Commit Graph

193 Commits

Author SHA1 Message Date
Ben Kraft 63a1e912a7 [1.9.x] Fixed #25389 -- Fixed pickling a SimpleLazyObject wrapping a model.
Pickling a `SimpleLazyObject` wrapping a model did not work correctly; in
particular it did not add the `_django_version` attribute added in 42736ac8.
Now it will handle this and other custom `__reduce__` methods correctly.

Backport of 35355a4ffe from master
2015-10-03 13:01:08 -04:00
Matt Robenolt b0c56b895f Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
2015-09-16 12:21:50 -04:00
Dražen Odobašić b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
Zan Anderle f3dc173240 Fixed #24917 -- Made admindocs display model methods that take arguments. 2015-09-07 15:07:39 -04:00
Aymeric Augustin b79fc11d73 Made the autoreloader survive all exceptions.
Refs #24704.
2015-08-29 20:50:00 +02:00
Aymeric Augustin c2fcba2ac7 Ensured gen_filenames() yields native strings.
This also fixes a test failure on Python 2 when Django is installed in a
non-ASCII path. This problem cannot happen on Python 3.
2015-08-29 20:49:25 +02:00
Aymeric Augustin dfa712efb8 Refactored autoreload tests.
* Added helpers to test uncached and cached access.
* Fixed test_project_root_locale: it duplicated test_locale_paths_setting.
* Rewrote test_only_new_files: test more cases.
2015-08-29 20:49:24 +02:00
Aymeric Augustin 23620cb8e0 Accounted for error files in the autoreloader.
* When some old files contain errors, the second call to
  gen_filenames() should return them.
* When some new files contain errors, the first call to
  gen_filenames(only_new=True) should return them.
2015-08-29 20:47:38 +02:00
Flavio Curella c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Edward Henderson f8cc464452 Fixed #16501 -- Added an allow_unicode parameter to SlugField.
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00
darkryder f675afa13c Fixed #25093 -- Added utils.datastructures.OrderedSet.__len__() 2015-07-09 21:20:52 -04:00
Tim Graham aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap.
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Marten Kenbeek 290ff35e6c Fixed #25000 -- Fixed cast to string for lazy objects.
Implemented __str__() to return the string-representation of the
proxied object, not the proxy itself, if the lazy object didn't have
a string-like object in its resultclasses.
2015-06-23 09:16:17 -04:00
Moritz Sichert 98df288dda Fixed #24978 -- Escaped special characters in loaddata fixture paths 2015-06-13 19:45:05 -04:00
Moritz Sichert 296919e7a5 Fixed #24965 -- Made LiveServerTestCase.live_server_url accessible from class 2015-06-12 17:44:54 -04:00
Tomasz Kontusz c2b4967e76 Fixed ImportError message in utils.module_loading.import_string() 2015-06-06 11:45:22 -04:00
Raphael Michel 6700c90935 Fixed #19210 -- Added leap year support to django.utils.timesince() 2015-06-04 21:36:12 -04:00
Raphael Michel 5c125f63f7 Fixed #24728 -- Renamed mime_type to content_type for syndication feeds
Renamed the mime_type properties of RssFeed and Atom1Feed to
content_type and start deprecation for the old names.
2015-06-04 13:24:18 -04:00
zauddelig 262d4db8c4 Fixed #24897 -- Allowed using choices longer than 1 day with DurationField 2015-06-02 12:39:34 -04:00
Tim Graham 70be31bba7 Fixed #24836 -- Made force_text() resolve lazy objects. 2015-05-27 09:48:53 -04:00
Simon Charette be67400b47 Refs #24652 -- Used SimpleTestCase where appropriate. 2015-05-20 13:46:13 -04:00
Aymeric Augustin 06dc6759d8 Factored skip condition when pytz isn't installed. 2015-05-17 10:23:14 +02:00
Tim Graham eda12ceef1 Removed redundant list() calls. 2015-05-16 10:44:07 -04:00
Josh Smeaton 143255c8bb Fixed #22598 -- Allowed make_aware() to work with ambiguous datetime 2015-04-24 13:55:40 -04:00
Moritz Sichert 1f2abf784a Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates. 2015-03-27 19:46:20 -04:00
Tim Graham 011a54315e Made is_safe_url() reject URLs that start with control characters.
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Tim Graham 1c83fc88d6 Fixed an infinite loop possibility in strip_tags().
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Claude Paroz df193b3cef Fixed #24382 -- Allowed unicode chars inside formatted numbers
Thanks Jacob Rief for the report and Tim Graham for the review.
2015-03-09 18:55:28 +01:00
Rik a5b225084f Fixed #23838 -- added missing `__iter__` to LazyObject 2015-03-08 15:42:23 +01:00
Aymeric Augustin a8fe12417f Normalized usage of the tempfile module.
Specifically stopped using the dir argument.
2015-02-23 16:55:27 +01:00
Tim Graham 307c0f299a Refs #24324 -- Fixed Python 2 test failures when path to Django source contains non-ASCII characters. 2015-02-17 19:03:03 -05:00
Lukas Klein 93b3ef9b2e Fixed #24321 -- Improved `utils.http.same_origin` compliance with RFC6454 2015-02-12 08:58:35 +01:00
Varun Sharma 540ca563de Fixed #24181 -- Fixed multi-char THOUSAND_SEPARATOR insertion
Report and original patch by Kay Cha.
2015-02-08 20:00:57 +01:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Matthew Somerville caa3562d5b Fixed #24242 -- Improved efficiency of utils.text.compress_sequence()
The function no longer flushes zfile after each write as doing so can
lead to the gzipped streamed content being larger than the original
content; each flush adds a 5/6 byte type 0 block. Removing this means
buf.read() may return nothing, so only yield if that has some data.
Testing shows without the flush() the buffer is being flushed every 17k
or so and compresses the same as if it had been done as a whole string.
2015-02-04 13:04:00 -05:00
darkryder 9ec8aa5e5d Fixed #24149 -- Normalized tuple settings to lists. 2015-02-03 14:59:45 -05:00
Loic Bistuer 3a4c9e1b43 Cleaned up some forms tests.
Thanks Berker Peksag and Tim Graham for the reviews. Refs #24219.
2015-01-27 22:39:57 +07:00
Tim Graham d029fafea1 Removed utils.module_loading.import_by_path() per deprecation timeline; refs #21674. 2015-01-18 12:51:15 -05:00
Tim Graham df3f3bbe29 Removed utils.text.javascript_quote() per deprecation timeline; refs #21725. 2015-01-17 12:41:49 -05:00
Tim Graham 1b0365ad34 Removed django.utils.tzinfo per deprecation timeline; refs #17262. 2015-01-17 09:32:33 -05:00
Tim Graham c820892eed Removed django.utils.datastructures.SortedDict per deprecation timeline. 2015-01-17 08:40:23 -05:00
Tim Graham 37b7776a01 Removed django.utils.datastructures.MergeDict per deprecation timeline; refs #18659. 2015-01-17 08:13:36 -05:00
Tim Graham 69b5e66738 Fixed is_safe_url() to handle leading whitespace.
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Aymeric Augustin 79deb6a071 Accounted for multiple template engines in template responses. 2015-01-12 21:01:34 +01:00
Claude Paroz 51890ce889 Applied ignore_warnings to Django tests 2014-12-30 18:16:25 +01:00
Aymeric Augustin 6d52f6f8e6 Fixed #23831 -- Supported strings escaped by third-party libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Aymeric Augustin 5c5eb5fea4 Fixed an inconsistency introduced in 547b1810.
mark_safe and mark_for_escaping should have been kept similar.

On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
2014-12-27 17:44:54 +01:00
Gavin Wahl b4e76f30d1 Fixed #23346 -- Fixed lazy() to lookup methods on the real object, not resultclasses.
Co-Authored-By: Rocky Meza <rmeza@fusionbox.com>
2014-12-26 11:30:34 -05:00
Oscar Ramirez 54085b0f9b Fixed #23998 -- Added datetime.time support to migrations questioner. 2014-12-22 07:24:54 -05:00
Marc Tamlyn 57554442fe Fixed #2443 -- Added DurationField.
A field for storing periods of time - modeled in Python by timedelta. It
is stored in the native interval data type on PostgreSQL and as a bigint
of microseconds on other backends.

Also includes significant changes to the internals of time related maths
in expressions, including the removal of DateModifierNode.

Thanks to Tim and Josh in particular for reviews.
2014-12-20 18:28:29 +00:00