innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
29,715 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

21 Commits

Author SHA1 Message Date
Tim Graham 4f313e284e Refs #17209 -- Removed login/logout and password reset/change function-based views. 
Per deprecation timeline.
 2017-09-22 12:51:17 -04:00
Dmitry Dygalo 5155c2b458 Fixed typo in 1.9.3/1.8.10 release date. 2016-03-02 07:08:36 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login. 
This is a security fix.
 2016-03-01 11:25:28 -05:00
Mark Striemer c5544d2892 Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth. 
This is a security fix.
 2016-03-01 11:25:28 -05:00
Tim Graham f43291639b Added stub release notes for security issues. 2016-03-01 11:25:28 -05:00
Simon Charette 0223e213dd Fixed #26186 -- Documented how app relative relationships of abstract models behave. 
This partially reverts commit bc7d201bdb.

Thanks Tim for the review.

Refs #25858.
 2016-02-29 22:07:05 -05:00
Simon Charette 3938b3ccaa Fixed #26286 -- Prevented content type managers from sharing their cache. 
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.

Thanks Tim for the review.

Refs #23822.
 2016-02-26 16:18:16 -05:00
Ivan Tsouvarev 8890c533e0 Fixed #26280 -- Fixed cached template loader crash when loading nonexistent template. 2016-02-26 08:02:10 -05:00
Sjoerd Job Postmus bbe136e1a2 Fixed #26231 -- Used .get_username in admin login template. 2016-02-25 19:29:53 -05:00
Jon Dufresne b412681359 Fixed #26267 -- Fixed BoundField to reallow slices of subwidgets. 2016-02-24 07:02:51 -05:00
Tim Graham 33a4040d07 Refs #26253 -- Forwardported release note. 2016-02-22 17:19:08 -05:00
Tim Graham b1afebf882 Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator. 
Thanks Shai Berger for the review.
 2016-02-18 19:06:49 -05:00
Akshesh fdccc02576 Fixed #26219 -- Fixed crash when filtering by Decimal in RawQuery. 2016-02-17 13:56:42 -05:00
Claude Paroz 928c12eb1a Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values 
Also added tests for HStoreField and JSONField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
 2016-02-16 21:07:05 +01:00
Alexey Kotlyarov b59f963ad2 Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable. 2016-02-15 11:44:29 -05:00
Anssi Kääriäinen 46ecfb9b3a Fixed #26196 -- Made sure __in lookups use to_field as default. 
Thanks Simon Charette for the test.
 2016-02-11 11:09:08 -05:00
Anssi Kääriäinen 353aecbf8c Fixed #26153 -- Reallowed Q-objects in ForeignObject.get_extra_descriptor_filter(). 2016-02-11 08:59:43 -05:00
Simon Charette a325fb1f9b Fixed #26162 -- Checked query name clashes of hidden relationships. 
Although reverse accessor clashes should be skipped query name can't be hidden.

Thanks to Ian Foote and Tim Graham for the review.
 2016-02-08 09:59:27 -05:00
Tim Graham 97eb3356b2 Fixed #26177 -- Fixed a PostgreSQL crash with TIME_ZONE=None and USE_TZ=False. 2016-02-08 07:21:54 -05:00
Buddy Lindsey, Jr 731bdfe68a Fixed #26155 -- Skipped URL checks if no ROOTURL_CONF setting. 2016-02-01 13:51:38 -05:00
Tim Graham 59654d5efe Added stub release notes for 1.9.3. 2016-02-01 12:39:18 -05:00