Tim Graham
24fc935218
Added CVE-2016-2512/2513 to security release archive.
2016-03-01 12:32:42 -05:00
Florian Apolloner
67b46ba701
Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
Mark Striemer
c5544d2892
Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
Tim Graham
f43291639b
Added stub release notes for security issues.
2016-03-01 11:25:28 -05:00
Simon Charette
0223e213dd
Fixed #26186 -- Documented how app relative relationships of abstract models behave.
...
This partially reverts commit bc7d201bdb
.
Thanks Tim for the review.
Refs #25858 .
2016-02-29 22:07:05 -05:00
chenesan
b84f5ab4ec
Fixed #26230 -- Made default_related_name affect related_query_name.
2016-02-27 08:48:32 -05:00
Simon Charette
3938b3ccaa
Fixed #26286 -- Prevented content type managers from sharing their cache.
...
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.
Thanks Tim for the review.
Refs #23822 .
2016-02-26 16:18:16 -05:00
Adam Chainz
ef33bc2d4d
Fixed #25279 -- Made prefetch_related_objects() public.
2016-02-26 14:55:01 -05:00
Simon Charette
766afc22a1
Fixed #24793 -- Unified temporal difference support.
2016-02-26 12:25:12 -05:00
Ivan Tsouvarev
8890c533e0
Fixed #26280 -- Fixed cached template loader crash when loading nonexistent template.
2016-02-26 08:02:10 -05:00
Sjoerd Job Postmus
bbe136e1a2
Fixed #26231 -- Used .get_username in admin login template.
2016-02-25 19:29:53 -05:00
Olivier Le Thanh Duong
10781b4c6f
Fixed #12233 -- Allowed redirecting authenticated users away from the login view.
...
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.
Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
2016-02-25 07:18:33 -05:00
Claude Paroz
c5517b9e74
Fixed #26266 -- Output the primary key in the GeoJSON serializer properties
...
Thanks Tim Graham for the review.
2016-02-24 16:10:46 +01:00
Jon Dufresne
b412681359
Fixed #26267 -- Fixed BoundField to reallow slices of subwidgets.
2016-02-24 07:02:51 -05:00
James Aylett
1ff6e37de4
Fixed #23832 -- Added timezone aware Storage API.
...
New Storage.get_{accessed,created,modified}_time() methods convert the
naive time from now-deprecated {accessed,created_modified}_time()
methods into aware objects in UTC if USE_TZ=True.
2016-02-23 18:51:43 -05:00
Andrew Kuchev
e81d1c995c
Fixed #25670 -- Allowed dictsort to sort a list of lists.
...
Thanks Tim Graham for the review.
2016-02-23 12:15:08 -05:00
Tim Graham
cdbd8745f6
Fixed #26263 -- Deprecated Context.has_key()
2016-02-23 08:08:55 -05:00
Claude Paroz
b46c0ea6c8
Fixed #26190 -- Returned handle() result from call_command
...
Thanks Tim Graham for the review.
2016-02-23 09:12:12 +01:00
Tim Graham
47b5a6a43c
Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS.
2016-02-22 18:59:23 -05:00
Tim Graham
33a4040d07
Refs #26253 -- Forwardported release note.
2016-02-22 17:19:08 -05:00
Tim Graham
b1afebf882
Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator.
...
Thanks Shai Berger for the review.
2016-02-18 19:06:49 -05:00
Akshesh
d58aaa24e3
Fixed #26107 -- Added option to int_list_validator() to allow negative integers.
2016-02-18 18:58:18 -05:00
Akshesh
fdccc02576
Fixed #26219 -- Fixed crash when filtering by Decimal in RawQuery.
2016-02-17 13:56:42 -05:00
Jakub Paczkowski
d4dc775620
Fixed #25735 -- Added support for test tags to DiscoverRunner.
...
Thanks Carl Meyer, Claude Paroz, and Simon Charette for review.
2016-02-17 09:44:18 -05:00
Claude Paroz
928c12eb1a
Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values
...
Also added tests for HStoreField and JSONField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
2016-02-16 21:07:05 +01:00
Alexey Kotlyarov
b59f963ad2
Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable.
2016-02-15 11:44:29 -05:00
Jon Dufresne
fcd08c1757
Fixed #11665 -- Made TestCase check deferrable constraints after each test.
2016-02-13 06:53:39 -05:00
Mounir Messelmeni
50931dfa53
Fixed #25304 -- Allowed management commands to check if migrations are applied.
2016-02-12 13:34:56 -05:00
Anssi Kääriäinen
46ecfb9b3a
Fixed #26196 -- Made sure __in lookups use to_field as default.
...
Thanks Simon Charette for the test.
2016-02-11 11:09:08 -05:00
ZachLiuGIS
04e13c8913
Fixed #26179 -- Removed null assignment check for non-nullable foreign key fields.
2016-02-11 10:07:39 -05:00
Anssi Kääriäinen
353aecbf8c
Fixed #26153 -- Reallowed Q-objects in ForeignObject.get_extra_descriptor_filter().
2016-02-11 08:59:43 -05:00
Curtis Maloney
6f1318734f
Fixed #26014 -- Added WSGIRequest content_type and content_params attributes.
...
Parsed the CONTENT_TYPE header once and recorded it on the request.
2016-02-10 18:19:23 -05:00
Brobin
dca8b916ff
Fixed #26154 -- Deprecated CommaSeparatedIntegerField
2016-02-10 17:57:43 -05:00
Shai Berger
bb51dc902d
Refs #26112 -- Fixed aggregate GIS test on Oracle.
...
Made sure the test doesn't try to aggregate over MultiPolygonField and made
AreaField turn decimals into floats on the way from the DB.
Thanks Daniel Wiesmann, Jani Tiainen, and Tim Graham for review and discussion.
2016-02-09 10:04:54 -05:00
Simon Charette
a325fb1f9b
Fixed #26162 -- Checked query name clashes of hidden relationships.
...
Although reverse accessor clashes should be skipped query name can't be hidden.
Thanks to Ian Foote and Tim Graham for the review.
2016-02-08 09:59:27 -05:00
Tim Graham
10a162809f
Refs #24007 -- Removed an apps.populate() call in model unpickling that can cause deadlocks.
2016-02-08 08:28:48 -05:00
Tim Graham
97eb3356b2
Fixed #26177 -- Fixed a PostgreSQL crash with TIME_ZONE=None and USE_TZ=False.
2016-02-08 07:21:54 -05:00
Shai Berger
28f60ef3b8
Fixed title formatting in backwards-incompat section of 1.10 release notes
2016-02-06 21:10:36 +02:00
Tim Graham
d6337e65ed
Added stub release notes for 1.8.10.
2016-02-06 09:24:20 -05:00
Pankrat
f91a04621e
Fixed #25833 -- Added support for non-atomic migrations.
...
Added the Migration.atomic attribute which can be set to False
for non-atomic migrations.
2016-02-05 09:09:05 -05:00
Yoong Kang Lim
0edb8a146f
Fixed #26144 -- Warned when dumping proxy model without concrete parent.
2016-02-04 19:40:12 -05:00
Simon Charette
6eb3ce11e4
Fixed #26089 -- Removed custom user test models from public API.
...
Thanks to Tim Graham for the review.
2016-02-04 12:30:34 -05:00
Hugo Osvaldo Barrera
dcee1dfc79
Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting.
...
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
2016-02-04 10:35:37 -05:00
Carl Meyer
a0ce4c09ff
Fix typos in 1.8 release notes.
2016-02-03 13:05:35 -07:00
jpic
926e90132d
Fixed #25731 -- Removed unused choices kwarg for Select.render()
2016-02-02 18:03:19 -05:00
rynomster
468d8211df
Fixed #23971 -- Added "Has date"/"No date" choices for DateFieldListFilter.
2016-02-02 12:04:14 -05:00
Tim Graham
1e9150443e
Refs #26089 -- Removed obsolete docs about custom user model testing.
2016-02-02 08:12:08 -05:00
Buddy Lindsey, Jr
731bdfe68a
Fixed #26155 -- Skipped URL checks if no ROOTURL_CONF setting.
2016-02-01 13:51:38 -05:00
Tim Graham
ecd502cfdb
Added CVE-2016-2048 to the security archive.
2016-02-01 12:42:37 -05:00
Tim Graham
59654d5efe
Added stub release notes for 1.9.3.
2016-02-01 12:39:18 -05:00
Tim Graham
11fae7c9e4
Added release dates for 1.9.2 and 1.8.9.
2016-02-01 12:02:16 -05:00
Myk Willis
62f3acc70a
Fixed incorrect permissions check for admin's "Save as new".
...
This is a security fix.
2016-02-01 11:57:00 -05:00
Tim Graham
8ce8beb3f2
Unified some doc links to OneToOneField and ManyToManyField.
2016-02-01 11:02:26 -05:00
Hugo Osvaldo Barrera
8bf8d0e0ec
Fixed #7923 -- Added links to objects displayed by ModelAdmin.raw_id_fields.
2016-02-01 07:36:10 -05:00
Greg Chapple
8dea9f089d
Fixed #26120 -- Made HStoreField cast keys and values to strings.
...
HStoreField now converts all keys and values to string before they're
saved to the database.
2016-01-29 09:51:23 -05:00
Tim Graham
04564eb74d
Fixed #26129 -- Made invalid forms display initial values of disabled fields.
2016-01-28 18:43:48 -05:00
Tim Graham
19d1cb1451
Fixed #20415 -- Ensured srid isn't localized in OpenLayers JavaScript.
2016-01-28 17:46:55 -05:00
James Pulec
f05722a08a
Fixed #25354 -- Added class/app_label interpolation for related_query_name.
2016-01-28 11:10:47 -05:00
Claude Paroz
54236a2c1c
Fixed #26138 -- Ensured geometry_field's geometry is always serialized
...
Thanks Bernd Schlapsi for the report.
2016-01-28 08:50:38 +01:00
Ben Kraft
13023ba867
Fixed #26122 -- Fixed copying a LazyObject
...
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4
.
2016-01-26 06:56:21 -05:00
Preston Timmons
cfda1fa3f8
Fixed #25848 -- Set template origin on each node.
...
Prior to 55f12f8709
, the template origin was available on each node via
`self.token.source[0]`. This behavior was removed when debug handling was
simplified, but 3rd-party debugging tools still depend on its presence.
This updates the Parser to set origin on individual nodes. This enables the
source template to be determined even when template extending or including is
used.
2016-01-26 06:23:27 -05:00
Simon Charette
4dcaa5871b
Fixed #26135 -- Adjusted the migration questioner's handling of disabled apps.
...
This was causing an issue when calling the `migrate` command in a test case with
the `available_apps` attribute pointing to an application with migrations
disabled using the `MIGRATION_MODULES` setting.
Thanks to Tim Graham for the review.
Refs #24919
2016-01-25 21:38:36 -05:00
Chris Lamb
abc0777b63
Fixed #25968 -- Changed project/app templates to use a "py-tpl" suffix.
...
Debian packages unconditionally byte-compile .py files on installation and
do not silence errors by design. Therefore, we need a way of shipping these
invalid .py files without a .py extension but ensuring that when we
template them, they end up as .py.
We don't special-case .py files so that the all the TemplateCommand
command-line options (eg. extra_files and extensions) still work entirely
as expected and it may even be useful for other formats too.
2016-01-25 12:39:06 -05:00
Tim Graham
5e8685c1b1
Refs #26034 -- Added another case fixed by this ticket to release notes.
2016-01-25 08:35:58 -05:00
Tim Graham
497b5d6fee
Refs #26034 -- Added another case fixed by this ticket to release notes.
...
Thanks Shai Berger for the report.
2016-01-25 08:33:02 -05:00
Simon Charette
729e0b086d
Fixed #24109 -- Allowed RunSQL and RunPython operations to be elided.
...
Thanks to Markus Holtermann and Tim Graham for their review.
2016-01-23 14:19:03 -05:00
Preston Timmons
c00ae7f58c
Fixed #26118 -- Added 'is' operator to if template tag.
2016-01-22 15:35:28 -05:00
Elif T. Kus
bca9faae95
Fixed #26020 -- Normalized header stylings in docs.
2016-01-22 12:12:17 -05:00
Alexander Gaevsky
9a33d3d764
Fixed #26060 -- Fixed crash with reverse OneToOneField in ModelAdmin.readonly_fields.
2016-01-21 13:21:28 -05:00
Aymeric Augustin
f91b5a7e4b
Fixed #26063 -- Crash when passing > 2000 params.
...
If SQLITE_MAX_VARIABLE_NUMBER (default = 999) is changed at compile time
to be greater than SQLITE_MAX_COLUMN (default = 2000), which Debian does
by setting the former to 250000, Django raised an exception on queries
containing more than 2000 parameters when DEBUG = True.
2016-01-21 10:47:15 +01:00
Anssi Kääriäinen
ee596888e1
Fixed #26092 -- Fixed QuerySet.order_by() regression with an M2M through model.
2016-01-20 19:13:05 -05:00
chemary
2d28144c95
Fixed #26094 -- Fixed CSRF behind a proxy (settings.USE_X_FORWARDED_PORT=True).
2016-01-20 18:19:24 -05:00
Tim Graham
073dd4ce79
Refs #26096 -- Forwardported 1.9.2 release note.
2016-01-19 07:35:48 -05:00
Tim Graham
e519aab43a
Fixed #23868 -- Added support for non-unique django-admin-options in docs.
...
Also documented missing short command line options to fix #24134 . This bumps
the minimum sphinx version required to build the docs to 1.3.4.
Thanks Simon Charette for review.
2016-01-14 18:21:33 -05:00
Simon Charette
fd1c5bb041
Fixed a typo in the 1.9.2 release notes.
2016-01-14 17:46:48 -05:00
Iacopo Spalletti
21bf685f5e
Fixed #25697 -- Made default error views error when passed a nonexistent template_name.
2016-01-14 07:05:38 -05:00
Alberto Avila
cca151d196
Refs #26071 -- Added test for __in lookup in a Case expression.
...
Forwardport of 5b3c66d8b6
from stable/1.8.x
2016-01-13 08:56:36 -05:00
Tim Graham
a7752780d9
Removed an unncessary docs cross-reference for call_command().
2016-01-12 18:01:29 -05:00
Tim Graham
555f8e9d5c
Made CommandError use the exception directive in docs.
2016-01-12 12:28:55 -05:00
pp
b34ff66e5b
Added missing period to "etc.".
2016-01-11 18:05:15 -05:00
Simon Charette
bc7d201bdb
Fixed #25858 -- Bound abstract model application relative relationships.
...
Thanks to Karl Hobley for the report and Markus, Shai, Aymeric for their input
and Tim for the review.
2016-01-11 12:23:23 -05:00
Varun Sharma
3d6474e1a5
Fixed #25385 -- Allowed importing views.generic.View from views.View.
2016-01-11 08:18:44 -05:00
Flavio Curella
0bc5cd6280
Fixed #25684 -- Made runserver use logging for request/response output.
...
Thanks andreif for the contributing to the patch.
2016-01-11 07:35:17 -05:00
Collin Anderson
780bddf75b
Fixed #20846 -- Decreased User.username max_length to 150 characters.
2016-01-08 18:06:44 -05:00
Claude Paroz
cf7894be88
Fixed #21113 -- Made LogEntry.change_message language independent
...
Thanks Tim Graham for the review.
2016-01-08 20:34:59 +01:00
Tim Graham
56aaae58a7
Fixed #26034 -- Fixed incorrect index handling on PostgreSQL on Char/TextField with unique=True and db_index=True.
...
Thanks Simon Charette for review.
2016-01-08 12:47:05 -05:00
Alexander Gaevsky
ade54ffa34
Refs #25165 -- Fixed JSON serialization for add/edit popup in the admin.
...
Forwardport of test in o839d71d8562abe0b245024e55ca1d02a45e58fd from stable/1.9.x
(refs #25997 ).
2016-01-08 12:28:32 -05:00
Alasdair Nicol
6ea7b6776c
Refs #24855 -- fixed typo in 1.10 release notes
2016-01-07 11:38:47 -05:00
Alexander Gaevsky
44930cc466
Fixed #24980 -- Fixed day determination in admin calendar widget.
2016-01-07 11:13:05 -05:00
Paulo Poiati
b643386668
Fixed #24855 -- Allowed using contrib.auth.login() without credentials.
...
Added an optional `backend` argument to login().
2016-01-07 08:56:07 -05:00
Niels Van Och
7f7553dd30
Fixed #25680 -- Added django-admin shell --command option.
...
Add a -c option to the shell command to execute a command passed as a
string as Django.
2016-01-06 18:43:41 -05:00
Claude Paroz
632a9f21bc
Fixed #26046 -- Fixed a crash with translations and Django-unknown language code
...
Thanks Jens Lundstrom for the report and Tim Graham for the review.
2016-01-06 20:30:56 +01:00
Scott Pashley
7cc2efc2d6
Fixed #26035 -- Prevented user-tools from appearing on admin logout page.
2016-01-06 13:48:02 -05:00
Tim Graham
1e57dccb31
Added stub release notes for 1.8.9.
2016-01-05 13:19:20 -05:00
Tim Graham
49eeb0f570
Fixed #25878 -- Documented requirement that handler404 return a 404 response.
2016-01-05 11:23:13 -05:00
Denis Cornehl
186b6c61bf
Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.
...
Thanks Denis Cornehl for help with the patch.
2016-01-05 09:37:11 -05:00
Andrew Kuchev
d5b90c8e12
Fixed #21549 -- Made loaddata's 'fixture not found' warning an exception.
...
Thanks to mpasternak for the report and Tim Graham for the review.
2016-01-04 19:39:35 -05:00
Tim Graham
3432f5d659
Added stub release notes for 1.9.2.
2016-01-02 09:06:26 -05:00
Tim Graham
24c1713e2e
Added release date for 1.9.1/1.8.8 releases.
2016-01-02 08:35:54 -05:00
varunnaganathan
3eba9638ee
Fixed #25316 -- Fixed a crash with order_by() and values() after annotate().
2016-01-02 07:06:54 -05:00