Commit Graph

1816 Commits

Author SHA1 Message Date
Anton Strogonoff 20787b5c29 Used consistent capitalization and hyphenation of "class-based views" in docs. 2015-08-18 19:07:10 -04:00
Tim Graham 068a80d717 Added today's issue to the security archive. 2015-08-18 13:46:47 -04:00
Tim Graham 8cc41ce7a7 Fixed DoS possiblity in contrib.auth.views.logout()
Thanks Florian Apolloner and Carl Meyer for review.

This is a security fix.
2015-08-18 08:03:43 -04:00
Tim Graham b0ab74dfca Added stub release notes for security releases. 2015-08-18 08:03:39 -04:00
Caio Ariede dad8434d6f Fixed #25180 -- Prevented varchar_patterns_ops and text_patterns_ops indexes for ArrayField. 2015-08-15 10:02:08 -04:00
Valentina Mukhamedzhanova 1f7b25c1a7 Fixed #24986 -- Added support for annotations in DISTINCT queries. 2015-08-15 08:23:32 -04:00
Sambhav Satija d0bd533043 Fixed #25254 -- Added JsonResponse json_dumps_params parameter. 2015-08-12 10:39:07 -04:00
Doug Beck b7508896fb Fixed #24257 -- Corrected i18n handling of percent signs.
Refactored tests to use a sample project.

Updated extraction:
* Removed special handling of single percent signs.
* When extracting messages from template text, doubled all percent signs
  so they are not interpreted by gettext as string format flags. All
  strings extracted by gettext, if containing a percent sign, will now
  be labeled "#, python-format".

Updated translation:
* Used "%%" for "%" in template text before calling gettext.
* Updated {% trans %} rendering to restore "%" from "%%".
2015-08-12 10:23:34 -04:00
Tim Graham 5980b05c1f Fixed #25160 -- Moved unsaved model instance data loss check to Model.save()
This mostly reverts 5643a3b51b and
81e1a35c36.

Thanks Carl Meyer for review.
2015-08-10 08:51:32 -04:00
Claude Paroz e9c5c39631 Updated various links in docs 2015-08-08 13:57:15 +02:00
Claude Paroz 64982cc2fb Updated Wikipedia links to use https 2015-08-08 12:02:32 +02:00
mlavin 69db1c7455 Fixed #25231 -- Added recording of squashed migrations in the migrate command.
Ensured squashed migrations are recorded as applied when the
migrate command is run and all of the original migrations
have been previously applied.
2015-08-07 17:59:18 -04:00
Tim Graham a7b7f27c05 Fixed #25233 -- Fixed HStoreField.has_changed() handling of initial values.
Thanks Simon Charette for review.
2015-08-07 13:26:17 -04:00
Caio Ariede ec9004728e Fixed #25175 -- Renamed the postgresql_psycopg2 database backend to postgresql. 2015-08-07 09:33:17 -04:00
Sergey Kolosov 244404227e Fixed #22404 -- Added a view that exposes i18n catalog as a JSON
Added django.views.i18n.json_catalog() view, which returns a JSON
response containing translations, formats, and a plural expression
for the specified language.
2015-08-05 09:05:21 -04:00
Matt Robenolt 4dcfbd7923 Fixed #25211 -- Added HttpRequest.get_port() and USE_X_FORWARDED_PORT setting. 2015-08-04 09:50:57 -04:00
Curtis Maloney 9f73009e98 Fixed #25215 -- Solved reference to forms.HStoreField in declaration of HStoreField
Correct test which was using the model field in a test form.
2015-08-04 19:15:22 +10:00
Rigel Di Scala 3bdaaf6777 Fixed #25146 -- Allowed method_decorator() to decorate classes. 2015-08-01 08:38:03 -04:00
Adam Chainz 0abb06930f Fixed #25176 -- Prevented TestCase.setUpTestData() exception from leaking transaction. 2015-08-01 07:33:22 -04:00
Flavio Curella 1e2362ca0f Refs #25184 -- Started deprecation for contrib.gis.geoip. 2015-07-31 10:09:06 -04:00
Flavio Curella 7f0953ce1f Fixed #25184 -- Added support for MaxMind GeoLite2 database format 2015-07-31 09:45:03 -04:00
Tim Graham 70912e137d Fixed #25168 -- Documented how to avoid foreign key constraint error after upgrading to 1.8. 2015-07-31 08:19:39 -04:00
elky 35901e64b0 Fixed #24444 -- Updated contrib.admin to use django-flat-theme 2015-07-30 15:18:22 -04:00
Tim Graham d27e0f04a6 Fixed #25190 -- Deprecated callable_obj parameter to assertRaisesMessage().
Thanks Aymeric Augustin for review.
2015-07-30 10:12:41 -04:00
Piper Merriam 537818af87 Fixed #25185 -- Added support for functools.partial serialization in migrations 2015-07-29 10:15:50 -04:00
Tim Graham adc0c4fbac Fixed #18556 -- Allowed RelatedManager.add() to execute 1 query where possible.
Thanks Loic Bistuer for review.
2015-07-28 09:28:25 +07:00
Flavio Curella c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Marten Kenbeek bc7923beff Fixed #24127 -- Changed the default current_app to the current namespace.
Changed the url template tag to use request.resolver_match.namespace as a
default for the current_app argument if request.current_app is not set.
2015-07-27 09:14:48 -04:00
Claude Paroz c296e55dc6 Fixed #22258 -- Added progress status for dumpdata when outputting to file
Thanks Gwildor Sok for the report and Tim Graham for the review.
2015-07-24 18:37:55 +02:00
Matt Johnson e063ac2fae Fixed #12768 -- Fixed QuerySet.raw() regression on FK with custom db_column. 2015-07-23 18:07:38 -04:00
Tim Graham 8eeb566aca Fixed #25149 -- Replaced window.__admin_utc_offset__ with a data attribute. 2015-07-22 17:09:52 -04:00
lukasz.wojcik 927b30a6ab Fixed #24126 -- Deprecated current_app parameter to auth views. 2015-07-21 08:26:41 -04:00
Edward Henderson f8cc464452 Fixed #16501 -- Added an allow_unicode parameter to SlugField.
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00
Claude Paroz 1ef4aeab40 Fixed #25078 -- Added support for disabled form fields
Thanks Keryn Knight and Tim Graham for the reviews.
2015-07-16 19:36:56 +02:00
Tim Graham 1fed8dd715 Fixed #25120 -- Deprecated egg template loader. 2015-07-16 09:32:42 -04:00
Thomas Stephenson 035b0fa60d Fixed #24716 -- Deprecated Field._get_val_from_obj()
The method duplicates the functionality of Field.value_from_object()
and has the additional downside of being a privately named public
API method.
2015-07-14 09:13:22 -04:00
Tim Graham 64f731e77d Added 1.4.22 release notes. 2015-07-14 07:28:55 -04:00
Vlastimil Zíma 8f8c54f70b Fixed #25099 -- Cleaned up HttpRequest representations in error reporting. 2015-07-13 19:22:39 -04:00
Daniel Roseman 24620d71f2 Fixed #25079 -- Added warning if both TEMPLATES and TEMPLATE_* settings are defined.
Django ignores the value of the TEMPLATE_* settings if TEMPLATES is also
set, which is confusing for users following older tutorials. This change
adds a system check that warns if any of the TEMPLATE_* settings have
changed from their defaults but the TEMPLATES dict is also non-empty.

Removed the TEMPLATE_DIRS from the test settings file; this was marked
for removal in 1.10 but no tests fail if it is removed now.
2015-07-13 17:50:22 -04:00
Andrei Kulakov db97a88495 Fixed #24375 -- Added Migration.initial attribute
The new attribute is checked when the `migrate --fake-initial` option
is used. initial will be set to True for all initial migrations (this
is particularly useful when initial migrations are split) as well as
for squashed migrations.
2015-07-13 15:57:40 -04:00
Razvan Andrei Ionescu 97bc875234 Fixed #25117 -- Added Romanian char map for Javascript slug generation 2015-07-13 13:31:12 -04:00
Claude Paroz 2e05ef4e18 Added release note for the UUID serialization backport
Refs #25019.
2015-07-10 09:00:19 +02:00
Claude Paroz 846cb6fef7 Added stub release notes for 1.8.4 2015-07-10 08:51:16 +02:00
Tim Graham 3d650e80ad Added today's security issues to the archive. 2015-07-08 17:41:48 -04:00
Shai Berger 17d3a6d804 Fixed catastrophic backtracking in URLValidator.
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Tim Graham 014247ad19 Prevented newlines from being accepted in some validators.
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
2015-07-08 15:23:03 -04:00
Carl Meyer df049ed77a Fixed #19324 -- Avoided creating a session record when loading the session.
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Tim Graham 125eaa19b2 Added security release note stubs. 2015-07-08 15:23:03 -04:00
Luke Plant f87e552d98 Corrected example code for get_query_set upgrade in 1.6 release notes
The conditional setting of `get_query_set` is required for correct behaviour
if running Django 1.8. The full gory details are here:

http://lukeplant.me.uk/blog/posts/handling-django%27s-get_query_set-rename-is-hard/
2015-07-08 10:58:07 +01:00
Chris Bainbridge e5cfa394d7 Refs #23882 -- Added detection for moved files when using inotify polling
Commit 15f82c7 ("used pyinotify as change detection system when
available") introduced a regression where editing a file in vim with
default settings (writebackup=auto) no longer causes the dev server
to be restarted. On a write, vim moves the monitored file to a backup
path and then creates a new file in the original. The new file is not
monitored as it has a different inode. Fixed this by also watching for
inotify events IN_DELETE_SELF and IN_MOVE_SELF.
2015-07-07 12:23:04 -04:00