This preserves the behavior of redirecting to the logout URL without
query string parameters when an insecure ?next=... parameter is given.
It changes the behavior of a POST to the logout URL, as shown by the
test that is changed. Currently, this results in a GET to the logout
URL. However, such GET requests are deprecated. This change would be
necessary in Django 5.0 anyway. This commit merely anticipates it.
This might change the behavior when self.next_page == "". However,
resolve_url(self.next_page) would almost certainly fail in that case.
It is technically possible to define a logout URLpattern whose name is
"": path('logout/', LogoutView.as_view(), name=''), and then to refer to
this pattern with next_page = "". However this feels like a pathological
case, so we decided not to handle it.
Most checks on next_page, LOGIN_REDIRECT_URL, and LOGOUT_REDIRECT_URL
are performed with boolean evaluation rather than comparison with None.
That's why we standardizing that way.
This aligns it with LoginView. Also, it removes confusion with the
get_next_page() method of paginators. get_next_page() was a private
API, therefore this refactoring is allowed.
This also renames SuccessURLAllowedHostsMixin to RedirectURLMixin.
This doesn't change the behavior of LogoutView.get_next_page() because
next_page == "" implies url_is_safe == False before the refactoring.
The default argument is unnecessary because
url_has_allowed_host_and_scheme() returns False when its first argument
is "" or None, so get_redirect_url() still returns "".
This also aligns LoginView.get_redirect_url() and LogoutView.get_next_page().
Adjusted admin javascript to add newly created related objects to
already loaded select widgets.
In this version, applies only where limit_choices_to is not set.
This includes refactoring of CombinedExpression._resolve_output_field()
so it no longer uses the behavior inherited from Expression of guessing
same output type if argument types match, and instead we explicitly
define the output type of all supported operations.
This also makes nonsensical operations involving dates
(e.g. date + date) raise a FieldError, and adds support for
automatically inferring output_field for cases such as:
* date - date
* date + duration
* date - duration
* time + duration
* time - time
Follow up to dc8bb35e39.
The Webpack default is to output CSS source map comments like
`/*# sourceMappingURL=main.css.map*/`. Also, Chromium allows tabs.
Added a JavaScript confirm() to catch double-submissions, when the
change form has already been submitted.
Thanks to Adam Johnson, Claude Paroz, Keryn Knight, and Thibaud Colas
for review.
In these cases Black produces unexpected results, e.g.
def make_random_password(
self,
length=10,
allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):
or
cursor.execute("""
SELECT ...
""",
[table name],
)
siddhartha-star-dev
Mariusz Felisiak
Aymeric Augustin
Alexandru Mărășteanu
mgaligniana
Claude Paroz
David Smith
Baptiste Mispelon
Lucidiot
Luke Plant
René Fleschenberg
adontz
Carlton Gibson
Stefan Wehrmeyer
Florian Apolloner
Gagaro
Biel Frontera
Adrian Torres
Hameed Gifford
Adam Johnson
Hrushikesh Vaidya
Dulalet
Shubh1815
Anders Kaseorg
ravi kunwar
My-Name-Is-Nabil
dr-rompecabezas
django-bot
tschilling