Commit Graph

5315 Commits

Author SHA1 Message Date
Erik Romijn 34526c2f56 [1.7.x] Fixed queries that may return unexpected results on MySQL due to typecasting.
This is a security fix. Disclosure will follow shortly.

Backport of 75c0d4ea3a from master
2014-04-21 18:29:39 -04:00
Aymeric Augustin 380545bf85 [1.7.x] Prevented leaking the CSRF token through caching.
This is a security fix. Disclosure will follow shortly.

Backport of c083e3815a from master
2014-04-21 18:29:24 -04:00
Tim Graham 546740544d [1.7.x] Fixed a remote code execution vulnerabilty in URL reversing.
Thanks Benjamin Bach for the report and initial patch.

This is a security fix; disclosure to follow shortly.

Backport of 8b93b31487 from master
2014-04-21 18:29:12 -04:00
Florian Apolloner d7de6ed07e [1.7.x] Fixed monkeypatching in a staticfiles test.
Backport of a4553e0510 from master
2014-04-21 08:58:41 -04:00
Aymeric Augustin 62eb79fc4c [1.7.x] Appeased flake8 2.1.0.
Backport of 428c0bbe1b from master
2014-04-21 07:50:50 -04:00
Alex Gaynor 50dddbdfc7 [1.7.x] Corrected many style guide violations that the newest version of flake8 catches
Backport of 778ce245dd from master
2014-04-21 07:50:43 -04:00
Aymeric Augustin 0dad0ca55e [1.7.x] Further consolidated the model_inheritance tests.
Backport of 3f01e82 from master
2014-04-21 11:51:21 +02:00
Aymeric Augustin ab0afef959 [1.7.x] Fixed #22402 -- Consolidated model_inheritance tests.
The model_inheritance_same_model_name tests couldn't be run without the
model_inheritance tests. Make the problem go away by merging them.

Thanks timo for the report.

Backport of 0097d38 from master
2014-04-21 11:43:38 +02:00
Simon Charette 33d1dc2eeb [1.7.x] Fixed flake8 warnings introduced in recent commits.
Backport of 79f05616fb from master
2014-04-20 13:10:52 -04:00
Tim Graham 9e86c3f0a6 [1.7.x] Fixed flake8 errors.
Backport of 471fb04a30 from master
2014-04-20 13:09:12 -04:00
Andrew Gorcester bc5d568e1e [1.7.x] Fixed #22397 -- Issues removing M2M field with explicit through model
Changed the migration autodetector to remove models last so that FK
and M2M fields will not be left as dangling references. Added a check
in the migration state renderer to error out in the presence of
dangling references instead of leaving them as strings. Fixed a bug
in the sqlite backend to handle the deletion of M2M fields with
"through" models properly (i.e., do nothing successfully).

Thanks to melinath for report, loic for tests and andrewgodwin and
charettes for assistance with architecture.

Backport of 956bd64424 from master
2014-04-18 18:34:00 -04:00
Simon Charette 24016c9b62 [1.7.x] Fixed a test failure introduced by 214d1e1b0f.
Backport of 9bc377d7d0 from master
2014-04-18 02:32:24 -04:00
Justin Hamade 7f8bd1a4b3 [1.7.x] Fixed #22434 -- Retain ordering on related sliced subqueries.
Thanks maciej.pawlisz for the report, and charettes for the review.

Backport of a13df671a5 from master
2014-04-16 18:02:25 -04:00
Motiejus Jakštys 71c8ae543f [1.7.x] Fixed #22460 -- Explicity remove constraints when dropping a related field.
Backport of 0e45669fa9 from master
2014-04-16 16:37:08 -04:00
Simon Charette 9fb61cb64a [1.7.x] Fixed #22350 -- Consistently serialize bytes and text in migrations.
Thanks to @treyhunner and Loïc for their suggestions and review.

Backport of 72d3889db4 from master
2014-04-13 19:03:20 -04:00
valtron 6b3a8d2705 [1.7.x] Fixed #21760 -- prefetch_related used an inefficient query for reverse FK.
Regression introduced by commit 9777442. Refs #21410.

Backport of d3b71b976d from master
2014-04-13 00:51:38 +07:00
Claude Paroz a6eda3a5fc [1.7.x] Also allowed a non-overridden setting to be deleted
Refs #20032, #18824. Thanks ztorstri at gmail.com for the report.
Backport of 3417ba0309 from master.
2014-04-12 15:35:11 +02:00
Claude Paroz d9f8cc12ae [1.7.x] Fixed #22102 -- Made SimpleTestCase tests run before unittest.TestCase ones
Thanks aptiko for the report and Tim Graham for the review.
Backport of 3e3a7372f5 from master.
2014-04-12 11:43:10 +02:00
Aymeric Augustin 2ad0bc132a [1.7.x] Fixed #21202 -- Maintained atomicity when the server disconnects.
Thanks intgr for the report.

This commit doesn't include a test because I don't know how to emulate a
database disconnection in a cross-database compatible way.

Also simplified a 'backends' test that was constrained by this problem.

Backport of 81761508 from master
2014-04-10 23:18:36 +02:00
Aymeric Augustin 2e42c859da [1.7.x] Fixed #21239 -- Maintained atomicity when closing the connection.
Refs #15802 -- Reverted #7c657b24 as BaseDatabaseWrapper.close() now
has a proper "finally" clause that may need to preserve self.connection.

Backport of 25860096 from master.
2014-04-10 23:18:35 +02:00
Aymeric Augustin 7e89434084 [1.7.x] Fixed #22291 -- Avoided shadowing deadlock exceptions on MySQL.
Thanks err for the report.

Backport of 58161e4e from master.
2014-04-10 23:02:54 +02:00
Tim Graham ddd25b280f [1.7.x] Fixed #22194 -- Added --list-tags option to check command.
Thanks Elvard for the patch.

Backport of 395d75ea6b from master
2014-04-10 09:44:43 -04:00
Shai Berger 3a9a4570ef [1.7.x] Fixed #22343 -- Disallowed select_for_update in autocommit mode
The ticket was originally about two failing tests, which are
fixed by putting their queries in transactions.

Thanks Tim Graham for the report, Aymeric Augustin for the fix,
and Simon Charette, Tim Graham & Loïc Bistuer for review.

Backport of b990df1d63 from master
2014-04-10 01:44:30 +03:00
Aymeric Augustin f6f188ffc7 [1.7.x] Fixed #21553 -- Ensured unusable database connections get closed.
Backport of 5f2f47f from master
2014-04-09 22:50:21 +02:00
Huu Nguyen f22177a9a3 [1.7.x] Refs #21230 -- removed direct settings manipulation from signed cookies tests
Backport of b9bfcd82f0 from master
2014-04-08 12:15:40 -04:00
Alejandro Gómez 5e74d6cf0a [1.7.x] Fixed #21084 -- Used proxy model's content type for admin log entries.
Backport of 7a7f6fccae from master
2014-04-07 08:59:27 -04:00
Simon Charette 7b3a221ad6 [1.7.x] Fixed #22363 -- Correctly serialize `django.utils.datetime_safe` objects.
Thanks to linovia for the report.

Backport of 074d3183d9 from master
2014-04-03 14:56:41 -04:00
Loic Bistuer 6405889a72 [1.7.x] Fixed #22360 -- Fixed two non-deterministic tests in Python 3.4.
The order of admin's changelist filters in the querystring relied on
dict ordering.

Backport of 4d996b8e69 from master
2014-03-31 08:24:09 -04:00
Loic Bistuer 5268d71f18 [1.7.x] Fixed #21795 -- Made add_preserved_filters account for url prefixes.
Thanks to trac username honyczek for the report. Refs #6903.

Backport of 4339e9a92d from master
2014-03-31 07:20:20 -04:00
Loic Bistuer 8e73d3a2c1 [1.7.x] Fixed #22319 -- Fixed migration external dependencies when there are internal dependencies.
Backport of 0fd51cf0bd from master
2014-03-31 06:57:44 -04:00
Loic Bistuer bdec848063 [1.7.x] Fixed #22359 -- Changing M2M field to blank=True failed on sqlite.
Backport of a449e7feec from master
2014-03-31 06:35:06 -04:00
Tim Graham 0f9f8738d5 [1.7.x] Fixed #22338 -- Fixed a test dependent on dictionary key iteration order.
Backport of 69a4f383f6 from master
2014-03-30 14:27:05 -04:00
Tim Graham c9014a95bc [1.7.x] Skipped JavascriptI18nTests if Firefox isn't properly configured.
Code borrowed from django.contrib.admin.tests. Without this, the class can
throw an exception with something like "The browser appears to have exited
before we could connect. The output was: Error: no display specified"

Backport of e2ac0203d9 from master
2014-03-28 07:30:35 -04:00
Tim Graham 0134d00be5 [1.7.x] Skipped a test that errors rather than marked it as an expectedFailure.
The test throws an error which Python 3.4 doesn't seem to catch as an
expectedFailure.

refs 7476d96f83

Backport of c170c3761b from master
2014-03-27 07:01:20 -04:00
Tim Graham 3d74f1f64a [1.7.x] Fixed a deprecation warning on Python 3.
Backport of c19bbefca2 from master
2014-03-27 07:01:04 -04:00
Loic Bistuer 39fc8d4b8e [1.7.x] Fixed #22331 -- Made MigrationAutodetector ignore unmanaged models.
This commit reverts 69d4b1c and tackle the issue from a different angle.
Models remain present in the project state, but are now ignored by the
autodetector.

Backport of 42336c84a0 from master
2014-03-25 20:04:49 -04:00
Simon Charette 78211b13a5 [1.7.x] Fixed #12030 -- Validate integer field range at the model level.
Thanks to @timgraham for the review.

Backport of 1506c71a95 from master
2014-03-25 14:31:54 -04:00
Tim Graham d84beb3d91 Revert "[1.7.x] Fixed #22331 -- Fixed migrations ProjectState to ignore unmanaged models."
This reverts commit bf69375c4d.
2014-03-25 12:07:37 -04:00
Loic Bistuer bf69375c4d [1.7.x] Fixed #22331 -- Fixed migrations ProjectState to ignore unmanaged models.
Backport of 69d4b1c3ea from master
2014-03-25 10:34:28 -04:00
David Evans ddcbde41ee [1.7.x] Fixed #22315 -- str/bytes mismatch in staticfiles
Previously, `ManifestFilesMixin.read_manifest` failed in Python 3
because `json.loads` accepts `str` not `bytes`.

Backport of 86dcac4634 from master
2014-03-25 09:55:29 -04:00
Ben Davis 2460484486 [1.7.x] Fixed #22087 -- Made AdminReadonlyField respect ModelForm Meta overrides.
Backport of 16afffffe8 from master
2014-03-25 09:34:12 -04:00
Stephen Burrows b4f165fe94 [1.7.x] Fixed #22300 -- Fixed crash in migrations when changing non-relational field to relational.
Backport of 35ed792cf2 from master
2014-03-25 07:46:48 -04:00
Daniel Hahler 21eaad68e6 [1.7.x] Fixed #22293 -- Avoided renaming many-to-many tables to themselves.
Fixed this for both implementations of _alter_many_to_many, instead of
in `alter_db_table` itself (more implementations).

Backport of 1edfa155e3 from master
2014-03-24 13:27:06 -04:00
Claude Paroz d345a030c2 [1.7.x] Fixed #22241 -- Selectively added line breaks in admin read-only fields
When content is supposed to contain HTML, we do not try to add
line breaks in read-only contents.
Thanks Alexander Todorov for the report.
Backport of c94bff2 from master.
2014-03-22 17:11:12 +01:00
Patrick Michaud 908bdea482 [1.7.x] Fixed #22256 -- Replaced bad fallback for missing PATH
Thanks Baptiste Mispelon for the review.
Backport of acee46fc9 from master.
2014-03-22 16:54:02 +01:00
Claude Paroz 07d4b3c8f2 [1.7.x] Tweaked strip_tags tests to pass on Python 3.3
Backport of 6a0291bdaf from master.
2014-03-22 14:44:13 +01:00
Claude Paroz 80f08dbdbc [1.7.x] Improved strip_tags and clarified documentation
The fact that strip_tags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/
Backport of 6ca6c36f82 from master.
2014-03-22 11:01:14 +01:00
Tim Graham caa753ffd6 [1.7.x] Fixed flake8 warnings.
Backport of 35f46ec7a9 from master
2014-03-21 06:25:21 -04:00
Dejan Noveski b74ec85c1d [1.7.x] Fixed #22255 -- Added support for specifying re flags in RegexValidator
Backport of 4d0c5f6142 from master.
2014-03-21 11:18:26 +01:00
Alex Gaynor 0cf158cf9a Fixed a small collection of flake8 violations that had snuck in 2014-03-20 10:30:41 -07:00