Tim Graham
baf2542c4f
Fixed DoS possibility in ModelMultipleChoiceField.
...
This is a security fix. Disclosure following shortly.
Thanks Keryn Knight for the report and initial patch.
2015-01-13 13:03:06 -05:00
Tim Graham
a3bebfdc34
Ensured views.static.serve() doesn't use large memory on large files.
...
This issue was fixed in master by refs #24072 .
2015-01-13 13:03:06 -05:00
Tim Graham
69b5e66738
Fixed is_safe_url() to handle leading whitespace.
...
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Carl Meyer
316b8d4974
Stripped headers containing underscores to prevent spoofing in WSGI environ.
...
This is a security fix. Disclosure following shortly.
Thanks to Jedediah Smith for the report.
2015-01-13 13:03:05 -05:00
Tim Graham
958aeda4b5
Added stub release notes for security releases.
2015-01-13 13:03:05 -05:00
Michał Modzelewski
65246de7b1
Fixed #24031 -- Added CASE expressions to the ORM.
2015-01-12 18:15:34 -05:00
Tim Graham
5d7217dce3
Fixed typo in docs/release/1.8.txt & added word for spelling check.
2015-01-12 17:53:32 -05:00
Josh Smeaton
21b858cb67
Fixed #24060 -- Added OrderBy Expressions
2015-01-13 09:39:55 +11:00
Claude Paroz
f48e2258a9
Fixed #24133 -- Replaced formatting syntax in success_url placeholders
...
Thanks Laurent Payot for the report, and Markus Holtermann, Tim Graham
for the reviews.
2015-01-12 22:51:22 +01:00
Aymeric Augustin
79deb6a071
Accounted for multiple template engines in template responses.
2015-01-12 21:01:34 +01:00
Aymeric Augustin
a3e783fe11
Deprecated passing a Context to a generic Template.render.
...
A deprecation path is required because the return type of
django.template.loader.get_template changed during the
multiple template engines refactor.
test_csrf_token_in_404 was incorrect: it tested the case when the
hardcoded template was rendered, and that template doesn't depend on the
CSRF token. This commit makes it test the case when a custom template is
rendered.
2015-01-12 21:01:34 +01:00
Pavel Shpilev
a7c256cb54
Fixed #9893 -- Allowed using a field's max_length in the Storage.
2015-01-12 09:09:18 -05:00
Marc Tamlyn
b5c1a85b50
Fixed #24118 -- Added --debug-sql option for tests.
...
Added a --debug-sql option for tests and runtests.py which outputs the
SQL logger for failing tests. When combined with --verbosity=2, it also
outputs the SQL for passing tests.
Thanks to Berker, Tim, Markus, Shai, Josh and Anssi for review and
discussion.
2015-01-12 08:16:08 +00:00
Ola Sitarska
d563e3be68
Fixed #23913 -- Deprecated the `=` comparison in `if` template tag.
2015-01-11 15:21:01 -05:00
Markus Holtermann
be158e3625
Refs #24110 -- Added a more descriptive release note and fixed a spelling mistake.
2015-01-11 00:30:47 +01:00
Markus Holtermann
fdc2cc9487
Fixed #24110 -- Rewrote migration unapply to preserve intermediate states
2015-01-10 23:14:15 +01:00
Aymeric Augustin
3d495cfd77
Added release notes and upgrade instructions for templates.
2015-01-10 20:17:20 +01:00
Aymeric Augustin
ee8d5b91e9
Wrote main documentation for templates.
2015-01-10 20:16:19 +01:00
Simon Charette
07988744b3
Fixed #13165 -- Added edit and delete links to admin foreign key widgets.
...
Thanks to Collin Anderson for the review and suggestions and Tim for the
final review.
2015-01-10 12:24:52 -05:00
Marc Tamlyn
48ad288679
Fixed #24001 -- Added range fields for PostgreSQL.
...
Added support for PostgreSQL range types to contrib.postgres.
- 5 new model fields
- 4 new form fields
- New validators
- Uses psycopg2's range type implementation in python
2015-01-10 16:18:19 +00:00
Serafeim Papastefanos
74f02557e0
Fixed #23967 -- Added formats for Greek
2015-01-10 11:10:26 -05:00
Claude Paroz
d7bc37d611
Fixed #24097 -- Prevented AttributeError in redirect_to_login
...
Thanks Peter Schmidt for the report and the initial patch.
Thanks to Oktay Sancak for writing the original failing test and
Alvin Savoy for supporting contributing back to the community.
2015-01-10 10:05:02 +01:00
Loic Bistuer
8f4877c89d
Fixed #22583 -- Allowed RunPython and RunSQL to provide hints to the db router.
...
Thanks Markus Holtermann and Tim Graham for the review.
2015-01-10 00:30:48 +07:00
Markus Holtermann
c8bac4b556
Fixed #24098 -- Added no-op attributes to RunPython and RunSQL
...
Thanks Loïc Bistuer and Tim Graham for the discussion and review.
2015-01-09 10:31:32 -05:00
Thomas Chaumeny
8fb7a0987c
Fixed a typo in 1.8 release notes.
2015-01-09 07:38:11 -05:00
Sylvain Fankhauser
c1493879d9
Fixed a typo in 1.8 release notes.
2015-01-08 16:02:18 -05:00
Tim Graham
13e4156518
Fixed a typo in 1.8 release notes.
2015-01-08 15:12:40 -05:00
Claude Paroz
543df07720
Fixed #24073 -- Returned None for get_language when translations are deactivated
...
This fixes a regression caused by f7c287fca9
. Thanks Markus Holtermann
for identifying the regression.
2015-01-08 17:43:07 +01:00
Aymeric Augustin
eaa1a22341
Added a request argument to render_to_string.
...
This is for consistency with Template.render.
It adds a little bit of knowledge about HTTP requests in
django.template.loader but I think consistency trumps purity.
2015-01-07 21:54:22 +01:00
Claude Paroz
f7c287fca9
Fixed #24073 -- Deactivated translations when leave_locale_alone is False
...
Thanks Tim Graham and Markus Holtermann for the reviews.
2015-01-07 20:11:24 +01:00
Josh Smeaton
5a4ac4ead9
Fixed #24078 -- Removed empty strings from GenericIPAddressField
2015-01-07 08:08:36 -05:00
Daniel Pyrathon
fb48eb0581
Fixed #12663 -- Formalized the Model._meta API for retrieving fields.
...
Thanks to Russell Keith-Magee for mentoring this Google Summer of
Code 2014 project and everyone else who helped with the patch!
2015-01-06 19:25:12 -05:00
Danilo Bargen
2e65d56156
Fixed #20003 -- Improved and extended URLValidator
...
This adds support for authentication data (`user:password`) in URLs,
IPv6 addresses, and unicode domains.
The test suite has been improved by adding test URLs from
http://mathiasbynens.be/demo/url-regex (with a few adjustments,
like allowing local and reserved IPs).
The previous URL validation regex failed this test suite on 13
occasions, the validator was updated based on
https://gist.github.com/dperini/729294 .
2015-01-06 14:04:25 -05:00
Claude Paroz
27dd7e7271
Fixed #23815 -- Prevented UnicodeDecodeError in CSRF middleware
...
Thanks codeitloadit for the report, living180 for investigations
and Tim Graham for the review.
2015-01-06 08:42:58 +01:00
Preston Timmons
de9ebdd39c
Fixed #24022 -- Deprecated the ssi tag.
2015-01-05 19:35:02 -05:00
Tim Graham
ce17b045bf
Added 1.4.18 release notes.
2015-01-05 14:24:34 -05:00
Tim Graham
c87ee41954
Fixed #23861 -- Added an API to deprecate model fields.
...
Thanks Markus Holterman and Berker Peksag for review.
2015-01-05 11:35:36 -05:00
Claude Paroz
6e1c9c6568
Fixed #8280 -- Allowed management command discovery for eggs
...
Thanks jdetaeye for the report, bhuztez and jdetaeye for the
initial patches, Tim Graham and Berker Peksag for the reviews.
2015-01-05 17:19:35 +01:00
Tim Graham
d94fe42ae5
Forwardported release note for 4aed731154
.
2015-01-05 10:55:48 -05:00
Collin Anderson
3d2cae0896
Fixed #24072 -- Added FileResponse for streaming binary files.
2015-01-05 10:51:52 -05:00
Tim Graham
572ad9a92e
Added release note for PBKDF2 iteration count increase.
...
refs 6732566967
2015-01-03 13:43:13 -05:00
Tim Graham
439f15beab
Added 1.7.3 release notes stub.
2015-01-03 13:27:08 -05:00
Tim Graham
15cd71ed24
Added dates to release notes.
2015-01-02 19:20:18 -05:00
Tim Graham
52f0b2b622
Updated six to 1.9.0.
2015-01-02 12:35:41 -05:00
Tim Graham
f60c35cddc
Removed release note for refs #23891 as the backport proved too difficult.
2015-01-01 13:59:38 -05:00
Tim Graham
40a8504357
Fixed #23891 -- Moved deprecation of IPAddressField to system check framework.
...
Thanks Markus Holtermann for review.
2015-01-01 13:30:52 -05:00
Tim Graham
b4bdd5262b
Fixed #23366 -- Fixed a crash with the migrate --list command.
2014-12-31 17:26:15 -05:00
Thomas Tanner
46068d850d
Fixed #22295 -- Replaced permission check for displaying admin user-tools
2014-12-31 16:31:59 -05:00
Andrey Maslov
7a878ca5cb
Fixed #24008 -- Fixed ValidationError crash with list of dicts.
2014-12-31 14:43:13 -05:00
Markus Holtermann
a1487deebf
Fixed #23359 -- Added showmigrations command to list migrations and plan.
...
Thanks to Collin Anderson, Tim Graham, Gabe Jackson, and Marc Tamlyn
for their input, ideas, and review.
2014-12-31 14:14:28 -05:00