Commit Graph

3830 Commits

Author SHA1 Message Date
Aymeric Augustin 5278776a88 Merge pull request #751 from bmispelon/ticket-6271 2013-02-23 07:47:58 -08:00
Vladimir A Filonov f49e9a517f Fixed #17906 - Autoescaping {% cycle %} and {% firstof %} templatetags.
This commit adds "future" version of these two tags with auto-escaping
enabled.
2013-02-23 16:16:39 +01:00
Tomek Paczkowski 3dddbc0f23 Fixed #19816: pre-evaluate queryset on m2m set
In ReverseManyRelatedObjectsDescriptor.__set__, evaluate possible
queryset to avoid problems when clear() would touch data this queryset
returns.
2013-02-23 15:50:33 +01:00
Baptiste Mispelon 069280a689 Used token.split_contents() for tokenisation in template tags accepting variables.
Fixed #6271, #18260.
2013-02-23 15:15:30 +01:00
Erik Romijn 21f333bcef Fix #17751: Added stripping of whitespace for IPAddressField/GenericIPAddressField 2013-02-23 14:44:57 +01:00
Claude Paroz 7ec2a21be1 Fixed #19686 -- Added HTML5 number input type
Thanks Simon Charette for his help on the patch. Refs #16630.
2013-02-23 10:18:08 +01:00
Anssi Kääriäinen dcf651c27e Fixed Oracle specific failures in commands_sql tests 2013-02-23 01:08:48 +02:00
Anssi Kääriäinen f565c6f999 Marked a test as expected failure. Refs #19884 2013-02-23 00:33:02 +02:00
Anssi Kääriäinen 88c726bea0 Skipped a test on Oracle 2013-02-23 00:33:02 +02:00
Anssi Kääriäinen 09fcb70c80 Fixed empty strings + to_field regression on Oracle
Querying the reverse side of nullable to_field relation, where both
sides can contain null values resulted in incorrect results. The reason
was not detecting '' as NULL.

Refs #17541
2013-02-23 00:05:31 +02:00
Baptiste Mispelon f13bfbec70 Fixed #19882 -- Smarter tokenizing of {% for %} tag arguments. 2013-02-22 19:19:33 +01:00
Anssi Kääriäinen 3c6318e831 Fixed #19870 -- Regression in select_related in inheritance cases
There was a regression in case two models inherited the same parent,
and one contained a foreign key to other. When select_related travelled
the foreign key the other model reused the parent join made by the
first model. This was likely caused by Query.join_parent_model()
addition in commit 68985db482.

Thanks to Trac alias loic84 for report & tests.
2013-02-21 12:01:23 +02:00
Anssi Kääriäinen 50677b29af Made a couple of selenium tests wait for page loaded
The admin_widgets tests were issuing click() to the browser but
didn't wait for the effects of those clicks. This caused the resulting
request to be processed concurrently with the test case. When using
in-memory SQLite this caused weird failures.

Also added wait_page_loaded() to admin selenium tests for code
reuse.

Fixed #19856
2013-02-20 23:56:57 +02:00
Anssi Kääriäinen e8fc3f3783 Added a test for negated Q object querying
The added test is from the patch in ticket #19672 (written by Ian
Kelly). Fixed #19672, refs #19849.
2013-02-20 21:45:36 +02:00
Anssi Kääriäinen edf93127bf Removed join() promote kwarg
The join promote=True was over-aggressive in select_related handling.
After that was removed, the only other user was query.combine(). That
use case is very easy to handle locally, so there is no more need for
the join(promote=True) flag.

Refs #19849.
2013-02-20 21:43:44 +02:00
Anssi Kääriäinen 3fef304ff2 Refactored negated IS NULL handling
This one cleaned up add_filter() negated filter generation. As a side
effect split_exclude() was cleaned up, too.

Refs #19849
2013-02-20 21:34:01 +02:00
Alex Gaynor b55cde054e Added a db_constraint option to ForeignKeys.
This controls whether or not a database level cosntraint is created. This is useful in a few specialized circumstances, but in general should not be used!
2013-02-20 11:27:32 -08:00
Claude Paroz ae2d04f726 Add test for collapsible fieldset functionality in admin 2013-02-20 13:48:49 +01:00
Aymeric Augustin 35c991aa06 Added a default limit to the maximum number of forms in a formset.
This is a security fix. Disclosure and advisory coming shortly.
2013-02-19 11:23:30 -07:00
Carl Meyer 1f39eafd60 Checked object permissions on admin history view.
This is a security fix. Disclosure and advisory coming shortly.

Patch by Russell Keith-Magee.
2013-02-19 11:23:30 -07:00
Carl Meyer c6d69c12ea Restrict the XML deserializer to prevent network and entity-expansion DoS attacks.
This is a security fix. Disclosure and advisory coming shortly.
2013-02-19 11:23:30 -07:00
Carl Meyer d51fb74360 Added a new required ALLOWED_HOSTS setting for HTTP host header validation.
This is a security fix; disclosure and advisory coming shortly.
2013-02-19 11:23:29 -07:00
Anssi Kääriäinen 4b9fa49bc0 Avoided related_name conflicts in tests 2013-02-19 03:13:13 +02:00
Anssi Kääriäinen 607772b942 Removed accidentally committed file 2013-02-19 01:55:40 +02:00
Florian Hahn 3e71368423 Fixed #10870 -- Added aggreation + generic reverse relation test 2013-02-19 01:42:02 +02:00
Anssi Kääriäinen b4492a8ca4 Fixed #19837 -- Refactored split_exclude() join generation
The refactoring mainly concentrates on making sure the inner and outer
query agree about the split position. The split position is where the
multijoin happens, and thus the split position also determines the
columns used in the "WHERE col1 IN (SELECT col2 from ...)" condition.

This commit fixes a regression caused by #10790 and commit
69597e5bcc. The regression was caused
by wrong cols in the split position.
2013-02-19 01:10:49 +02:00
Aymeric Augustin aea98e8c53 Simplified MySQL version checking.
Django used to check the version of MySQL before handling the first
request, which required:
- opening a connection
- closing it, to avoid holding it idle until the first request.

This code isn't necessary any longer since Django dropped support for
some versions of MySQL, and other database backends don't implement a
similar dance. For consistency and maintenability, remove it.

Reverts 4423757c0c.

Closes #18135.
2013-02-18 21:46:26 +01:00
Aymeric Augustin 92837ae569 Avoided firing the request_finished signal in tests.
* Avoided calling BaseHttpResponse.close(). The test client take care of
  that since acc5396e.
* Disconnected the request_finished signal when this method must be
  called. The test client has a similar implementation since bacb097a.
2013-02-18 14:32:45 +01:00
Claude Paroz 632361611c Fixed #19833 -- Fixed import parameter encoding in get_runner
Thanks Danilo Bargen for the report.
2013-02-16 13:31:13 +01:00
Aymeric Augustin e74e207cce Fixed #17260 -- Added time zone aware aggregation and lookups.
Thanks Carl Meyer for the review.

Squashed commit of the following:

commit 4f290bdb60
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Wed Feb 13 21:21:30 2013 +0100

    Used '0:00' instead of 'UTC' which doesn't always exist in Oracle.

    Thanks Ian Kelly for the suggestion.

commit 01b6366f3c
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Wed Feb 13 13:38:43 2013 +0100

    Made tzname a parameter of datetime_extract/trunc_sql.

    This is required to work around a bug in Oracle.

commit 924a144ef8
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Wed Feb 13 14:47:44 2013 +0100

    Added support for parameters in SELECT clauses.

commit b4351d2890
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Mon Feb 11 22:30:22 2013 +0100

    Documented backwards incompatibilities in the two previous commits.

commit 91ef84713c
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Mon Feb 11 09:42:31 2013 +0100

    Used QuerySet.datetimes for the admin's date_hierarchy.

commit 0d0de288a5
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Mon Feb 11 09:29:38 2013 +0100

    Used QuerySet.datetimes in date-based generic views.

commit 9c0859ff7c
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 21:43:25 2013 +0100

    Implemented QuerySet.datetimes on Oracle.

commit 68ab511a4f
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 21:43:14 2013 +0100

    Implemented QuerySet.datetimes on MySQL.

commit 22d52681d3
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 21:42:29 2013 +0100

    Implemented QuerySet.datetimes on SQLite.

commit f6800fd04c
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 21:43:03 2013 +0100

    Implemented QuerySet.datetimes on PostgreSQL.

commit 0c829c23f4
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 21:41:08 2013 +0100

    Added datetime-handling infrastructure in the ORM layers.

commit 104d82a777
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Mon Feb 11 10:05:55 2013 +0100

    Updated null_queries tests to avoid clashing with the __second lookup.

commit c01bbb3235
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 23:07:41 2013 +0100

    Updated tests of .dates().

    Replaced .dates() by .datetimes() for DateTimeFields.
    Replaced dates with datetimes in the expected output for DateFields.

commit 50fb7a5246
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 21:40:09 2013 +0100

    Updated and added tests for QuerySet.datetimes.

commit a8451a5004
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 22:34:46 2013 +0100

    Documented the new time lookups and updated the date lookups.

commit 29413eab2b
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 16:15:49 2013 +0100

    Documented QuerySet.datetimes and updated QuerySet.dates.
2013-02-16 09:19:04 +01:00
Claude Paroz b19d83fc12 Improved input sanitizing with thousand separators
For languages with non-breaking space as thousand separator,
standard space input should also be allowed, as few people know
how to enter non-breaking space on keyboards. Refs #17217.
Thanks Alexey Boriskin for the report and initial patch.
2013-02-15 16:37:52 +01:00
Claude Paroz dcf8cd30ae Updated FormattingTests test case to use settings contexts 2013-02-15 09:37:12 +01:00
Julien Phalip 7d5e35cdb4 Fixed #19829 -- Fixed index lookups for NumPy arrays in templates. 2013-02-14 23:29:15 -08:00
Michael van Tellingen 138de533ff Fixed #19819 - Improved template filter errors handling.
Wrap the Parser.compile_filter method call with a try/except and call the
newly added Parser.compile_filter_error(). Overwrite this method in the
DebugParser to throw the correct error.

Since this error was otherwise catched by the compile_function try/except
block the debugger highlighted the wrong line.
2013-02-14 10:22:59 +01:00
Claude Paroz ac4faa6dc3 Fixed #19693 -- Made truncatewords_html handle self-closing tags
Thanks sneawo for the report and Jonathan Loy for the patch.
2013-02-13 18:24:49 +01:00
Hiroki Kiyohara e94f405d94 Fixed #18558 -- Added url property to HttpResponseRedirect*
Thanks coolRR for the report.
2013-02-13 10:29:32 +01:00
Anssi Kääriäinen fafee74306 Removed try-except in django.db.close_connection()
The reason was that the except clause needed to remove a connection
from the django.db.connections dict, but other parts of Django do not
expect this to happen. In addition the except clause was silently
swallowing the exception messages.

Refs #19707, special thanks to Carl Meyer for pointing out that this
approach should be taken.
2013-02-13 00:25:09 +02:00
Simon Charette a10f390804 Fixed #19044 -- Made `DeletionMixin` interpolate its `success_url`.
Thanks to nxvl and slurms for the initial patch, ptone for the review
and timo for the documentation tweaks.
2013-02-11 02:39:14 -05:00
Anssi Kääriäinen 604d8763dc Fixed #19112 -- Reduced the amount of query params in a test 2013-02-10 21:08:19 +02:00
Anssi Kääriäinen 8ef3235034 Fixed #19720 -- Oracle ordering related delete regression
When a query had a complex where condition (a condition targeting more
than the base table) a subquery was used for deletion. However, the
query had default ordering from the model's meta and Oracle doesn't
work with ordered subqueries.

The regression was caused by fast-path deletion code introduced in
1cd6e04cd4 for fixing #18676.

Thanks to Dylan Klomparens for the report.
2013-02-10 19:54:02 +02:00
Anssi Kääriäinen a4e97cf315 Fixed #19707 -- Reset transaction state after requests 2013-02-10 13:55:54 +02:00
Claude Paroz 718afcafc2 Added tests for some sql_* management commands 2013-02-09 16:34:22 +01:00
Claude Paroz f44922c795 Fixed #18906 -- Ignored to-be-deleted forms in formset validate_unique
Thanks c.pollock at bangor.ac.uk for the report.
2013-02-08 21:35:19 +01:00
Julien Phalip db09a2de6e Cleaned up some lingering signals in the test suite that were causing spurious failures with Pypy and Postgres. 2013-02-08 12:12:03 -08:00
Ramiro Morales b5391515cd Changed test assertion strategy used in 04d9730. 2013-02-07 16:51:27 -03:00
Ramiro Morales 04d9730b12 Fixed #13085 -- Don't fail on creation of model with GFK to a model with __len__() returning zero.
Also, according to the comments on the ticket and its duplicates, added
tests execising saving an instance of a model with a GFK to:

* An unsaved object -- This actually doesn't generate the same failure
  but another ORM-level exception. The test verifies it's the case.

* An instance of a model with a __nonzero__() method thant returns False
  for it. This doesn't fail because that code path isn't executed.

* An instance of a model with a CharField PK and an empty value for it.
  This doesn't fail.
2013-02-07 16:05:54 -03:00
Aymeric Augustin 720888a146 Fixed #15808 -- Added optional HttpOnly flag to the CSRF Cookie.
Thanks Samuel Lavitt for the report and Sascha Peilicke for the patch.
2013-02-07 09:48:08 +01:00
Julien Phalip 6afc85af47 Fixed a typo in the test suite that was causing some spurious failures with pypy. 2013-02-06 22:10:13 -08:00
Alexey Boriskin d18f796a48 Fixed #19704 -- Make use of new ungettext_lazy function at appropriate places 2013-02-06 22:01:55 +01:00
Claude Paroz d7504a3d7b Improved regex in strip_tags
Thanks Pablo Recio for the report. Refs #19237.
2013-02-06 21:20:43 +01:00