Commit Graph

22217 Commits

Author SHA1 Message Date
Aymeric Augustin 7f6fbc906a Prevented static file corruption when URL fragment contains '..'.
When running collectstatic with a hashing static file storage backend,
URLs referencing other files were normalized with posixpath.normpath.
This could corrupt URLs: for example 'a.css#b/../c' became just 'c'.

Normalization seems to be an artifact of the historical implementation.
It contained a home-grown implementation of posixpath.join which relied
on counting occurrences of .. and /, so multiple / had to be collapsed.

The new implementation introduced in the previous commit doesn't suffer
from this issue. So it seems safe to remove the normalization.

There was a test for this normalization behavior but I don't think it's
a good test. Django shouldn't modify CSS that way. If a developer has
rendundant /s, it's mostly an aesthetic issue and it isn't Django's job
to fix it. Conversely, if the user wants a series of /s, perhaps in the
URL fragment, Django shouldn't destroy it.

Refs #26249.
2016-02-23 19:35:16 +01:00
Aymeric Augustin 706b33fef8 Fixed #26249 -- Fixed collectstatic crash for files in STATIC_ROOT referenced by absolute URL.
collectstatic crashed when:

* a hashing static file storage backend was used
* a static file referenced another static file located directly in
  STATIC_ROOT (not a subdirectory) with an absolute URL (which must
  start with STATIC_URL, which cannot be empty)

It seems to me that the current code reimplements relative path joining
and doesn't handle edge cases correctly. I suspect it assumes that
STATIC_URL is of the form r'/[^/]+/'.

Throwing out that code in favor of the posixpath module makes the logic
easier to follow. Handling absolute paths correctly also becomes easier.
2016-02-23 19:34:21 +01:00
Tim Graham c62807968d Fixed a stray __unicode__() method in auth_tests. 2016-02-23 13:20:50 -05:00
Andrew Kuchev e81d1c995c Fixed #25670 -- Allowed dictsort to sort a list of lists.
Thanks Tim Graham for the review.
2016-02-23 12:15:08 -05:00
Tim Graham cdbd8745f6 Fixed #26263 -- Deprecated Context.has_key() 2016-02-23 08:08:55 -05:00
Claude Paroz 269b5f262c Used call_command return value in staticfiles tests
Refs #26190.
2016-02-23 09:12:12 +01:00
Claude Paroz b46c0ea6c8 Fixed #26190 -- Returned handle() result from call_command
Thanks Tim Graham for the review.
2016-02-23 09:12:12 +01:00
Tim Graham 47b5a6a43c Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS. 2016-02-22 18:59:23 -05:00
Markus Holtermann b14470c7b7 Fixed spelling error 2016-02-23 10:24:38 +11:00
Tim Graham 5a541e2e6c Fixed #26188 -- Documented how to wrap password hashers. 2016-02-22 17:21:45 -05:00
Tim Graham 33a4040d07 Refs #26253 -- Forwardported release note. 2016-02-22 17:19:08 -05:00
Daniel Quinn de7edc005f Fixed import location of check_password() in docs. 2016-02-22 12:42:47 -05:00
Claude Paroz d43156e1e9 Fixed #26238 -- Raised explicit error for non-editable field in ModelForm
Thanks Luke Crouch for the report and Simon Charette for the review.
2016-02-21 00:24:20 +01:00
Akshesh 6670da75ff Fixed #25653 -- Made --selenium run only the selenium tests. 2016-02-19 14:21:00 -05:00
Tim Graham 032f5a7896 Refs #25735 -- Made @tag decorator importable from django.test. 2016-02-19 14:21:00 -05:00
haxoza 375e1cfe2b Fixed #25349 -- Allowed a ModelForm to unset a fields with blank=True, required=False. 2016-02-19 14:18:53 -05:00
Raphael Michel 5c31d8d189 Fixed #26243 -- Noted that 'python -R' is enabled by default in Python 3.3. 2016-02-19 10:50:15 -05:00
Sergey Fedoseev 23e1ad537a Fixed #25974 -- Switched GIS docs to 4 spaces indentation. 2016-02-19 09:27:32 -05:00
Sergey Fedoseev dbaa1a6b59 Fixed some code blocks indentation in GIS docs. 2016-02-19 08:34:38 -05:00
Tim Graham b1afebf882 Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator.
Thanks Shai Berger for the review.
2016-02-18 19:06:49 -05:00
Akshesh d58aaa24e3 Fixed #26107 -- Added option to int_list_validator() to allow negative integers. 2016-02-18 18:58:18 -05:00
Tim Graham b954ad0640 Added intended use in the admin's introduction. 2016-02-18 08:50:22 -05:00
Tim Graham 70d3f81ca4 Fixed #26233 -- Fixed invalid reSt in models.Q docstring. 2016-02-18 08:45:55 -05:00
Tim Graham 8fc0fe1ef4 Fixed flake8 typo. 2016-02-17 14:00:54 -05:00
Akshesh fdccc02576 Fixed #26219 -- Fixed crash when filtering by Decimal in RawQuery. 2016-02-17 13:56:42 -05:00
Tim Graham 88034c9938 Fixed #25687 -- Documented how to add database function support to third-party backends.
Thanks Kristof Claes for the initial patch.
2016-02-17 13:36:12 -05:00
Berker Peksag f0425c7260 Refs #19353 -- Added tests for using custom user models with built-in auth forms.
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.

Thanks Baptiste Mispelon for the initial documentation.
2016-02-17 10:26:07 -05:00
Jakub Paczkowski d4dc775620 Fixed #25735 -- Added support for test tags to DiscoverRunner.
Thanks Carl Meyer, Claude Paroz, and Simon Charette for review.
2016-02-17 09:44:18 -05:00
Jon Dufresne 0db7e61076 Followed recommended ValidationError use in docs. 2016-02-17 09:05:33 -05:00
Juan José Conti bb7042cdab Used relative models imports in the GIS tutorial. 2016-02-16 23:24:29 -05:00
Claude Paroz 928c12eb1a Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values
Also added tests for HStoreField and JSONField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
2016-02-16 21:07:05 +01:00
F. Malina b09b71bf34 Updated my entry in AUTHORS. 2016-02-16 10:53:50 -05:00
Tim Graham 6a71ac61bd Fixed possible "RuntimeError: maximum recursion depth exceeded" building docs. 2016-02-16 07:30:32 -05:00
Ryan Nowakowski 11af73eaeb Fixed #26221 -- Used find_packages() in reusable apps tutorial.
Otherwise the migrations package won't be included in the tarball.
2016-02-15 19:25:26 -05:00
Berker Peksag 043383e3f3 Fixed #24727 -- Prevented ClearableFileInput from masking exceptions on Python 2 2016-02-15 22:51:46 +02:00
Tim Graham 7424ad0774 Added get_subprocess_args() function to runtests.py 2016-02-15 13:53:59 -05:00
Alexey Kotlyarov b59f963ad2 Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable. 2016-02-15 11:44:29 -05:00
Tim Graham 1ac7fdcd13 Refs #25304 -- Added assertion for Command.requires_migrations_checks default. 2016-02-15 09:39:55 -05:00
Berker Peksag b17a9150a0 Fixed #26126 -- Fixed transient failure of test_max_age_expiration 2016-02-15 09:26:17 -05:00
Jon Dufresne dec334cb66 Fixed #26193 -- Made urlize() trim multiple trailing punctuation. 2016-02-15 09:10:15 -05:00
Jon Dufresne fcd08c1757 Fixed #11665 -- Made TestCase check deferrable constraints after each test. 2016-02-13 06:53:39 -05:00
Camilo Nova a6f856df52 Added import in docs/topics/email.txt example. 2016-02-12 13:44:38 -05:00
Mounir Messelmeni 50931dfa53 Fixed #25304 -- Allowed management commands to check if migrations are applied. 2016-02-12 13:34:56 -05:00
Tim Graham 004ba0f99e Removed unneeded hint=None/obj=None in system check messages. 2016-02-12 13:01:25 -05:00
Tim Graham 36f1f5cfb0 Refs #25979 -- Dropped compatiblity for running tests on PostgreSQL < 9.2. 2016-02-12 09:59:13 -05:00
Markus Holtermann 18afd50a2b Updated allow_migrate() signature in check framework tests 2016-02-12 14:31:27 +11:00
Markus Holtermann 228427ab1a Fixed allow_migrate() signature in documentation 2016-02-12 14:16:03 +11:00
Johannes Linke 02430ef19d Fixed #26111 -- Clarified that fixtures are loaded once per TestCase. 2016-02-11 18:45:40 -05:00
Becka R cf48962b36 Clarified "database column type" explanation. 2016-02-11 18:26:46 -05:00
François Freitag 16a88b4429 Fixed #26209 -- Masked sensitive settings in debug reports regardless of case. 2016-02-11 18:13:03 -05:00