Jacob Kaplan-Moss
174d8db57c
Prevented non-admin users from accessing the admin redirect shortcut.
...
If the admin shortcut view (e.g. /admin/r/<content-type>/<pk>/) is
publically-accessible, and if a public users can guess a content-type ID
(which isn't hard given that they're sequential), then the redirect view could
possibly leak data by redirecting to pages a user shouldn't "know about." So
the redirect view needs the same protection as the rest of the admin site.
Thanks to Jason Royes for pointing this out.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15639 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-24 13:34:51 +00:00
Ramiro Morales
4b13e76deb
Fixed #14012 (again) -- Admin app: Don't show the full user edition view after adding a user in a FK popup. Thanks dburke for reporting this regression introduced in r14628.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15637 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-24 01:00:57 +00:00
Russell Keith-Magee
12bd7bcb35
Fixed #12004 -- Improved error reporting when an abstract class is registered with the admin. Thanks to Matt Smalley for the report, and to mk and Julien Phalip for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15636 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-23 13:43:21 +00:00
Ramiro Morales
337d102b86
Fixed #13510 -- Corrected colspan of non-field-specific error messages in admin app tabular inlines so it isn't greater than the actual number of field cells. Thanks KyleMac for the report and Julien Phalip for the patch fixing the issue.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15626 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-22 03:07:57 +00:00
Luke Plant
fdf9602961
Fixed #11058 - list_display_links doesn't allow callables not defined in the model
...
Thanks to dvine for the report and julien for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15619 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 19:15:02 +00:00
Luke Plant
c411377bd5
Fixed #15349 - Bound FormSet produces bound empty_form
...
Thanks to hidde-jan for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15614 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 15:43:42 +00:00
Luke Plant
13f9fd38dc
Fixed #14099 - BaseModelFormSet should use _should_delete_form
...
Thanks to kenth for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15612 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 14:23:02 +00:00
Luke Plant
6902824ac2
Fixed #11707 - limit_choices_to on a ForeignKey can render duplicate options in formfield
...
Thanks to Chris Wesseling for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15607 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 14:03:59 +00:00
Russell Keith-Magee
b151bccdcc
Fixed #15359 -- Ensure that the -h option is always honored by django-admin.py. Thanks to teubank for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15605 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 13:45:57 +00:00
Russell Keith-Magee
b700c3a918
Fixed #15364 -- Ensure files are closed correctly during file tests. Thanks to Mila for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15604 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 13:45:29 +00:00
Karen Tracey
f21fc714ea
Fixed #15362 : Added explicit deletion of file to test, needed now since files are no longer auto-deleted when a referencing object is deleted. Thanks mila.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15602 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 12:35:19 +00:00
Ramiro Morales
52fc61e0cf
Fixed #14529 -- Fixed representation of model names in admin messages after model object changes when the ModelAdmin queryset() uses defer() or only(). Thanks rlaager for report and initial patch, to rasca an julien for help in tracking the problem.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15596 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-20 23:09:25 +00:00
Chris Beaven
1073a83f2c
Ensure render_to_string leaves the context instance stack in the state it was originally passed in.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15591 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-20 04:55:11 +00:00
Russell Keith-Magee
1abf126e61
Fixed #9161 -- Ensure that ModelMultipleChoiceField respects to_field_name in validation. Thanks to Honza for the report, and Gregor Müllegger for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15587 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 14:45:54 +00:00
Russell Keith-Magee
75a1aaa1f9
Fixed #11513 -- Ensure that the redirect at the end of an object change won't redirect to a page for which the user doesn't have permission. Thanks to rlaager for the report and draft patch, and to Julien Phalip for the final patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15584 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 14:05:07 +00:00
Russell Keith-Magee
fe3c9ad551
Fixed #14355 -- Ensure that help_text is displayed for readonly fields in the admin. Thanks to jester for the report, and to alexbmeng, subsume, wamberg and Julien Phalip for ther work on the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15582 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 12:55:09 +00:00
Russell Keith-Magee
791ecb4be4
Fixed #13126 -- Ensured that individual form errors are displayed when errors occur on a list-editable changelist. Thanks to slafs for the report, and to Julien Phalip for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15580 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 11:48:42 +00:00
Russell Keith-Magee
de161fbf21
Fixed #12893 -- Added tests to validate that the right queryset is always used in model admins. Thanks to mk and Julien Phalip for their work on the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15578 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 08:37:46 +00:00
Russell Keith-Magee
b3c7e399a4
Fixed #15291 -- Corrected alignment issue when actions are disabled in a ModelAdmin. Thanks to Julien Phalip for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15573 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 08:10:57 +00:00
Carl Meyer
969217d455
Fixed #15260 -- Ensured that CACHE_MIDDLEWARE_ANONYMOUS_ONLY is effective with the cache_page decorator, not only the middleware. Thanks to brodie for report and draft patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15559 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-17 04:35:26 +00:00
Carl Meyer
ed7a30782b
Reduced code duplication in cache middleware tests.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15557 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-17 03:50:55 +00:00
Ramiro Morales
8c3416f468
Changed strategy used to force evaluation of django.utils.translation in tests added in r15508 and r15513 to not use reload(). Thanks Alex for reporting it caused problems.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15554 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-16 22:30:44 +00:00
Alex Gaynor
9ebc9108de
Fix the test isolation from [15552].
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15553 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-16 15:44:13 +00:00
Jannis Leidel
ada08cd6d8
Fixed #15314 -- Added tests for the static URL pattern function added in r15530 and made sure the **kwargs are passed to the view correctly. Thanks for the report and initial patch, Bruno Renié.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15552 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-16 12:50:57 +00:00
Jannis Leidel
24e0b56dcb
Moved the test added in r15504 to a different case where it doesn't actually verify the existence of the URL by calling urlopen but only validates it.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15551 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-16 12:50:46 +00:00
Ramiro Morales
d5042109b8
Corrected small error when preserving an I18N-related setting value in an admin views test setup.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15550 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-16 03:30:27 +00:00
Jannis Leidel
0577edf610
Fixed a test case introduced in r15538 by creating a test file with non-ASCII characters dynamically.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15541 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-15 18:15:38 +00:00
Russell Keith-Magee
64b042bb3c
Fixed #15247 -- Ensured that if a SingleObject view defines get_object but not get_queryset, the ModelFormMixin doesn't fail. Thanks to Sergey N. Belinsky for the report and test case.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15540 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-15 08:12:29 +00:00
Jannis Leidel
64a0a33c33
Fixed the staticfiles management commands collectstatic and findstatic to not raise encoding related exceptions when handlings filenames with non-ASCII characters.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15538 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-14 23:45:32 +00:00
Russell Keith-Magee
bb26c328ec
Fixed #15298 -- Raise a better error when a TemplateResponseMixin doesn't have a template_name defined. Thanks to rasca for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15532 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-14 13:05:14 +00:00
Russell Keith-Magee
06b22963ea
Fixed #15272 -- Altered generic views to use the guaranteed untranslated object_name, rather than the possibly translated verbose_name(_plural) for default context objects. Thanks to szczav for the report and patch.
...
This is BACKWARDS INCOMPATIBLE for anyone relying on the default context object names for class-based Detail and List views. To migrate, either update your templates to use the new default names, or add a context_object_name argument to your generic views.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15531 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-14 13:04:51 +00:00
Jannis Leidel
a26034ffbf
Fixes #15270 -- Moved back the serve view to django.views.static due to dependency conflicts with the contrib app staticfiles (reverts parts of r14293). Added a helper function that generates URL patterns for serving static and media files during development. Thanks to Carl for reviewing the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15530 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-14 01:42:26 +00:00
Ramiro Morales
337b6786fd
Fixed #13902 -- Fixed admin list_filter so it doesn't show duplicate results when it includes a field spec that involves m2m relationships with an intermediate model. Thanks Iván Raskovsky for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15526 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-13 22:51:40 +00:00
Ramiro Morales
f6aa469b1d
Fixed #13007 -- Made cookie parsing resilent to the presence of cookies with invalid characters in their names. Thanks Warlax for the report, Ubercore for his work on a fix and Jannis and Luke for review and guidance.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15523 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-13 02:24:05 +00:00
Ramiro Morales
a797b7dba0
Fixed #14130 -- Made manage.py error reporting more useful when the settings.py file triggers import errors (in new projects). Thanks Setok for the report, mk and steph for their work.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15522 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-13 01:56:12 +00:00
Ramiro Morales
eaf17475b2
Added a test for the PendingDeprecationWarning introduced in r15441. Refs #14924 , #15286 .
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15513 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-12 20:42:39 +00:00
Jannis Leidel
179fefcf7c
Fixed #15286 -- Don't show deprecation warning if project locale dir is included in LOCALE_PATHS. Thanks to Claude and Ramiro.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15508 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-12 19:12:36 +00:00
Jannis Leidel
632d9f994f
Fixed #15237 -- Always set charset of Atom1 feeds to UTF-8. Thanks, Simon and jasonkotenko.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15505 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-12 19:12:14 +00:00
Jannis Leidel
ba1876cef2
Fixed #14941 -- Stop raising ValidationError in form fields that use the URLValidator and get a IDN domain passed. Thanks, Claude Paroz.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15504 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-12 19:12:05 +00:00
Jannis Leidel
bc5c2537ae
Fixed #14132 -- Fixed feedgenerator to support years < 1900. Thanks, mk.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15503 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-12 19:11:57 +00:00
Jannis Leidel
47b1a8e704
Fixed #12988 -- Extended regular expression of the URLValidator to fully support IDN-URLs, especially the long TLDs.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15502 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-12 19:11:49 +00:00
Jannis Leidel
e258d9a10b
Fixed #14955 -- Made the URLValidator use a HEAD request when verifying a URL. Thanks, Claude Paroz.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15500 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-12 19:11:35 +00:00
Russell Keith-Magee
492b8a0821
Fixed #13987 -- Ensure that the primary key is set correctly for all models that have concrete-abstract-concrete inheritance, not just the first model. Thanks to Aramgutang for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15498 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-12 15:07:27 +00:00
Russell Keith-Magee
6314a1b42e
Fixed #9964 -- Ensure that all database operations make transactions dirty, not just write operations. Many thanks to Shai Berger for his work and persistence on this issue.
...
This is BACKWARDS INCOMPATIBLE for anyone relying on the current behavior that allows manually managed read-only transactions to be left dangling without a manual commit or rollback.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15493 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-12 13:03:34 +00:00
Carl Meyer
9f6d50d02e
Fixed #15182 - Fixed a security issue with ClearableFileInput. Disclosure and new release forthcoming.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15470 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-09 02:41:32 +00:00
Alex Gaynor
208630aa4b
Fixed a security issue in the CSRF component. Disclosure and new release forthcoming.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15464 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-09 02:06:27 +00:00
Russell Keith-Magee
c2666c9a45
Ensure that L10N formats aren't cached between tests.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15461 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-09 00:09:54 +00:00
Russell Keith-Magee
d3b38d578f
Fixed #13815 -- Ensure that reverse exclude lookups on nullable foreign keys exclude null values. Thanks to bpeschier for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15458 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-08 14:06:02 +00:00
Russell Keith-Magee
4e7c2ba1d7
Cleaned up the tests from r15451 to avoid the need to retrieve a URL twice.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15453 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-08 12:20:18 +00:00
Russell Keith-Magee
74ffca17e2
Fixed #10573 -- Corrected autofocus problem in admin when the first widget displayed is a multiwidget. Thanks to rduffield for the report, and to Ramiro and Julien Phalip for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15452 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-08 12:00:21 +00:00