p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
20,834 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

6731 Commits

Author SHA1 Message Date
Mariusz Felisiak 31ddf51b52 [1.8.x] Fixed gis_tests.geoapp test with incorrect geodetic coordinates. 
The latitude coordinates exceed -90, 90 bounds and caused a test failure
on Oracle 12.2.

Thanks Michał Wierzbowski for help preparing the patch.

Backport of 037d6540ec from master
 2017-05-30 10:18:20 -04:00
Tim Graham 8339277518 [1.8.x] Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs. 
This is a security fix.
 2017-03-28 12:57:34 -04:00
Tim Graham 87851581a0 [1.8.x] Pinned test requirement to numpy < 1.12 for Python 3.3 compatibility. 2017-03-28 12:56:01 -04:00
Mariusz Felisiak 998bc0ced2 [1.8.x] Refs #27924 -- Doc'd that cx_Oracle < 5.3 is required. 
Thanks Tim Graham for the review.

Backport of 46d602dcea from stable/1.10.x
 2017-03-11 22:17:05 +01:00
Tim Graham 4b5aec3b0b [1.8.x] Fixed a backends test with psycopg2 2.7. 
Backport of 49a63d08d3 from master
 2017-03-01 13:22:53 -05:00
Tim Graham 299529dca6 [1.8.x] Fixed GeoIP test failure with the latest data. 
Backport of da2e92d25e from stable/1.11.x
 2017-02-14 09:48:26 -05:00
Tim Graham 01b3dc2232 [1.8.x] Reverted "Fixed #27594 -- Fixed select_related() with reverse self-referential OneToOneField." 
This reverts commit 4a9f9cc521. It was
accidentally pushed to this branch.
 2016-12-14 07:53:45 -05:00
Daniel Hillier 4a9f9cc521 Fixed #27594 -- Fixed select_related() with reverse self-referential OneToOneField. 
Fix definition of `klass_info['from_parent']`. The relationship between
two models shouldn't be considered as being from a parent class if the
model classes are the same.

Thanks Tim for the review.
 2016-12-14 07:38:09 -05:00
Tim Graham c401ae9a7d [1.8.x] Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True. 
This is a security fix.
 2016-10-25 15:27:45 -04:00
Tim Graham 1c4334f793 [1.8.x] Fixed nonexistent tmc.edu domain in GeoIP test. 
Backport of e1f6eba033 from master
 2016-10-11 19:44:09 -04:00
Collin Anderson 6118ab7d06 [1.8.x] Fixed CVE-2016-7401 -- Fixed CSRF protection bypass on a site with Google Analytics. 
This is a security fix.

Backport of "refs #26158 -- rewrote http.parse_cookie() to better match
browsers." 93a135d111 from master
 2016-09-14 13:42:24 -04:00
Tim Graham fdd1d247c4 [1.8.x] Fixed a GeoIP test failure with the latest data. 
Backport of 4a696bbe13 from master
 2016-08-03 11:19:21 -04:00
Tim Graham 33939f0183 [1.8.x] Fixed a typo in tests/middleware/test_security.py 
Backport of 0850236a8c from master
 2016-07-28 22:01:22 -04:00
Raphaël Hertzog 6cf35c666c [1.8.x] Fixed #26923 -- Fixed template_tests with numpy < 1.9.0. 
Backport of 8e5cbc884f from master
 2016-07-21 13:01:50 -04:00
Tim Graham 9f8ef7724d [1.8.x] Fixed a GeoIP test failure with the latest data. 
Backport of 081fdaf110 from master
 2016-07-19 09:28:53 -04:00
Tim Graham f68e5a9916 [1.8.x] Fixed XSS in admin's add/change related popup. 
This is a security fix.
 2016-07-18 13:45:11 -04:00
Jon Dufresne 8edfdddbc8 [1.8.x] Fixed #26889 -- Fixed missing PostgreSQL index in SchemaEditor.add_field(). 
Backport of 2e4cfcd2b9 from master
 2016-07-13 22:15:43 -04:00
Baptiste Mispelon 3e562cf7a2 [1.8.x] Fixed numpy deprecation warning silencing in template_tests. 
Backport of 418658f453 from master
 2016-07-09 10:24:35 -04:00
Tim Graham 4da3684f24 [1.8.x] Fixed flake8 2.6 warnings. 
Backport of ea34426ae7 from master
 2016-06-16 10:37:33 -04:00
Tim Graham c95487e23d [1.8.x] Refs #26687 -- Made an i18n test not use a hardcoded path separator. 
This reverts commit c0a1e1984e as it doesn't
work on the stable/1.8.x branch and instead uses os.path.join() to fix the
original failure on Windows.
 2016-06-01 10:39:27 -04:00
Ramiro Morales c0a1e1984e [1.8.x] Fixed #26687 -- Made an i18n test not use a hardcoded path separator. 
Fixed a failure on Windows.

Backport of e3877c53ed from master
 2016-05-31 12:01:05 -04:00
Tim Graham 72da26af41 [1.8.x] Updated GeoIP test for latest database. 
Backport of a0a1c4fbde from master
 2016-05-23 20:49:33 -04:00
Alasdair Nicol 0eb6617869 [1.8.x] Added tests for if tag's != operator. 
Backport of 246020efc5 from master
 2016-04-29 12:33:32 -04:00
Joshua Phillips 052e1f17ca [1.8.x] Fixed #26557 -- Converted empty strings to None when saving GenericIPAddressField. 
Backport of 4681d65048 from master
 2016-04-29 10:17:00 -04:00
Lukasz Wiecek 0a411b2224 [1.8.x] Fixed #26498 -- Fixed TimeField microseconds round-tripping on MySQL and SQLite. 
Thanks adamchainz for the report and review.

Backport of d3c87a2425 from master
 2016-04-18 09:49:31 -04:00
Tim Graham 100f28ed28 [1.8.x] Sorted single letter imports per the latest version of isort. 
Backport of 1c8c0837c6 from master
 2016-03-28 11:59:36 -04:00
Tim Graham 0496838e61 [1.8.x] Fixed #26387 -- Restored the functionality of the admin's raw_id_fields in list_editable. 
Backport of acfaec3db5 from master
 2016-03-25 14:57:12 -04:00
Adam Alton 5bd01773be [1.8.x] Removed unnecessary filter kwarg from .get() in a test. 
Backport of 38086c83ac from master
 2016-03-14 18:57:59 -04:00
Tim Graham c7764ca3a0 [1.8.x] Fixed #26324 -- Fixed DurationField with fractional seconds on SQLite. 
Backport of 4f0cd0fd16 from master
 2016-03-10 19:16:31 -05:00
John-Mark Bell a5e9ae9ad5 [1.8.x] Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an empty string. 
Backport of 4b129ac81f from master
 2016-03-07 13:22:38 -05:00
George Marshall 567658f193 [1.8.x] Fixed #26331 -- Fixed test function names with typos 
Backport of 75614f6d4c from master
 2016-03-07 06:56:52 -05:00
Claude Paroz beb392b85e [1.8.x] Added safety to URL decoding in is_safe_url() on Python 2 
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
Backport of 552f03869e from master.
 2016-03-04 23:39:46 +01:00
Claude Paroz 28bed24f55 [1.8.x] Fixed #26308 -- Prevented crash with binary URLs in is_safe_url() 
This fixes a regression introduced by c5544d2892.
Thanks John Eskew for the reporti and Tim Graham for the review.
Backport of ada7a4aef from master.
 2016-03-04 21:16:51 +01:00
Florian Apolloner f4e6e02f77 [1.8.x] Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login. 
This is a security fix.
 2016-02-29 08:07:17 -05:00
Mark Striemer 382ab13731 [1.8.x] Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth. 
This is a security fix.
 2016-02-29 08:07:17 -05:00
Simon Charette 4701c81df3 [1.8.x] Fixed #26286 -- Prevented content type managers from sharing their cache. 
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.

Thanks Tim for the review.

Refs #23822.

Backport of 3938b3ccaa from master
 2016-02-26 16:24:28 -05:00
Jon Dufresne 6c48edae76 [1.8.x] Fixed #26267 -- Fixed BoundField to reallow slices of subwidgets. 
Backport of b412681359 from master
 2016-02-24 07:09:08 -05:00
Josh Soref 751e5fcaf7 [1.8.x] Fixed many spelling mistakes in code, comments, and docs. 
Partial backport of 93452a70e8 from master
 2016-02-23 10:27:15 -05:00
Tim Graham 061a7ff366 [1.8.x] Refs #26253 -- Added tests for deprecation shims in SimpleTemplateResponse. 
Backport of 3fedfc452f from stable/1.9.x
 2016-02-22 17:12:37 -05:00
Tim Graham 0f667a580a [1.8.x] Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator. 
Thanks Shai Berger for the review.

Backport of b1afebf882 from master
 2016-02-18 19:56:36 -05:00
Claude Paroz 5bce665974 [1.8.x] Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values 
Also added tests for HStoreField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
Backport of 928c12eb1 from master.
 2016-02-16 21:14:24 +01:00
Tim Graham 180d4cbfe6 [1.8.x] Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable. 
Backport of b59f963ad2 from master
 2016-02-15 11:52:14 -05:00
Berker Peksag 927f43ea3a [1.8.x] Fixed #26126 -- Fixed transient failure of test_max_age_expiration 
Backport of b17a9150a0 from master
 2016-02-15 09:27:03 -05:00
Simon Charette edff550392 [1.8.x] Fixed #26162 -- Checked query name clashes of hidden relationships. 
Although reverse accessor clashes should be skipped query name can't be hidden.

Thanks to Ian Foote and Tim Graham for the review.

Backport of a325fb1f9b from master
 2016-02-08 10:42:31 -05:00
Tim Graham 2f0de9b0a1 [1.8.x] Fixed #26177 -- Fixed a PostgreSQL crash with TIME_ZONE=None and USE_TZ=False. 
Backport of 97eb3356b2 from master
 2016-02-08 07:45:10 -05:00
Tim Graham 229666289d [1.8.x] Fixed #20415 -- Ensured srid isn't localized in OpenLayers JavaScript. 
Backport of 19d1cb1451 from master
 2016-01-28 18:02:36 -05:00
Tim Graham 15a80c3dfd [1.8.x] Fixed an admin_scripts test on Ubuntu 16.04/spatialite. 2016-01-28 18:00:38 -05:00
Tim Graham 99cd139a30 [1.8.x] Fixed #26147 -- Relaxed expected values in GIS tests to account for database/library differences. 
Backport of 5aa5328675 from master
 2016-01-28 17:45:34 -05:00
Yoong Kang Lim a0e0b37dae [1.8.x] Added a missing test method in tests/migrations/test_writer.py. 
Backport of 5453aa66cf from master
 2016-01-28 10:39:03 -05:00
Ben Kraft 79c3950562 [1.8.x] Fixed #26122 -- Fixed copying a LazyObject 
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4.
 2016-01-26 06:57:47 -05:00