p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
22,167 Commits 28 Branches 411 Tags 641 MiB
Commit Graph

22167 Commits

Author SHA1 Message Date
Aymeric Augustin 7f6fbc906a Prevented static file corruption when URL fragment contains '..'. 
When running collectstatic with a hashing static file storage backend,
URLs referencing other files were normalized with posixpath.normpath.
This could corrupt URLs: for example 'a.css#b/../c' became just 'c'.

Normalization seems to be an artifact of the historical implementation.
It contained a home-grown implementation of posixpath.join which relied
on counting occurrences of .. and /, so multiple / had to be collapsed.

The new implementation introduced in the previous commit doesn't suffer
from this issue. So it seems safe to remove the normalization.

There was a test for this normalization behavior but I don't think it's
a good test. Django shouldn't modify CSS that way. If a developer has
rendundant /s, it's mostly an aesthetic issue and it isn't Django's job
to fix it. Conversely, if the user wants a series of /s, perhaps in the
URL fragment, Django shouldn't destroy it.

Refs #26249.
 2016-02-23 19:35:16 +01:00
Aymeric Augustin 706b33fef8 Fixed #26249 -- Fixed collectstatic crash for files in STATIC_ROOT referenced by absolute URL. 
collectstatic crashed when:

* a hashing static file storage backend was used
* a static file referenced another static file located directly in
  STATIC_ROOT (not a subdirectory) with an absolute URL (which must
  start with STATIC_URL, which cannot be empty)

It seems to me that the current code reimplements relative path joining
and doesn't handle edge cases correctly. I suspect it assumes that
STATIC_URL is of the form r'/[^/]+/'.

Throwing out that code in favor of the posixpath module makes the logic
easier to follow. Handling absolute paths correctly also becomes easier.
 2016-02-23 19:34:21 +01:00
Tim Graham c62807968d Fixed a stray __unicode__() method in auth_tests. 2016-02-23 13:20:50 -05:00
Andrew Kuchev e81d1c995c Fixed #25670 -- Allowed dictsort to sort a list of lists. 
Thanks Tim Graham for the review.
 2016-02-23 12:15:08 -05:00
Tim Graham cdbd8745f6 Fixed #26263 -- Deprecated Context.has_key() 2016-02-23 08:08:55 -05:00
Claude Paroz 269b5f262c Used call_command return value in staticfiles tests 
Refs #26190.
 2016-02-23 09:12:12 +01:00
Claude Paroz b46c0ea6c8 Fixed #26190 -- Returned handle() result from call_command 
Thanks Tim Graham for the review.
 2016-02-23 09:12:12 +01:00
Tim Graham 47b5a6a43c Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS. 2016-02-22 18:59:23 -05:00
Markus Holtermann b14470c7b7 Fixed spelling error 2016-02-23 10:24:38 +11:00
Tim Graham 5a541e2e6c Fixed #26188 -- Documented how to wrap password hashers. 2016-02-22 17:21:45 -05:00
Tim Graham 33a4040d07 Refs #26253 -- Forwardported release note. 2016-02-22 17:19:08 -05:00
Daniel Quinn de7edc005f Fixed import location of check_password() in docs. 2016-02-22 12:42:47 -05:00
Claude Paroz d43156e1e9 Fixed #26238 -- Raised explicit error for non-editable field in ModelForm 
Thanks Luke Crouch for the report and Simon Charette for the review.
 2016-02-21 00:24:20 +01:00
Akshesh 6670da75ff Fixed #25653 -- Made --selenium run only the selenium tests. 2016-02-19 14:21:00 -05:00
Tim Graham 032f5a7896 Refs #25735 -- Made @tag decorator importable from django.test. 2016-02-19 14:21:00 -05:00
haxoza 375e1cfe2b Fixed #25349 -- Allowed a ModelForm to unset a fields with blank=True, required=False. 2016-02-19 14:18:53 -05:00
Raphael Michel 5c31d8d189 Fixed #26243 -- Noted that 'python -R' is enabled by default in Python 3.3. 2016-02-19 10:50:15 -05:00
Sergey Fedoseev 23e1ad537a Fixed #25974 -- Switched GIS docs to 4 spaces indentation. 2016-02-19 09:27:32 -05:00
Sergey Fedoseev dbaa1a6b59 Fixed some code blocks indentation in GIS docs. 2016-02-19 08:34:38 -05:00
Tim Graham b1afebf882 Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator. 
Thanks Shai Berger for the review.
 2016-02-18 19:06:49 -05:00
Akshesh d58aaa24e3 Fixed #26107 -- Added option to int_list_validator() to allow negative integers. 2016-02-18 18:58:18 -05:00
Tim Graham b954ad0640 Added intended use in the admin's introduction. 2016-02-18 08:50:22 -05:00
Tim Graham 70d3f81ca4 Fixed #26233 -- Fixed invalid reSt in models.Q docstring. 2016-02-18 08:45:55 -05:00
Tim Graham 8fc0fe1ef4 Fixed flake8 typo. 2016-02-17 14:00:54 -05:00
Akshesh fdccc02576 Fixed #26219 -- Fixed crash when filtering by Decimal in RawQuery. 2016-02-17 13:56:42 -05:00
Tim Graham 88034c9938 Fixed #25687 -- Documented how to add database function support to third-party backends. 
Thanks Kristof Claes for the initial patch.
 2016-02-17 13:36:12 -05:00
Berker Peksag f0425c7260 Refs #19353 -- Added tests for using custom user models with built-in auth forms. 
Also updated topics/auth/customizing.txt to reflect that subclasses of
UserCreationForm and UserChangeForm can be used with custom user models.

Thanks Baptiste Mispelon for the initial documentation.
 2016-02-17 10:26:07 -05:00
Jakub Paczkowski d4dc775620 Fixed #25735 -- Added support for test tags to DiscoverRunner. 
Thanks Carl Meyer, Claude Paroz, and Simon Charette for review.
 2016-02-17 09:44:18 -05:00
Jon Dufresne 0db7e61076 Followed recommended ValidationError use in docs. 2016-02-17 09:05:33 -05:00
Juan José Conti bb7042cdab Used relative models imports in the GIS tutorial. 2016-02-16 23:24:29 -05:00
Claude Paroz 928c12eb1a Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values 
Also added tests for HStoreField and JSONField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
 2016-02-16 21:07:05 +01:00
F. Malina b09b71bf34 Updated my entry in AUTHORS. 2016-02-16 10:53:50 -05:00
Tim Graham 6a71ac61bd Fixed possible "RuntimeError: maximum recursion depth exceeded" building docs. 2016-02-16 07:30:32 -05:00
Ryan Nowakowski 11af73eaeb Fixed #26221 -- Used find_packages() in reusable apps tutorial. 
Otherwise the migrations package won't be included in the tarball.
 2016-02-15 19:25:26 -05:00
Berker Peksag 043383e3f3 Fixed #24727 -- Prevented ClearableFileInput from masking exceptions on Python 2 2016-02-15 22:51:46 +02:00
Tim Graham 7424ad0774 Added get_subprocess_args() function to runtests.py 2016-02-15 13:53:59 -05:00
Alexey Kotlyarov b59f963ad2 Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable. 2016-02-15 11:44:29 -05:00
Tim Graham 1ac7fdcd13 Refs #25304 -- Added assertion for Command.requires_migrations_checks default. 2016-02-15 09:39:55 -05:00
Berker Peksag b17a9150a0 Fixed #26126 -- Fixed transient failure of test_max_age_expiration 2016-02-15 09:26:17 -05:00
Jon Dufresne dec334cb66 Fixed #26193 -- Made urlize() trim multiple trailing punctuation. 2016-02-15 09:10:15 -05:00
Jon Dufresne fcd08c1757 Fixed #11665 -- Made TestCase check deferrable constraints after each test. 2016-02-13 06:53:39 -05:00
Camilo Nova a6f856df52 Added import in docs/topics/email.txt example. 2016-02-12 13:44:38 -05:00
Mounir Messelmeni 50931dfa53 Fixed #25304 -- Allowed management commands to check if migrations are applied. 2016-02-12 13:34:56 -05:00
Tim Graham 004ba0f99e Removed unneeded hint=None/obj=None in system check messages. 2016-02-12 13:01:25 -05:00
Tim Graham 36f1f5cfb0 Refs #25979 -- Dropped compatiblity for running tests on PostgreSQL < 9.2. 2016-02-12 09:59:13 -05:00
Markus Holtermann 18afd50a2b Updated allow_migrate() signature in check framework tests 2016-02-12 14:31:27 +11:00
Markus Holtermann 228427ab1a Fixed allow_migrate() signature in documentation 2016-02-12 14:16:03 +11:00
Johannes Linke 02430ef19d Fixed #26111 -- Clarified that fixtures are loaded once per TestCase. 2016-02-11 18:45:40 -05:00
Becka R cf48962b36 Clarified "database column type" explanation. 2016-02-11 18:26:46 -05:00
François Freitag 16a88b4429 Fixed #26209 -- Masked sensitive settings in debug reports regardless of case. 2016-02-11 18:13:03 -05:00