Commit Graph

19642 Commits

Author SHA1 Message Date
Aymeric Augustin 6d52f6f8e6 Fixed #23831 -- Supported strings escaped by third-party libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Aymeric Augustin 5c5eb5fea4 Fixed an inconsistency introduced in 547b1810.
mark_safe and mark_for_escaping should have been kept similar.

On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
2014-12-27 17:44:54 +01:00
Tim Graham 89e2c60f43 Fixed #24000 -- Corrected contrib.sites default site creation in a multiple database setup. 2014-12-27 09:42:13 -05:00
Claude Paroz e112bacd21 Forward-ported release note for 322560489 2014-12-27 15:13:12 +01:00
Claude Paroz 2ceb10f3b0 Fixed #14180 -- Prevented unneeded index creation on MySQL-InnoDB
Thanks zimnyx for the report and Simon Charette, Tim Graham for
the reviews.
2014-12-27 12:52:44 +01:00
Josh Smeaton 4718296546 Fixed #23753 -- Added a suite of SQL Functions
Added functions and tests
Added docs and more tests
Added TextField converter to mysql backend
Aliased Value as V in example docs and tests
Removed unicode_compatible in example
Fixed console emulation in examples
2014-12-27 15:27:27 +11:00
Tim Graham 7c07612e90 Removed an unnecessary models file in the admin_scripts tests. 2014-12-26 19:31:54 -05:00
Tim Graham 75bbcfa332 Replaced sqlall in some bash_completion/admin_scripts tests.
sqlall will be removed in Django 1.9, so now's a good time to remove
its usage where it's not important.
2014-12-26 18:52:26 -05:00
Collin Anderson 0821b3d53c Clarified custom header instructions in tutorial 2. 2014-12-26 18:28:47 -05:00
Tim Graham c2e419c267 Fixed #24054 -- Enabled sqlsequencereset for apps with migrations. 2014-12-26 15:55:34 -05:00
Tim Graham 1729a5250b Removed obsolete item from deprecation timeline.
Initial SQL data will be removed in Django 1.9 so changes to it
aren't relevant.
2014-12-26 13:48:13 -05:00
Gavin Wahl b4e76f30d1 Fixed #23346 -- Fixed lazy() to lookup methods on the real object, not resultclasses.
Co-Authored-By: Rocky Meza <rmeza@fusionbox.com>
2014-12-26 11:30:34 -05:00
Tim Graham c5fb34c47e Documented AdminSite.has_permission(); refs #22295. 2014-12-26 09:14:10 -05:00
Tim Graham 271d4f8f85 Fixed #23948 -- Moved password help text from the template to the form.
Thanks Mithos for the report and patch.
2014-12-26 08:09:12 -05:00
Tim Graham 3325ec869c Fixed #24045 -- Removed useless mark_safe() call in trans_null.py 2014-12-26 07:42:49 -05:00
Claude Paroz ffa548fb56 Updated link to CSRF docs
Refs #23866.
2014-12-25 14:01:15 +01:00
Claude Paroz 234a2e0b6b Fixed #23866 -- Harmonized refs to Django documentation from code 2014-12-25 13:53:13 +01:00
Brian Scoles a6f0b6a98f Fixed typo in docs/intro/tutorial01.txt. 2014-12-25 06:56:23 -05:00
Tim Graham 426ead27bd Removed shutil.copystat copied from stdlib (added to support an old Python?). 2014-12-24 19:29:33 -05:00
Tim Graham 6571ed14b6 Fixed #24049 -- Removed obsolete Java notes for Mac OS. 2014-12-24 18:38:07 -05:00
Helen Sherwood-Taylor 4ccdf6e57f Fixed #24041 -- Documented effect of changing a model instance's primary key. 2014-12-24 15:06:09 -05:00
Niclas Olofsson 3daa9d60be Fixed #10414 -- Made select_related() fail on invalid field names. 2014-12-24 14:54:30 -05:00
Thomas Tanner b27db97b23 Fixed #22461 -- Added if-unmodified-since support to the condition decorator. 2014-12-24 12:33:57 -05:00
Claude Paroz fae551d765 Complemented pickle test for ValuesQuerySet with related field
Refs #14515.
2014-12-24 14:58:32 +01:00
Claude Paroz 7ce9644d93 Added a test to ensure bad assignation to M2M doesn't clear data
Refs #14394.
2014-12-24 14:18:00 +01:00
Collin Anderson 5dddd79433 Fixed #20349 -- Moved setting_changed signal to django.core.signals.
This removes the need to load django.test when not testing.
2014-12-24 07:18:43 -05:00
Tim Graham c5c235cd4f Fixed typo in test_utils comment. 2014-12-24 07:10:34 -05:00
Claude Paroz b3ebcb22a9 Ignored deprecation warnings for CreationIndexesTests 2014-12-24 10:45:53 +01:00
Claude Paroz 9699d8446e Moved test correction from 5b1fb0a75 2014-12-24 10:42:24 +01:00
Tim Graham 8842bc101c Fixed some docs spelling mistakes. 2014-12-23 14:41:53 -05:00
Frankie Robertson 446b50b90e Fixed #24035 -- Clarified docs on CACHE_MIDDLEWARE_KEY_PREFIX vs KEY_PREFIX 2014-12-23 14:35:30 -05:00
Tim Graham 061caa5b38 Fixed #24037 -- Prevented data loss possibility when changing Meta.managed.
The migrations autodetector now issues AlterModelOptions operations for
Meta.managed changes instead of DeleteModel + CreateModel.

Thanks iambibhas for the report and Simon and Markus for review.
2014-12-23 14:25:31 -05:00
Tim Graham 69ee7c8d76 Removed models.Field.bind() -- unused/undocumented since at least 1.0. 2014-12-23 14:23:58 -05:00
Claude Paroz 30cbd5d360 Replaced DatabaseCreation sql methods by schema editor equivalents
Also used schema editor in migrate to sync unmigrated apps (sync_apps).
Refs #22340. Thanks Tim Graham for the review.
2014-12-23 19:35:01 +01:00
Claude Paroz 15ba0d166f Added migration for site test app depending on contrib.sites 2014-12-23 19:01:33 +01:00
Claude Paroz 750dbb1133 Removed unneeded null param to ManyToManyField 2014-12-23 19:01:03 +01:00
Claude Paroz 90720d549a Removed admin_util test dependency on contrib.sites 2014-12-23 18:43:55 +01:00
Claude Paroz f05b03f3d7 Removed model_package test dependency on contrib.sites 2014-12-23 18:10:07 +01:00
Anssi Kääriäinen f233bf47dd Fixed #21414 -- Removed RelatedObject and deprecated Field.related. 2014-12-23 10:54:25 -05:00
Claude Paroz 6e08bde8c4 Added RasterSource/GDALBand GDAL objects
Based on Daniel Wiesmann's raster branch. Thanks Daniel Wiesmann
and Tim Graham for the reviews. Refs #23804.
2014-12-23 16:36:18 +01:00
Claude Paroz 9fecb86a52 Fixed #17946 -- Fixed deserialization of self-referencing M2M fields
Thanks Philip Mountifield for the report and excellent analysis, and
Simon Charette for the review.
2014-12-23 16:01:39 +01:00
Anssi Kääriäinen 227a4c48be Refs #2443 -- fixed format_dtdelta on SQLite
A test failed on Python 2 32-bit.
2014-12-23 07:05:44 -05:00
Marc Tamlyn 962bb9b6bd Refs #2443 -- Move the durationfield converter logic.
This reduces how frequently this logic is run significantly.

Thanks to Anssi for the suggestion.
2014-12-23 10:41:42 +00:00
Marc Tamlyn 5ca82e710e Fixed #24033 -- Use interval type on Oracle.
Use INTERVAL DAY(9) TO SECOND(6) for Durationfield on Oracle rather than
storing as a NUMBER(19) of microseconds.

There are issues with cx_Oracle which require some extra data
manipulation in the database backend when constructing queries, but it
handles the conversion back to timedelta objects cleanly.

Thanks to Shai for the review.
2014-12-23 10:38:32 +00:00
Marc Tamlyn 803947161b Merge pull request #3775 from collinanderson/jquery1.11.2
Upgrade jQuery from 1.11.1 to 1.11.2
2014-12-23 10:26:39 +00:00
Collin Anderson a58cfe8e71 Upgrade jQuery from 1.11.1 to 1.11.2
refs #23355
2014-12-22 20:32:00 -05:00
Tim Graham 01ab84c613 Fixed #23525 -- Fixed admindocs crash on apps installed as eggs.
Thanks welbornprod for report and initial patch.
2014-12-22 15:19:18 -05:00
Alexander Schulze cf2390be16 Fixed #23959 -- Clarified when checks automatically run. 2014-12-22 11:35:19 -05:00
Thomas Chaumeny 994d6137a2 Fixed #23792 -- Added test.utils.freeze_time() context manager. 2014-12-22 07:46:40 -05:00
Oscar Ramirez 54085b0f9b Fixed #23998 -- Added datetime.time support to migrations questioner. 2014-12-22 07:24:54 -05:00