552f03869e
Added safety to URL decoding in is_safe_url() on Python 2
...
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218ada7a4aef
2016-03-04 23:33:35 +01:00
ada7a4aefb
Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()
...
This fixes a regression introduced by c5544d2892
2016-03-04 21:14:14 +01:00
b886f166b3
Fixed #26316 -- Factored duplicated code in model/field migration operations.
2016-03-03 18:24:36 -05:00
394b7f90d3
Passed proper default value to int-type 'verbosity' option
2016-03-03 20:42:43 +01:00
d0451e4cad
Fixed #26295 -- Allowed using i18n_patterns() in any root URLconf.
...
Thanks Tim for the review.
2016-03-03 12:08:49 -05:00
c92123cc1d
Fixed #26226 -- Made related managers honor the queryset used for prefetching their results.
...
Thanks Loïc for the suggested improvements and Tim for the review.
2016-03-02 16:10:18 -05:00
8ddc79a799
Fixed #26285 -- Deprecated the MySQL-specific __search lookup.
2016-03-02 14:41:56 -05:00
04240b2365
Refs #19527 -- Allowed QuerySet.bulk_create() to set the primary key of its objects.
...
PostgreSQL support only.
Thanks Vladislav Manchev and alesasnouski for working on the patch.
2016-03-02 14:29:09 -05:00
60633ef3de
Fixed #26304 -- Ignored unmanaged through model in table introspection.
2016-03-02 13:54:27 -05:00
fb3540d6a4
Removed obsolete, unused option 'hide_empty' from loaddata command.
...
Unused since 67235fd4ef
2016-03-01 19:48:32 -05:00
67b46ba701
Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
c5544d2892
Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
65bd053f11
Fixed #26229 -- Improved check for model admin check admin.E124
...
Refs #22792
2016-03-01 08:20:14 -05:00
0223e213dd
Fixed #26186 -- Documented how app relative relationships of abstract models behave.
...
This partially reverts commit bc7d201bdb#25858 .
2016-02-29 22:07:05 -05:00
6a383f773a
Removed unused 'Between' lookup.
...
It was added in 20bab2cf9d00aa562884
2016-02-29 08:00:04 -05:00
b84f5ab4ec
Fixed #26230 -- Made default_related_name affect related_query_name.
2016-02-27 08:48:32 -05:00
5e2c4d7afb
Fixed #26264 -- Fixed prefetch_related() crashes with values_list(flat=True)
2016-02-26 19:26:15 -05:00
3389c5ea22
Fixed #21608 -- Prevented logged out sessions being resurrected by concurrent requests.
...
Thanks Simon Charette for the review.
2016-02-26 18:56:56 -05:00
3938b3ccaa
Fixed #26286 -- Prevented content type managers from sharing their cache.
...
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.
Thanks Tim for the review.
Refs #23822 .
2016-02-26 16:18:16 -05:00
ef33bc2d4d
Fixed #25279 -- Made prefetch_related_objects() public.
2016-02-26 14:55:01 -05:00
d5f89ff6e8
Fixed #24974 -- Fixed inheritance of formfield_callback for modelform_factory forms.
2016-02-26 12:27:27 -05:00
766afc22a1
Fixed #24793 -- Unified temporal difference support.
2016-02-26 12:25:12 -05:00
65aa94200b
Fixed #24653 -- Fixed MySQL database introspection when using read_default_file.
2016-02-26 12:02:13 -05:00
8890c533e0
Fixed #26280 -- Fixed cached template loader crash when loading nonexistent template.
2016-02-26 08:02:10 -05:00
eb44172760
Fixed #25811 -- Added a helpful error when making _in queries across different databases.
2016-02-26 07:31:56 -05:00
bbe136e1a2
Fixed #26231 -- Used .get_username in admin login template.
2016-02-25 19:29:53 -05:00
ee69789f45
Fixed #26269 -- Prohibited spaces in is_valid_ipv6_address().
2016-02-25 18:52:50 -05:00
4b1529e2cb
Fixed #26151 -- Refactored MigrationWriter.serialize()
...
Thanks Markus Holtermann for review.
2016-02-25 14:01:06 -05:00
fc584f0685
Fixed #26117 -- Consulted database routers in initial migration detection.
...
Thanks Simon Charette for help.
2016-02-25 09:56:00 -05:00
10781b4c6f
Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
...
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.
Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
4c18a8a378
Fixed #14098 -- Prevented crash for introspection errors in inspectdb
...
Thanks Tim Graham for the review.
2016-02-25 08:43:56 +01:00
c5517b9e74
Fixed #26266 -- Output the primary key in the GeoJSON serializer properties
...
Thanks Tim Graham for the review.
2016-02-24 16:10:46 +01:00
b412681359
Fixed #26267 -- Fixed BoundField to reallow slices of subwidgets.
2016-02-24 07:02:51 -05:00
1ff6e37de4
Fixed #23832 -- Added timezone aware Storage API.
...
New Storage.get_{accessed,created,modified}_time() methods convert the
naive time from now-deprecated {accessed,created_modified}_time()
methods into aware objects in UTC if USE_TZ=True.
2016-02-23 18:51:43 -05:00
7f6fbc906a
Prevented static file corruption when URL fragment contains '..'.
...
When running collectstatic with a hashing static file storage backend,
URLs referencing other files were normalized with posixpath.normpath.
This could corrupt URLs: for example 'a.css#b/../c' became just 'c'.
Normalization seems to be an artifact of the historical implementation.
It contained a home-grown implementation of posixpath.join which relied
on counting occurrences of .. and /, so multiple / had to be collapsed.
The new implementation introduced in the previous commit doesn't suffer
from this issue. So it seems safe to remove the normalization.
There was a test for this normalization behavior but I don't think it's
a good test. Django shouldn't modify CSS that way. If a developer has
rendundant /s, it's mostly an aesthetic issue and it isn't Django's job
to fix it. Conversely, if the user wants a series of /s, perhaps in the
URL fragment, Django shouldn't destroy it.
Refs #26249 .
2016-02-23 19:35:16 +01:00
706b33fef8
Fixed #26249 -- Fixed collectstatic crash for files in STATIC_ROOT referenced by absolute URL.
...
collectstatic crashed when:
* a hashing static file storage backend was used
* a static file referenced another static file located directly in
STATIC_ROOT (not a subdirectory) with an absolute URL (which must
start with STATIC_URL, which cannot be empty)
It seems to me that the current code reimplements relative path joining
and doesn't handle edge cases correctly. I suspect it assumes that
STATIC_URL is of the form r'/[^/]+/'.
Throwing out that code in favor of the posixpath module makes the logic
easier to follow. Handling absolute paths correctly also becomes easier.
2016-02-23 19:34:21 +01:00
e81d1c995c
Fixed #25670 -- Allowed dictsort to sort a list of lists.
...
Thanks Tim Graham for the review.
2016-02-23 12:15:08 -05:00
cdbd8745f6
Fixed #26263 -- Deprecated Context.has_key()
2016-02-23 08:08:55 -05:00
269b5f262c
Used call_command return value in staticfiles tests
...
Refs #26190 .
2016-02-23 09:12:12 +01:00
b46c0ea6c8
Fixed #26190 -- Returned handle() result from call_command
...
Thanks Tim Graham for the review.
2016-02-23 09:12:12 +01:00
47b5a6a43c
Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS.
2016-02-22 18:59:23 -05:00
d43156e1e9
Fixed #26238 -- Raised explicit error for non-editable field in ModelForm
...
Thanks Luke Crouch for the report and Simon Charette for the review.
2016-02-21 00:24:20 +01:00
6670da75ff
Fixed #25653 -- Made --selenium run only the selenium tests.
2016-02-19 14:21:00 -05:00
032f5a7896
Refs #25735 -- Made @tag decorator importable from django.test.
2016-02-19 14:21:00 -05:00
375e1cfe2b
Fixed #25349 -- Allowed a ModelForm to unset a fields with blank=True, required=False.
2016-02-19 14:18:53 -05:00
b1afebf882
Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator.
...
Thanks Shai Berger for the review.
2016-02-18 19:06:49 -05:00
d58aaa24e3
Fixed #26107 -- Added option to int_list_validator() to allow negative integers.
2016-02-18 18:58:18 -05:00
70d3f81ca4
Fixed #26233 -- Fixed invalid reSt in models.Q docstring.
2016-02-18 08:45:55 -05:00
fdccc02576
Fixed #26219 -- Fixed crash when filtering by Decimal in RawQuery.
2016-02-17 13:56:42 -05:00
d4dc775620
Fixed #25735 -- Added support for test tags to DiscoverRunner.
...
Thanks Carl Meyer, Claude Paroz, and Simon Charette for review.
2016-02-17 09:44:18 -05:00
928c12eb1a
Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values
...
Also added tests for HStoreField and JSONField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
2016-02-16 21:07:05 +01:00
043383e3f3
Fixed #24727 -- Prevented ClearableFileInput from masking exceptions on Python 2
2016-02-15 22:51:46 +02:00
b59f963ad2
Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable.
2016-02-15 11:44:29 -05:00
dec334cb66
Fixed #26193 -- Made urlize() trim multiple trailing punctuation.
2016-02-15 09:10:15 -05:00
fcd08c1757
Fixed #11665 -- Made TestCase check deferrable constraints after each test.
2016-02-13 06:53:39 -05:00
50931dfa53
Fixed #25304 -- Allowed management commands to check if migrations are applied.
2016-02-12 13:34:56 -05:00
004ba0f99e
Removed unneeded hint=None/obj=None in system check messages.
2016-02-12 13:01:25 -05:00
18afd50a2b
Updated allow_migrate() signature in check framework tests
2016-02-12 14:31:27 +11:00
16a88b4429
Fixed #26209 -- Masked sensitive settings in debug reports regardless of case.
2016-02-11 18:13:03 -05:00
926d41f0e7
Updated some comments for BCryptSHA256PasswordHasher.
2016-02-11 11:57:12 -05:00
46ecfb9b3a
Fixed #26196 -- Made sure __in lookups use to_field as default.
...
Thanks Simon Charette for the test.
2016-02-11 11:09:08 -05:00
04e13c8913
Fixed #26179 -- Removed null assignment check for non-nullable foreign key fields.
2016-02-11 10:07:39 -05:00
353aecbf8c
Fixed #26153 -- Reallowed Q-objects in ForeignObject.get_extra_descriptor_filter().
2016-02-11 08:59:43 -05:00
408c406abc
Added a function for SECRET_KEY generation logic.
2016-02-11 08:07:59 -05:00
9332497701
Merge pull request #6121 from meshy/patch-1
...
Fix typo in comment
2016-02-11 12:29:09 +01:00
46c13fef46
Fix typo in comment
2016-02-11 11:14:06 +00:00
6f1318734f
Fixed #26014 -- Added WSGIRequest content_type and content_params attributes.
...
Parsed the CONTENT_TYPE header once and recorded it on the request.
2016-02-10 18:19:23 -05:00
dca8b916ff
Fixed #26154 -- Deprecated CommaSeparatedIntegerField
2016-02-10 17:57:43 -05:00
f7a9872b91
Fixed #26173 -- Prevented localize_input() from formatting booleans as numbers.
2016-02-09 13:07:33 -05:00
bb51dc902d
Refs #26112 -- Fixed aggregate GIS test on Oracle.
...
Made sure the test doesn't try to aggregate over MultiPolygonField and made
AreaField turn decimals into floats on the way from the DB.
Thanks Daniel Wiesmann, Jani Tiainen, and Tim Graham for review and discussion.
2016-02-09 10:04:54 -05:00
182f98c4c7
Fixed typo in django/middleware/common.py docstring.
2016-02-09 08:06:26 -05:00
a325fb1f9b
Fixed #26162 -- Checked query name clashes of hidden relationships.
...
Although reverse accessor clashes should be skipped query name can't be hidden.
Thanks to Ian Foote and Tim Graham for the review.
2016-02-08 09:59:27 -05:00
10a162809f
Refs #24007 -- Removed an apps.populate() call in model unpickling that can cause deadlocks.
2016-02-08 08:28:48 -05:00
db9f21f0ad
Fixed typo in django/db/migrations/state.py.
2016-02-08 07:41:25 -05:00
97eb3356b2
Fixed #26177 -- Fixed a PostgreSQL crash with TIME_ZONE=None and USE_TZ=False.
2016-02-08 07:21:54 -05:00
e000ca23d2
Removed obsolete comment.
2016-02-08 00:11:22 -05:00
406675b1a0
Fixed #26176 -- Fixed E123 flake8 warnings.
2016-02-05 15:11:07 -05:00
275314512d
Refs #26144 -- Used proxy_for_model instead of mro inspection.
2016-02-05 12:14:32 -05:00
f91a04621e
Fixed #25833 -- Added support for non-atomic migrations.
...
Added the Migration.atomic attribute which can be set to False
for non-atomic migrations.
2016-02-05 09:09:05 -05:00
0edb8a146f
Fixed #26144 -- Warned when dumping proxy model without concrete parent.
2016-02-04 19:40:12 -05:00
6eb3ce11e4
Fixed #26089 -- Removed custom user test models from public API.
...
Thanks to Tim Graham for the review.
2016-02-04 12:30:34 -05:00
d7db417f1a
Removed some leftover trailing commas.
2016-02-04 12:23:13 -05:00
e972a7d03d
Fixed #13875 -- Made admin's submit_row template tag pass whole context.
2016-02-04 11:56:16 -05:00
dcee1dfc79
Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
...
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
926e90132d
Fixed #25731 -- Removed unused choices kwarg for Select.render()
2016-02-02 18:03:19 -05:00
468d8211df
Fixed #23971 -- Added "Has date"/"No date" choices for DateFieldListFilter.
2016-02-02 12:04:14 -05:00
37f7ef41fb
Fixed #24316 -- Made ModelAdmin.list_display callables use an appropriate CSS class name.
...
Thanks Berker Peksag for the review.
2016-02-02 10:22:59 -05:00
917cc288a3
Fixed #11313 -- Made ModelAdmin.list_editable more resilient to concurrent edits.
...
Allowed admin POSTed bulk-edit data to use modeladmin.get_queryset()
so that the ids in the POST data have a chance to match up even if
the objects on the current page changed based on the ordering.
2016-02-01 16:05:01 -05:00
731bdfe68a
Fixed #26155 -- Skipped URL checks if no ROOTURL_CONF setting.
2016-02-01 13:51:38 -05:00
62f3acc70a
Fixed incorrect permissions check for admin's "Save as new".
...
This is a security fix.
2016-02-01 11:57:00 -05:00
8bf8d0e0ec
Fixed #7923 -- Added links to objects displayed by ModelAdmin.raw_id_fields.
2016-02-01 07:36:10 -05:00
c79852acee
Fixed #14402 -- Removed clearing of help_text for ManyToManyField's raw_id_fields.
2016-01-30 12:42:47 -05:00
be9bd3348d
Fixed #25758 -- Defaulted to current language FORMATs in date/time filters
...
Thanks Ali Lozano for the report and the initial patch, and Tim Graham for
the review.
2016-01-30 17:04:47 +01:00
c47364ef0c
Fixed #26134 -- Used new OpenGIS names for recent MySQL
...
Thanks František Malina for the report.
2016-01-29 23:25:23 +01:00
8dea9f089d
Fixed #26120 -- Made HStoreField cast keys and values to strings.
...
HStoreField now converts all keys and values to string before they're
saved to the database.
2016-01-29 09:51:23 -05:00
04564eb74d
Fixed #26129 -- Made invalid forms display initial values of disabled fields.
2016-01-28 18:43:48 -05:00
4b0118465b
Fixed #26150 -- Sorted app_labels in migrate command output
2016-01-29 10:26:04 +11:00
19d1cb1451
Fixed #20415 -- Ensured srid isn't localized in OpenLayers JavaScript.
2016-01-28 17:46:55 -05:00
f05722a08a
Fixed #25354 -- Added class/app_label interpolation for related_query_name.
2016-01-28 11:10:47 -05:00
54236a2c1c
Fixed #26138 -- Ensured geometry_field's geometry is always serialized
...
Thanks Bernd Schlapsi for the report.
2016-01-28 08:50:38 +01:00
Claude Paroz
Akshesh
Jon Dufresne
Simon Charette
Marc Tamlyn
acrefoot
Matthew Schinckel
Florian Apolloner
Mark Striemer
Alasdair Nicol
Adam Chainz
chenesan
Attila Tovt
Tore Lundqvist
Yoong Kang Lim
zshimanchik
Ivan Tsouvarev
Edwar Baron
Sjoerd Job Postmus
Nick Malakhov
Scott Sexton
Olivier Le Thanh Duong
James Aylett
Aymeric Augustin
Andrew Kuchev
Tim Graham
haxoza
Jakub Paczkowski
Berker Peksag
Alexey Kotlyarov
Mounir Messelmeni
Markus Holtermann
François Freitag
Anssi Kääriäinen
ZachLiuGIS
Roberto Rosario
Florian Apolloner
Charlie Denton
Curtis Maloney
Brobin
Marcin Markiewicz
Shai Berger
Liam Brenner
knbk
Pankrat
Federico Capoano
Hugo Osvaldo Barrera
jpic
rynomster
bphillips
Buddy Lindsey, Jr
Myk Willis
Alexander Gaevsky
Greg Chapple
James Pulec