p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
10,204 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

2458 Commits

Author SHA1 Message Date
Russell Keith-Magee 1a76dbefdf [1.3.X] Altered the behavior of URLField to avoid a potential DOS vector, and to avoid potential leakage of local filesystem data. A security announcement will be made shortly. 
Backport of r16760 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16763 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-09-10 01:08:24 +00:00
Russell Keith-Magee 2f7fadc38e [1.3.X] Added protection against spoofing of X_FORWARDED_HOST headers. A security announcement will be made shortly. 
Backport of r16758 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16761 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-09-10 01:07:50 +00:00
Russell Keith-Magee 8b42dfa47e [1.3.X] Corrected the setup and teardown of the refactored invalid_models test so that it guarantees that stdout is restored, and purges all the temporary models from the app cache after running the test. 
Backport of r16670 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16677 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-08-23 15:57:19 +00:00
Russell Keith-Magee e2d7a784c8 [1.3.X] Fixed #16201 -- Ensure that requests with Content-Length=0 don't break the multipart parser. Thanks to albsen for the report and patch 
Backport of r16353 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16676 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-08-23 15:57:01 +00:00
Russell Keith-Magee f317bd20d7 [1.3.X] Fixed #16299 -- Ensure that unicode strings can be used to identify classes in ForeignKey and ManyToManyFields. Unicode strings aren't actually legal as class names, but this is an issue if you use from __future__ import unicode_literals in your models.py file. Thanks to Martijn Bastiaan for the report, and Anthony Briggs for the final patch. 
Backport of r16663 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-08-23 15:56:40 +00:00
Russell Keith-Magee 38530700bf [1.3.X] Fixed #16681 -- Refactored the invalid_models unit test so that it can be invoked manually. Thanks to Anthony Briggs for the report and patch. 
Backport of r16661 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16674 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-08-23 15:56:18 +00:00
Russell Keith-Magee 3e7d79b6ac [1.3.X] Fixed #15499 -- Ensure that cache control headers don't try to set public and private as a result of multiple calls to patch_cache_control with different arguments. Thanks to AndiDog for the report and patch. 
Backport of r16657 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16673 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-08-23 15:55:48 +00:00
Russell Keith-Magee e9a1c03dba [1.3.X] Fixed #10571 -- Factored out the payload encoding code to make sure it is used for PUT requests. Thanks to kennu for the report, pterk for the patch, and wildfire for the review comments. 
Backport of r16651 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16672 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-08-23 15:55:22 +00:00
Russell Keith-Magee 671483f37b [1.3.X] Fixed #14876 -- Ensure that join promotion works correctly when there are nullable related fields. Thanks to simonpercivall for the report, oinopion and Aleksandra Sendecka for the original patch, and to Malcolm for helping me wrestle the edge cases to the ground. 
Backport of r16648 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-08-23 15:54:45 +00:00
Ramiro Morales a925b3780e [1.3.X] Reverted [14563] because it introduced a dependency from core on a contrib app (contenttypes). Fixes #16283, Refs #3055. Thanks TheRoSS for the report and Aymeric Augustin for finding the problem. 
This caused models shipped with some contrib apps to pollute the namespace when user's apps had the same name (e.g. auth, sites), even when these contrib apps weren't installed.

This undesired loading of contrib apps happened when model validation was executed, for example when running management commands that set or inherit `requires_model_validation=True`:
cleanup, dumpdata, flush, loaddata, reset, runfcgi, sql, sqlall, sqlclear, sqlcustom, sqlflush, sqlindexes, sqlinitialdata, sqlreset, sqlsequencereset, syncdb, createsuperusers, ping_google, collectstatic, findstatic.

This could also cause hard to diagnose problems e.g. when performing reverse URL resolving.

Backport of [16493] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16541 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-07-14 00:27:55 +00:00
Luke Plant 6e87dacf62 [1.3.X] Fixed #15776 - delete regression in Django 1.3 involving nullable foreign keys 
Many thanks to aaron.l.madison for the detailed report and to emulbreh for
the fix.

Backport of [16295] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16296 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-05-30 16:19:53 +00:00
Luke Plant 7f3eda2f76 [1.3.X] Fixed #16004 - csrf_protect does not send cookie if view returns TemplateResponse 
The root bug was in decorator_from_middleware, and the fix also corrects
bugs with gzip_page and other decorators.

Backport of [16276] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16279 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-05-25 17:31:47 +00:00
Luke Plant afa092853f [1.3.X] Changed utils/decorators.py tests to use RequestFactory 
Backport of [16272] from trunk. Backported to make the backport of a
bugfix (regression) easier.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16278 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-05-25 17:31:36 +00:00
Luke Plant 5c08cda611 [1.3.X] Fixed #13648 - '%s' escaping support for sqlite3 regression. 
Thanks to master for the report and initial patch, and salgado and others
for work on the patch.

Backport of [16209] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16210 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-05-10 12:28:29 +00:00
Chris Beaven d06531d3f0 [1.3.X] Fixes #15975 -- Test failure in model validation tests due to us now having https://www.djangoproject.com 
Backport of r16163 from trunk

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16164 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-05-05 23:12:55 +00:00
Carl Meyer 6a3d91828f [1.3.X] Fixed #15819 - Fixed 1.3 regression from r15526 causing duplicate search results in admin with search_fields traversing to non-M2M related models. Thanks to Adam Kochanowski for the report and Ryan Kaskel for the patch. 
Backport of r16093 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16094 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-04-23 04:40:06 +00:00
Chris Beaven 9269b606ba [1.3.X] Fixes regression #15721 -- {% include %} and RequestContext not working together. Refs #15814. 
Backport of r16031, plus the utility from r16030.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16089 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-04-22 21:05:29 +00:00
Jannis Leidel e87c9da437 [1.3.X] Fixed #15672 -- Refined changes made in r15918. Thanks, vung. 
Backport from trunk (r16082).

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16083 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-04-22 12:21:58 +00:00
Jannis Leidel 4d62386cad [1.3.X] Fixed #15698 -- Fixed inconsistant handling of context_object_name in paginated MultipleObjectMixin views. Thanks, Dave Hall. 
Backport from trunk (r16079).

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16080 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-04-22 12:06:11 +00:00
Ramiro Morales 1d499d50d0 [1.3.X] Fixed #15848 -- Fixed regression introduced in [15882] in makemessages management command when processing multi-line comments that contain non-ASCCI characters in templates. Thanks for the report Denis Drescher. 
Backport of r16038/r16039 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16040 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-04-18 21:10:42 +00:00
Russell Keith-Magee 686ef6c759 [1.3.X] Fixed #15739 -- Added support to RedirectView for HEAD, OPTIONS, POST, PUT and DELETE requests 
Backport of r15992 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@15995 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-04-02 08:50:05 +00:00
Luke Plant ce9b216882 [1.3.X] Fixed #15679 - regression in HttpRequest.POST and raw_post_data access. 
Thanks to vkryachko for the report.

This also fixes a slight inconsistency with raw_post_data after parsing of a
multipart request, and adds a test for that.  (Previously accessing
raw_post_data would have returned the empty string rather than raising an
Exception).

Backport of [15938] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@15939 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-28 16:15:43 +00:00
Ramiro Morales 775a6e694f Fixed #15632 -- Ignore unrelated content in template multi-line comment blocks when looking for tokens that identify comments for translators. Thanks andrew AT ie-grad DOT ru for the report and Claude Paroz for spotting the problem and helping to fix it. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15882 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-19 12:56:38 +00:00
Russell Keith-Magee 1a6d98dab9 Fixed #13686 -- Ensure that memcache handling of unicode values in add() and set_many() is consistent with the handling provided by get() and set(). Thanks to nedbatchelder for the report, and to jbalogh, accuser and Jacob Burch for their work ont the patch. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15880 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-19 02:42:40 +00:00
Jannis Leidel bd0daa04f5 Fixed staticfiles test that was broken on Windows due to the result of the stdout not being correctly handled as Unicode. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15879 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-18 18:47:14 +00:00
Jannis Leidel 0ff6bbf1db Added staticfiles test case for filenames with medial capitals. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15878 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-18 18:47:08 +00:00
Russell Keith-Magee 1af33427cb Fixed #15623 -- Corrected province codes for Canadian localflavor. Thanks to shelldweller for the report. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15864 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-17 00:59:30 +00:00
Adrian Holovaty f71384a52b Fixed #15229 -- Improved URLValidator to accept ftp:// links. Thanks, codefisher and crayz_train 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15847 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-16 03:38:34 +00:00
Luke Plant 243d0bec19 Fixed #15617 - CSRF referer checking too strict 
Thanks to adam for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15840 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-15 20:37:09 +00:00
Russell Keith-Magee 6eb1c58430 Added file mistakenly ommitted from r15819 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15821 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-15 09:30:01 +00:00
Russell Keith-Magee 87a100b642 Fixed #15575 -- Corrected handling of pagination in generic views to match documentation and historical behavior. Thanks to Ivan Virabyan for the report and patch. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15820 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-15 08:24:31 +00:00
Russell Keith-Magee c966566171 Fixed #14960 -- Added tests for inclusion tags. Thanks to Julien Phalip for the report, and to avenet and Paul Bissex for the patch. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15819 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-15 08:20:14 +00:00
Russell Keith-Magee 350a56ad49 Fixed #15606 -- Ensured that boolean fields always use the Boolean filterspec. Thanks to Martin Tiršel for the report 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15817 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-15 08:19:39 +00:00
Adrian Holovaty 4e25bc71b1 Fixed #15609 -- Fixed some 'raise' statements to use the newer style syntax. Thanks, DaNmarner 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15811 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-14 23:00:03 +00:00
Jacob Kaplan-Moss fd2f18008c Fixed #14733: no longer "validate" .raw() queries. 
Turns out that a lot more than just SELECT can return data, and this list is
very hard to define up front in a cross-database manner. So let's just assume
that anyone using raw() is at least halfway competant and can deal with
the error messages if they don't use a data-returning query.

Thanks to Christophe Pettus for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15803 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-14 19:49:53 +00:00
Adrian Holovaty 72c5733869 Fixed #15604 -- Changed django.db.models.permalink to use wraps() so that it doesn't eat the docstring. Thanks for the report, sfllaw. Also added tests. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15798 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-14 05:22:39 +00:00
Luke Plant e9d2763947 Fixed #15572 - include with "only" option discards context properties (such as autoescape) 
Thanks to dfoerster for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15795 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-10 18:42:24 +00:00
Luke Plant 0a3aae8362 Fixed #15559 - distinct queries introduced by [15607] cause errors with some custom model fields 
This patch just reverts [15607] until a more satisfying solution can be
found.

Refs #11707

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15791 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-10 01:15:19 +00:00
Ian Kelly f17fc56602 Fixed a bunch more tests that were failing in Oracle due to false assumptions about the primary keys of objects. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15789 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-09 23:46:28 +00:00
Ian Kelly 0cf527f77c Fixed a test that was failing in Oracle due to default ordering assumptions. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15783 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-09 19:20:35 +00:00
Ian Kelly 9e637d3061 Fixed a number of tests that were failing in Oracle due to false assumptions about the primary keys of objects. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15779 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-09 00:39:35 +00:00
Ian Kelly d9e61a435a Added a skip for a test that fails in Oracle. Unlike other backends, Oracle does not allow duplicate rows where there is a unique_together constraint for which some but not all of the columns are NULL. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15777 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-08 22:41:25 +00:00
Ian Kelly 8b22f7cf78 Fixed field names that were preventing the tests from running in Oracle. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15774 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-08 19:26:32 +00:00
Russell Keith-Magee c260c533e1 Fixed #15570 -- Corrected a flaw in the design of the silent flag on {% cycle %}. Thanks to Brian Neal for the report, and to Andrew and Jannis for the design consult. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15773 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-08 13:43:53 +00:00
Russell Keith-Magee 18f42f546a Refs #15550 -- Corrected another primary-key ordering problem in the modelforms tests. Thanks to bberes for the report. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15753 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-04 01:27:14 +00:00
Russell Keith-Magee acd296bb9c Fixed #15550 -- Corrected an ordering dependency in the model_forms doctests. Thanks to bberes for the report. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15745 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-04 00:27:22 +00:00
Russell Keith-Magee 4b746a6a24 Fixed #15549 -- Removed dependency on specific primary keys. Thanks to bberes for the report. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15744 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-04 00:23:00 +00:00
Russell Keith-Magee 185b4f49ca Fixed #15548 -- Added an ordering clause to prevent test failures under Postgres. Thanks to bberes for the report. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15743 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-04 00:01:56 +00:00
Russell Keith-Magee 806bffcf08 Fixed #15544 -- Corrected a test failure in the generic views tests that depended on primary key allocation. Thanks to Łukasz Rekucki for the report. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15742 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-03 23:54:12 +00:00
Russell Keith-Magee d05bb1384a Fixed #15545 -- Corrected the admin filterspecs tests to be non-dependent on PK allocation or model ordering. Thanks to Łukasz Rekucki for the report and patch. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15741 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-03 23:49:44 +00:00