Commit Graph

19572 Commits

Author SHA1 Message Date
Aymeric Augustin 3dc01aaaaf Deprecated ALLOWED_INCLUDE_ROOTS. 2014-12-28 17:02:30 +01:00
Aymeric Augustin 84d7c93feb Raised an error when allowed_include_roots is a string.
This avoids leaving projects silently vulnerable when this option is set
to a string instead of a one-item tuple containing that string, a very
common misconfiguration.
2014-12-28 17:02:29 +01:00
Aymeric Augustin cf1f36bb6e Deprecated current_app in TemplateResponse and render(_to_response). 2014-12-28 17:02:29 +01:00
Aymeric Augustin e53495ba33 Preserved context class in inclusion_tag.
Previously, when a template was rendered with RequestContext, inclusion
tags were rendered with a plain context, losing additional information
available in the RequestContext.

The (admittedly bizarre) implementation of RequestContext.new() has the
side-effect of not running template context processors, making this
change backwards-compatible.
2014-12-28 17:02:29 +01:00
Aymeric Augustin fdbfc98003 Deprecated some arguments of django.shortcuts.render(_to_response).
dictionary and context_instance and superseded by context.

Refactored tests that relied context_instance with more modern idioms.
2014-12-28 17:02:29 +01:00
Aymeric Augustin a0141f9eac Simplified implementation of django.shortcuts.render(_to_response).
*args, **kwargs brought more confusion than concision.
2014-12-28 17:00:07 +01:00
Aymeric Augustin 92e8f1f302 Moved context_processors from django.core to django.template. 2014-12-28 17:00:07 +01:00
Aymeric Augustin c599f233b1 Added a comment about the last use of Engine.get_default(). 2014-12-28 17:00:07 +01:00
Aymeric Augustin 969e082858 Added tests for django.template.loader.
Deprecated features aren't tested.
2014-12-28 17:00:07 +01:00
Aymeric Augustin 90805b240f Supported multiple template engines in render_to_string.
Adjusted its API through a deprecation path according to the DEP.
2014-12-28 16:23:02 +01:00
Aymeric Augustin f9a6ebf6f5 Removed extraneous arguments in Engine.from_string.
This aligns the Django Template Engine API with the common template
backend API.
2014-12-28 16:23:02 +01:00
Aymeric Augustin f50a09f2cd Removed private API get_template_from_string.
It wasn't documented and it wasn't used anywhere.
2014-12-28 16:23:01 +01:00
Aymeric Augustin 5523e4cdbb Removed private API find_template.
It wasn't documented and it wasn't used anywhere, except in a few tests
that don't test it specifically and can be rewritten with get_template.
2014-12-28 16:23:01 +01:00
Aymeric Augustin 4ea43ac915 Supported multiple template engines in get_template and select_template.
This commit changes the return type of these two functions. Instead of
returning a django.template.Template they return a backend-specific
Template class that must implement render(self, context).
2014-12-28 16:23:01 +01:00
Aymeric Augustin 6854998c8f Looked up the default template engine in the list of all engines. 2014-12-28 16:23:01 +01:00
Aymeric Augustin 92a2d049a2 Isolated template tests from Django settings. 2014-12-28 16:23:01 +01:00
Aymeric Augustin b34b8a12b7 Passed a reference to the current engine when instantiating Template. 2014-12-28 16:23:00 +01:00
Aymeric Augustin 24dffaf0cb Removed some uses of global APIs from django.template.loader. 2014-12-28 16:23:00 +01:00
Aymeric Augustin 332154e726 Added basic tests for template backends. 2014-12-28 16:23:00 +01:00
Aymeric Augustin 1eca0e95cf Added Django template backend. 2014-12-28 16:08:35 +01:00
Aymeric Augustin 44de7218a5 Added jinja2 template backend. 2014-12-28 16:08:34 +01:00
Aymeric Augustin 86c75996f0 Added dummy template backend. 2014-12-28 16:08:34 +01:00
Aymeric Augustin 1acfd624d6 Added initial support for loading template engines. 2014-12-28 16:08:31 +01:00
Aymeric Augustin b19693e6d8 Imported BaseEngine from the DEP.
i18n is left aside for now.
2014-12-28 15:57:11 +01:00
Aymeric Augustin 7eefdbf7ab Cleaned up the django.template namespace.
Since this package is going to hold both the implementation of the Django
Template Language and the infrastructure for Multiple Template Engines,
it should be untied from the DTL as much as possible within our
backwards-compatibility policy.

Only public APIs (i.e. APIs mentioned in the documentation) were left.
2014-12-28 14:47:31 +01:00
Aymeric Augustin bfa21ddf76 Renamed get_template_from_string to from_string.
The shorter name is just as explicit and, well, shorter.
2014-12-28 14:47:31 +01:00
Aymeric Augustin b3eda6ec3e Simplified handling of a default value. 2014-12-28 14:47:30 +01:00
Tim Graham 3d0c3a0482 Fixed #24056 -- Fixed syntax highlighting in topics/testing/tools.txt. 2014-12-27 19:49:16 -05:00
Christopher Grebs 508be27dbf Fixed #24057 -- Fixed typo in docs/howto/custom-lookups.txt. 2014-12-27 19:38:24 -05:00
Aymeric Augustin 7fd5629d23 Added release notes for the last two commits. 2014-12-27 18:26:48 +01:00
Aymeric Augustin 6d52f6f8e6 Fixed #23831 -- Supported strings escaped by third-party libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Aymeric Augustin 5c5eb5fea4 Fixed an inconsistency introduced in 547b1810.
mark_safe and mark_for_escaping should have been kept similar.

On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
2014-12-27 17:44:54 +01:00
Tim Graham 89e2c60f43 Fixed #24000 -- Corrected contrib.sites default site creation in a multiple database setup. 2014-12-27 09:42:13 -05:00
Claude Paroz e112bacd21 Forward-ported release note for 322560489 2014-12-27 15:13:12 +01:00
Claude Paroz 2ceb10f3b0 Fixed #14180 -- Prevented unneeded index creation on MySQL-InnoDB
Thanks zimnyx for the report and Simon Charette, Tim Graham for
the reviews.
2014-12-27 12:52:44 +01:00
Josh Smeaton 4718296546 Fixed #23753 -- Added a suite of SQL Functions
Added functions and tests
Added docs and more tests
Added TextField converter to mysql backend
Aliased Value as V in example docs and tests
Removed unicode_compatible in example
Fixed console emulation in examples
2014-12-27 15:27:27 +11:00
Tim Graham 7c07612e90 Removed an unnecessary models file in the admin_scripts tests. 2014-12-26 19:31:54 -05:00
Tim Graham 75bbcfa332 Replaced sqlall in some bash_completion/admin_scripts tests.
sqlall will be removed in Django 1.9, so now's a good time to remove
its usage where it's not important.
2014-12-26 18:52:26 -05:00
Collin Anderson 0821b3d53c Clarified custom header instructions in tutorial 2. 2014-12-26 18:28:47 -05:00
Tim Graham c2e419c267 Fixed #24054 -- Enabled sqlsequencereset for apps with migrations. 2014-12-26 15:55:34 -05:00
Tim Graham 1729a5250b Removed obsolete item from deprecation timeline.
Initial SQL data will be removed in Django 1.9 so changes to it
aren't relevant.
2014-12-26 13:48:13 -05:00
Gavin Wahl b4e76f30d1 Fixed #23346 -- Fixed lazy() to lookup methods on the real object, not resultclasses.
Co-Authored-By: Rocky Meza <rmeza@fusionbox.com>
2014-12-26 11:30:34 -05:00
Tim Graham c5fb34c47e Documented AdminSite.has_permission(); refs #22295. 2014-12-26 09:14:10 -05:00
Tim Graham 271d4f8f85 Fixed #23948 -- Moved password help text from the template to the form.
Thanks Mithos for the report and patch.
2014-12-26 08:09:12 -05:00
Tim Graham 3325ec869c Fixed #24045 -- Removed useless mark_safe() call in trans_null.py 2014-12-26 07:42:49 -05:00
Claude Paroz ffa548fb56 Updated link to CSRF docs
Refs #23866.
2014-12-25 14:01:15 +01:00
Claude Paroz 234a2e0b6b Fixed #23866 -- Harmonized refs to Django documentation from code 2014-12-25 13:53:13 +01:00
Brian Scoles a6f0b6a98f Fixed typo in docs/intro/tutorial01.txt. 2014-12-25 06:56:23 -05:00
Tim Graham 426ead27bd Removed shutil.copystat copied from stdlib (added to support an old Python?). 2014-12-24 19:29:33 -05:00
Tim Graham 6571ed14b6 Fixed #24049 -- Removed obsolete Java notes for Mac OS. 2014-12-24 18:38:07 -05:00