Commit Graph

1791 Commits

Author SHA1 Message Date
Tim Graham adc0c4fbac Fixed #18556 -- Allowed RelatedManager.add() to execute 1 query where possible.
Thanks Loic Bistuer for review.
2015-07-28 09:28:25 +07:00
Flavio Curella c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Marten Kenbeek bc7923beff Fixed #24127 -- Changed the default current_app to the current namespace.
Changed the url template tag to use request.resolver_match.namespace as a
default for the current_app argument if request.current_app is not set.
2015-07-27 09:14:48 -04:00
Claude Paroz c296e55dc6 Fixed #22258 -- Added progress status for dumpdata when outputting to file
Thanks Gwildor Sok for the report and Tim Graham for the review.
2015-07-24 18:37:55 +02:00
Matt Johnson e063ac2fae Fixed #12768 -- Fixed QuerySet.raw() regression on FK with custom db_column. 2015-07-23 18:07:38 -04:00
Tim Graham 8eeb566aca Fixed #25149 -- Replaced window.__admin_utc_offset__ with a data attribute. 2015-07-22 17:09:52 -04:00
lukasz.wojcik 927b30a6ab Fixed #24126 -- Deprecated current_app parameter to auth views. 2015-07-21 08:26:41 -04:00
Edward Henderson f8cc464452 Fixed #16501 -- Added an allow_unicode parameter to SlugField.
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00
Claude Paroz 1ef4aeab40 Fixed #25078 -- Added support for disabled form fields
Thanks Keryn Knight and Tim Graham for the reviews.
2015-07-16 19:36:56 +02:00
Tim Graham 1fed8dd715 Fixed #25120 -- Deprecated egg template loader. 2015-07-16 09:32:42 -04:00
Thomas Stephenson 035b0fa60d Fixed #24716 -- Deprecated Field._get_val_from_obj()
The method duplicates the functionality of Field.value_from_object()
and has the additional downside of being a privately named public
API method.
2015-07-14 09:13:22 -04:00
Tim Graham 64f731e77d Added 1.4.22 release notes. 2015-07-14 07:28:55 -04:00
Vlastimil Zíma 8f8c54f70b Fixed #25099 -- Cleaned up HttpRequest representations in error reporting. 2015-07-13 19:22:39 -04:00
Daniel Roseman 24620d71f2 Fixed #25079 -- Added warning if both TEMPLATES and TEMPLATE_* settings are defined.
Django ignores the value of the TEMPLATE_* settings if TEMPLATES is also
set, which is confusing for users following older tutorials. This change
adds a system check that warns if any of the TEMPLATE_* settings have
changed from their defaults but the TEMPLATES dict is also non-empty.

Removed the TEMPLATE_DIRS from the test settings file; this was marked
for removal in 1.10 but no tests fail if it is removed now.
2015-07-13 17:50:22 -04:00
Andrei Kulakov db97a88495 Fixed #24375 -- Added Migration.initial attribute
The new attribute is checked when the `migrate --fake-initial` option
is used. initial will be set to True for all initial migrations (this
is particularly useful when initial migrations are split) as well as
for squashed migrations.
2015-07-13 15:57:40 -04:00
Razvan Andrei Ionescu 97bc875234 Fixed #25117 -- Added Romanian char map for Javascript slug generation 2015-07-13 13:31:12 -04:00
Claude Paroz 2e05ef4e18 Added release note for the UUID serialization backport
Refs #25019.
2015-07-10 09:00:19 +02:00
Claude Paroz 846cb6fef7 Added stub release notes for 1.8.4 2015-07-10 08:51:16 +02:00
Tim Graham 3d650e80ad Added today's security issues to the archive. 2015-07-08 17:41:48 -04:00
Shai Berger 17d3a6d804 Fixed catastrophic backtracking in URLValidator.
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Tim Graham 014247ad19 Prevented newlines from being accepted in some validators.
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
2015-07-08 15:23:03 -04:00
Carl Meyer df049ed77a Fixed #19324 -- Avoided creating a session record when loading the session.
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Tim Graham 125eaa19b2 Added security release note stubs. 2015-07-08 15:23:03 -04:00
Luke Plant f87e552d98 Corrected example code for get_query_set upgrade in 1.6 release notes
The conditional setting of `get_query_set` is required for correct behaviour
if running Django 1.8. The full gory details are here:

http://lukeplant.me.uk/blog/posts/handling-django%27s-get_query_set-rename-is-hard/
2015-07-08 10:58:07 +01:00
Chris Bainbridge e5cfa394d7 Refs #23882 -- Added detection for moved files when using inotify polling
Commit 15f82c7 ("used pyinotify as change detection system when
available") introduced a regression where editing a file in vim with
default settings (writebackup=auto) no longer causes the dev server
to be restarted. On a write, vim moves the monitored file to a backup
path and then creates a new file in the original. The new file is not
monitored as it has a different inode. Fixed this by also watching for
inotify events IN_DELETE_SELF and IN_MOVE_SELF.
2015-07-07 12:23:04 -04:00
David Wolever 0d71349773 Fixed #22804 -- Added warning for unsafe value of 'sep' in Signer
Thanks Jaap Roes for completing the patch.
2015-07-07 11:44:37 -04:00
Alexey Sveshnikov bc98bc56a5 Fixed #25059 -- Allowed Punycode TLDs in URLValidator 2015-07-06 15:08:43 -04:00
Sylvain Fankhauser f5d5867a4a Fixed #24877 -- Added middleware handling of response.render() errors. 2015-07-03 12:06:40 -04:00
Rigel Di Scala b91a2a499f Fixed #23190 -- Made Paginator.page_range an iterator 2015-07-03 11:34:34 -04:00
Jan Pazdziora a570701e02 Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication. 2015-07-02 17:38:10 -04:00
William Schwartz 9a5cfa05a0 Fixed #24997 -- Enabled bulk_create() on proxy models 2015-07-02 13:53:51 -04:00
Curtis 11cac1bd8e Fixed #4960 -- Added "strip" option to CharField 2015-07-01 17:47:05 -04:00
Jon Dufresne b44dee16e6 Fixed #20916 -- Added Client.force_login() to bypass authentication. 2015-07-01 13:01:08 -04:00
Matthew Somerville 839edcebb3 Fixed #21695 -- Added asvar option to blocktrans.
Thanks Bojan Mihelac for the initial patch.
2015-07-01 10:03:00 -04:00
Jean-Michel Vourgère b64c0d4d61 Fixed #23658 -- Provided the password to PostgreSQL dbshell command
The password from settings.py is written in a temporary .pgpass file
file whose name is given to psql using the PGPASSFILE environment
variable.
2015-06-30 18:21:51 -04:00
Shai Berger eecd42ea7d Removed datetime_cast_sql, which is never overridden or used anywhere in Django.
Thanks Tim Graham for review.
2015-07-01 00:43:45 +03:00
Andreas Pelme 00a1d4d042 Fixed #21803 -- Added support for post-commit callbacks
Made it possible to register and run callbacks after a database
transaction is committed with the `transaction.on_commit()` function.

This patch is heavily based on Carl Meyers django-transaction-hooks
<https://django-transaction-hooks.readthedocs.org/>. Thanks to
Aymeric Augustin, Carl Meyer, and Tim Graham for review and feedback.
2015-06-30 14:51:00 -04:00
Tim Graham 9f0d67137c Fixed #25038 -- Reverted incorrect documentation about inspectdb introspecting views.
This reverts commit bd691f4586 (refs #24177).
2015-06-30 14:23:29 -04:00
Luke Plant aef2a0ec59 Fixed #25018 -- Changed simple_tag to apply conditional_escape() to its output.
This is a security hardening fix to help prevent XSS (and incorrect HTML)
for the common use case of simple_tag.

Thanks to Tim Graham for the review.
2015-06-29 08:16:19 -04:00
Noam e291fc4757 Fixed #25031 -- Fixed a regression in the unordered_list template filter. 2015-06-27 09:37:41 -04:00
sujayskumar 2e70bf3785 Fixed #25017 -- Allowed customizing the DISALLOWED_USER_AGENTS response 2015-06-27 08:46:23 -04:00
Jason Hoos a50b66da30 Fixed #24958 -- Fixed inline forms using UUID-PK parents with auto-PK children. 2015-06-26 09:09:09 -04:00
薛丞宏 d3e12c9017 Fixed #25016 -- Reallowed non-ASCII values for ForeignKey.related_name on Python 3. 2015-06-26 08:30:05 -04:00
Tim Graham aed437d567 Updated release process for new release schedule. 2015-06-25 11:36:17 -04:00
Tim Graham aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap.
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Daniel Wiesmann c078021555 Refs #24840 -- Added GDALRaster Warp and transform methods
Thanks to Tim Graham for the review.
2015-06-24 18:31:22 +02:00
Tim Graham 7f155a0703 Refs #25006 -- Added a '6 p.m.' option to the admin's time picker. 2015-06-22 07:24:57 -04:00
Marten Kenbeek 738c0de300 Fixed #14200 -- Added a fallback if HttpRequest.urlconf is None.
Made BaseHandler fall back to settings.ROOT_URLCONF if
HttpRequest.urlconf is set to None, rather than raising
ImproperlyConfigured.
2015-06-20 18:52:33 -04:00
Claude Paroz 9368f51e12 Fixed #20197 -- Made XML serializer fail loudly when outputting unserializable chars
Thanks Tim Graham for the review.
2015-06-19 20:54:46 +02:00
Daniel Wiesmann b769bbd4f6 Fixed #23804 -- Added RasterField for PostGIS.
Thanks to Tim Graham and Claude Paroz for the reviews and patches.
2015-06-19 14:36:43 -04:00