p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
13,889 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

13889 Commits

Author SHA1 Message Date
Florian Apolloner 4770fc1c62 [1.5.x] (Hopefully) fixed a failure in a selenium test. 
No forward port to 1.6 since it has new transactionmanagement. The
wait_page_loaded should ensure that the liveserver has time to tear
down properly after the submit.
 2013-09-15 10:44:29 +02:00
James Bennett 4607c7325d [1.5.x] Add release notes and bump version numbers for 1.5.4 security release. 2013-09-15 00:29:31 -06:00
Russell Keith-Magee 22b74fa09d [1.5.x] Ensure that passwords are never long enough for a DoS. 
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
 * Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.

Backport of aae5a96d57 from master.
 2013-09-15 13:48:15 +08:00
Minjong Chung e66fe357b2 Fixed #21102 -- pickling a QuerySet with prefetches twice 
Fixed the bug that a QuerySet that prefetches related objects cannot be
pickled and unpickled more than once (The second pickling attempt
raises an exception).

Added a new test for the queryset pickling idempotency.

The bug was introduced by
bac187c0d8.
 2013-09-14 10:03:03 +03:00
Goetz dbc2e8eb73 [1.5.x] Fixed #21101 -- Updated urlize documentation to mention email addresses 
Backport of 39b49fd339 from master
 2013-09-13 12:42:47 -04:00
Tim Graham 61de57260b [1.5.x] Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.auth 
Thanks Collin Anderson for the report.

Backport of 425d076d0c from master
 2013-09-13 09:40:15 -04:00
Tim Graham 7cfb5243f1 [1.5.x] Fixed #21094 -- Updated reuseable apps tutorial to use pip for installation. 
Thanks ylb415 at gmail.com for the suggestion.

Backport of e4aab1bb8d from master
 2013-09-13 09:30:20 -04:00
Kevin Christopher Henry 61867e226d [1.5.x] Documentation -- added instructions on working with pull requests 
Since non-core contributors are asked to review patches, instructions
on working with pull requests were added to the Working with Git and
GitHub page (based on the existing instructions in the core
committers page).

Backport of 990ce9aab9 from master
 2013-09-13 08:27:28 -04:00
Tim Graham 169594f5ae [1.5.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH. 
Thanks EvilDMP for the report and Russell Keith-Magee
for the draft text.

Backport of da843e7dba from master
 2013-09-11 08:18:52 -04:00
Kevin Christopher Henry 2a7d3030f9 [1.5.x] Documentation -- Improved description of cache arguments 
- Fixed some grammar and formatting mistakes
- Added the type and default for CULL_FREQUENCY
- Made the note on culling the entire cache more precise. (It's actually
  slower on the filesystem backend.)

Backport of 5eca021d48 from master
 2013-09-11 07:43:29 -04:00
Tim Graham 91a073a337 [1.5.x] Bump version post-release. 2013-09-11 07:04:04 -04:00
James Bennett 0a34f39759 [1.5.x] Bump version numbers for 1.5.3 security release. 2013-09-10 20:25:27 -05:00
Tim Graham 42e8fabb59 [1.5.x] Added 1.4.7/1.5.3 release notes 
Backport of baec6a26dd from master
 2013-09-10 21:08:34 -04:00
Tim Graham 988b61c550 [1.5.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths. 
Thanks Rainer Koirikivi for the report and draft patch.

This is a security fix; disclosure to follow shortly.

Backport of 7fe5b656c9 from master
 2013-09-10 21:05:03 -04:00
oz123 693ebff1a4 [1.5.x] Fixed #21075 - Improved doc for calling call_command with arguments. 
Backport of fca4c4826e from master
 2013-09-10 09:18:20 -04:00
Садовский Николай aa50b7e837 [1.5.x] Fixed #20707 -- Added explicit quota assignment to Oracle test user 
To enable testing on Oracle 12c
 2013-09-09 13:07:39 +03:00
Tim Graham 9d3a66aa9f [1.5.x] Fixed #20005 -- Documented that Oracle databases need execute permission on SYS.DBMS_LOB. 
Thanks jafula for the suggestion.

Backport of a86ecc80a2 from master
 2013-09-07 14:01:10 -04:00
Keith Edmiston 37587624bf [1.5.x] Fixed #16992 -- Added InnoDB warning regarding reuse of AUTO_INCREMENT values. 
Thanks kent at nsc.liu.se for the report.

Backport of c54fa1a7bc from master
 2013-09-07 12:17:01 -04:00
Keith Edmiston afc624cab0 [1.5.x] Fixed #19295 -- Documented that CachedStaticFilesStorage isn't compatible with runserver --insecure. 
Backport of 028db97503 from master
 2013-09-06 17:31:04 -04:00
Tim Graham 5d029f2222 [1.5.x] Fixed #20646 -- Clarified the use of AbstractBaseUser.REQUIRED_FIELDS 
Thanks craigbruce.

Backport of db3de52807 from master
 2013-09-06 16:06:51 -04:00
micahhausler e62f391022 [1.5.x] Fixed #21047 -- Added CLA mesage on the new contributor advice doc 
Backport of 93dd31cadf from master
 2013-09-05 17:55:09 -04:00
Tim Graham d6b11b0abb [1.5.x] Fixed #20900 -- Documented RemoteUserBackend.authenticate 
Backport of 7b62b80693 from master
 2013-09-05 06:32:55 -04:00
Claude Paroz 406fd9f97f Fixed #19211 -- Adapted tutorial for Python 3 
Backport of 7cc3acbb7 from master.
 2013-09-05 08:53:24 +02:00
Tim Graham 8f4552adf1 [1.5.x] Fixed #20958 -- Documented that GenericForeignKey fields can't be accessed in forms. 
Thanks marky1991.

Backport of 533d1ab334 from master
 2013-09-04 13:19:46 -04:00
Tim Graham bc78ffa270 [1.5.x] Fixed #21002 -- Documented JSON session serialization requires string keys 
Thanks jeroen.pulles at redslider.net for the report.

Backport of 3baf1d1042 from master.
 2013-09-04 10:55:33 -04:00
Loic Bistuer c9a021b042 [1.5.x] Made the doc about translating string literals in templates more prominent. 
Backport of 9885f07757 from master
 2013-08-31 09:52:49 -04:00
Jorge C. Leitão 6f44ef16cb [1.5.x] Added links to file docs. 
Backport of d72f83c410 from master
 2013-08-29 12:49:32 -04:00
Phaneendra Chiruvella 50d9bed1d5 [1.5.x] Minor spelling correction in ModelForms docs 
Backport of 2fbf949760 from master
 2013-08-28 07:12:43 -04:00
Krzysztof Jurewicz d3b7b6a7a4 [1.5.x] Fixed #20981 -- Noted the default value of disable_existing_loggers. 
Backport of 095643e691 from master
 2013-08-27 10:27:49 -04:00
Jan Böcker 98635f2a0e [1.5.x] Fixed typo in docs/topics/conditional-view-processing.txt 
Backport of 5fd2c979cb from master
 2013-08-27 09:22:51 -04:00
Ramiro Morales 5547ba743c [1.5.x] Typos introduced in 57c82f909b. 2013-08-22 22:35:10 -03:00
Tim Graham 616a4d385a [1.5.x] Fixed #20922 -- Allowed customizing the serializer used by contrib.sessions 
Added settings.SESSION_SERIALIZER which is the import path of a serializer
to use for sessions.

Thanks apollo13, carljm, shaib, akaariai, charettes, and dstufft for reviews.

Backport of b0ce6fe656 from master
 2013-08-22 17:49:11 -04:00
Kevin Christopher Henry 1b236048b9 [1.5.x] Documentation -- Clarified use of 'view' in test client introduction. 
Backport of 2e926b041c from master
 2013-08-22 09:39:21 -04:00
Marc Tamlyn 3b32b1544f [1.5.x] Fixed #20944 -- Removed inaccurate statement about View.dispatch(). 
Backport of bac4d03ce6 from master
 2013-08-22 09:21:41 -04:00
Ramiro Morales 9a7d59e8c7 [1.5.x] Made description of LANGUAGE_CODE setting more clear. 
297f5af222 from master.
 2013-08-22 08:34:19 -03:00
Kevin Christopher Henry bbe2ad3e38 [1.5.x] Documentation - Noted that OneToOneField doesn't respect unique. 
Added OneToOneField to the list of model fields for which the unique
argument isn't valid. (OneToOneFields are inherently unique, and if
the user supplies a value for unique it is ignored / overwritten.)
 2013-08-20 21:21:40 -07:00
Aymeric Augustin adf70506b9 [1.5.x] Fixed a rest mistake I introduced in d5ce2ff. 
Backport of 753edfa4b5 from master
 2013-08-15 13:09:28 -04:00
Erik Romijn 2b750fff56 [1.5.x] Fixed #20444 -- Cookie-based sessions does not include a remote code execution-warning 
Backport of d5ce2ff5e4 from master
 2013-08-15 12:21:14 -04:00
Tim Graham cb2fee567f [1.5.x] Fixed link in 1.5.2 release notes 2013-08-14 13:11:58 -04:00
Tim Graham 3a829bf75a [1.5.x] Added some doc links for django.contrib.messages 
Backport of b6178fa24b from master
 2013-08-14 13:05:30 -04:00
Jacob Kaplan-Moss f24ae3373b Bump version post-release. 2013-08-13 12:17:27 -05:00
Tim Graham 5fdd6af1eb Added 1.4.6/1.5.2 release notes. 2013-08-13 11:17:17 -05:00
Jacob Kaplan-Moss bebbb611a8 Bumped version numbers for 1.5.2. 2013-08-13 11:10:05 -05:00
Jacob Kaplan-Moss 90363e388c Apply autoescaping to AdminURLFieldWidget. 
This is a security fix; disclosure to follow shortly.
 2013-08-13 11:04:21 -05:00
Jacob Kaplan-Moss 1a274ccd6b Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S. 
This is a security fix; disclosure to follow shortly.
 2013-08-13 11:03:49 -05:00
Tim Graham a2286ac964 [1.5.x] Added missing release notes for older versions of Django 
Backport of 3f6cc33cff from master
 2013-08-12 14:10:21 -04:00
Tim Graham 9e2a2c491b [1.5.x] Fixed #20890 -- Added missing import in class-based view docs. 
Thanks André Augusto.

Backport of ab680725bf from master
 2013-08-10 18:08:33 -04:00
Tim Graham 12edced1de [1.5.x] Fixed #20868 -- Added an email to django-announce as a security step. 
Thanks garrison for the report.

Backport of 5737c57d95 from master
 2013-08-09 16:02:57 -04:00
Tim Graham 70cf70ad21 [1.5.x] Added an anchor for django.forms.Form.clean in docs 
Backport of 8442268869 from master
 2013-08-08 14:14:20 -04:00
Jaime Irurzun d8dc2b123d [1.5.x] Clarified meaning of models.User.is_authenticated() 
Backport of f96fe3cd1e from master
 2013-08-08 10:27:48 -04:00