Commit Graph

13598 Commits

Author SHA1 Message Date
Jannis Leidel f96dd05542 [1.5.X] Fixed #19850 -- Use configured staticfiles storage to find the URL of a static file in the admin. 2013-02-23 14:42:11 +01:00
Anssi Kääriäinen 251f345db6 [1.5.x] Fixed Oracle regression in last_executed_query() with unicode strings
The regression was likely caused by the fix in #19606 which adjusted
Oracle's unicode detection, though it seems this would have been an
issue in some configurations even before.

Backpatch of ce094e570e
2013-02-23 00:31:14 +02:00
Anssi Kääriäinen 8a99d718f7 [1.5.x] Fixed empty strings + to_field regression on Oracle
Querying the reverse side of nullable to_field relation, where both
sides can contain null values resulted in incorrect results. The reason
was not detecting '' as NULL.

Refs #17541, backpatch of 09fcb70c80.
2013-02-23 00:09:48 +02:00
Preston Holmes b17a572eb3 [1.5.x] Fixed #19868 -- Clarified purpose of custom user example 2013-02-20 15:34:22 -08:00
Anssi Kääriäinen 96790fc022 [1.5.x] Made a couple of selenium tests wait for page loaded
The admin_widgets tests were issuing click() to the browser but
didn't wait for the effects of those clicks. This caused the resulting
request to be processed concurrently with the test case. When using
in-memory SQLite this caused weird failures.

Also added wait_page_loaded() to admin selenium tests for code
reuse.

Fixed #19856, backpatch of 50677b29af
2013-02-21 00:01:07 +02:00
Anssi Kääriäinen 8ad436636f [1.5.x] Fixed #19672 -- Error in negated Q() filtering
There was a variable overwrite error in negated join filtering. This
happened when add_filter() was adding the IS NULL condition to the
WHERE clause.

This is not a backport from master as there have been some other
refactorings which made this patch irrelevant.

The patch is from Ian Kelly.
2013-02-20 21:57:39 +02:00
Carl Meyer 8d4342f2c9 [1.5.x] Fixed #19857 -- Fixed broken docs link in project template. 2013-02-19 18:43:28 -07:00
Carl Meyer c7f80b428b Don't characterize XML vulnerabilities as DoS-only. 2013-02-19 18:20:08 -07:00
Tim Graham 23ef6e1baf [1.5.X] Fixed #19728 - Updated API stability doc to reflect current meaning of "stable".
Backport of 132d5822b0 from master
2013-02-19 18:20:46 -05:00
Stefan "hr" Berder 4f99b0b635 [1.5.X] Fixed typo in docs/topics/class-based-views/generic-display.txt
Backport of 22d5e4b4af from master
2013-02-19 16:32:59 -05:00
James Bennett 18d920ea48 [1.5.x] Bump version numbers for security release. 2013-02-19 14:15:33 -06:00
Carl Meyer 84ce990c07 [1.5.x] Update 1.5 release notes for XML and formset fixes. 2013-02-19 10:39:04 -07:00
Aymeric Augustin 3ef4bbf495 [1.5.x] Added a default limit to the maximum number of forms in a formset.
This is a security fix. Disclosure and advisory coming shortly.
2013-02-19 10:39:04 -07:00
Carl Meyer 0e46c7f7ac [1.5.x] Checked object permissions on admin history view.
This is a security fix. Disclosure and advisory coming shortly.

Patch by Russell Keith-Magee.
2013-02-19 10:39:04 -07:00
Carl Meyer 2d0c22e02d [1.5.x] Restricted the XML deserializer to prevent DoS attacks.
This is a security fix. Disclosure and advisory coming shortly.
2013-02-19 10:39:03 -07:00
Carl Meyer a7e33c5bf3 [1.5.x] Added a new required ALLOWED_HOSTS setting for HTTP host header validation.
This is a security fix; disclosure and advisory coming shortly.
2013-02-19 10:39:03 -07:00
Tim Graham 5d853db90e [1.5.X] Fixed #19717 - Removed mentions of "root QuerySet" in docs.
Thanks julien.aubert.mail@ for the report and James Pic for the patch.

Backport of 64d0f89ab1 from master
2013-02-18 09:36:49 -05:00
Simon Meers 94ef17e2c2 [1.5.x] Corrected INSTALLED_APPS syntax in 1.5 release notes.
Backport of 9c2066d5 from master.
2013-02-18 00:55:22 +11:00
Tim Graham ba794f68bf [1.5.x] Fixed #19824 - Corrected the class described for Field.primary_key from IntegerField to AutoField.
Thanks Keryn Knight.

Backport of 218bbef0c4 from master
2013-02-16 18:34:18 -05:00
Tim Graham ad2b091c1f [1.5.x] Fixed #19812 - Removed a duplicate phrase in the widget docs.
Thanks diegueus9 for the report and itsallvoodoo for the draft patch.

Backport of 7a80904b00 from master
2013-02-16 18:25:03 -05:00
Alex Hunley 5c3c8bf09a [1.5.x] Fixed #19719 - Removed misleading example from ModelForm documentation
Backport of 976dc07baf from master
2013-02-16 18:05:35 -05:00
Claude Paroz 41848b078a [1.5.x] Fixed #19833 -- Fixed import parameter encoding in get_runner
Thanks Danilo Bargen for the report.
Backport of 63236161 from master.
2013-02-16 13:32:03 +01:00
Russell Keith-Magee 461d6e2295 [1.5.x] Refs #14881 -- Document that User models need to have an integer primary key.
Thanks to Kaloian Minkov for the reminder about this undocumented requirement.

(cherry picked from commit 91c26eadc9)
2013-02-16 10:21:45 +08:00
Claude Paroz 5a803ce10e [1.5.x] Fixed geos test to prevent random failure
Points in the test fixtures have 20 as max coordinate.
Backport of 87854b0bdf from master.
2013-02-15 20:15:31 +01:00
Claude Paroz 1b54c85a53 [1.5.x] Avoided unneeded assertion on Python 3
Fixes failure introduced in 02e5909f7a.
2013-02-15 16:11:53 +01:00
Claude Paroz 5921f15c11 [1.5.x] Fixed #19807 -- Sanitized getpass input in createsuperuser
Python 2 getpass on Windows doesn't accept unicode, even when
containing only ascii chars.
Thanks Semmel for the report and tests.
Backport of 02e5909f7a from master.
2013-02-15 15:51:17 +01:00
Julien Phalip 42e87c17f2 [1.5.x] Fixed #19829 -- Fixed index lookups for NumPy arrays in templates.
Backport of 7d5e35cdb4
2013-02-15 00:18:49 -08:00
Russell Keith-Magee bc6746ac30 [1.5.x] Fixed #19822 -- Added validation for uniqueness on USERNAME_FIELD on custom User models.
Thanks to Claude Peroz for the draft patch.

(cherry picked from commit f5e4a699ca)
2013-02-15 09:02:14 +08:00
Ramiro Morales 1c086df50e [1.5.x] Fix filtering during collection of paths in setup.py
Thanks Marek Brzóska for the report.

f179a5198e from master.
2013-02-14 20:47:41 -03:00
Ramiro Morales 89ce55b301 [1.5.x] Mention backward relationships in aggregate docs.
Thanks Anssi and Marc Tamlyn for reviewing.

Fixes #19803.

0560bfb705 from master.
2013-02-14 20:47:04 -03:00
Ramiro Morales e7ab0d35c1 [1.5.x] Typo in i18n docs.
112c6e987d from master.
2013-02-14 20:46:27 -03:00
Ramiro Morales 6f29147488 [1.5.x] Fixed #19729 -- Removed leftover refactoring helper variables.
Thanks chrismedrela for the report.

Refs #6262, 44b9076 and 4d94c0c.

826d9de00e from master.
2013-02-14 20:45:36 -03:00
Claude Paroz cfdc003ab7 [1.5.x] Fixed #19823 -- Fixed memcached code example in cache docs
Backport of 668d0b8d from master.
2013-02-14 11:25:07 +01:00
Carl Meyer f83bec4847 [1.5.x] Fix admindocs on Python 3, where None cannot be sorted with strings.
This fixes two tests in admin_views which were failing on Python 3, but only if
the tests were run with docutils installed.
2013-02-12 17:12:44 -07:00
Anssi Kääriäinen 743263a105 [1.5.x] Removed try-except in django.db.close_connection()
The reason was that the except clause needed to remove a connection
from the django.db.connections dict, but other parts of Django do not
expect this to happen. In addition the except clause was silently
swallowing the exception messages.

Refs #19707, special thanks to Carl Meyer for pointing out that this
approach should be taken.
2013-02-13 00:22:10 +02:00
Anssi Kääriäinen 77f6eb2a60 [1.5.x] Made custom m2m fields without through easier to use
The change in f105fbe52b made through=None
m2m fields fail in cases where they worked before. It isn't possible to
create such fields using public APIs. The fix is trivial, so it seems
worth adding it.

This is not a backport from master. Master has gotten enough other
changes to related fields internal API that this fix alone isn't enough
to do any good.
2013-02-10 21:54:48 +02:00
Claude Paroz 44afe44602 [1.5.x] Emphasized MyISAM pseudo-requirement for GeoDjango over MySQL
Refs #15295.
Backport of 8fbc20b24 from master.
2013-02-10 20:50:11 +01:00
Anssi Kääriäinen 7b5ca126ee [1.5.x] Fixed #19112 -- Reduced the amount of query params in a test
Backpatch of 604d8763dc.
2013-02-10 21:09:58 +02:00
Anssi Kääriäinen b18ad807e0 [1.5.x] Fixed #19720 -- Oracle ordering related delete regression
When a query had a complex where condition (a condition targeting more
than the base table) a subquery was used for deletion. However, the
query had default ordering from the model's meta and Oracle doesn't
work with ordered subqueries.

The regression was caused by fast-path deletion code introduced in
1cd6e04cd4 for fixing #18676.

Thanks to Dylan Klomparens for the report.

Backpatch of 8ef3235034
2013-02-10 19:58:22 +02:00
Anssi Kääriäinen d8e68f421e [1.5.x] Fixed #19638 -- Skipped tx support testing for some DBs
PostgreSQL and Oracle always support transactions, so the create table
and rollback test is non-necessary on those DBs.

Thanks to shai for report.

Backpatch of 0478780b8e
2013-02-10 19:08:15 +02:00
Anssi Kääriäinen 60186aa2e5 [1.5.x] Fixed #19707 -- Reset transaction state after requests
Backpatch of a4e97cf315
2013-02-10 14:09:58 +02:00
Anssi Kääriäinen 4c261c61f2 [1.5.x] Fixed #19645 -- Added tests for TransactionMiddleware
Backpatch of f556df90be. Backpatching
these tests so that it will be easier to backpatch the fix for #19707.
2013-02-10 14:01:49 +02:00
Preston Holmes bb12ea2cf1 [1.5.x] Made modwsgi groups_for_user consistent with check_password
2b5f848207 based its changes on #19061
that made the is_active attribute mandatory for user models.
The try/except was not removed for the groups_for_user function.

refs #19780
2013-02-09 09:33:34 -08:00
Tim Graham 7b278278ab [1.5.x] Fixed #19699 - Removed "Please see the release notes" from versionadded/changed directives
Thanks Aymeric for the patch.

Backport of d93edffa89 from master.
2013-02-09 09:22:33 -05:00
Claude Paroz 2d53799ca6 [1.5.x] Fixed #19749 -- Documented ending param to command's self.stdout/err
Thanks xian at mintchaos.com for the report.
Backport of 0201b9d6d from master
2013-02-09 10:19:59 +01:00
Julien Phalip 15796db507 [1.5.x] Cleaned up some lingering signals in the test suite that were causing spurious failures with Pypy and Postgres.
Backport of db09a2de6e
2013-02-08 12:13:43 -08:00
Claude Paroz b8c6de31a6 [1.5.x] Fixed #19779 -- Checked contrib.sites presence in RedirectFallbackMiddleware
Thanks Aymeric Augustin for the report and directions for the patch.
Backport of 2ed90eac from master.
2013-02-08 16:36:57 +01:00
Preston Holmes 830b9fde46 [1.5.x] Fixed #19776 -- Added missing import for backport
line was present on master from 1520748dac
2013-02-08 00:28:37 -08:00
Preston Holmes 660f80c3d6 [1.5.x] Fixed #19662 -- alter auth modelbackend to accept custom username fields
Thanks to Aymeric and Carl for the review.
2013-02-07 16:08:23 -08:00
Aymeric Augustin 833ccd4b5b [1.5.x] Fixed #19772 -- Handled APPEND_SLASH correctly in the redirects app.
Backport of 64623a2.
2013-02-07 22:38:14 +01:00