Commit Graph

88 Commits

Author SHA1 Message Date
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Vlastimil Zíma 6de81d65f4 Fixed #14825 -- LocaleMiddleware keeps language
* LocaleMiddleware stores language into session if it is not present there.
2013-05-25 10:52:54 +02:00
Gavin Wahl 48424adaba Fixed #17648 -- Add `for_concrete_model` to `GenericForeignKey`.
Allows a `GenericForeignKey` to reference proxy models. The default
for `for_concrete_model` is `True` to keep backwards compatibility.

Also added the analog `for_concrete_model` kwarg to
`generic_inlineformset_factory` to provide an API at the form level.
2013-05-23 19:03:14 -04:00
Ramiro Morales 8c2fd050f8 Made fix for #9321 less buggy and more effective.
Don't try to be smart about building a good-looking help string
because it evaluates translations too early, simply use the same old
strategy as before. Thanks Donald Stufft for the report.

Also, actually fix the case reported by the OP by special-casing
CheckboxSelectMultiple.

Added tests.

Refs #9321.
2013-05-23 07:49:29 -03:00
Krzysztof Jurewicz ee8b810b97 Fixed #20478 – Added support for HTTP PATCH method in generic views. 2013-05-22 14:48:11 +02:00
Anssi Kääriäinen 70679243d1 Fixed #18702 -- Removed chunked reads from QuerySet iteration 2013-05-21 19:51:59 +03:00
Selwin Ong ea9a0857d4 Fixed #19326 -- Added first() and last() methods to QuerySet 2013-05-21 18:52:28 +03:00
Ramiro Morales 4ba1c2e785 Fixed #9321 -- Deprecated hard-coding of help text in model ManyToManyField fields.
This is backward incompatible for custom form field/widgets that rely
on the hard-coded 'Hold down "Control", or "Command" on a Mac, to select
more than one.' sentence.

Application that use standard model form fields and widgets aren't
affected but need to start handling these help texts by themselves
before Django 1.8.

For more details, see the related release notes and deprecation timeline
sections added with this commit.
2013-05-20 16:29:51 -03:00
Preston Holmes 6786920fd8 Fixed #16330 -- added --pks option in dumpdata command
Thanks to guettli for the initial ticket and patch, with additional work
from mehmetakyuz and Kevin Brolly.
2013-05-19 09:10:40 -07:00
Baptiste Mispelon 980ae2ab29 Fix #20447: URL names given to contrib.auth.views are now resolved.
This commit also adds tests for the redirect feature of most auth views.
It also cleans up the tests, most notably using @override_settings instead
of ad-hoc setUp/tearDown methods.

Thanks to caumons for the report.

Conflicts:
	docs/releases/1.6.txt
2013-05-19 14:36:38 +02:00
Łukasz Langa 660762681c Fixed #20126 -- XViewMiddleware moved to django.contrib.admindocs.middleware 2013-05-19 13:18:35 +02:00
Aymeric Augustin cb86f707a0 Fixed #12747 -- Made reason phrases customizable. 2013-05-19 13:14:54 +02:00
Ramiro Morales 0a50311063 Fixed #20004 -- Moved non DB-related assertions to SimpleTestCase.
Thanks zalew for the suggestion and work on a patch.

Also updated, tweaked and fixed testing documentation.
2013-05-18 19:04:34 -03:00
Łukasz Langa bd97f7d0cb Fixed #15201: Marked CACHE_MIDDLEWARE_ANONYMOUS_ONLY as deprecated 2013-05-18 17:38:32 +02:00
Donald Stufft 398841d6d3 Merge branch 'allow-any-iterable-for-choices' 2013-05-18 11:31:16 -04:00
Donald Stufft a19e9d80ff Fixed #20430 - Enable iterable of iterables for model choices
Allows for any iterable, not just lists or tuples, to be used as
the inner item for a list of choices in a model.
2013-05-18 11:14:05 -04:00
Łukasz Langa 64e11a68f1 Fixed #13285: populate_xheaders breaks caching 2013-05-18 17:03:43 +02:00
Jacob Burch 89955cc35f Fixed #9595 -- Allow non-expiring cache timeouts.
Also, streamline the use of 0 and None between cache backends.
2013-05-18 15:39:42 +02:00
Erik Romijn 756b81dbd1 Fixed #13546 -- Easier handling of localize field options in ModelForm 2013-05-18 14:13:00 +02:00
Claude Paroz b16b72d415 Fixed #5472 --Added OpenLayers-based widgets in contrib.gis
Largely inspired from django-floppyforms. Designed to not depend
on OpenLayers at code level.
2013-05-17 13:33:40 +02:00
Daniel Lindsley 33793f7c3e Fixed #19934 - Use of Pillow is now preferred over PIL.
This starts the deprecation period for PIL (support to end in 1.8).
2013-05-14 19:32:04 -07:00
Carl Meyer 9012833af8 Fixed #17365, #17366, #18727 -- Switched to discovery test runner.
Thanks to Preston Timmons for the bulk of the work on the patch, especially
updating Django's own test suite to comply with the requirements of the new
runner. Thanks also to Jannis Leidel and Mahdi Yusuf for earlier work on the
patch and the discovery runner.

Refs #11077, #17032, and #18670.
2013-05-10 23:08:45 -04:00
Luke Plant f026a519ae Fixed #19733 - deprecated ModelForms without 'fields' or 'exclude', and added '__all__' shortcut
This also updates all dependent functionality, including modelform_factory
 and modelformset_factory, and the generic views `ModelFormMixin`,
 `CreateView` and `UpdateView` which gain a new `fields` attribute.
2013-05-09 16:44:36 +01:00
Aymeric Augustin 3d595c3bc3 Fixed #20215 -- Disabled persistent connections by default. 2013-05-09 15:42:14 +02:00
Claude Paroz 5306285ce2 Complemented documentation following commit be9ae693c
Refs #17840. Thanks Carl Meyer for noticing the omission.
2013-04-18 20:38:07 +02:00
Claude Paroz 975c5afdb5 Added release note about percent literals in cursor.execute
Thanks Aymeric Augustin for noticing the omission and Tim Graham
for the text review.
Fixes #9055 (again).
2013-04-05 14:18:34 +02:00
Ramiro Morales f2d3c4b0ca Added a dedication to Malcolm to release notes. 2013-04-02 14:15:37 -03:00
Donald Stufft 25f2acfed0 Fixed #20138 -- Added BCryptSHA256PasswordHasher
BCryptSHA256PasswordHasher pre-hashes the users password using
SHA256 to prevent the 72 byte truncation inherient in the BCrypt
algorithm.
2013-03-26 13:26:57 -04:00
Tim Graham 6073091b77 Fixed #20124 - Fixed doc warnings. 2013-03-24 13:49:31 -04:00
Aymeric Augustin e12aad2d57 Added changes missing from previous commit.
Sorry.
2013-03-24 14:30:04 +01:00
Aymeric Augustin e16c48e001 Fixed #15124 -- Changed the default for BooleanField.
Thanks to the many contributors who updated and improved the patch over
the life of this ticket.
2013-03-24 13:47:01 +01:00
Aymeric Augustin ae417dd4d5 Added release notes for 4b31a6a9.
Thanks Florian for reporting this omission.
2013-03-24 13:13:19 +01:00
Andrew Gorcester f9ab543720 Fixed #20084 -- Provided option to validate formset max_num on server.
This is provided as a new "validate_max" formset_factory option defaulting to
False, since the non-validating behavior of max_num is longstanding, and there
is certainly code relying on it. (In fact, even the Django admin relies on it
for the case where there are more existing inlines than the given max_num). It
may be that at some point we want to deprecate validate_max=False and
eventually remove the option, but this commit takes no steps in that direction.

This also fixes the DoS-prevention absolute_max enforcement so that it causes a
form validation error rather than an IndexError, and ensures that absolute_max
is always 1000 more than max_num, to prevent surprising changes in behavior
with max_num close to absolute_max.

Lastly, this commit fixes the previous inconsistency between a regular formset
and a model formset in the precedence of max_num and initial data. Previously
in a regular formset, if the provided initial data was longer than max_num, it
was truncated; in a model formset, all initial forms would be displayed
regardless of max_num. Now regular formsets are the same as model formsets; all
initial forms are displayed, even if more than max_num. (But if validate_max is
True, submitting these forms will result in a "too many forms" validation
error!) This combination of behaviors was chosen to keep the max_num validation
simple and consistent, and avoid silent data loss due to truncation of initial
data.

Thanks to Preston for discussion of the design choices.
2013-03-21 01:27:24 -07:00
Carny Cheng aaec4f2bd8 Fixed #18839 - Field.__init__() now calls super(). 2013-03-20 16:20:57 -07:00
Paul Collins 9a85ad89c2 Fixed #16319 -- added SuccessMessageMixin to contrib.messages
Thanks martinogden for the initial patch and d1ffuz0r for tests.
2013-03-19 21:02:55 -07:00
Aymeric Augustin 31b5275235 Fixed #13260 -- Quoted arguments interpolated in URLs in reverse. 2013-03-18 23:58:22 +01:00
Aymeric Augustin 6197935152 Fixed #19968 -- Dropped support for PostgreSQL < 8.4. 2013-03-18 21:16:29 +01:00
Aymeric Augustin 20a91cce04 Fixed #17037 -- Added a --all option to diffsettings. 2013-03-18 00:03:58 +01:00
Aymeric Augustin 912b5d2a6b Fixed #19697 -- Added a deployment checklist. 2013-03-17 19:21:36 +01:00
Aymeric Augustin 0555ef7c23 Added structure in the 1.6 release notes.
The backwards-incompatible changes section wasn't structured in sections
like it is in release notes for previous versions.
2013-03-17 11:05:41 +01:00
Marc Tamlyn d35ffcaaad Corrected typos in the 1.6 release notes 2013-03-15 12:50:15 +01:00
Aymeric Augustin 3f2befc931 Deprecated django.views.defaults.shortcut. 2013-03-14 20:30:23 +01:00
Anssi Kääriäinen 6b4834952d Fixed #16649 -- Refactored save_base logic
Model.save() will use UPDATE - if not updated - INSERT instead of
SELECT - if found UPDATE else INSERT. This should save a query when
updating, but will cost a little when inserting model with PK set.

Also fixed #17341 -- made sure .save() commits transactions only after
the whole model has been saved. This wasn't the case in model
inheritance situations.

The save_base implementation was refactored into multiple methods.
A typical chain for inherited save is:
save_base()
    _save_parents(self)
        for each parent:
            _save_parents(parent)
            _save_table(parent)
    _save_table(self)
2013-03-14 11:01:47 +02:00
Aymeric Augustin 5d8342f321 Proof-read and adjusted the transactions docs. 2013-03-13 15:17:41 +01:00
Jacob Kaplan-Moss 571b2d139b Deprecated django.contrib.comments. 2013-03-11 15:38:40 -05:00
Aymeric Augustin ac37ed21b3 Deprecated TransactionMiddleware and TRANSACTIONS_MANAGED.
Replaced them with per-database options, for proper multi-db support.

Also toned down the recommendation to tie transactions to HTTP requests.
Thanks Jeremy for sharing his experience.
2013-03-11 15:04:05 +01:00
Aymeric Augustin 7c46c8d5f2 Added some assertions to enforce the atomicity of atomic. 2013-03-11 14:48:55 +01:00
Aymeric Augustin 5e27debc5c Enabled database-level autocommit for all backends.
This is mostly a documentation change.

It has the same backwards-incompatibility consequences as those
described for PostgreSQL in a previous commit.
2013-03-11 14:48:54 +01:00
Aymeric Augustin 9cec689e6a Moved a warning in the 1.6 notes back to its expected location. 2013-03-11 12:04:29 +01:00
Claude Paroz e6f5b7eacd Fixed #9806 -- Allowed editing GeometryField with OpenLayersWidget
Thanks Paul Winkler for the initial patch.
2013-03-09 16:10:28 +01:00