p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
21,015 Commits 28 Branches 411 Tags 641 MiB
Commit Graph

21015 Commits

Author SHA1 Message Date
Tim Graham 3d650e80ad Added today's security issues to the archive. 2015-07-08 17:41:48 -04:00
Shai Berger 17d3a6d804 Fixed catastrophic backtracking in URLValidator. 
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
 2015-07-08 15:23:03 -04:00
Tim Graham 014247ad19 Prevented newlines from being accepted in some validators. 
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
 2015-07-08 15:23:03 -04:00
Carl Meyer df049ed77a Fixed #19324 -- Avoided creating a session record when loading the session. 
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
 2015-07-08 15:23:03 -04:00
Tim Graham 125eaa19b2 Added security release note stubs. 2015-07-08 15:23:03 -04:00
Tim Graham bdfce4db21 Removed a confusing sentence in tutorial 5. 2015-07-08 15:11:40 -04:00
Luke Plant f87e552d98 Corrected example code for get_query_set upgrade in 1.6 release notes 
The conditional setting of `get_query_set` is required for correct behaviour
if running Django 1.8. The full gory details are here:

http://lukeplant.me.uk/blog/posts/handling-django%27s-get_query_set-rename-is-hard/
 2015-07-08 10:58:07 +01:00
Chris Bainbridge e5cfa394d7 Refs #23882 -- Added detection for moved files when using inotify polling 
Commit 15f82c7 ("used pyinotify as change detection system when
available") introduced a regression where editing a file in vim with
default settings (writebackup=auto) no longer causes the dev server
to be restarted. On a write, vim moves the monitored file to a backup
path and then creates a new file in the original. The new file is not
monitored as it has a different inode. Fixed this by also watching for
inotify events IN_DELETE_SELF and IN_MOVE_SELF.
 2015-07-07 12:23:04 -04:00
Andriy Sokolovskiy 13dca01af0 Replaced try..except blocks by context manager in custom lookups tests 2015-07-07 12:03:58 -04:00
David Wolever 0d71349773 Fixed #22804 -- Added warning for unsafe value of 'sep' in Signer 
Thanks Jaap Roes for completing the patch.
 2015-07-07 11:44:37 -04:00
Tim Graham 6bd8462380 Refs #23658 -- Fixed dbshell tests on Windows. 2015-07-06 16:17:56 -04:00
Alexey Sveshnikov bc98bc56a5 Fixed #25059 -- Allowed Punycode TLDs in URLValidator 2015-07-06 15:08:43 -04:00
Karol Duleba b74b94445d Updated Memcached get_backend_timeout() comment. 2015-07-06 10:13:20 -04:00
Andriy Sokolovskiy b40c551fdf Fixed some unclosed objects in tests 2015-07-06 10:10:40 -04:00
Tim Graham 69483e022a Removed some u string prefixes in code comments. 2015-07-06 09:17:28 -04:00
Tim Graham e7c6a2cf9f Refs #4960 -- Fixed selenium test failures for CharField strip changes. 2015-07-06 08:52:50 -04:00
Tim Graham 8556978078 Removed unused variable template.base.ALLOWED_VARIABLE_CHARS. 
Unused since 5d863f1fbd.
 2015-07-06 08:49:24 -04:00
Tim Graham a871cf422d Fixed #25051 -- Clarified return type of {% now %} tag. 2015-07-04 08:46:49 -04:00
Sylvain Fankhauser f5d5867a4a Fixed #24877 -- Added middleware handling of response.render() errors. 2015-07-03 12:06:40 -04:00
Rigel Di Scala b91a2a499f Fixed #23190 -- Made Paginator.page_range an iterator 2015-07-03 11:34:34 -04:00
Luke fd869cceac Fixed mistake in Model.from_db() example. 2015-07-03 09:08:22 -04:00
Michael Manfre f9c3587b51 Fixed #25055 -- Made m2m long name testing friendlier for 3rd party databases. 2015-07-03 09:00:08 -04:00
Jan Pazdziora 3353684102 Fixed #25032 -- Removed double redirect in admin login. 2015-07-03 08:53:10 -04:00
Tim Graham 0e3193a386 Updated mock note since Django no longer works with Python 3.2. 2015-07-03 08:24:58 -04:00
Tim Graham ca58181bac Fixed #25056 -- Documented minimum version of jinja2 for testing. 2015-07-03 08:20:53 -04:00
Tim Graham c0c7fa4837 Refs #25050 -- Corrected test assertion in serializers test. 2015-07-03 08:03:20 -04:00
Jan Pazdziora a570701e02 Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication. 2015-07-02 17:38:10 -04:00
Grégoire ROCHER c6cce4de38 Fixed #25050 -- Allowed serialization of models with deferred fields. 2015-07-02 14:46:16 -04:00
Tim Graham 7edd912cfb Used assertRaisesMessage in managers_regress tests. 2015-07-02 14:23:28 -04:00
Chris Lamb 61f3e22e38 Fixed #25054 -- Added app_label to swapped model AttributeError 2015-07-02 14:18:10 -04:00
Adam Taylor 30a152a367 Fixed #25053 -- Made admin templates use |safe with password help_text 2015-07-02 14:02:18 -04:00
William Schwartz 9a5cfa05a0 Fixed #24997 -- Enabled bulk_create() on proxy models 2015-07-02 13:53:51 -04:00
jpic fedef7b2c6 Fixed #24908 -- Fixed duplicate readonly field rendering. 
ModelAdmin added readonly_fields to exclude, but would not undeclare
them if they were overridden.
 2015-07-02 13:37:30 -04:00
Kai Richard Koenig 60f795c060 Fixed #25040 -- Fixed migrations state crash with GenericForeignKey 2015-07-02 12:48:29 -04:00
Curtis 11cac1bd8e Fixed #4960 -- Added "strip" option to CharField 2015-07-01 17:47:05 -04:00
Tim Graham b535eb3fcb Refs #23658 -- Fixed unclosed file in dbshell tests. 2015-07-01 13:45:02 -04:00
Jon Dufresne b44dee16e6 Fixed #20916 -- Added Client.force_login() to bypass authentication. 2015-07-01 13:01:08 -04:00
Tim Graham 39ec59d6d0 Synced .hgignore with .gitignore 2015-07-01 10:23:05 -04:00
Matthew Somerville 839edcebb3 Fixed #21695 -- Added asvar option to blocktrans. 
Thanks Bojan Mihelac for the initial patch.
 2015-07-01 10:03:00 -04:00
Moritz Sichert b35b43dff8 Fixed #24982 -- Split staticfiles tests into multiple files 2015-07-01 09:41:27 -04:00
Claude Paroz 3d7a713156 Fixed typo in writing migrations docs 2015-07-01 09:16:17 +02:00
Trey Hunner 2d0dead224 DEP 0003 -- Added JavaScript unit tests. 
Setup QUnit, added tests, and measured test coverage.

Thanks to Nick Sanford for the initial tests.
 2015-06-30 21:04:16 -04:00
Michael Tänzer 3bbaf84d65 Fixed #18247 -- Added cast to NUMERIC for Decimals on sqlite 
On sqlite the SUM() of a decimal column doesn't have a NUMERIC type so
when comparing it to a string literal (which a Decimal gets converted to
in Django) it is not compared as expected.
 2015-06-30 18:27:42 -04:00
Jean-Michel Vourgère b64c0d4d61 Fixed #23658 -- Provided the password to PostgreSQL dbshell command 
The password from settings.py is written in a temporary .pgpass file
file whose name is given to psql using the PGPASSFILE environment
variable.
 2015-06-30 18:21:51 -04:00
Shai Berger eecd42ea7d Removed datetime_cast_sql, which is never overridden or used anywhere in Django. 
Thanks Tim Graham for review.
 2015-07-01 00:43:45 +03:00
Marten Kenbeek aabb58428b Refs #23621 -- Fixed warning message when reloading models. 2015-06-30 15:00:10 -04:00
Andreas Pelme 00a1d4d042 Fixed #21803 -- Added support for post-commit callbacks 
Made it possible to register and run callbacks after a database
transaction is committed with the `transaction.on_commit()` function.

This patch is heavily based on Carl Meyers django-transaction-hooks
<https://django-transaction-hooks.readthedocs.org/>. Thanks to
Aymeric Augustin, Carl Meyer, and Tim Graham for review and feedback.
 2015-06-30 14:51:00 -04:00
Tim Graham 9f0d67137c Fixed #25038 -- Reverted incorrect documentation about inspectdb introspecting views. 
This reverts commit bd691f4586 (refs #24177).
 2015-06-30 14:23:29 -04:00
Jonas Degrave 4352e865a7 Fixed #24911 -- Made BaseManager.get_queryset() allow custom queryset args. 2015-06-30 13:48:30 -04:00
Ned Batchelder 3b81dbe844 Used %r in the TextNode repr to show newlines better. 2015-06-30 09:54:18 -04:00