry.from_gml() and GEOSGeometry.from_gml(). 2016-06-21 15:46:27 -04:00
Paulo 9c2d5a8d33 Fixed #26729 -- Allowed overriding a form field's label/help_text in Form.__init__() for TabularInline. 2016-06-21 14:26:47 -04:00
Sergey Fedoseev ea4665066b Fixed #26785 -- Made Oracle return None rather than empty string for empty geometries. 2016-06-21 14:06:29 -04:00
Jon Dufresne d13881bd34 Fixed #26783 -- Fixed SessionMiddleware's empty cookie deletion when using SESSION_COOKIE_PATH. 2016-06-21 11:03:25 -04:00
Claude Paroz 140c235026 Fixed #26750 -- Fixed introspection for geography point field with dim=3 
Thanks Yegor Kazantsev for the report and the initial patch.
 2016-06-21 15:22:21 +02:00
Claude Paroz 8ba44ecda0 Fixed #26775 -- Supported dim=3 geography fields 
Thanks François-Xavier Thomas for the report.
 2016-06-18 21:48:32 +02:00
Claude Paroz f7a363ee1d Fixed #26753 -- Made GDAL a required dependency for contrib.gis 
Thanks Tim Graham for the review.
 2016-06-18 10:58:02 +02:00
Carl Meyer 7d1b69dbe7 Refs #26601 -- Improved backwards-compatibility of DEP 5 middleware exception handling. 2016-06-17 10:00:39 -07:00
Tim Graham 9c3fbf5423 Used SQL from DB backend in GeomValue. 
This avoids the deprecated GeomFromText on MySQL (refs #26134).

Thanks Claude Paroz for the review.
 2016-06-16 19:51:13 -04:00
Tim Graham ea34426ae7 Fixed flake8 2.6 warnings. 2016-06-16 09:12:50 -04:00
Ville Skyttä 96f97691ad Fixed broken links in docs and comments. 2016-06-15 21:20:23 -04:00
Sergey Fedoseev cee534228c Refs #25645 -- Removed SpatiaLite 3.x compatibility in gis.db.models.functions.Translate. 
Complements 47f22e8286.
 2016-06-13 10:32:07 -04:00
Charlie Denton f2c0eb19e9 Fixed #26748 -- Allowed overriding JSONField's widget with an attribute. 2016-06-13 08:09:54 -04:00
Sergey Fedoseev 6928ad184e Fixed #26736 -- Fixed crashes in SpatialReference with non-ASCII characters. 2016-06-11 21:03:22 -04:00
Dmitry Medvinsky 0451dcc2eb Fixed #26742 -- Fixed action select color in admin changelist. 2016-06-10 11:39:11 -04:00
Oliver Sauder 5d8375fe66 Fixed #4548 -- Added username hint to admin's change_password form. 2016-06-09 12:18:15 -04:00
krishbharadwaj f6681393d3 Fixing #26524 -- Made a foreign key id reference in ModelAdmin.list_display display the id. 2016-06-08 17:20:03 -04:00
Brett Haydon 5e3f4c2e53 Fixed #26716 -- Made CurrentSiteMiddleware compatible with new-style middleware. 2016-06-07 09:46:22 -04:00
Pyie Zone 054e74420b Refs #16501, #26474 -- Added xregexp.js source file. 2016-06-06 09:25:02 -04:00
Vytis Banaitis 2f9c4e2b6f Fixed #19963 -- Added support for date_hierarchy across relations. 2016-06-04 12:14:02 -04:00
Brad Melin f6517a5335 Fixed #26672 -- Fixed HStoreField to raise ValidationError instead of crashing on non-dict JSON input. 2016-06-02 16:28:01 -04:00
Rustam Kashapov df8412d2e5 Fixed #26617 -- Added distinct argument to contrib.postgres's StringAgg. 2016-06-02 13:48:35 -04:00
Sergey Fedoseev a20671c489 Refs #25645 -- Removed SpatiaLite 3.x compatibility in SpatialiteSpatialRefSys.wkt. 
Complements 47f22e8286.
 2016-06-01 10:49:55 -04:00
Tim Graham bc84278615 Fixed #26675 -- Dropped support for PostgreSQL 9.2/PostGIS 2.0. 2016-06-01 07:45:22 -04:00
Tim Graham 47f22e8286 Fixed #25645 -- Dropped support for SpatiaLite < 4.0. 2016-05-31 11:31:51 -04:00
Tim Graham 16a842b379 Refs #26621 -- Added tests for admindocs.views.simplify_regex(). 2016-05-30 09:50:02 -04:00
Daniel Wiesmann 9bb1b4b7f6 Refs #25588 -- Fixed GDAL dependency in spatial lookups. 2016-05-27 17:43:17 +01:00
Aleksey a247c1d789 Added missing quotes in openlayers.html template. 2016-05-25 09:12:55 -04:00
Tim Graham 92f88206d0 Refs #26134 -- Updated deprecated MySQL GIS function names. 2016-05-24 11:34:15 -04:00
Tim Graham 1915a7e5c5 Increased the default PBKDF2 iterations. 2016-05-20 09:19:19 -04:00
Alex Hill 2ff7ef15b0 Refs #26421 -- Refactored Apps.lazy_model_operation() for better checks and tests 2016-05-19 21:33:36 -04:00
Josh Smeaton 2a4af0ea43 Fixed #25774 -- Refactor datetime expressions into public API 2016-05-18 20:14:58 +10:00
Claude Paroz 5ccee815ff Updated translation catalogs 2016-05-17 23:21:35 +02:00
Simon Charette f179113e6c
Fixed #24067 -- Renamed content types upon model renaming. 
Thanks to Tim for the extensive review.
 2016-05-17 12:14:58 -04:00
Florian Apolloner 9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005. 
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
 2016-05-17 07:22:22 -04:00
Tim Graham c999c8d8f6 Updated admin's jQuery to 2.2.3. 2016-05-17 07:20:06 -04:00
Loïc Bistuer ed0ff913c6 Fixed #10506, #13793, #14891, #25201 -- Introduced new APIs to specify models' default and base managers. 
This deprecates use_for_related_fields.

Old API:

class CustomManager(models.Model):
    use_for_related_fields = True

class Model(models.Model):
    custom_manager = CustomManager()

New API:

class Model(models.Model):
    custom_manager = CustomManager()

    class Meta:
        base_manager_name = 'custom_manager'

Refs #20932, #25897.

Thanks Carl Meyer for the guidance throughout this work.
Thanks Tim Graham for writing the docs.
 2016-05-17 12:07:22 +07:00
Claude Paroz 9935f97cd2 Refs #21379 -- Normalized unicode username inputs 2016-05-16 19:38:02 +02:00
Claude Paroz 526575c641 Fixed #21379 -- Created auth-specific username validators 
Thanks Tim Graham for the review.
 2016-05-16 19:37:57 +02:00
Daniel Wiesmann 078eb87626 Refs #26592 -- Fixed band statistics for empty bands and GDAL 2.1 2016-05-16 18:43:04 +02:00
Simon Charette 61a16e0270 Fixed #24075 -- Used post-migration models in contrib apps receivers. 
Thanks Markus and Tim for the review.
 2016-05-15 19:51:16 -04:00
Tim Graham 094ea69e07 Fixed #26614 -- Used constant_time_compare() in checking session auth hash in login(). 2016-05-13 18:26:10 -04:00
Matthew Somerville 1962a96a30 Fixed #24938 -- Added PostgreSQL trigram support. 2016-05-13 12:38:21 -04:00
Nicolas Noé e158ec0ba0 Fixed #26333 -- Made GIS Geometry classes deconstructible. 2016-05-13 11:30:19 -04:00
David Sanders 14c952d581 Fixed #26612 -- Fixed SelectFilter2 buttons changing URL. 2016-05-13 09:06:20 -04:00
eltronix 996cadfa5f Prevented findstatic argument from appearing as multiple options. 2016-05-12 20:26:33 -04:00
Vincenzo Pandolfo 069319396f Fixed #26277 -- Added support for null values in ChoicesFieldListFilter. 2016-05-12 12:40:14 -04:00
Collin Anderson 38c43b2a5c Refs #24227 -- Partially reverted replacement of M2M isinstance checks by field.many_to_many. 
This fixes django-taggit and reflects some places where duck-typing may not
be appropriate.
 2016-05-11 10:29:01 -04:00
marysia b9290b1d49 Fixed #26449 -- Merged admin's FORMFIELD_FOR_DBFIELD_DEFAULTS with formfield_overrides. 
Useful for overriding the DateTimeField widget.
 2016-05-07 19:52:45 -04:00
Dan Watson ad403ffa45 Fixed #26582 -- Added prettier admin display for list values. 2016-05-07 15:49:41 -04:00
Claude Paroz b26fedacef Fixed #26544 -- Delayed translations of SetPasswordForm help_texts 
Thanks Michael Bitzi for the reporti and Tim Graham for the review.
 2016-05-07 10:17:49 +02:00
Daniel Wiesmann bbfad84dd9 Fixed #25588 -- Added spatial lookups to RasterField. 
Thanks Tim Graham for the review.
 2016-05-06 09:17:18 -04:00
Tim Graham 03efa304bc Refs #25847 -- Added system check for UserModel.is_anonymous/is_authenticated methods. 2016-05-06 08:56:06 -04:00
Claude Paroz 388bb5bd9a Fixed #22936 -- Obsoleted Field.get_prep_lookup()/get_db_prep_lookup() 
Thanks Tim Graham for completing the initial patch.
 2016-05-04 20:02:01 +02:00
Dan Stephenson 1206eea11e Fixed #26558 -- Removed need for request context processor on admin login page. 2016-05-04 09:43:24 -04:00
Simon Charette ad0f536e1c Fixed #26577 -- Disabled implicit wait of Selenium tests where appropriate. 2016-05-03 23:19:24 -04:00
David Sanders e00d77c483 Fixed #26575 -- Disabled SelectFilter buttons when inactive. 2016-05-03 13:09:07 -04:00
David Sanders fb68674ea4 Fixed #26561 -- Improved admin's JavaScript SelectBox performance on large lists. 2016-05-03 10:24:22 -04:00
Michal Petrucha b9f8635f58 Refs #16508 -- Added invalidation of stale cached instances of GenericForeignKey targets. 2016-05-03 09:29:05 -04:00
Michal Petrucha 8a47ba679d Refs #16508 -- Made Model.__init__() aware of virtual fields. 
It's no longer necessary for GenericForeignKey (and any other virtual fields)
to intercept the field's values using the pre_init signal.
 2016-05-03 09:06:26 -04:00
bgaechter 4e2ee86627 Fixed #26569 -- Updated OSM Mapnik constructor 2016-05-02 18:06:03 +02:00
Tim Graham 32969c3931 Refs 2bd1bbc -- Made GeometryField.get_db_prep_lookup() a private (deprecated) method. 2016-05-02 09:40:02 -04:00
Claude Paroz 8dcf352c03 Pulled translations from Transifex 2016-04-30 14:27:07 +02:00
Claude Paroz d9a00ad16b Removed deprecated Chinese language codes for contrib apps 
Refs #18149.
 2016-04-30 14:26:47 +02:00
Claude Paroz b0068af5ff Fixed source path in contrib.admin translation catalog 
Refs #26341.
 2016-04-30 12:21:54 +02:00
Anssi Kääriäinen 7f51876f99 Fixed #26207 -- Replaced dynamic classes with non-data descriptors for deferred instance loading. 2016-04-29 13:06:32 -04:00
Tim Graham f945fb24a3 Fixed #26554 -- Updated docs URLs to readthedocs.io 2016-04-28 10:09:57 -04:00
Conrad Kramer c112198332 Fixed #26542 -- Fixed quoting in CreateExtension operation. 2016-04-27 09:30:55 -04:00
Bas Westerbaan a5033dbc58 Refs #26033 -- Added password hasher support for Argon2 v1.3. 
The previous version of Argon2 uses encoded hashes of the form:
   $argon2d$m=8,t=1,p=1$<salt>$<data>

The new version of Argon2 adds its version into the hash:
   $argon2d$v=19$m=8,t=1,p=1$<salt>$<data>

This lets Django handle both version properly.
 2016-04-25 21:17:53 -04:00
Tim Graham 901dc90db0 Removed unused/untested Field.get_choices_default()/value_to_string() methods. 2016-04-25 08:05:27 -04:00
Tim Graham 859eeaa0f0 Fixed #26533 -- Renamed Widget._format_value() to format_value(). 2016-04-23 13:15:45 -04:00
Marc Tamlyn 2d877da855 Refs #3254 -- Added full text search to contrib.postgres. 
Adds a reasonably feature complete implementation of full text search
using the built in PostgreSQL engine. It uses public APIs from
Expression and Lookup.

With thanks to Tim Graham, Simon Charettes, Josh Smeaton, Mikey Ariel
and many others for their advice and review. Particular thanks also go
to the supporters of the contrib.postgres kickstarter.
 2016-04-22 10:44:37 +01:00
Claude Paroz f4c2b8e04a Fixed #20189 -- Allowed customizing staticfiles ignored_patterns list 
Thanks Tim Graham for the review.
 2016-04-22 09:56:06 +02:00
Tobias Kroenke b040ac06eb Fixed #26520 -- Fixed a regression where SessionBase.pop() didn't return a KeyError. 2016-04-20 13:06:47 -04:00
Markus Amalthea Magnuson 08cd6a0e56 Fixed #16327 -- Redirected "Save as new" to change view instead of the changelist. 2016-04-20 11:31:44 -04:00
Michal Petrucha cb65e62c84 Fixed typo in GenericRelatedObjectManager.add() error message. 2016-04-20 10:06:49 -04:00
Nicolas Noé 23fbd3ff48 Fixed #26512 -- Added tests for SpatialRefSysMixin.get_units(). 2016-04-19 11:19:44 -04:00
Claude Paroz 9686c888d6 Fixed #25951 -- Trimmed default representation of GEOSGeometry 
Thanks Sergey Fedoseev for the report.
 2016-04-17 15:31:12 +02:00
dani poni d29d11b026 Fixed #26085 -- Fixed contenttypes shortcut() view crash with a null fk to Site. 
Thanks Fabien Schwob for the initial patch.
 2016-04-16 17:27:44 -04:00
krishbharadwaj e494b9ffb6 Fixed #26509 -- Deprecated the contrib.gis.utils.precision_wkt() function. 2016-04-16 16:47:04 -04:00
Claude Paroz 10c53385f8 Fixed #26510 -- Allowed dim/trim/precision as WKTWriter init arguments 
Thanks Tim Graham for the review.
 2016-04-16 19:51:00 +02:00
Claude Paroz 05d08367d7 Set WKTWriter trim/precision only when changed 2016-04-16 19:51:00 +02:00
Claude Paroz d419b0c9bd Converted property syntax of WKBWriter 2016-04-16 19:51:00 +02:00
Tim Graham 74675a15d0 Removed unused wk_col property of SpatialRefSys models. 
Unused since ae7cb577dd.
 2016-04-15 13:17:09 -04:00
Claude Paroz de40cfbe74 Fixed #19567 -- Added JavaScriptCatalog and JSONCatalog class-based views 
Thanks Cristiano Coelho and Tim Graham for the reviews.
 2016-04-15 17:28:54 +02:00
Tim Graham 5cc8261c39 Removed unused AdminCommaSeparatedIntegerFieldWidget. 
Unused since f212b24b64.
 2016-04-15 11:05:11 -04:00
Michal Petrucha c339a5a6f7 Refs #16508 -- Renamed the current "virtual" fields to "private". 
The only reason why GenericForeignKey and GenericRelation are stored
separately inside _meta is that they need to be cloned for every model
subclass, but that's not true for any other virtual field. Actually,
it's only true for GenericRelation.
 2016-04-13 10:10:53 -04:00
Opa- 461f74ab19 Fixed #26432 -- Fixed size tuple order when using numpy reshape on a GDALBand. 2016-04-12 10:12:19 -04:00
Jeremy Lainé c1aec0feda Fixed #25847 -- Made User.is_(anonymous|authenticated) properties. 2016-04-09 14:54:18 -04:00
Daniel Wiesmann c12a00e554 Fixed #26455 -- Allowed filtering and repairing invalid geometries. 
Added the IsValid and MakeValid database functions, and the isvalid lookup,
all for PostGIS.

Thanks Tim Graham for the review.
 2016-04-09 09:22:30 -04:00
Tim Graham df8d8d4292 Fixed E128 flake8 warnings in django/. 2016-04-08 09:51:06 -04:00
Simon Charette a872194802 Fixed #26470 -- Converted auth permission validation to system checks. 
Thanks Tim for the review.
 2016-04-06 22:40:43 -04:00
Tim Graham 7d6e6e8367 Fixed #26473 -- chmod -x on django/contrib/admin/static/admin/fonts/LICENSE.txt 2016-04-06 12:36:07 -04:00
akoskaaa ab2d34ba3f Fixed #25856 -- Added %B support to Date.strftime. 
This enables the admin to display the correct localized month name if %B
is used in the date format.
 2016-04-06 10:41:58 -04:00
Tim Graham 6448873197 Fixed E402 flake8 warnings. 2016-04-04 17:14:27 -04:00
Tim Graham 2cd2d18851 Fixed W503 flake8 warnings. 2016-04-04 17:14:26 -04:00
Jon Dufresne 5faf745999 Refs #21608 -- Fixed incorrect cache key in cache session backend's save(). 
The bug was introduced commit 3389c5ea22.
 2016-04-04 07:41:59 -04:00
anna b28c60529b Fixed #26101 -- Allowed introspection of base_field.model in RangeField 
Used the same test and fix as in #25867.
This required initializing base_field in RangeField.__init__,
not when setting the attribute.
 2016-04-03 16:32:30 +02:00
Claude Paroz db19619545 Fixed #25532 -- Properly redisplayed JSONField form input values 
Thanks David Szotten for the report and Tommy Beadle for code inspiration.
Thanks Tim Graham for the review.
 2016-04-01 09:04:20 +02:00
Claude Paroz edcecaf0de Fixed #19670 -- Applied CachedFilesMixin patterns to specific extensions 
Thanks Simon Meers for the initial patch, and Tim Graham for the review.
 2016-03-30 14:34:41 +02:00
Daniel Wiesmann 870dd1d38b Fixed #26417 -- Allowed setting GDALBand data with partial values. 2016-03-29 11:08:36 -04:00
Daniel Wiesmann f1db8c36e9 Fixed #26415 -- Allowed deleting nodata value on GDALBands. 2016-03-29 08:06:31 -04:00
Akshesh a7c813ba04 Fixed #21734 -- Handled ProtectedError in a POST to admin's delete_selected action. 2016-03-29 07:42:23 -04:00
Tim Graham acfaec3db5 Fixed #26387 -- Restored the functionality of the admin's raw_id_fields in list_editable. 2016-03-25 13:47:42 -04:00
Collin Anderson b55c77ed18 Removed unused xmlhttp from admin's core.js. 2016-03-24 17:27:53 -04:00
Alexander Gaevsky e0a3d93730 Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users. 2016-03-23 09:01:48 -04:00
Tim Graham 1243fdf5cb Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module. 2016-03-22 11:22:21 -04:00
Akshesh 49ac10b4de Fixed #26235 -- Handled ProtectedError in a POST to admin's delete_view(). 2016-03-21 19:25:27 -04:00
Berker Peksag efa9539787 Fixed #26381 -- Made UserCreationForm reusable with custom user models that define USERNAME_FIELD. 2016-03-21 12:32:42 -04:00
Claude Paroz 983c158da7 Refs #24227 -- Replaced M2M isinstance checks by field.many_to_many 
Thanks Markus Holtermann, Collin Anderson and Tim Graham for the reviews.
 2016-03-19 09:24:27 +01:00
Berker Peksag 28bcff82c5 Fixed #26297 -- Fixed `collectstatic --clear` crash if storage doesn't implement path(). 2016-03-17 09:49:57 -04:00
Akshesh 44c0ecdd92 Fixed #25364 -- Added generic way to test on all browsers supported by selenium. 
Browser names should be passed as a comma separated list to the --selenium flag.

Thanks Tim Graham, Simon Charette and Moritz Sichert for review and discussion.
 2016-03-15 13:10:32 -04:00
Matt C e7e5d9b338 Fixed #25579 -- Fixed ArrayField.get_db_prep_value() to allow complex types. 2016-03-15 11:23:38 -04:00
Vincenzo Pandolfo d0fe6c9156 Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields. 2016-03-14 20:20:24 -04:00
quaspas 91f87b8f91 Fixed #26283 -- Fixed removal of trailing nulls for SplitArrayField. 2016-03-12 17:22:25 -05:00
ieatkittens ab8af342b1 Fixed #26343 -- Sent user_login_failed signal if an auth backend raises PermissionDenied. 2016-03-12 16:44:39 -05:00
Fernando Miranda 2495023a4c Fixed #25143 -- Added ArrayField.from_db_value(). 
Thanks Karan Lyons for contributing to the patch.
 2016-03-12 09:14:35 -05:00
Noenglish Professorbut f8d20da047 Fixed a few docstring typos. 2016-03-12 08:45:06 -05:00
Tim Graham 9027fac841 Removed unneeded GeoManagers in tests. 2016-03-11 13:09:24 -05:00
Sergey Fedoseev 1f035e6283 Fixed #25865 -- Made OSMGeoAdmin require GDAL only if transformation is needed. 2016-03-11 12:33:00 -05:00
Tim Graham 09e5409cb5 Fixed a dead link in django/contrib/sitemaps/__init__.py. 2016-03-08 13:16:11 -05:00
Bas Westerbaan b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Jon Dufresne 1845bc1d10 Refs #26315 -- Cleaned up argparse options in commands. 
* Removed type coercion. Options created by argparse are already coerced
  to the correct type.
* Removed fallback default values. Options created by argparse already
  have a default value.
* Used direct indexing. Options created by argparse are always set. This
  eliminates the need to use dict.get().
 2016-03-05 13:19:29 -05:00
Simon Charette c92123cc1d Fixed #26226 -- Made related managers honor the queryset used for prefetching their results. 
Thanks Loïc for the suggested improvements and Tim for the review.
 2016-03-02 16:10:18 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login. 
This is a security fix.
 2016-03-01 11:25:28 -05:00
Alasdair Nicol 65bd053f11 Fixed #26229 -- Improved check for model admin check admin.E124 
Refs #22792
 2016-03-01 08:20:14 -05:00
Tore Lundqvist 3389c5ea22 Fixed #21608 -- Prevented logged out sessions being resurrected by concurrent requests. 
Thanks Simon Charette for the review.
 2016-02-26 18:56:56 -05:00
Simon Charette 3938b3ccaa Fixed #26286 -- Prevented content type managers from sharing their cache. 
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.

Thanks Tim for the review.

Refs #23822.
 2016-02-26 16:18:16 -05:00
Sjoerd Job Postmus bbe136e1a2 Fixed #26231 -- Used .get_username in admin login template. 2016-02-25 19:29:53 -05:00
Olivier Le Thanh Duong 10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view. 
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
 2016-02-25 07:18:33 -05:00
Claude Paroz c5517b9e74 Fixed #26266 -- Output the primary key in the GeoJSON serializer properties 
Thanks Tim Graham for the review.
 2016-02-24 16:10:46 +01:00
James Aylett 1ff6e37de4 Fixed #23832 -- Added timezone aware Storage API. 
New Storage.get_{accessed,created,modified}_time() methods convert the
naive time from now-deprecated {accessed,created_modified}_time()
methods into aware objects in UTC if USE_TZ=True.
 2016-02-23 18:51:43 -05:00
Aymeric Augustin 7f6fbc906a Prevented static file corruption when URL fragment contains '..'. 
When running collectstatic with a hashing static file storage backend,
URLs referencing other files were normalized with posixpath.normpath.
This could corrupt URLs: for example 'a.css#b/../c' became just 'c'.

Normalization seems to be an artifact of the historical implementation.
It contained a home-grown implementation of posixpath.join which relied
on counting occurrences of .. and /, so multiple / had to be collapsed.

The new implementation introduced in the previous commit doesn't suffer
from this issue. So it seems safe to remove the normalization.

There was a test for this normalization behavior but I don't think it's
a good test. Django shouldn't modify CSS that way. If a developer has
rendundant /s, it's mostly an aesthetic issue and it isn't Django's job
to fix it. Conversely, if the user wants a series of /s, perhaps in the
URL fragment, Django shouldn't destroy it.

Refs #26249.
 2016-02-23 19:35:16 +01:00
Aymeric Augustin 706b33fef8 Fixed #26249 -- Fixed collectstatic crash for files in STATIC_ROOT referenced by absolute URL. 
collectstatic crashed when:

* a hashing static file storage backend was used
* a static file referenced another static file located directly in
  STATIC_ROOT (not a subdirectory) with an absolute URL (which must
  start with STATIC_URL, which cannot be empty)

It seems to me that the current code reimplements relative path joining
and doesn't handle edge cases correctly. I suspect it assumes that
STATIC_URL is of the form r'/[^/]+/'.

Throwing out that code in favor of the posixpath module makes the logic
easier to follow. Handling absolute paths correctly also becomes easier.
 2016-02-23 19:34:21 +01:00
Claude Paroz 269b5f262c Used call_command return value in staticfiles tests 
Refs #26190.
 2016-02-23 09:12:12 +01:00
Akshesh 6670da75ff Fixed #25653 -- Made --selenium run only the selenium tests. 2016-02-19 14:21:00 -05:00
Claude Paroz 928c12eb1a Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values 
Also added tests for HStoreField and JSONField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
 2016-02-16 21:07:05 +01:00
Mounir Messelmeni 50931dfa53 Fixed #25304 -- Allowed management commands to check if migrations are applied. 2016-02-12 13:34:56 -05:00