Commit Graph

8435 Commits

Author SHA1 Message Date
Tim Graham 721d8e50ac Fixed #25144 -- Allowed migrate to create tables for apps without migrations. 2015-09-04 09:47:30 -04:00
Maxime Lorant c92cd22d02 Refs #25345 -- Updated links to code.google.com. 2015-09-04 08:14:21 -04:00
David Gibbons 526a413870 Updated static files howto title to include JavaScript. 2015-09-04 08:07:57 -04:00
Tim Graham 7c0850028f Documented a limitation of Options.required_db_features. 2015-09-03 13:37:39 -04:00
Dražen Odobašić 5ab65ca5c9 Fixed #25326 -- Added namedtuple example for executing custom SQL. 2015-09-03 13:11:46 -04:00
Tim Graham 12083c5d47 Moved misplaced versionadded annotation. 2015-09-03 08:58:17 -04:00
Tim Graham a8eb715b66 Refs #24152 -- Fixed typos in deprecated GeoQuerySet aggregate names. 2015-09-02 19:57:08 -04:00
Maxime Lorant 5153a3bfdc Fixed #25331 -- Removed trailing blank lines in docstrings. 2015-08-31 17:37:21 -04:00
Tim Graham 123984ff66 Fixed #25289 -- Updated admin's jQuery to 2.1.4. 2015-08-31 09:39:43 -04:00
Tyson Clugg 73df1040a2 Cleaned up example migration files in docs 2015-08-31 22:15:05 +10:00
Tyson Clugg e34226fc37 Fixed #25259 -- Added comments to header of generated migration files 2015-08-31 22:14:21 +10:00
David Sanders 7a98442f96 Clarified 404.html usage, excplicitly stated that it's used when DEBUG is False
Thanks to Keryn Knight, Curtis Maloney and Tim Graham for their reviews.
2015-08-31 14:39:31 +10:00
Aymeric Augustin fe6ddb837d Fixed #24704 -- Made the autoreloader survive SyntaxErrors.
With this change, it's expected to survive anything except errors
that make it impossible to import the settings. It's too complex
to fallback to a sensible behavior with a broken settings module.

Harcoding things about runserver in ManagementUtility.execute is
atrocious but it's the only way out of the chicken'n'egg problem:
the current implementation of the autoreloader primarily watches
imported Python modules -- and then a few other things that were
bolted on top of this design -- but we want it to kick in even if
the project contains import-time errors and django.setup() fails.

At some point we should throw away this code and replace it by an
off-the-shelf autoreloader that watches the working directory and
re-runs `django-admin runserver` whenever something changes.
2015-08-29 20:49:56 +02:00
Y3K b649f68649 Fixed #25262 -- Removed the enable_comments field from FlatPageAdmin. 2015-08-29 08:55:50 -04:00
Sergey Kolosov e75882332c Fixed #17375 -- Changed makemessages to use xgettext with --files-from
Changed the way makemessages invokes xgettext from one call per
translatable file to one call per locale directory (using --files-from).
This allows to avoid https://savannah.gnu.org/bugs/index.php?35027 and,
as a positive side effect, speeds up localization build.
2015-08-28 15:41:58 -04:00
Tim Graham 01b2b0b654 Fixed #25318 -- Made SILENCED_SYSTEM_CHECKS suppress all messages.
Previously, messages of ERROR level or higher were printed to
the console.
2015-08-28 13:34:56 -04:00
Tim Graham 9607a04041 Fixed #25299 -- Fixed crash with ModelAdmin.list_display value that clashes with a model reverse accessor. 2015-08-28 08:46:26 -04:00
Tim Graham 22a791e608 Refs #20597 -- Fixed spelling of HiDPI. 2015-08-27 19:32:57 -04:00
elky c32b61c6fd Fixed #20597 -- Replaced admin GIF/PNG icons by SVG 2015-08-27 17:21:02 -04:00
Sergey Kolosov 22bb548900 Fixed #22634 -- Made the database-backed session backends more extensible.
Introduced an AbstractBaseSession model and hooks providing the option
of overriding the model class used by the session store and the session
store class used by the model.
2015-08-27 15:00:09 -04:00
Tim Graham 956df84a61 Removed historical note about session serialization. 2015-08-27 10:00:18 -04:00
Tim Graham e8cbc2b322 Refs #2495 -- Documented that MySQL cannot have TextField(unique=True). 2015-08-27 09:29:13 -04:00
Alex Hill 7bec480fe2 Fixed #24201 -- Added order_with_respect_to support to GenericForeignKey. 2015-08-27 09:20:17 -04:00
Tim Graham 91ec1841f5 Added 'subtransactions' to spelling wordlist. 2015-08-26 08:20:27 -04:00
Tim Graham ea47a052ba Fixed #25311 -- Removed vague language about "partial commits" from docs. 2015-08-25 20:23:43 -04:00
David Sanders 7efdd40407 Updated PROJ.4 link to new GitHub wiki. 2015-08-25 09:57:04 -04:00
Tim Graham 2a1a085bf1 Fixed #25309 -- Corrected that ATOMIC_REQUESTS applies per view not per request. 2015-08-25 09:53:22 -04:00
Claude Paroz 9324935c3e Fixed #25295 -- Restored 'no active translation' after language override
Thanks David Nelson Adamec for the report and Tim Graham for the review.
2015-08-25 10:32:10 +02:00
Maxime Lorant 4ce433e811 Fixed #25302 -- Prevented BrokenLinkEmailsMiddleware from reporting 404s when Referer = URL. 2015-08-24 19:35:49 -04:00
Tommy Beadle d3fdaf907d Fixed #23727 -- Inhibited the post_migrate signal when using serialized_rollback.
When using a TransactionTestCase with serialized_rollback=True,
after creating the database and running its migrations (along with
emitting the post_migrate signal), the contents of the database
are serialized to _test_serialized_contents.

After the first test case, _fixture_teardown() would flush the
tables but then the post_migrate signal would be emitted and new
rows (with new PKs) would be created in the django_content_type
table. Then in any subsequent test cases in a suite,
_fixture_setup() attempts to deserialize the content of
 _test_serialized_contents, but these rows are identical to the
rows already in the database except for their PKs.  This causes an
IntegrityError due to the unique constraint in the
django_content_type table.

This change made it so that in the above scenario the post_migrate
signal is not emitted after flushing the tables, since it will be
repopulated during fixture_setup().
2015-08-24 08:59:20 -04:00
Aymeric Augustin 491d01b7e9 Tweak some examples.
"Area man/woman" is confusing to people not familiar with the
conventions of American journalism (like me).
2015-08-22 20:25:42 +02:00
Aymeric Augustin 0eb846605e Recommend relative imports within Django components.
django-developers thread:
https://groups.google.com/d/msg/django-developers/11XvmVdx58w/sFrF0pL8LTgJ
2015-08-22 19:58:44 +02:00
Tim Graham 26dcf739ea Forwardported release note for refs #25040. 2015-08-22 08:50:49 -04:00
Tim Graham d3bc86ec11 Fixed #25284 -- Documented removal of implicit QuerySet __in lookups. 2015-08-21 11:04:22 -04:00
Tim Graham 6c6eb8a691 Refs #24914 -- Added docs for more auth mixin methods. 2015-08-20 17:57:47 -04:00
Tim Graham 333cbdcd2d Fixed #24951 -- Fixed AssertionError in delete queries involving a foreign/primary key.
Thanks Anssi Kääriäinen for help.
2015-08-20 08:14:16 -04:00
Tim Graham bda408f60b Fixed #25153 -- Moved 'polls' first in tutorial's INSTALLED_APPS. 2015-08-19 18:59:42 -04:00
Marc f9de197268 Recommended the JavaScript Cookie library instead of jQuery cookie.
jQuery cookie is no longer maintained in favor of the JavaScript
cookie library. This also removes the jQuery dependency.
2015-08-19 10:04:01 -04:00
Tim Graham 47201371d2 Refs #24451 -- Corrected Django version for {% cycle %} deprecation. 2015-08-19 08:37:27 -04:00
Markus Holtermann f33607ce0b Fixed style issues in testing docs 2015-08-19 12:18:10 +10:00
Tim Graham 84335e3d1f Added stub release notes for 1.8.5. 2015-08-18 19:52:45 -04:00
Anton Strogonoff 20787b5c29 Used consistent capitalization and hyphenation of "class-based views" in docs. 2015-08-18 19:07:10 -04:00
Tim Graham 068a80d717 Added today's issue to the security archive. 2015-08-18 13:46:47 -04:00
Tim Graham 8cc41ce7a7 Fixed DoS possiblity in contrib.auth.views.logout()
Thanks Florian Apolloner and Carl Meyer for review.

This is a security fix.
2015-08-18 08:03:43 -04:00
Tim Graham b0ab74dfca Added stub release notes for security releases. 2015-08-18 08:03:39 -04:00
Anton Strogonoff d35f184b20 Limited line length in docs/ref/contrib/messages.txt example. 2015-08-17 07:44:04 -04:00
Caio Ariede dad8434d6f Fixed #25180 -- Prevented varchar_patterns_ops and text_patterns_ops indexes for ArrayField. 2015-08-15 10:02:08 -04:00
Valentina Mukhamedzhanova 1f7b25c1a7 Fixed #24986 -- Added support for annotations in DISTINCT queries. 2015-08-15 08:23:32 -04:00
Tim Graham 5b5a27942b Fixed #25268 -- Tweaked wording in docs/ref/forms/api.txt 2015-08-14 08:27:38 -04:00
Adam Brenecki 52a190b657 Fixed #24988 -- Documented passing a dictionary of ValidationErrors to ValidationError 2015-08-13 14:17:02 -04:00
Sambhav Satija d0bd533043 Fixed #25254 -- Added JsonResponse json_dumps_params parameter. 2015-08-12 10:39:07 -04:00
Tim Graham 290145e661 Corrected indentation of JsonResponse docs. 2015-08-12 10:27:57 -04:00
Doug Beck b7508896fb Fixed #24257 -- Corrected i18n handling of percent signs.
Refactored tests to use a sample project.

Updated extraction:
* Removed special handling of single percent signs.
* When extracting messages from template text, doubled all percent signs
  so they are not interpreted by gettext as string format flags. All
  strings extracted by gettext, if containing a percent sign, will now
  be labeled "#, python-format".

Updated translation:
* Used "%%" for "%" in template text before calling gettext.
* Updated {% trans %} rendering to restore "%" from "%%".
2015-08-12 10:23:34 -04:00
Tim Graham d772d812cf Updated memcached library links to point to PyPI. 2015-08-11 21:20:32 -04:00
Brendan Hayward c9fb4f3c45 Fixed #25205 -- Removed doc references to deprecated GeoManager class. 2015-08-11 10:14:44 -04:00
Tim Graham 56ed80ac2a Fixed typo in docs/ref/contrib/gis/geoquerysets.txt 2015-08-11 09:33:06 -04:00
Claude Paroz f2e4c7aca4 Removed unnecessary comma in docs 2015-08-10 16:02:14 +02:00
Tim Graham 5980b05c1f Fixed #25160 -- Moved unsaved model instance data loss check to Model.save()
This mostly reverts 5643a3b51b and
81e1a35c36.

Thanks Carl Meyer for review.
2015-08-10 08:51:32 -04:00
Tim Graham 787cc7aa84 Refs #25236 -- Discouraged use of ifequal/ifnotequal template tags. 2015-08-08 08:23:33 -04:00
Tim Graham 7080cef7bf Corrected some inconsistent headings in docs/ref/templates/builtins.txt. 2015-08-08 08:23:32 -04:00
Claude Paroz e9c5c39631 Updated various links in docs 2015-08-08 13:57:15 +02:00
Claude Paroz 64982cc2fb Updated Wikipedia links to use https 2015-08-08 12:02:32 +02:00
Claude Paroz 18f3d4c1bd Updated Transifex links in docs 2015-08-08 11:33:28 +02:00
mlavin 69db1c7455 Fixed #25231 -- Added recording of squashed migrations in the migrate command.
Ensured squashed migrations are recorded as applied when the
migrate command is run and all of the original migrations
have been previously applied.
2015-08-07 17:59:18 -04:00
Tim Graham a7b7f27c05 Fixed #25233 -- Fixed HStoreField.has_changed() handling of initial values.
Thanks Simon Charette for review.
2015-08-07 13:26:17 -04:00
Caio Ariede ec9004728e Fixed #25175 -- Renamed the postgresql_psycopg2 database backend to postgresql. 2015-08-07 09:33:17 -04:00
Tim Graham 16a8d01308 Fixed #25229 -- Clarified how an iterable works with @permission_required 2015-08-05 17:13:45 -04:00
Sergey Kolosov 244404227e Fixed #22404 -- Added a view that exposes i18n catalog as a JSON
Added django.views.i18n.json_catalog() view, which returns a JSON
response containing translations, formats, and a plural expression
for the specified language.
2015-08-05 09:05:21 -04:00
Tim Graham e8cd65f829 Fixed #25213 -- Discouraged use of QuerySet.extra()
Thanks Anssi Kääriäinen for the draft text and Simon Charette
for review.
2015-08-05 08:01:11 -04:00
Tim Graham 97fa7fe961 Fixed #25212 -- Documented the RawSQL expression. 2015-08-05 07:54:54 -04:00
Tim Graham 28cb272a72 Fixed #25224 -- Fixed typo in docs/ref/contrib/flatpages.txt 2015-08-04 14:45:15 -04:00
Alasdair Nicol 6d7a9d96fe Fixed password_reset signature in docs 2015-08-04 13:54:32 -04:00
Caio Ariede 3862c568ac Fixed #25136 -- Documented Count('X', distinct=True) in aggregate topic guide. 2015-08-04 10:46:04 -04:00
Matt Robenolt 4dcfbd7923 Fixed #25211 -- Added HttpRequest.get_port() and USE_X_FORWARDED_PORT setting. 2015-08-04 09:50:57 -04:00
Curtis Maloney 9f73009e98 Fixed #25215 -- Solved reference to forms.HStoreField in declaration of HStoreField
Correct test which was using the model field in a test form.
2015-08-04 19:15:22 +10:00
Tim Graham a6acfc3183 Refs #17914 -- Discouraged using reverese() with callables. 2015-08-03 08:34:19 -04:00
Caio Ariede 98eb91171d Fixed #25207 -- Misspelled word in documentation: dialogue 2015-08-01 19:17:35 -04:00
Matt Robenolt 514fee82a1 Removed obsolete note about sentry/raven not handling WSGI properly.
2.0.7 was released in 2012.
2015-08-01 19:10:41 -04:00
Rigel Di Scala 3bdaaf6777 Fixed #25146 -- Allowed method_decorator() to decorate classes. 2015-08-01 08:38:03 -04:00
Tim Graham f93e7f5674 Fixed #24690 -- Added a warning about mutable defaults for ArrayField/JSONField. 2015-08-01 07:46:30 -04:00
Adam Chainz 0abb06930f Fixed #25176 -- Prevented TestCase.setUpTestData() exception from leaking transaction. 2015-08-01 07:33:22 -04:00
Tim Graham c3b66dafdd Improved link to the supported versions section of the download page. 2015-07-31 12:25:37 -04:00
Flavio Curella 1e2362ca0f Refs #25184 -- Started deprecation for contrib.gis.geoip. 2015-07-31 10:09:06 -04:00
Flavio Curella 7f0953ce1f Fixed #25184 -- Added support for MaxMind GeoLite2 database format 2015-07-31 09:45:03 -04:00
Tim Graham 6bb4f07372 Clarified assertRaisesMessage() behavior with respect to the message. 2015-07-31 09:19:27 -04:00
Tim Graham faa2a0f662 Fixed #25174 -- Moved some details of CheckMessage to the reference guide. 2015-07-31 08:21:34 -04:00
Tim Graham 70912e137d Fixed #25168 -- Documented how to avoid foreign key constraint error after upgrading to 1.8. 2015-07-31 08:19:39 -04:00
Tim Graham 5d0961fdfc Fixed #25202 -- Fixed typo in docs/topics/auth/customizing.txt 2015-07-31 07:33:38 -04:00
Alasdair Nicol b792c4804b Removed unnecessary F() from Func expressions docs 2015-07-31 01:40:35 +01:00
elky 35901e64b0 Fixed #24444 -- Updated contrib.admin to use django-flat-theme 2015-07-30 15:18:22 -04:00
Tim Graham e176de2512 Fixed #25199 -- Fixed dead link to HTMLdoc. 2015-07-30 13:25:29 -04:00
Tim Graham d27e0f04a6 Fixed #25190 -- Deprecated callable_obj parameter to assertRaisesMessage().
Thanks Aymeric Augustin for review.
2015-07-30 10:12:41 -04:00
Piper Merriam 537818af87 Fixed #25185 -- Added support for functools.partial serialization in migrations 2015-07-29 10:15:50 -04:00
Tim Graham ae32f32498 Fixed #25178 -- Added DEFAULT_FROM_EMAIL to deployment checklist. 2015-07-28 09:44:08 -04:00
Simon Charette 6a46f23957 Refs #18556 -- Fixed a typo in the related manager add() method docs. 2015-07-27 22:50:13 -04:00
Tim Graham adc0c4fbac Fixed #18556 -- Allowed RelatedManager.add() to execute 1 query where possible.
Thanks Loic Bistuer for review.
2015-07-28 09:28:25 +07:00
Flavio Curella c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Tim Graham 87d55081ea Fixed #25159 -- Removed brackets from class/function/method signatures in docs.
Thanks hellbeast for the initial patch.
2015-07-27 10:32:47 -04:00
Akis Kesoglou 29465d438e Fixed #25142 -- Added PermissionRequiredMixin.has_permission() to allow customization. 2015-07-27 10:23:56 -04:00
Marten Kenbeek bc7923beff Fixed #24127 -- Changed the default current_app to the current namespace.
Changed the url template tag to use request.resolver_match.namespace as a
default for the current_app argument if request.current_app is not set.
2015-07-27 09:14:48 -04:00
jorgecarleitao 7c642cafbb Fixed typo in docs/ref/middleware.txt 2015-07-27 07:15:49 -04:00
Tim Graham 217f173be0 Fixed #25166 -- Clarified how auth permissions are created.
Thanks Baptiste Mispelon for report and review.
2015-07-25 09:30:54 -04:00
Tim Graham e3d1f2422c Fixed malformed Sphinx directives. 2015-07-25 06:37:51 -04:00
Alasdair Nicol 600fb7c51b Fixed #25161 -- Encouraged users to install the latest release in docs 2015-07-24 13:36:08 -04:00
Claude Paroz c296e55dc6 Fixed #22258 -- Added progress status for dumpdata when outputting to file
Thanks Gwildor Sok for the report and Tim Graham for the review.
2015-07-24 18:37:55 +02:00
Tim Graham 03aec35a12 Converted tabs to spaces in topics/auth/default.txt 2015-07-24 11:48:57 -04:00
Matt Johnson e063ac2fae Fixed #12768 -- Fixed QuerySet.raw() regression on FK with custom db_column. 2015-07-23 18:07:38 -04:00
Tim Graham 8eeb566aca Fixed #25149 -- Replaced window.__admin_utc_offset__ with a data attribute. 2015-07-22 17:09:52 -04:00
James Bennett 5281f8b635 Fixed #25156 -- Mentioned django.setup() in the settings overview for standalone Django use. 2015-07-21 17:10:17 -04:00
Federico Capoano 59c279e5e5 Added PostgreSQL non-durable settings hint in docs.
Following discussion on django-developers:
https://groups.google.com/d/topic/django-developers/IkRgMxTTzPQ/discussion
2015-07-21 13:38:25 -04:00
Tim Graham b60375d4bb Fixed #25129 -- Made model instance defaults work with migrations (refs #24919). 2015-07-21 09:19:40 -04:00
lukasz.wojcik 927b30a6ab Fixed #24126 -- Deprecated current_app parameter to auth views. 2015-07-21 08:26:41 -04:00
Tim Graham 5fd83db255 Normalized indentation and line lengths in docs/topics/auth/default.txt. 2015-07-21 08:11:28 -04:00
Claude Paroz 1da170a203 Fixed #25141 -- Diminished GDAL dependence during geojson serialization
Only require GDAL if contained geometries need coordinate transformations.
Thanks drepo for the report and Tim Graham for the review.
2015-07-20 20:22:29 +02:00
Tim Graham f5e9d67907 Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.
Thanks Carl Meyer for review.
2015-07-20 13:44:26 -04:00
Ali Vakilzade ecf4ed246a Fixed signature of ModelAdmin.get_paginator() in docs. 2015-07-20 08:07:31 -04:00
Edward Henderson f8cc464452 Fixed #16501 -- Added an allow_unicode parameter to SlugField.
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00
Tim Graham adffff79a3 Allowed installing closure with pip for admin JavaScript compression. 2015-07-17 13:22:34 -04:00
Konrad Świat 2f6bdab159 Fixed #25125 -- Updated docs on cookie naming conventions.
Thanks Tim Graham for the review and kezabelle for the report.
2015-07-17 07:57:01 -04:00
Claude Paroz 1ef4aeab40 Fixed #25078 -- Added support for disabled form fields
Thanks Keryn Knight and Tim Graham for the reviews.
2015-07-16 19:36:56 +02:00
Tim Graham 1fed8dd715 Fixed #25120 -- Deprecated egg template loader. 2015-07-16 09:32:42 -04:00
Rafał Selewońko 8e306967de Fixed typo in docs/topics/i18n/translation.txt 2015-07-16 07:31:30 -04:00
Tim Graham 59c3a140eb Refs #24219 -- Removed inaccurate sentence after move of SelectDateWidget. 2015-07-15 09:57:55 -04:00
Tim Graham f46f1737aa Fixed typo in SelectDateWidget docs. 2015-07-15 09:55:44 -04:00
rroskam ed514caed2 Fixed #24966 -- Added deployment system check for empty ALLOWED_HOSTS. 2015-07-15 09:18:58 -04:00
Thomas Stephenson 035b0fa60d Fixed #24716 -- Deprecated Field._get_val_from_obj()
The method duplicates the functionality of Field.value_from_object()
and has the additional downside of being a privately named public
API method.
2015-07-14 09:13:22 -04:00
Tim Graham 64f731e77d Added 1.4.22 release notes. 2015-07-14 07:28:55 -04:00
Tim Graham 84bc4f6cdd Fixed #25121 -- Added a warning that filtering sensitive information from error reporting isn't bulletproof 2015-07-14 07:12:21 -04:00
Vlastimil Zíma 8f8c54f70b Fixed #25099 -- Cleaned up HttpRequest representations in error reporting. 2015-07-13 19:22:39 -04:00
Daniel Roseman 24620d71f2 Fixed #25079 -- Added warning if both TEMPLATES and TEMPLATE_* settings are defined.
Django ignores the value of the TEMPLATE_* settings if TEMPLATES is also
set, which is confusing for users following older tutorials. This change
adds a system check that warns if any of the TEMPLATE_* settings have
changed from their defaults but the TEMPLATES dict is also non-empty.

Removed the TEMPLATE_DIRS from the test settings file; this was marked
for removal in 1.10 but no tests fail if it is removed now.
2015-07-13 17:50:22 -04:00
Tim Graham b49e3ab92c Documented templates system check type. 2015-07-13 17:29:08 -04:00
Andrei Kulakov db97a88495 Fixed #24375 -- Added Migration.initial attribute
The new attribute is checked when the `migrate --fake-initial` option
is used. initial will be set to True for all initial migrations (this
is particularly useful when initial migrations are split) as well as
for squashed migrations.
2015-07-13 15:57:40 -04:00
Razvan Andrei Ionescu 97bc875234 Fixed #25117 -- Added Romanian char map for Javascript slug generation 2015-07-13 13:31:12 -04:00
Tim Graham 276356b36d Added 'bookmarklet' to spelling word list. 2015-07-13 08:48:56 -04:00
Ben Spaulding 83f6373030 Fixed #25116 -- Removed long-broken admindocs bookmarklets
These were broken back in commit 64e11a6.
2015-07-13 08:18:58 -04:00
Chris McCollister d62194a260 Fixed #24984 -- Added link to Jinja2 static tag instructions in staticfiles docs. 2015-07-13 07:38:18 -04:00
Alex Gaynor 4e9d5ba4b6 Updated where I live. 2015-07-12 09:33:20 -05:00
Matthew Madurski 0b02ce54cf Fixed #25103 -- Corrected versionadded for FileResponse 2015-07-10 13:47:58 -04:00
Tim Graham 074706c64d Added a link to running the unit tests to new contributors page. 2015-07-10 11:02:25 -04:00
Tim Graham 074a82f49b Fixed #25082 -- Documented where to register system checks. 2015-07-10 10:37:25 -04:00
Nick Sweeting f0857c09fb Fixed #25083 -- Added SessionAuthenticationMiddleware to auth installation docs 2015-07-10 08:40:57 -04:00
Claude Paroz 2e05ef4e18 Added release note for the UUID serialization backport
Refs #25019.
2015-07-10 09:00:19 +02:00
Claude Paroz 846cb6fef7 Added stub release notes for 1.8.4 2015-07-10 08:51:16 +02:00
Tim Graham 7b6d3104f2 Fixed #25048 -- Documented that runservers strips headers with underscores.
refs 316b8d4974
2015-07-09 09:10:27 -04:00
Tim Graham 3d650e80ad Added today's security issues to the archive. 2015-07-08 17:41:48 -04:00
Shai Berger 17d3a6d804 Fixed catastrophic backtracking in URLValidator.
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Tim Graham 014247ad19 Prevented newlines from being accepted in some validators.
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
2015-07-08 15:23:03 -04:00
Carl Meyer df049ed77a Fixed #19324 -- Avoided creating a session record when loading the session.
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Tim Graham 125eaa19b2 Added security release note stubs. 2015-07-08 15:23:03 -04:00
Tim Graham bdfce4db21 Removed a confusing sentence in tutorial 5. 2015-07-08 15:11:40 -04:00