3203f684e8
Fixed failing test introduced by 87d2750b39.
...
The {% ssi %} tag in Django 1.4 doesn't support spaces in its argument.
Skip the test if run from a location that contains a space.
2013-09-11 18:05:39 +07:00
87d2750b39
[1.4.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths.
...
Thanks Rainer Koirikivi for the report and draft patch.
This is a security fix; disclosure to follow shortly.
Backport of 7fe5b656c9
2013-09-10 21:05:47 -04:00
d9dc98159d
[1.4.x] Fixed #20904 : Test failure on Oracle
...
Just skip the failing test, the failure isn't really relevant; also,
both the test and the reason for its failure were removed in 1.5.
Thanks Tim Graham for advice on 1.5.
2013-08-17 23:12:01 +03:00
d5da495a2e
[1.4.x] Fixed #20906 -- Fixed a dependence on set-ordering in tests
...
Backport of 1ae64e96c1
2013-08-16 17:55:08 -04:00
bf611f14ec
[1.4.x] Fixed #20905 -- Fixed an Oracle-specific test case failure
...
Made a test checking ORM-generated query string case-insensitive.
Backport of ee0a7c741e
2013-08-16 12:23:05 -04:00
08e5fcb3e6
Fixed regression in validation tests since example.com is available via https now.
2013-08-13 22:34:52 +02:00
e8971345b4
[1.4.x] Fixed #19196 -- Added test/requirements
...
Backport of 4d92a0bd86
2013-07-10 12:12:15 -04:00
3872bc51c9
[1.4.x] Made a couple of selenium tests wait for page loaded
...
The admin_widgets tests were issuing click() to the browser but
didn't wait for the effects of those clicks. This caused the resulting
request to be processed concurrently with the test case. When using
in-memory SQLite this caused weird failures.
Also added wait_page_loaded() to admin selenium tests for code
reuse.
Fixed #19856 , cherry-pick of 50677b29af
2013-02-21 00:03:39 +02:00
0cc350a896
[1.4.x] Added a default limit to the maximum number of forms in a formset.
...
This is a security fix. Disclosure and advisory coming shortly.
2013-02-19 10:37:54 -07:00
0e7861aec7
[1.4.x] Checked object permissions on admin history view.
...
This is a security fix. Disclosure and advisory coming shortly.
Patch by Russell Keith-Magee.
2013-02-19 10:37:54 -07:00
1c60d07ba2
[1.4.x] Restrict the XML deserializer to prevent network and entity-expansion DoS attacks.
...
This is a security fix. Disclosure and advisory coming shortly.
2013-02-19 10:37:54 -07:00
9936fdb11d
[1.4.x] Added ALLOWED_HOSTS setting for HTTP host header validation.
...
This is a security fix; disclosure and advisory coming shortly.
2013-02-19 10:37:54 -07:00
dec7dd99f0
[1.4.x] Removed try-except in django.db.close_connection()
...
The reason was that the except clause needed to remove a connection
from the django.db.connections dict, but other parts of Django do not
expect this to happen. In addition the except clause was silently
swallowing the exception messages.
Refs #19707 , special thanks to Carl Meyer for pointing out that this
approach should be taken.
2013-02-13 00:39:43 +02:00
9918b3f502
[1.4.x] Fixed #19707 -- Reset transaction state after requests
...
Backpatch of a4e97cf315
2013-02-10 17:34:38 +02:00
498a5de07b
[1.4.x] Fixed #19645 -- Added tests for TransactionMiddleware
...
Backpatch of f556df90be#19707 .
2013-02-10 17:34:27 +02:00
f2530dcb17
[1.4.X] Fixed a test failure in the comment tests.
...
Backport of 1eb0da1c5b
2012-12-10 23:37:12 +01:00
319627c184
[1.4.X] Fixed a security issue in get_host.
...
Full disclosure and new release forthcoming.
2012-12-10 22:14:16 +01:00
b2ae0a63ae
[1.4.X] Fixed #18856 -- Ensured that redirects can't be poisoned by malicious users.
2012-12-10 22:14:16 +01:00
8c9a8fd5c4
[1.4.x] Fixed the admin_filters tests for Postgres.
...
Backport of c196e01100
2012-12-04 10:41:22 -08:00
c72172244e
[1.4.x] Fixed #19318 -- Ensured that the admin's SimpleListFilter options can be displayed as selected even if the lookup's first element is not a string.
...
Backport of 88e1715639
2012-12-03 20:58:54 -08:00
3e4058be9f
[1.4.x] Fixed ordering-related failure in m2m_through_regress tests
...
Backpatch of dc569c8801
2012-11-24 16:10:16 +02:00
046300c43b
[1.4.x] Restored Python 2.5 compatibility in m2m_through_regress tests.
...
Refs #18823 .
2012-11-24 09:49:30 +01:00
c7dcb1d808
[1.4.x] Fixed SQLite's collapsing of same-valued instances in bulk_create
...
SQLite used INSERT INTO tbl SELECT %s UNION SELECT %s, the problem
was that there should have been UNION ALL instead of UNION.
Refs #19351
Backpatch of a27582484c
2012-11-24 01:28:25 +02:00
37c87b785d
[1.4.x] Fixed #18823 -- Ensured m2m.clear() works when using through+to_field
...
There was a potential data-loss issue involved -- when clearing
instance's m2m assignments it was possible some other instance's
m2m data was deleted instead.
This commit also improved None handling for to_field cases.
Backpatch of 611c4d6f1c
2012-10-28 17:38:26 +02:00
773a29295a
Added missed poisoned host header test changes
2012-10-18 11:18:25 -07:00
cc0478606a
[1.4.x] Fixed #18881 -- Made the context option in {% trans %} and {% blocktrans %} accept literals wrapped in single quotes. Thanks to lanyjie for the report.
2012-10-13 10:51:53 -07:00
3ac70a5907
[1.4.X] Fixed #16817 - Added a guide of code coverage to contributing docs.
...
Thanks Pedro Lima for the draft patch.
Backport of 06f5da3d78
2012-10-11 06:14:24 -04:00
336dfc3413
[1.4.X] Fixed #18530 -- Fixed a small regression in the admin filters where wrongly formatted dates passed as url parameters caused an unhandled ValidationError. Thanks to david for the report.
2012-09-15 16:33:56 -07:00
2326860851
[1.4.x] Fixed #17788 -- Added batch_size argument to qs.bulk_create()
...
The qs.bulk_create() method did not work with large batches together
with SQLite3. This commit adds a way to split the bulk into smaller
batches. The default batch size is unlimited except for SQLite3 where
the batch size is limited to 999 SQL parameters per batch.
Thanks to everybody who participated in the discussions at Trac.
Backpatch of 29132ebdef
2012-09-02 19:17:15 +03:00
92f7af3c36
[1.4.x] Fixed #18212 -- Standardized arguments of GenericIPAddressField
...
Unlike other model fields, the newly introduced (1.4)
GenericIPAddressField did not accept verbose_name and name as the
first positional arguments. This commit fixes it.
Thanks Dan McGee for the report and the patch.
Backport of 306d34873c
2012-09-01 18:39:51 +02:00
e34685034b
[1.4.x] Fixed a security issue in http redirects. Disclosure and new release forthcoming.
...
Backport of 4129201c3e
2012-07-30 22:03:33 +02:00
1c13cc023f
[1.4.x] readd imports deleted in 4d2fdd
2012-06-04 13:24:05 +02:00
4d2fdd4185
[1.4.X] Fixed #18379 -- Made the sensitive_variables decorator work with object methods.
2012-06-03 23:59:01 -07:00
0f69a16785
[1.4.x] Fixed #18135 -- Close connection used for db version checking
...
On MySQL when checking the server version, a new connection could be
created but never closed. This could result in open connections on
server startup.
Backport of 4423757c0c
2012-05-27 21:51:03 +03:00
a3c8201b77
[1.4.x] Fixed #17976 -- Made forms.BooleanField pickleable.
...
Backport of 9350d1d59c
2012-05-08 23:20:05 +02:00
3f77b84489
[1.4.X] Fixed #18027 -- Removed an HTMLParser test that doesn't raise any more in recent Python versions. Thanks Arfever and Anssi Kaariainen for the report and the patch.
...
Backport of r17900 from trunk.
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17901 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-11 21:27:18 +00:00
01dfe35b38
[1.4.X] Fixed #18090 -- Applied filters when running prefetch_related backwards through a one-to-one relation. Backport of r17888 from trunk.
...
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17889 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-10 06:06:14 +00:00
a6ba67ffd1
[1.4.X] Fixed #18086 -- Restored '-pk' as the default order in the admin changelist. This rectifies a slight change in behavior introduced in Django 1.4 and r17635.
...
Backport of r17881 from trunk.
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17882 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-09 04:32:42 +00:00
aafa73db54
[1.4.X] Fixed #17972 -- Ensured that admin filters on a foreign key respect the to_field attribute. This fixes a regression introduced in [14674] and Django 1.3. Thanks to graveyboat and Karen Tracey for the report.
...
Backport of r17854 from trunk.
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17858 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-31 18:46:18 +00:00
e78d6b406b
Reverted parts of r16963 to fix a regression on the creation of permissions on proxy models. Refs #17904 . Thanks koenb for the report and claudep for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17776 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-22 08:49:48 +00:00
1e28567e0d
Fixed #17937 -- Avoided an error in the timeuntil filter when it receives a date object. Thanks Dmitry Guyvoronsky for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17774 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-22 07:29:39 +00:00
4219e2b7f8
Fixed #17920 -- Actually pass the full path of a newly created project or app in the template context as mentioned in the startproject docs. Many thanks to Preston Holmes for the initial patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17773 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-21 22:29:32 +00:00
358c5a1c2a
Fixed #17932 -- Tweaked the admin_changelist tests because Oracle doesn't like columns named 'number'.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17767 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-19 12:52:15 +00:00
c8e2f7591d
Fixed #17931 -- Accepted aware datetimes to set cookies expiry dates. Thanks jaddison for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17766 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-18 20:58:22 +00:00
c7cc4cfb9e
Fixed #16138 -- Made FormMixin get_initial return a copy of the 'initial' class variable. Thanks hanson2010, wilfred@potatolondon.com and agriffis for their work on the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17765 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-17 22:31:03 +00:00
1ff9be1144
Fixed #17828 -- Ensured that when a list filter's `queryset()` method fails, it does so loudly instead of getting swallowed by a `IncorrectLookupParameters` exception. This also properly fixes #16705 , which hadn't been addressed correctly in [16705].
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17763 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-17 21:45:36 +00:00
f0b9bb2ef9
Do not unconditionally add extra_tests when testing geodjango.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17761 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-17 17:44:42 +00:00
e57bedee78
Fixed #17909 - ensure GeoDjango tests have the templates they need. Thanks Nate Bragg for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17757 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-17 04:39:23 +00:00
ddd53dafb5
Fixed #17918 - Handle proxy models correctly when sorting deletions for databases without deferred constraints. Thanks Nate Bragg for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17756 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-17 01:24:39 +00:00
edcaf8b7ff
Reorganized proxy-delete tests for easier addition of new tests. Refs #16128 .
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17755 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-16 23:27:40 +00:00
Loic Bistuer
Tim Graham
Shai Berger
Luke Plant
Anssi Kääriäinen
Florian Apolloner
Aymeric Augustin
Carl Meyer
Julien Phalip
Sebastián Magrí
Preston Holmes
Claude Paroz
Michael Newman
Jannis Leidel