Commit Graph

6468 Commits

Author SHA1 Message Date
Tim Graham aba74d6f1e [1.8.x] Fixed escaping regression in urlize filter.
Now that the URL is always unescaped as of refs #22267,
we should re-escape it before inserting it into the anchor.

Backport of 7b1a67cce5 from master
2015-03-10 19:12:20 -04:00
Baptiste Mispelon 35d68e8e76 [1.8.x] Refs #24461 -- Added test/release notes for XSS issue in ModelAdmin.readonly_fields
This issue was fixed by refs #24464.
2015-03-09 10:15:12 -04:00
Erik Romijn d16e4e1d6f [1.8.x] Fixed #24464 -- Made built-in HTML template filter functions escape their input by default.
This may cause some backwards compatibility issues, but may also
resolve security issues in third party projects that fail to heed warnings
in our documentation.

Thanks Markus Holtermann for help with tests and docs.

Backport of fa350e2f30 from master
2015-03-09 09:31:07 -04:00
Anssi Kääriäinen 3a0fe942dd [1.8.x] Fixed #24171 -- Fixed failure with complex aggregate query and expressions
The query used a construct of qs.annotate().values().aggregate() where
the first annotate used an F-object reference and the values() and
aggregate() calls referenced that F-object.

Also made sure the inner query's select clause is as simple as possible,
and made sure .values().distinct().aggreate() works correctly.

Backport of fb146193c4 from master
2015-03-09 07:51:05 -04:00
Aymeric Augustin 311b880fa9 [1.8.x] Prevented some tests from writing in the CWD.
Backport of 90b069c33f from master
2015-03-07 10:40:17 -05:00
Jean-Louis Fuchs 1ae2df6bfc [1.8.x] Fixed #24447 -- Made migrations add FK constraints for existing columns
When altering from e.g. an IntegerField to a ForeignKey, Django didn't
add a constraint.

Backport of f4f0060fea from master
2015-03-07 14:15:27 +01:00
Claude Paroz ac07890f95 [1.8.x] Fixed urlize regression with entities in query strings
Refs #22267.
Thanks Shai Berger for spotting the issue and Tim Graham for the
initial patch.
Backport of ec808e807 from master.
2015-03-06 22:22:51 +01:00
Josh Smeaton 823f8cdbc9 [1.8.x] Fixed #24420 -- Allowed ordering by case expressions
Backport of ceaf31adff from master
2015-03-06 13:31:43 +11:00
Tim Graham 20bf320502 [1.8.x] Fixed #24426 -- Displayed admin actions panel when show_full_result_count=False.
Backport of 36a17be9f3 from master
2015-03-04 13:56:51 -05:00
Markus Holtermann bff446c205 [1.8.x] Fixed #24435 -- Prevented m2m field removal and addition in migrations when changing blank
Thanks Mark Tranchant for the report and Tim Graham for the test and
review.

Backport of a9e29fae10 from master
2015-03-04 15:44:38 +01:00
Claude Paroz c0df8d1be9 [1.8.x] Fixed #24413 -- Prevented translation fallback for English
Thanks Tomasz Kontusz for the report, Baptiste Mispelon for
analysis and Tim Graham for the review.
Backport of 3cf1c02695 from master.
2015-02-28 10:09:01 +01:00
Claude Paroz b825ec38c1 [1.8.x] Fixed #24418 -- Prevented crash in refresh_from_db with null fk
Thanks Johannes Lerch for the report, Tim Graham for the test case,
and Simon Charette for the review.
Backport of 5cf96b49e4 from master.
2015-02-27 20:25:12 +01:00
Michael Angeletti 278b698794 [1.8.x] Fixed #24391 -- Made BoundField.value() cache callable values.
Backport of 65441bbdb0 from master
2015-02-24 20:05:16 -05:00
Stanislas Guerra a3fca05b05 [1.8.x] Fixed #24395 -- Ensured inline ModelsForms have an updated related instance.
Backport of 4c2f546b55 from master
2015-02-24 11:49:27 -05:00
Preston Timmons 450b42eafe [1.8.x] Cleaned up template directory handling in template tests.
Backport of 8e129b42ad from master
2015-02-24 09:22:25 -05:00
Preston Timmons b22d20dd18 [1.8.x] Combined TemplateTests and TemplateRegressionTests.
Backport of 32c108a221 from master
2015-02-24 09:22:20 -05:00
Preston Timmons 2e7414cdf4 [1.8.x] Moved test_token_smart_split into ParserTests.
Backport of 25a0b5cdcd from master
2015-02-24 09:22:15 -05:00
Preston Timmons e15292daa0 [1.8.x] Moved ifchanged tests into syntax_tests/test_if_changed.py.
Backport of 3d8fee6051 from master
2015-02-24 09:22:05 -05:00
Preston Timmons f3a49c628e [1.8.x] Moved cache tests into syntax_tests/test_cache.py.
Backport of f6d087b628 from master
2015-02-24 09:21:54 -05:00
Preston Timmons d8114552a0 [1.8.x] Moved RequestContextTests into test_context.
Backport of 250a3d1993 from master
2015-02-24 09:18:28 -05:00
Preston Timmons c1bf9e47ec [1.8.x] Moved TemplateTagLoading cases into test_custom.
Backport of ff67ce5076 from master
2015-02-24 09:17:45 -05:00
Preston Timmons 272208c124 [1.8.x] Moved include tests into syntax_tests/test_include.py.
Backport of 06ffc764a9 from master
2015-02-24 09:10:01 -05:00
Preston Timmons cdb73ec8cd [1.8.x] Moved ssi tests into syntax_tests/test_ssi.py.
Backport of 441a47e1ef from master
2015-02-24 09:09:52 -05:00
Tim Graham 210bf24ddb [1.8.x] Cleaned up template loader tests.
Backport of 1827aa9024 from master
2015-02-24 08:59:05 -05:00
Nik Nyby 3e0df285fd [1.8.x] Fixed typos in flatpages_tests comments.
Backport of 2be6b52656 from master
2015-02-24 06:31:59 -05:00
Aymeric Augustin e3953de900 [1.8.x] Normalized usage of the tempfile module.
Specifically stopped using the dir argument.

Backport of a8fe12417f from master
2015-02-23 15:26:35 -05:00
Aymeric Augustin fae31f2348 [1.8.x] Guaranteed removal of temporary files during tests.
Dropped the DJANGO_TEST_TEMP_DIR environment variable.

Before this change, proper removal depended on the developer passing
dir=os.environ['DJANGO_TEST_TMP_DIR'] to tempfile functions.

Backport of 934400759d from master
2015-02-23 15:26:26 -05:00
Tim Graham 41d5ed480c [1.8.x] Fixed #24377 -- Fixed model inline formsets with primary key's that have defaults.
Backport of 1306cd1e8a from master
2015-02-23 09:01:00 -05:00
Anssi Kääriäinen 155a127afb [1.8.x] Fixed #24381 -- removed ForeignObjectRel opts and to_opts
These cached properies were causing problems with pickling, and in
addition they were confusingly defined: field.rel.model._meta was
not the same as field.rel.opts.

Instead users should use field.rel.related_model._meta inplace of
field.rel.opts, and field.rel.to._meta in place of field.rel.to_opts.

Backport of f95122e541 from master
2015-02-23 07:26:10 -05:00
Marten Kenbeek 980dfca717 [1.8.x] Fixed #24366 -- Optimized traversal of large migration dependency graphs.
Switched from an adjancency list and uncached, iterative depth-first
search to a Node-based design with direct parent/child links and a
cached, recursive depth-first search. With this change, calculating
a migration plan for a large graph takes several seconds instead of
several hours.

Marked test `migrations.test_graph.GraphTests.test_dfs` as an expected
failure due to reaching the maximum recursion depth.

Backport of 78d43a5e10 from master
2015-02-23 12:55:43 +01:00
Aymeric Augustin c564033408 [1.8.x] Fixed #24389 -- Isolated the CSRF view from the TEMPLATES setting.
Thanks uranusjr for the report and analysis.

Backport of 88a5f17 from master
2015-02-22 15:47:11 +01:00
Michael Angeletti 1feeefe918 [1.8.x] Fixed #24376 -- added verbose_name arg to UUIDField
Backport of ea3168dc6c from master
2015-02-21 14:26:47 -05:00
Aymeric Augustin 481d3bd617 [1.8.x] Removed obsolete reference to media directory.
Backport of 787dd6519a from master
2015-02-21 13:08:15 -05:00
Aymeric Augustin 82e323167d [1.8.x] Removed workaround for SVN limitations.
In addition to simplifying the code, this reduces the number of writes.

Backport of bd059e3f8c from master
2015-02-21 13:07:59 -05:00
Aymeric Augustin de3bda9cd3 [1.8.x] [1.8.x] Avoided collecting admin static files in tests.
This makes the staticfiles tests 2.5 times faster.

Backport of 2bb5b0e098 from master

Backport of bd059e3f8c from master
2015-02-21 13:07:42 -05:00
Aymeric Augustin 5c02c75068 [1.8.x] Removed TestServeAdminMedia.
It should have been removed when the ADMIN_MEDIA_PREFIX setting was deprecated.

Backport of 1d9d39fa1c from master
2015-02-21 13:05:11 -05:00
Loic Bistuer 850b2ca794 Removed zombie file again.
Refs 5355baf6c7.
2015-02-21 22:34:00 +07:00
Loic Bistuer 1b73c764d4 Fixed a couple of allow_migrate routers in tests.
This reverts commit 88e6fbb2e3.
2015-02-21 21:44:05 +07:00
foresmac 3207fcd0a0 [1.8.x] Fixed #24341 -- Added specific error messages to RangeField subclasses
Backport of 1d1d5d1c31 from master
2015-02-20 16:50:41 -05:00
Tim Graham 88e6fbb2e3 Silenced a deprecation warning in commands_sql test. 2015-02-20 13:24:29 -05:00
Tim Graham 5355baf6c7 Removed an inadvertently added test directory. 2015-02-20 13:16:42 -05:00
Anssi Kääriäinen 6f03a4ca91 [1.8.x] Fixed #24328 -- cleaned up Options._get_fields() implementation
Backport of bad5f262bf from master
2015-02-20 13:11:59 -05:00
Loic Bistuer 3a6c37fce4 [1.8.x] Fixed #24351, #24346 -- Changed the signature of allow_migrate().
The new signature enables better support for routing RunPython and
RunSQL operations, especially w.r.t. reusable and third-party apps.

This commit also takes advantage of the deprecation cycle for the old
signature to remove the backward incompatibility introduced in #22583;
RunPython and RunSQL won't call allow_migrate() when when the router
has the old signature.

Thanks Aymeric Augustin and Tim Graham for helping shape up the patch.

Refs 22583.

Conflicts:
	django/db/utils.py

Backport of bed504d70b from master
2015-02-20 21:55:50 +07:00
Marc Tamlyn b6ef67d752 [1.8.x] Fixed #24373 -- Added run_validators to ArrayField.
Thanks to DavidMuller for the report.

Backport of c490e410af from master
2015-02-20 11:53:17 +00:00
Marc Tamlyn 3886338c1d [1.8.x] Update converters to take a consistent set of parameters.
As suggested by Anssi. This has the slightly strange side effect of
passing the expression to Expression.convert_value has the expression
passed back to it, but it allows more complex patterns of expressions.

Backport of 32d4db66b9 from master
2015-02-20 11:47:48 +00:00
Marc Tamlyn c54d73ae01 [1.8.x] Fixed #24343 -- Ensure db converters are used for foreign keys.
Joint effort between myself, Josh, Anssi and Shai.

Conflicts:
	django/db/models/query.py
	tests/model_fields/models.py

Backport of 4755f8fc25 from master.
2015-02-20 11:46:57 +00:00
Alex Vidal 82f39bfb1a [1.8.x] Fixed typo in django.core.servers.basehttp message.
Backport of e467919c63 from master
2015-02-19 19:37:22 -05:00
Aymeric Augustin cc4effba0b [1.8.x] Set context.template instead of context.engine while rendering.
This opens more possibilities, like accessing context.template.origin.

It also follows the chain of objects instead of following a shortcut.

Backport of 1bfcc95 from master
2015-02-19 22:10:56 +01:00
Claude Paroz 84e7fec88d [1.8.x] Fixed #20889 -- Prevented BadHeaderError when Python inserts newline
Workaround for http://bugs.python.org/issue20747.
In some corner cases, Python 2 inserts a newline in a header value
despite `maxlinelen` passed in Header constructor.
Thanks Tim Graham for the review.
Backport of efb1f99f94 from master.
2015-02-19 20:19:38 +01:00
Shai Berger 66d37e593c [1.8.x] Fixed #24307: Avoided redundant column nullability modifications on Oracle
Thanks Joris Benschop for the report, and Tim Graham for the tests.

Backport of ceadc94f09 from master
2015-02-19 02:44:08 +02:00