Commit Graph

15276 Commits

Author SHA1 Message Date
Aymeric Augustin e76dd4cd1a [1.6.x] Fixed #21074 -- Added tests for localized datetime fields.
Fields must render values in the current time zone.

This commit only contains tests because this ticket was just a symptom of
a regression from #18777 that was fixed separately.

Backport of 5444a9c from master.
2013-09-21 23:11:04 +02:00
Florian Apolloner ece8d65217 [1.6.x] Ensured that BoundField.as_widget always returns properly localized fields.
This is a follow-up to #18777 which improperly converted to strings in
prepare_value and as such caused regressions like #21074.

Refs #18777, #21074

Backport of 56743cf9e3 from master.
2013-09-21 22:58:18 +02:00
Curtis Maloney e94efee946 [1.6.x] Fixed #21133 -- Clarifed documentation about strftime formatting.
Backport of 43a2ec7999 from master
2013-09-21 06:56:00 -04:00
Aymeric Augustin 0ad178c43d [1.6.x] Clarified why one must not catch database errors inside atomic.
Backport of 4db2752 from master.
2013-09-20 21:57:39 +02:00
Paul McMillan 85ba68cc14 [1.6.x] Increased default PBKDF2 iterations
Increases the default PBKDF2 iterations, since computers have gotten
faster since 2011. In the future, we plan to increment by 10% per
major version.

Backport of a075e2ad0d from master
2013-09-19 15:34:59 -04:00
Markus Amalthea Magnuson 9888bb28ee [1.6.x] Added missing "in" in sentence.
Backport of 2c5c422d34 from master
2013-09-19 13:29:48 -04:00
Tim Graham 538fdd2ae4 [1.6.x] Added __pycache__ to gitignore
Backport of 55b9bff07f from master
2013-09-19 06:37:53 -04:00
Russell Keith-Magee 886e876c72 [1.6.x] Fixed #21121: Added archive of security issues.
Backport of 9d3e60aa3e, 8e134c27c9, 8b3bae9466, c65ae7c969, bbabc5325c,
and a2e25e8a83 from master.
2013-09-19 15:02:52 +08:00
Tim Graham 091ae7f172 Removed accidentally added pyc file.
Thanks Simon Charette for the report.
2013-09-18 20:27:07 -04:00
Tim Graham 778d4da9cc [1.6.x] Fixed #21098 -- Applied sensitive_post_parameters to MultiValueDict
Thanks simonpercivall for the report and bmispelon for the review.

Backport of 2daada800f from master
2013-09-18 09:56:01 -04:00
Tim Graham dbad65ded7 [1.6.x] Fixed bad backport in last commit; refs #21118 2013-09-18 09:52:29 -04:00
Tim Graham 14e139ecdf [1.6.x] Fixed #21118 -- Isolated a test that uses the database.
Thanks rmboggs for the report.

Backport of 4f40b97d97 from master
2013-09-18 09:43:10 -04:00
Tim Graham 275497c570 [1.6.x] Fixed #15625 -- Made message in MultiValueDictKeyError less verbose.
Thanks margieroginski for the suggestion.

Backport of 893198509e from master
2013-09-18 06:49:59 -04:00
Florian Apolloner 325b03ea84 [1.6.x] Final attempt to solve sporadic test failures.
tearDownClass is not called if setUpClass throws an exception, in our case
this means that LiveServerTestCase leaks LiveServerThread sockets if the
test happens to be skipped later on, and AdminSeleniumWebDriverTestCase
doesn't close it's already open browser window. To prevent this leakage
we catch errors where needed and manually call _tearDownClassInternal.
_tearDownClassInternal should be written as defensively as possible since
it is not allowed to make any assumptions on how far setUpClass got.

This patch should fix the sporadic "Address already in use"-errors on jenkins
and also the "This code isn't under transaction management"-error for sqlite
(also just on jenkins).

After discussion with koniiiik, jezdez, kmtracey, tos9, lifeless, nedbat and
voidspace it was decided that this is the safest approach (thanks to everyone
for their comments and help). Manually calling tearDownClass was shut down
cause we don't know how our users override our classes.

This is a private and very specialized API on purpose and should not be used
without a strong reason!

This patch partially reverts the earlier attempts to fix those issues,
namely:
	2fa0dd73b1 and
	3c5775d36f

Final note: If this patch breaks in a later version of Django, please be
very careful on how you fix it, you might not see test failures locally.
That said, this patch hopefully doesn't produce even more failures.

Backport of 73a610d2a8 from master.
2013-09-17 18:36:32 +02:00
Anssi Kääriäinen 5937f291c1 [1.6.x] Fixed #21109 -- made db cursor error wrapping faster
Backpatch of 9400142132 from master.
2013-09-17 12:31:13 +03:00
Ramiro Morales c0625a74ce [1.6.x] Reworded a paragraph in the logging docs.
9d12f68a53 from master.
2013-09-16 17:52:13 -03:00
Tim Graham e96bcdd64f [1.6.x] Cleaned up 1.5.4/1.4.8 release notes
Backport of 8d29005524 from master
2013-09-15 14:22:24 -04:00
James Bennett 623c4916df [1.6.x] Add release notes and bump version number for security release. 2013-09-15 00:36:03 -06:00
Russell Keith-Magee 5ecc0f828e [1.6.x] Ensure that passwords are never long enough for a DoS.
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
 * Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.

Backport of aae5a96d57 from master.
2013-09-15 13:46:16 +08:00
Anssi Kääriäinen 4c4954a3c1 [1.6.x] Added tests for double-pickling a QuerySet
Refs #21102.

Backpatch of 74b91b3888
2013-09-14 10:36:48 +03:00
Goetz 097fb98f81 [1.6.x] Fixed #21101 -- Updated urlize documentation to mention email addresses
Backport of 39b49fd339 from master
2013-09-13 12:42:40 -04:00
Tim Graham 7a2adec4d0 [1.6.x] Fixed #21100 -- Noted that Create/UpdateViews.fields is new in 1.6
Thanks AndrewIngram for the suggestion.

Backport of ec89e1725a from master
2013-09-13 09:35:22 -04:00
Tim Graham 6e17534c89 [1.6.x] Fixed #21094 -- Updated reuseable apps tutorial to use pip for installation.
Thanks ylb415 at gmail.com for the suggestion.

Backport of e4aab1bb8d from master
2013-09-13 09:30:12 -04:00
Kevin Christopher Henry c91ffd5f23 [1.6.x] Documentation -- added instructions on working with pull requests
Since non-core contributors are asked to review patches, instructions
on working with pull requests were added to the Working with Git and
GitHub page (based on the existing instructions in the core
committers page).

Backport of 990ce9aab9 from master
2013-09-13 08:27:23 -04:00
Matt Austin a929adfd3b [1.6.x] Fixed #21095 -- Documented new requirement for dates lookups.
Day, month, and week_day lookups now require time zone definitions in the database.

Backport of 9451d8d from master.
2013-09-13 10:20:13 +02:00
Ramiro Morales 66e6e2d146 [1.6.x] Fixed a couple of typos in GeoDjango docs.
8b366a50f4 from master.
2013-09-12 19:45:27 -03:00
Phaneendra Chiruvella e8bb41d05c [1.6.x] Minor typo fix in django.contrib.auth.models.User docs
Backport of bd72c2acb6 from master
2013-09-11 19:44:35 -04:00
Tim Graham b05639dcac [1.6.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH.
Thanks EvilDMP for the report and Russell Keith-Magee
for the draft text.

Backport of da843e7dba from master
2013-09-11 08:18:48 -04:00
Kevin Christopher Henry 4f0ea1aca4 [1.6.x] Documentation -- Improved description of cache arguments
- Fixed some grammar and formatting mistakes
- Added the type and default for CULL_FREQUENCY
- Made the note on culling the entire cache more precise. (It's actually
  slower on the filesystem backend.)

Backport of 5eca021d48 from master
2013-09-11 07:43:24 -04:00
James Bennett ed9b7b6295 [1.6.x] Bump version number for 1.6 beta 3 security release. 2013-09-10 20:32:14 -05:00
Tim Graham 2f2731e67e [1.6.x] Added 1.4.7/1.5.3 release notes
Backport of baec6a26dd from master
2013-09-10 21:08:27 -04:00
Tim Graham 536cc64240 [1.6.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths.
Thanks Rainer Koirikivi for the report and draft patch.

This is a security fix; disclosure to follow shortly.

Backport of 7fe5b656c9 from master
2013-09-10 21:03:51 -04:00
Tarjei Husøy ef3604a085 [1.6.x] Fixed broken sphinx reference to staticfiles.
Backport of 751dc0a36b from master
2013-09-10 16:31:51 -04:00
Aymeric Augustin f9f792eb04 [1.6.x] Took advantage of django.utils.six.moves.urllib.*.
Backport of 6a6428a36 from master.
2013-09-10 21:29:31 +02:00
oz123 960f5bc759 [1.6.x] Fixed #21075 - Improved doc for calling call_command with arguments.
Backport of fca4c4826e from master
2013-09-10 09:18:14 -04:00
Tim Graham 01ad508514 [1.6.x] Fixed spelling; refs #16895.
Thanks Panagiotis Issaris for the report.

Backport of fb51c9a0f2 from master
2013-09-09 11:31:25 -04:00
e0ne 276e053803 [1.6.x] Fixed #16895 -- Warned about cost of QuerySet ordering
Thanks outofculture at gmail.com for the suggestion.

Backport of cbf08c6b0c from master
2013-09-09 09:49:15 -04:00
Садовский Николай e4274e3da1 [1.6.x] Fixed #20707 -- Added explicit quota assignment to Oracle test user
To enable testing on Oracle 12c
2013-09-09 14:02:21 +03:00
Aymeric Augustin b085e7c303 [1.6.x] Further hardening. Refs #18766.
Backport of c687bf0 from master.
2013-09-08 20:43:33 +02:00
Aymeric Augustin 0035a0ce2e [1.6.x] Hardened the test introduced in ded11aa6. Refs #18766.
Inputs acceptable to time.mktime are platform-dependent.

Backport of 1a1e1478 from master.
2013-09-08 19:41:34 +02:00
Aymeric Augustin 7c31e195db [1.6.x] Fixed #18766 -- Pointed to pytz when LocalTimezone fails.
Thanks void for the report.

Backport of ded11aa6 from master.
2013-09-08 09:17:03 +02:00
Tim Graham c03848b540 [1.6.x] Fixed #21068 -- Added some docs for DiscoverRunner
Thanks jcd.

Backport of e4b012feeb from master
2013-09-07 16:11:03 -04:00
Aymeric Augustin 01edcf70f2 Fixed #20409 -- Clarified how unique_for_date works when USE_TZ is set. 2013-09-07 14:09:52 -05:00
Tim Graham be9930d7be [1.6.x] Fixed deprecation warning on Python 3
Backport of b7451b72 from master.
2013-09-07 13:15:13 -05:00
Aymeric Augustin 63b95ca452 [1.6.x] Fixed 9244447c -- incomplete backport.
The test client had been refactored in the mean time. This commit
de-factors the fix. Refs #20530.
2013-09-07 13:15:13 -05:00
Tim Graham 7b8037f3aa [1.6.x] Fixed #20005 -- Documented that Oracle databases need execute permission on SYS.DBMS_LOB.
Thanks jafula for the suggestion.

Backport of a86ecc80a2 from master
2013-09-07 14:01:05 -04:00
Tim Graham 17b67e17a3 [1.6.x] Fixed #20938 -- Added cached sessions note to deployment checklist.
Thanks mjtamlyn for the suggestion.

Backport of 4e784f337c from master
2013-09-07 13:08:45 -04:00
Aymeric Augustin 7fcd6aa669 [1.6.x] Fixed #20530 -- Properly decoded non-ASCII query strings on Python 3.
Thanks mitsuhiko for the report.

Backport of 65b6eff3 and adaptation of 8aaca65 from master.
2013-09-07 12:06:38 -05:00
Aymeric Augustin 9244447cc4 [1.6.x] Fixed an encoding issue in the test client.
Refs #20530.

Backport of 7bb62793 and 476b0764 from master.

Conflicts:
	django/test/client.py
2013-09-07 12:06:19 -05:00
Keith Edmiston a357c854c9 [1.6.x] Fixed #16992 -- Added InnoDB warning regarding reuse of AUTO_INCREMENT values.
Thanks kent at nsc.liu.se for the report.

Backport of c54fa1a7bc from master
2013-09-07 12:16:43 -04:00