Commit Graph

412 Commits

Author SHA1 Message Date
Erik Romijn d16e4e1d6f [1.8.x] Fixed #24464 -- Made built-in HTML template filter functions escape their input by default.
This may cause some backwards compatibility issues, but may also
resolve security issues in third party projects that fail to heed warnings
in our documentation.

Thanks Markus Holtermann for help with tests and docs.

Backport of fa350e2f30 from master
2015-03-09 09:31:07 -04:00
Tim Graham 83269b2935 [1.8.x] Fixed typo in docs/howto/custom-template-tags.txt
Backport of 63f2dd4ad7 from master
2015-03-09 07:06:32 -04:00
Ross Brunton 72539a5f29 [1.8.x] Fixed #24379 -- Documented that remote user example disables ModelBackend.
Backport of 6b28e957df from master
2015-03-02 19:57:12 -05:00
Ian Lee ed25758556 [1.8.x] Added syntax highlighting for apache code blocks
Backport of fde4857fb8 from master
2015-03-02 12:37:07 -05:00
Ian Lee 04c262aea9 [1.8.x] Broke long lines in code examples.
The website only renders code blocks at 96 chars, and therefore
long code lines get wrapped. Manually breaking the lines prevents
the wrapping from occurring.

Backport of 00fbd8fd52 from master
2015-02-23 07:46:00 -05:00
Sean Wang f0780df608 [1.8.x] Fixed #24358 -- Corrected code-block directives for console sessions.
Backport of eba6dff581 from master
2015-02-22 09:36:51 -05:00
Loic Bistuer 3a6c37fce4 [1.8.x] Fixed #24351, #24346 -- Changed the signature of allow_migrate().
The new signature enables better support for routing RunPython and
RunSQL operations, especially w.r.t. reusable and third-party apps.

This commit also takes advantage of the deprecation cycle for the old
signature to remove the backward incompatibility introduced in #22583;
RunPython and RunSQL won't call allow_migrate() when when the router
has the old signature.

Thanks Aymeric Augustin and Tim Graham for helping shape up the patch.

Refs 22583.

Conflicts:
	django/db/utils.py

Backport of bed504d70b from master
2015-02-20 21:55:50 +07:00
Andrei Kulakov 564487601e [1.8.x] Fixed #23932 -- Added how-to on migrating unique fields.
Backport of 1f9e44030e from master
2015-02-20 21:53:15 +07:00
Marc Tamlyn 3886338c1d [1.8.x] Update converters to take a consistent set of parameters.
As suggested by Anssi. This has the slightly strange side effect of
passing the expression to Expression.convert_value has the expression
passed back to it, but it allows more complex patterns of expressions.

Backport of 32d4db66b9 from master
2015-02-20 11:47:48 +00:00
Aymeric Augustin cc4effba0b [1.8.x] Set context.template instead of context.engine while rendering.
This opens more possibilities, like accessing context.template.origin.

It also follows the chain of objects instead of following a shortcut.

Backport of 1bfcc95 from master
2015-02-19 22:10:56 +01:00
Aymeric Augustin e8950668ca [1.8.x] Deprecated TEMPLATE_DEBUG setting.
Backport of 15b711b from master.
2015-02-15 20:48:48 +01:00
Tim Graham ff39de1e1e [1.8.x] Added a "Writing migrations" how-to.
Backport of 570912a97d from master
2015-02-03 13:46:56 -05:00
Tim Graham a58a120021 [1.8.x] Standardized indentation in docs/howto/custom-management-commands.txt. 2015-01-17 13:27:59 -05:00
Tim Graham bfa3478850 [1.8.x] Replaced deprecated requires_model_validation in docs.
Backport of 18192b9fa4 from master
2015-01-17 12:52:30 -05:00
Carl Meyer 316b8d4974 Stripped headers containing underscores to prevent spoofing in WSGI environ.
This is a security fix. Disclosure following shortly.

Thanks to Jedediah Smith for the report.
2015-01-13 13:03:05 -05:00
Pavel Shpilev a7c256cb54 Fixed #9893 -- Allowed using a field's max_length in the Storage. 2015-01-12 09:09:18 -05:00
Aymeric Augustin 4797af2bb8 Updated custom template tags how-to.
Accounted for multiple template engines and made a few small fixes.
2015-01-10 20:17:22 +01:00
Aymeric Augustin ee8d5b91e9 Wrote main documentation for templates. 2015-01-10 20:16:19 +01:00
Anssi Kääriäinen 0c7633178f Fixed #24020 -- Refactored SQL compiler to use expressions
Refactored compiler SELECT, GROUP BY and ORDER BY generation.
While there, also refactored select_related() implementation
(get_cached_row() and get_klass_info() are now gone!).

Made get_db_converters() method work on expressions instead of
internal_type. This allows the backend converters to target
specific expressions if need be.

Added query.context, this can be used to set per-query state.

Also changed the signature of database converters. They now accept
context as an argument.
2015-01-08 14:07:54 -05:00
Claude Paroz f7c287fca9 Fixed #24073 -- Deactivated translations when leave_locale_alone is False
Thanks Tim Graham and Markus Holtermann for the reviews.
2015-01-07 20:11:24 +01:00
Daniel Pyrathon fb48eb0581 Fixed #12663 -- Formalized the Model._meta API for retrieving fields.
Thanks to Russell Keith-Magee for mentoring this Google Summer of
Code 2014 project and everyone else who helped with the patch!
2015-01-06 19:25:12 -05:00
Tim Graham d7fc6eb8ca Revert "Updated some docs for the delayed deprecation of legacy table creation; refs #22340."
This reverts commit a2e3c96948.

The deprecation was moved back to 1.9 in
61da5f3f02.
2014-12-30 11:50:50 -05:00
Aymeric Augustin cf0fd65ed4 Deprecated TEMPLATE_LOADERS. 2014-12-28 17:02:30 +01:00
Aymeric Augustin 3dc01aaaaf Deprecated ALLOWED_INCLUDE_ROOTS. 2014-12-28 17:02:30 +01:00
Christopher Grebs 508be27dbf Fixed #24057 -- Fixed typo in docs/howto/custom-lookups.txt. 2014-12-27 19:38:24 -05:00
Claude Paroz 337cd09836 Updated some other external links in the docs 2014-12-19 18:07:52 +01:00
Claude Paroz 0a4b04fc23 Used https for most *.python.org links 2014-12-19 18:07:52 +01:00
Quentin Pradet 6bc343d874 Fixed typo in docs/howto/custom-lookups.txt. 2014-12-08 07:18:54 -05:00
Vladimir Rutsky 1a408e42ee Add missing dot 2014-12-07 00:49:59 +03:00
Berker Peksag 560b4207b1 Removed redundant numbered parameters from str.format().
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Danilo Bargen cdee865976 Fixed #23543 -- Added docs on testing management command output. 2014-11-24 10:23:25 -05:00
Daniel Roseman 524e71c9c2 Fixed #20435 -- Reordered the custom template tags docs.
Introduced the various shortcuts before explaining the more complex
parser/render functionality.

Also removed non-decorator syntax: it's been years since Django
supported a Python version without decorators.
2014-11-17 17:38:04 +01:00
Josh Smeaton f61256da3a Renamed qn to compiler 2014-11-16 13:19:34 +01:00
Berker Peksag 5c517ec218 Fixed versionchanged indentation in docs/. 2014-11-03 21:40:26 -05:00
Andy Chosak c0c78f1b70 Clarified custom lookups output_field documentation 2014-11-03 15:52:27 +02:00
James Brewer 332706eaa0 Fixed #23376 -- Made documentation about required Storage methods
consistent.

The following methods **should** be implemented, but are not required:

 * Storage.delete()
 * Storage.exists()
 * Storage.listdir()
 * Storage.size()
 * Storage.url()

Updated documentation to reflect this fact and give a couple of examples
where some methods may not be implemented. Add a warning that not
implementing some methods will result in a partial (possibly broken)
interface.

Ticket: https://code.djangoproject.com/ticket/23376
2014-11-03 03:32:41 -08:00
Berker Peksag affc04060f Converted seealso directives to use 4 space indendation. 2014-10-30 14:45:16 -04:00
Thomas Chaumeny 00aa562884 Fixed #23493 -- Added bilateral attribute to Transform 2014-10-28 10:02:10 +02:00
Tim Graham e460b1c573 Fixed #23708 -- Corrected mod_wsgi docs reference to nonexistent comment in wsgi.py.
Thanks inglesp for the report.
2014-10-27 18:17:50 -04:00
Tim Graham 4b0a45ce64 Fixed #23705 -- Removed unnecessary AliasMatch from example Apache config.
Thanks Keryn Knight for the report.
2014-10-23 08:15:54 -04:00
Collin Anderson 1b2debe896 Fixed #23637 -- Removed TUX, lighttpd, and Cherokee as common. 2014-10-15 08:28:27 -04:00
Marc Tamlyn 92a17eaae0 Fixed #23627 -- Allowed register_lookup to work as a decorator. 2014-10-09 18:44:58 +01:00
Corey Farwell 37b13033c6 Removed sudo from pip commands in docs. 2014-09-22 15:49:48 -04:00
Claude Paroz 5bf654e44b Fixed #23530 -- Specified PyYAML requirement in initial-data.txt
Thanks aks for the report.
2014-09-21 16:00:19 +02:00
Matt Robenolt b88e31348b Don't recommend using sudo when installing uwsgi 2014-09-19 22:58:49 -07:00
Tim Graham 52ef6a4726 Fixed #17101 -- Integrated django-secure and added check --deploy option
Thanks Carl Meyer for django-secure and for reviewing.

Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and
Jorge Carleitao for reviews.
2014-09-12 15:05:23 -04:00
Tim Graham c7f7432be5 Fixed #23350 -- Updated mod_wsgi auth example to use less memory.
Thanks Graham Dumpleton for the report.
2014-09-09 09:32:19 -04:00
Sébastien Fievet f36ab2d3f2 Fixed typo in docs/howto/custom-lookups.txt. 2014-09-07 11:29:20 +02:00
Collin Anderson fa74dba994 Refs #23430 -- gunicorn wants a module, not file 2014-09-06 08:13:45 -07:00
Collin Anderson 77b3907d6d Fixed #23430 -- simplified gunicorn deployment docs. 2014-09-05 20:36:35 -04:00