Commit Graph

1477 Commits

Author SHA1 Message Date
Tim Graham baf2542c4f Fixed DoS possibility in ModelMultipleChoiceField.
This is a security fix. Disclosure following shortly.

Thanks Keryn Knight for the report and initial patch.
2015-01-13 13:03:06 -05:00
Tim Graham a3bebfdc34 Ensured views.static.serve() doesn't use large memory on large files.
This issue was fixed in master by refs #24072.
2015-01-13 13:03:06 -05:00
Tim Graham 69b5e66738 Fixed is_safe_url() to handle leading whitespace.
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Carl Meyer 316b8d4974 Stripped headers containing underscores to prevent spoofing in WSGI environ.
This is a security fix. Disclosure following shortly.

Thanks to Jedediah Smith for the report.
2015-01-13 13:03:05 -05:00
Tim Graham 958aeda4b5 Added stub release notes for security releases. 2015-01-13 13:03:05 -05:00
Michał Modzelewski 65246de7b1 Fixed #24031 -- Added CASE expressions to the ORM. 2015-01-12 18:15:34 -05:00
Tim Graham 5d7217dce3 Fixed typo in docs/release/1.8.txt & added word for spelling check. 2015-01-12 17:53:32 -05:00
Josh Smeaton 21b858cb67 Fixed #24060 -- Added OrderBy Expressions 2015-01-13 09:39:55 +11:00
Claude Paroz f48e2258a9 Fixed #24133 -- Replaced formatting syntax in success_url placeholders
Thanks Laurent Payot for the report, and Markus Holtermann, Tim Graham
for the reviews.
2015-01-12 22:51:22 +01:00
Aymeric Augustin 79deb6a071 Accounted for multiple template engines in template responses. 2015-01-12 21:01:34 +01:00
Aymeric Augustin a3e783fe11 Deprecated passing a Context to a generic Template.render.
A deprecation path is required because the return type of
django.template.loader.get_template changed during the
multiple template engines refactor.

test_csrf_token_in_404 was incorrect: it tested the case when the
hardcoded template was rendered, and that template doesn't depend on the
CSRF token. This commit makes it test the case when a custom template is
rendered.
2015-01-12 21:01:34 +01:00
Pavel Shpilev a7c256cb54 Fixed #9893 -- Allowed using a field's max_length in the Storage. 2015-01-12 09:09:18 -05:00
Marc Tamlyn b5c1a85b50 Fixed #24118 -- Added --debug-sql option for tests.
Added a --debug-sql option for tests and runtests.py which outputs the
SQL logger for failing tests. When combined with --verbosity=2, it also
outputs the SQL for passing tests.

Thanks to Berker, Tim, Markus, Shai, Josh and Anssi for review and
discussion.
2015-01-12 08:16:08 +00:00
Ola Sitarska d563e3be68 Fixed #23913 -- Deprecated the `=` comparison in `if` template tag. 2015-01-11 15:21:01 -05:00
Markus Holtermann be158e3625 Refs #24110 -- Added a more descriptive release note and fixed a spelling mistake. 2015-01-11 00:30:47 +01:00
Markus Holtermann fdc2cc9487 Fixed #24110 -- Rewrote migration unapply to preserve intermediate states 2015-01-10 23:14:15 +01:00
Aymeric Augustin 3d495cfd77 Added release notes and upgrade instructions for templates. 2015-01-10 20:17:20 +01:00
Aymeric Augustin ee8d5b91e9 Wrote main documentation for templates. 2015-01-10 20:16:19 +01:00
Simon Charette 07988744b3 Fixed #13165 -- Added edit and delete links to admin foreign key widgets.
Thanks to Collin Anderson for the review and suggestions and Tim for the
final review.
2015-01-10 12:24:52 -05:00
Marc Tamlyn 48ad288679 Fixed #24001 -- Added range fields for PostgreSQL.
Added support for PostgreSQL range types to contrib.postgres.

- 5 new model fields
- 4 new form fields
- New validators
- Uses psycopg2's range type implementation in python
2015-01-10 16:18:19 +00:00
Serafeim Papastefanos 74f02557e0 Fixed #23967 -- Added formats for Greek 2015-01-10 11:10:26 -05:00
Claude Paroz d7bc37d611 Fixed #24097 -- Prevented AttributeError in redirect_to_login
Thanks Peter Schmidt for the report and the initial patch.
Thanks to ​Oktay Sancak for writing the original failing test and
Alvin Savoy for supporting contributing back to the community.
2015-01-10 10:05:02 +01:00
Loic Bistuer 8f4877c89d Fixed #22583 -- Allowed RunPython and RunSQL to provide hints to the db router.
Thanks Markus Holtermann and Tim Graham for the review.
2015-01-10 00:30:48 +07:00
Markus Holtermann c8bac4b556 Fixed #24098 -- Added no-op attributes to RunPython and RunSQL
Thanks Loïc Bistuer and Tim Graham for the discussion and review.
2015-01-09 10:31:32 -05:00
Thomas Chaumeny 8fb7a0987c Fixed a typo in 1.8 release notes. 2015-01-09 07:38:11 -05:00
Sylvain Fankhauser c1493879d9 Fixed a typo in 1.8 release notes. 2015-01-08 16:02:18 -05:00
Tim Graham 13e4156518 Fixed a typo in 1.8 release notes. 2015-01-08 15:12:40 -05:00
Claude Paroz 543df07720 Fixed #24073 -- Returned None for get_language when translations are deactivated
This fixes a regression caused by f7c287fca9. Thanks Markus Holtermann
for identifying the regression.
2015-01-08 17:43:07 +01:00
Aymeric Augustin eaa1a22341 Added a request argument to render_to_string.
This is for consistency with Template.render.

It adds a little bit of knowledge about HTTP requests in
django.template.loader but I think consistency trumps purity.
2015-01-07 21:54:22 +01:00
Claude Paroz f7c287fca9 Fixed #24073 -- Deactivated translations when leave_locale_alone is False
Thanks Tim Graham and Markus Holtermann for the reviews.
2015-01-07 20:11:24 +01:00
Josh Smeaton 5a4ac4ead9 Fixed #24078 -- Removed empty strings from GenericIPAddressField 2015-01-07 08:08:36 -05:00
Daniel Pyrathon fb48eb0581 Fixed #12663 -- Formalized the Model._meta API for retrieving fields.
Thanks to Russell Keith-Magee for mentoring this Google Summer of
Code 2014 project and everyone else who helped with the patch!
2015-01-06 19:25:12 -05:00
Danilo Bargen 2e65d56156 Fixed #20003 -- Improved and extended URLValidator
This adds support for authentication data (`user:password`) in URLs,
IPv6 addresses, and unicode domains.

The test suite has been improved by adding test URLs from
http://mathiasbynens.be/demo/url-regex (with a few adjustments,
like allowing local and reserved IPs).

The previous URL validation regex failed this test suite on 13
occasions, the validator was updated based on
https://gist.github.com/dperini/729294.
2015-01-06 14:04:25 -05:00
Claude Paroz 27dd7e7271 Fixed #23815 -- Prevented UnicodeDecodeError in CSRF middleware
Thanks codeitloadit for the report, living180 for investigations
and Tim Graham for the review.
2015-01-06 08:42:58 +01:00
Preston Timmons de9ebdd39c Fixed #24022 -- Deprecated the ssi tag. 2015-01-05 19:35:02 -05:00
Tim Graham ce17b045bf Added 1.4.18 release notes. 2015-01-05 14:24:34 -05:00
Tim Graham c87ee41954 Fixed #23861 -- Added an API to deprecate model fields.
Thanks Markus Holterman and Berker Peksag for review.
2015-01-05 11:35:36 -05:00
Claude Paroz 6e1c9c6568 Fixed #8280 -- Allowed management command discovery for eggs
Thanks jdetaeye for the report, bhuztez and jdetaeye for the
initial patches, Tim Graham and Berker Peksag for the reviews.
2015-01-05 17:19:35 +01:00
Tim Graham d94fe42ae5 Forwardported release note for 4aed731154. 2015-01-05 10:55:48 -05:00
Collin Anderson 3d2cae0896 Fixed #24072 -- Added FileResponse for streaming binary files. 2015-01-05 10:51:52 -05:00
Tim Graham 572ad9a92e Added release note for PBKDF2 iteration count increase.
refs 6732566967
2015-01-03 13:43:13 -05:00
Tim Graham 439f15beab Added 1.7.3 release notes stub. 2015-01-03 13:27:08 -05:00
Tim Graham 15cd71ed24 Added dates to release notes. 2015-01-02 19:20:18 -05:00
Tim Graham 52f0b2b622 Updated six to 1.9.0. 2015-01-02 12:35:41 -05:00
Tim Graham f60c35cddc Removed release note for refs #23891 as the backport proved too difficult. 2015-01-01 13:59:38 -05:00
Tim Graham 40a8504357 Fixed #23891 -- Moved deprecation of IPAddressField to system check framework.
Thanks Markus Holtermann for review.
2015-01-01 13:30:52 -05:00
Tim Graham b4bdd5262b Fixed #23366 -- Fixed a crash with the migrate --list command. 2014-12-31 17:26:15 -05:00
Thomas Tanner 46068d850d Fixed #22295 -- Replaced permission check for displaying admin user-tools 2014-12-31 16:31:59 -05:00
Andrey Maslov 7a878ca5cb Fixed #24008 -- Fixed ValidationError crash with list of dicts. 2014-12-31 14:43:13 -05:00
Markus Holtermann a1487deebf Fixed #23359 -- Added showmigrations command to list migrations and plan.
Thanks to Collin Anderson, Tim Graham, Gabe Jackson, and Marc Tamlyn
for their input, ideas, and review.
2014-12-31 14:14:28 -05:00