innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
24,032 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

2577 Commits

Author SHA1 Message Date
Tim Graham 97e77b7bc1 [1.11.x] Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs. 
This is a security fix.
 2017-04-04 10:46:50 -04:00
Tim Graham 001ff50808 [1.11.x] Fixed CVE-2017-7234 -- Fixed open redirect vulnerability in views.static.serve(). 
This is a security fix.
 2017-04-04 10:46:50 -04:00
Tim Graham 839159b67e [1.11.x] Added stub release notes for security releases. 2017-04-04 10:46:48 -04:00
heathervm ff0c6b83e5 [1.11.x] Fixed #27993 -- Fixed model form default fallback for SelectMultiple. 
Backport of 7d1e237753 from master
 2017-03-31 10:10:30 -04:00
Claude Paroz 28cf32b2cb [1.11.x] Fixed #27981 -- Doc'd date/time filter l10n changes in refs #25758. 
Backport of 6585ebebaa from master
 2017-03-27 12:53:17 -04:00
Mariusz Felisiak b06855facd [1.11.x] Fixed #27966 -- Bumped required psycopg2 version to 2.5.4. 
Thanks Tim Graham for the review.

Backport of 43380e9110 from master
 2017-03-21 17:40:04 +01:00
Tim Graham 5310106ee3 [1.11.x] Fixed #27949 -- Doc'd how OpenLayers 3 widgets work. 
Backport of 4224ecb74e from master
 2017-03-21 10:51:01 -04:00
Tim Graham 4b57fa3746 [1.11.x] Updated postgis.net and gaia-gis.it links to https. 
Backport of 5bd7ffc313 from master
 2017-03-16 14:03:52 -04:00
Mariusz Felisiak 9924c8a8b0 [1.11.x] Fixed #27924 -- Added support for cx_Oracle 5.3. 
- Fixed Oracle backend due to cx_Oracle 5.3 change in the
Cursor.description behavior i.e. "Use None instead of 0 for items in
the Cursor.description attribute that do not have any validity.".
- Used cx_Oracle.Object.size() instead of len().
Thanks Tim Graham for the review.

Backport of 75503a823f from master
 2017-03-10 23:07:50 +01:00
Camilo Nova 33d2c53fb1 [1.11.x] Fixed #27891 -- Added PasswordResetConfirmView.post_reset_login_backend. 
Backport of 5db465d5a6 from master
 2017-03-07 19:54:23 -05:00
Raphael Merx 89b31b312e [1.11.x] Fixed #27905 – Added RelatedFieldWidgetWrapper.value_omitted_from_data(). 
Backport of fd75c8f2b7 from master
 2017-03-07 13:56:45 -05:00
Tim Graham 679560b7d8 [1.11.x] Added stub release notes for 1.10.7. 
Backport of 6c5348b9d2 from master
 2017-03-07 13:05:56 -05:00
Adam Johnson 6382a60f28 [1.11.x] Fixed typo in docs/releases/1.10.6.txt. 
Backport of c1d652c62f from master
 2017-03-01 10:11:51 -05:00
Tim Graham bb049268c6 [1.11.x] Added release date for 1.10.6. 
Backport of 4f22505a9f from master
 2017-03-01 08:27:46 -05:00
Tim Graham 53f5dc10cd [1.11.x] Refs #25187 -- Fixed AuthBackend.authenticate() compatibility for signatures that accept a request kwarg. 
Backport of c31e7ab5a4 from master
 2017-02-24 13:59:34 -05:00
Claude Paroz a86ec78fe6 [1.11.x] Completed 1.10.6 release note 2017-02-23 10:27:28 +01:00
Vytis Banaitis d03153e3b0 [1.11.x] Fixed #27856 -- Improved accuracy of date subtraction on PostgreSQL. 
Accuracy was incorrect when dates differ by a month or more.

Backport of 4045fd56cb from master
 2017-02-21 12:49:31 -05:00
Vytis Banaitis eedf276ed1 [1.11.x] Fixed #27828 -- Fixed a crash when subtracting Integer/DurationField from DateField on Oracle/PostgreSQL. 
Backport of d5088f838d from master
 2017-02-16 12:35:40 -05:00
amalia b54fff2938 [1.11.x] Fixed #27820 -- Fixed RequestDataTooBig/TooManyFieldsSent crash. 
Backport of 2f10216f84 from master
 2017-02-13 16:43:23 -05:00
Mads Jensen ded0632d94 [1.11.x] Refs #26610 -- Added CIText mixin and CIChar/Email/TextField. 
Backport of fb5bd38e3b from master
 2017-02-11 07:16:58 -05:00
Atul Varma 8a60e3d3fd [1.11.x] Fixed typo in docs/releases/1.11.txt. 
Backport of 10c47f7b47 from master
 2017-02-07 07:50:02 -05:00
Tim Graham 2b17e4770b [1.11.x] Fixed #27805 -- Fixed ClearableFileInput's "Clear" checkbox on model fields with a default. 
Backport of 4353640ea9 from master
 2017-02-06 20:55:47 -05:00
Tim Graham f01ad1cb6a Refs #27683 -- Allowed setting isolation level in DATABASES ['OPTIONS'] on MySQL. 2017-01-17 11:16:15 -05:00
Markus Holtermann 45ded053b1 Fixed #27666 -- Delayed rendering of recursivly related models in migration operations. 2017-01-17 08:12:52 -05:00
Tim Graham 0f46bc67e2 Fixed #27735 -- Doc'd form widget l10n change (refs #15667). 2017-01-16 12:58:21 -05:00
Tim Graham f2d2f17896 Removed empty sections from 1.11 release notes. 2017-01-16 09:58:26 -05:00
Mads Jensen e585c43be9 Fixed #25809 -- Added BrinIndex support in django.contrib.postgres. 
Thanks Tim Graham and Markus Holtermann for review.
 2017-01-15 13:37:18 +01:00
Matthew Schinckel 236ebe94bf Fixed #27149 -- Added Subquery and Exists database expressions. 
Thanks Josh Smeaton for Oracle fixes.
 2017-01-14 09:12:24 -05:00
Florian Apolloner 84c1826ded Fixed #27718 -- Added QuerySet.union(), intersection(), difference(). 
Thanks Mariusz Felisiak for review and Oracle assistance.
Thanks Tim Graham for review and writing docs.
 2017-01-14 08:32:07 -05:00
Romain Garrigues ede59ef6f3 Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header. 
Thanks Florian Apolloner for contributing to this patch and
Collin Anderson, Markus Holtermann, and Tim Graham for review.
 2017-01-13 09:17:54 -05:00
François Freitag f3b7c05936 Refs #16614 -- Made QuerySet.iterator() use server-side cursors on PostgreSQL. 
Thanks to Josh Smeaton for the idea of implementing server-side cursors
in PostgreSQL from the iterator method, and Anssi Kääriäinen and Kevin
Turner for their previous work. Also Simon Charette and Tim Graham for
review.
 2017-01-11 09:25:37 -05:00
David Sanders 53bffe8d03 Fixed #24452 -- Fixed HashedFilesMixin correctness with nested paths. 2017-01-11 09:21:29 -05:00
Tim Graham 823af53bf6 Fixed #27707 -- Removed shell support for IPython < 1.0. 2017-01-09 12:02:43 -05:00
Sebastian Spiegel 8b734d2f99 Fixed #27432 -- Made app_label arguments limit showmigrations --plan output. 2017-01-06 19:50:31 -05:00
Tim Graham a50926ede2 Added stub release notes for 1.10.6. 2017-01-04 14:33:18 -05:00
Tim Graham 32b3961943 Added release date for 1.10.5. 2017-01-04 13:20:01 -05:00
Tim Graham c85831e4b7 Fixed #27658 -- Prevented collectstatic from overwriting newer files in remote storages. 
Thanks revimi for the initial patch.
 2017-01-04 12:50:31 -05:00
anabelensc 1c12df4aa6 Fixed #25912 -- Added binary left/right shift operators to F expressions. 
Thanks Mariusz Felisiak for review and MySQL advice.
 2017-01-03 14:15:46 -05:00
Claude Paroz 2ebfda38e6 Fixed #25004 -- Updated OpenLayers-based widget to OpenLayers 3 
Thanks Tim Graham for the review.
 2017-01-02 19:45:52 +01:00
vinay karanam 6128c1736d Refs #27637 -- Fixed timesince, timeuntil on New Year's Eve in a leap year. 2017-01-02 08:40:44 -05:00
Tim Graham fae56427e1 Fixed #27649 -- Bumped required cx_Oracle to 5.2. 
Removed obsolete workarounds from 1aa4889808
and dcf3be7a62.
 2016-12-29 12:45:25 -05:00
Adam Chainz 5eff8a7783 Fixed #25415 -- Made DiscoverRunner run system checks. 2016-12-29 12:33:24 -05:00
Shivang Bharadwaj 6a74950513 Fixed #27258 -- Prohibited django.Template.render() with non-dict context. 
Thanks Shivang Bharadwaj for the initial patch.
 2016-12-28 16:03:20 -05:00
Preston Timmons b52c73008a Fixed #15667 -- Added template-based widget rendering. 
Thanks Carl Meyer and Tim Graham for contributing to the patch.
 2016-12-27 17:50:10 -05:00
Tim Graham 51cde873d9 Fixed #27648 -- Deprecated (iLmsu) regex groups in url() patterns. 2016-12-27 15:59:13 -05:00
Tim Graham 4701abd56e Refs #27025 -- Documented Python 3.6 compatibility for Django 1.11. 2016-12-27 12:01:24 -05:00
Mariusz Felisiak 3e5c5e6754 Fixed #27637 -- Fixed timesince, timeuntil in leap year edge case. 2016-12-27 09:29:11 -05:00
Sergey Fedoseev 986c7d522a Fixed #27497 -- Improved support of geodetic coordinates on SpatiaLite. 
Area function, Distance function, and distance lookups now work with
geodetic coordinates on SpatiaLite.
 2016-12-15 15:31:07 -05:00
Sergey Fedoseev 38a6df555f Fixed #27602 -- Added Oracle support for BoundingCircle GIS function. 2016-12-15 14:16:09 -05:00
Sergey Fedoseev 5a23cc00f5 Fixed #27607 -- Added Oracle support for AsGML GIS function. 2016-12-15 14:00:08 -05:00
David Hoffman bf84d042e0 Fixed #27582 -- Allowed HStoreField to store null values. 2016-12-15 10:35:44 -05:00
Waldemar Kornewald b24af2f405 Fixed #27418 -- Fixed occasional missing plural forms in JavaScriptCatalog. 2016-12-14 18:20:30 -05:00
Michael Scott 1e629928e9 Fixed #27313 -- Allowed overriding admin popup response template. 2016-12-14 18:10:56 -05:00
Tim Graham 92c5eeac33 Fixed #27598 -- Allowed specifying directories for a filesystem template loader. 
Thanks Carl Meyer for review.
 2016-12-14 10:33:51 -05:00
Yohann Gabory 47ef8f31f3 Fixed #13312 -- Allowed specifying the order of null fields in queries. 
Thanks Mariusz Felisiak for finishing the patch.
 2016-12-08 09:54:07 -05:00
Vinay Karanam 4a246a02bd Refs #17235 -- Made MultiPartParser leave request.POST immutable. 2016-12-07 08:28:46 -05:00
Andreas Pelme 373140b07a Fixed #27567 -- Fixed crash in the debug view when request.user errors. 2016-12-06 12:28:00 -05:00
Tim Graham 6d1394182d Added stub release notes for 1.10.5. 2016-12-02 08:46:06 -05:00
Tim Graham 9ea9686532 Added release dates for 1.10.4, 1.9.12, 1.8.17. 2016-12-01 17:15:04 -05:00
Ed Morley dd2e4d7b5d Refs #27558 -- Added test for no index on InnoDB ForeignKey. 
The refactor in 3f76d1402d fixed the creation
of redundant indexes.

Forwardport of 82ce55dbbe from stable/1.10.x
 2016-12-01 13:25:48 -05:00
Sergey Fedoseev 4464b9b9ad Fixed #27556 -- Added Oracle support for IsValid function and isvalid lookup. 2016-11-30 11:22:56 -05:00
Raphael Michel ddf169cdac Refs #16859 -- Allowed storing CSRF tokens in sessions. 
Major thanks to Shai for helping to refactor the tests, and to
Shai, Tim, Florian, and others for extensive and helpful review.
 2016-11-30 08:57:27 -05:00
Adam Chainz 71609a5b90 Fixed #27555 -- Removed django.utils.functional.lazy_property. 2016-11-29 19:01:12 -05:00
Krzysztof Urbaniak b8a815e9df Fixed #27402 -- Fixed incorrect LocaleMiddleware redirects with prefix_default_language=False. 2016-11-29 13:06:35 -05:00
Andrew Nester ade52ef71f Fixed #27544 -- Fixed QuerySet.update(dt=F('dt') + timedelta) crash on SQLite. 2016-11-29 12:23:44 -05:00
Adam Chainz 95238a7de8 Fixed #27321 -- Added detection for table case name sensitivity on MySQL. 2016-11-28 13:29:21 -05:00
Mads Jensen aa2cb4c622 Refs #26327 -- Renamed JsonAgg to JSONBAgg. 
Thanks to Christian von Roques for the report.
 2016-11-28 06:57:01 -05:00
Adam Chainz 6252fd6314 Fixed #27532 -- Deprecated Model._meta.has_auto_field 2016-11-25 13:24:11 -05:00
Aymeric Augustin cb7bbf97a7
Fixed #25966 -- Made get_user_model() work at import time. 
This makes it equivalent to: `from django.contrib.auth.models import User`.

Thanks Aymeric Augustin for the initial patch and Tim Graham for the
review.
 2016-11-25 14:15:49 +01:00
Tim Graham 93a081946d Normalized casing of "custom user model". 2016-11-23 15:14:28 -05:00
Jackie Leng 50613d957a Fixed #26920 -- Made GEOSGeometry equality check consider the srid 2016-11-23 09:23:06 +01:00
Sergey Fedoseev 45e01df373 Fixed #27488 -- Added SpatiaLite suppport for IsValid, MakeValid, and __isvalid. 2016-11-16 09:43:54 -05:00
Simon Charette 31a56e30cf Fixed #27407 -- Made Model.delete(keep_parents=True) preserve parent reverse relationships. 
Thanks Tim for the review.
 2016-11-15 20:16:06 -05:00
akki 74ed20b49a Replaced "django" with "Django" in spelling_wordlist. 2016-11-15 17:00:50 -05:00
Claude Paroz 8c7778884b Dropped support for GDAL 1.7 and 1.8 2016-11-12 17:28:03 +01:00
Jacob Rief b3162cab94 Fixed #27386 -- Wrapped admin's readonly fields in <div> rather than <p>. 2016-11-12 10:02:57 -05:00
Mads Jensen 1446902be4 Fixed #25240 -- Added ExtractWeek and exposed it through the __week lookup. 
Thanks to Mariusz Felisiak and Tim Graham for review.
 2016-11-11 08:01:40 -05:00
Daniel Wiesmann 2dc07da497 Fixed #27421 -- Added shape, size, and offset controls to GDALRaster constructor. 
Thanks Tim Graham for the review.
 2016-11-11 07:09:38 -05:00
Paweł Marczewski 50f9e736fa Fixed #27438 -- Added the diffsettings --default option. 2016-11-10 07:50:49 -05:00
Joseph Kahn 373c6c409c Fixed #27461 -- Fixed incorrect allow_migrate() arguments in makemigrations. 2016-11-09 10:27:19 -05:00
Mariusz Felisiak c4b04e1598 Fixed #27420 -- Quoted the Oracle test user password in queries. 2016-11-08 16:30:22 -05:00
Tim Graham ee1bf0e8b5 Corrected release note location of BaseCommand.can_import_settings removal. 2016-11-07 14:54:21 -05:00
Maxime Lorant cb3fb34b86 Fixed #27378 -- Added support for serialization of uuid.UUID in migrations. 
Thanks Yuriy Korobko for the initial patch and Tobias McNulty for review.
 2016-11-06 13:53:00 +01:00
Adam Malinowski 37809b891e Fixed #27346 -- Stopped setting the Content-Length header in ConditionalGetMiddleware. 2016-11-05 22:24:54 +01:00
Tim Graham b8ae2c16cf Added CVE-2016-9013,14 to the security release archive. 2016-11-01 10:48:11 -04:00
Tim Graham 7fe2d8d940 Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True. 
This is a security fix.
 2016-11-01 09:30:57 -04:00
Marti Raudsepp da7910d483 Fixed CVE-2016-9013 -- Generated a random database user password when running tests on Oracle. 
This is a security fix.
 2016-11-01 09:30:57 -04:00
Tim Graham 9e9c81d3c2 Added stub release notes for 1.9.11/1.8.16. 2016-11-01 09:30:57 -04:00
Andrew Nester 1ce04bcce0 Fixed #27363 -- Replaced unsafe redirect in SessionMiddleware with SuspiciousOperation. 2016-11-01 07:15:56 -04:00
Henry Dang 9c2e1ad6a5 Fixed #27400 -- Documented {% static %} encoding change in 1.10. 2016-10-31 16:07:00 -04:00
Krzysztof Urbaniak a01d887a3a Fixed #27063 -- Prevented i18n_patterns() from using too much of the URL as the language. 2016-10-31 14:32:01 -04:00
Michael Scott ec9ed07488 Fixed #27188 -- Allowed using unique=True with FileField. 
Thanks Tim Graham for the initial patch.
 2016-10-28 20:11:03 -04:00
Aymeric Augustin 625cd5bcb3 Added require_ready argument to get_model methods. 
This allows bringing back the behavior of Django < 1.7.

Also fixed the check for the app registry being ready in
AppConfig.get_model(s), which was inconsistent with the equivalent check in
Apps.get_model(s). That part is a backwards-incompatible change.
 2016-10-28 19:08:57 -04:00
Aymeric Augustin efcb7e1ebf Modified readiness check in AppConfig.get_model(s). 
It was inconsistent with the equivalent check in Apps.get_model(s)
because I made incorrect assumptions when I wrote that code and
needlessly complicated readiness checks.

This is a backwards-incompatible change.
 2016-10-28 18:42:29 -04:00
Tim Graham 414ad25b09 Fixed #27327 -- Simplified time zone handling by requiring pytz. 2016-10-27 08:53:20 -04:00
Jon Dufresne c74378bb77 Fixed #27299 -- Documented the Widget.use_required_attribute() method. 
Thanks Tim Graham for the review and edits.
 2016-10-26 19:29:16 -07:00
Jon Dufresne f3ea0c4bbd Reverted "Fixed #26401 -- Added BaseAuthConfig to use auth without migrations." 
This reverts commit 1ec1633cb2 as it
doesn't handle ContentType's auth.Permission dependency. Thus, it
doesn't allow auth without migrations.
 2016-10-25 17:32:59 -07:00
David Barragán Merino b3bd3aa07c Fixed #27385 -- Fixed QuerySet.bulk_create() on PostgreSQL when the number of objects is a multiple plus one of batch_size. 2016-10-25 19:21:08 -04:00
Alvin Lindstam 6b5106b1ce Fixed #27374 -- Made JavaScriptCatalog respect the packages argument. 2016-10-22 19:26:08 -04:00
Tim Graham 61f9243e51 Fixed #27345 -- Stopped setting the Date header in ConditionalGetMiddleware. 2016-10-14 12:48:03 -04:00