9f8287a3f1
SECURITY ALERT: Corrected regular expressions for URL and email fields.
...
Certain email addresses/URLs could trigger a catastrophic backtracking situation, causing 100% CPU and server overload. If deliberately triggered, this could be the basis of a denial-of-service attack.
This security vulnerability was disclosed in public, so we're skipping our
normal security release process to get the fix out as soon as possible.
This is a security related update. A full announcement, as well as backports for the 1.1.X and 1.0.X series will follow.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11603 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-09 20:57:59 +00:00
7c53c2618d
Fixed #10968 - Form.errors should use Form.error_class.
...
Thanks for report and initial patch, matehat.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11498 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-11 10:47:40 +00:00
5663258de1
Fixed #10792 -- Ensured that ModelChoiceFields don't provide an empty option when the underlying field has blank=False and there is a default value available. Thanks to carljm for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10729 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-10 07:44:27 +00:00
7caf21aa2e
Make sure that all uses of max_length in the test suite use values smaller than 255. If we use max_length > 255 the test suite can't be run on MySQL 4.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10697 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-07 18:06:22 +00:00
f6cca736a0
Fixed #9609 -- Modified the clean method of(Null)Boolean field to accept '1' and '0' as valid inputs. Thanks to psagers for the patch.
...
This is required to support the use of non-default form widgets such as RadioSelect when the data comes from MySQL, which uses 1/0 to represent booleans.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-02 14:52:34 +00:00
fbf5eaac94
Fixed #10349 -- Modified ManyToManyFields to allow initial form values to be callables. Thanks to fas for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10652 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-02 07:03:33 +00:00
2ba9df2f41
Fixed #10082 -- Modified BaseFormSet so that ordering checks work when the formset is empty. Thanks to Petr Marhoun for the report and test case, and bmathieu for the fix.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10643 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-28 14:17:18 +00:00
6312de0279
Fixed #10288 -- Corrected _has_changed handling of DateTimeInput, DateInput, TimeInput, and SplitDateTimeWidget when a custom date/time format is in use. Thanks to Koen Biermans for the report and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10641 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-28 13:19:30 +00:00
002e3fd9e4
Fixed #9124 : fixed `SelectDateWidget` with `required=False`. Thanks, Bernd Schlapsi.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10584 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-18 17:35:53 +00:00
419ed44436
Fixed #10363 -- Modified ModelForm handling to ensure that excluded fields can't be saved onto the model. Thanks to jgoldberg for the report, an Alex Gaynor for the fix.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10575 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-16 14:26:08 +00:00
6590061a00
Fixed #9948 -- Corrected URLField validation to match RFC1035 (URL analog of #9890 ). Thanks to kratorius for the report and fix.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10574 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-16 14:25:18 +00:00
48b459a83e
Fixed #9890 -- Modified the regex validation for email addresses to match RFC822/1035. Thanks to ozgur for the report, and kratorius for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10573 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-16 14:24:27 +00:00
95f5e4a8da
Fixed #10774 : accessing form media types in templates (i.e. ``{{ form.media.js }}``) now works. Thanks, tarequeh and Alex Gaynor.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10489 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-10 17:07:25 +00:00
f6309cbf80
Fixed #8515 -- Fixed validation of Polish REGON numbers.
...
Patch from Piotr Lewandowski.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10460 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-10 01:03:44 +00:00
d0c897d660
Made a set of small test changes to avoid leaving temp files hanging around after running the test suite. First, fixed a couple of places where temp dirs were (or could be) created without later being deleted. Second, added a missing close() before unlink() since Windows raises an error on an attempt to remove an open file. Finally, in the file_uploads tests, avoided opening-by-name temporary files that we already have a descriptor for. Doing additional opens seems to run afoul of the Windows issue with deleting open files, so it generally works better to just seek back to 0 instead of calling open multiple times.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10406 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-05 20:59:20 +00:00
fea6c73538
Fixed #10149 . FileFields in a form now validate max_length. Based on a patch by Massimo Scamarcia.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10227 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-30 22:52:16 +00:00
08056572e8
Fixed #9587 . Formset.is_valid() now returns True if an invalid form is marked for deletion. Thanks for the test and intial patch, kratorius.
...
Note that this leaves the form and formset errors alone. Those forms still have errors, it's just that it doesn't matter that they're invalid in the context of the formset and deletion.
Also fixed #9665 while I was in there. Thanks, mark_hildreth.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10206 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-30 19:36:19 +00:00
14b160957e
Fixed #8962 -- Consistently support format and input_format in the various (individual, combined, split) date and time form fields and widgets.
...
Many thanks to Tai Lee for doing all the work here.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10115 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-22 16:13:06 +00:00
ec710220dd
Fixed some test output in the wake of r9940.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9944 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-02 04:17:00 +00:00
b2a4377651
Fixed #9066 -- Added Czech localflavor. Thanks to Elvard for the contribution.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9876 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-22 07:51:57 +00:00
79138a6106
Fixed #10041 : use a tempdir for files in the forms test. Thanks, Marty Alchin.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9765 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-16 21:31:58 +00:00
bfab9d62ee
Added a way to iterate over hidden/visible fields in a form. Useful for manual
...
form layout.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9569 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-05 04:22:00 +00:00
ad4e1a7a72
Add tests mistakenly left out of r9397.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9388 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-10 20:01:51 +00:00
d82aaef844
Fixed #7064 : Made DemicmalField validation support max_digits equal to decimal_places.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9387 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-10 19:52:53 +00:00
8cdc53a265
Fixed #6035 -- Gave the SplitDateTimeField the proper default widget. Thanks dtulig.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9385 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-10 19:42:55 +00:00
bcd63cbfb0
Fixed #6160 , #9111 -- Consistently apply conditional_escape to form errors and labels when outputing them as HTML.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9365 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-06 19:49:24 +00:00
7cec38b076
Fixed #9259 -- Fixed a validation error for Spanish identity card numbers.
...
Patch from Marc Garcia.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9129 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-05 05:59:04 +00:00
9931c9e132
Fixed #9125 -- When displaying errors for a form with only hidden fields, make sure the resulting XHTML is correct.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9067 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-18 07:16:08 +00:00
a27ff1c8ae
Fixed #8865 -- Improved the robustness of some file path tests.
...
Based on a patch from pythonhead@gentoo.org .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9065 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-17 09:32:36 +00:00
7c7ad041b3
Fixed #7975 -- Callable defaults in inline model formsets now work correctly. Based on patch from msaelices. Thanks for your hard work msaelices.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8816 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-01 21:28:32 +00:00
4ae746b574
Added a `TypedChoiceField` which acts just like `ChoiceField`, except that it
...
returns a value coerced by some provided function. Refs #6967 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8771 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-31 20:10:50 +00:00
24bacb19de
Fixed #5216 -- Fixed a case of a string not being a unicode string.
...
Thanks to Vadim Fint for the test case.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8761 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-31 11:39:06 +00:00
b99cc935eb
Fixed #7753 : clean `NullBooleanField` correctly when using `HiddenInput`. Thanks to julien and ElliottM.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-28 15:06:18 +00:00
1abfb1df19
Fixed #8276 : corrected another couple of names in localflavor.pl.forms. Patch by Piotr Lewandowski.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8643 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-27 23:05:25 +00:00
1fc8f84f58
Fixed #8566 -- Allow safe-strings in the "attrs" parameter to form widgets.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8601 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-26 21:32:17 +00:00
744d882110
Fixed #8425 : removed the independant nations of Palau, Marshall Islands, and Micronesia from localflavor's list of US states.
...
...
Man, commit messages like that are incredibly fun to write.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8550 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 19:11:41 +00:00
cbd574881c
Updated `TimeInput` changes from [8491] to allow time widgets to be used with unicode values. Fixes #7499 .
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8549 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 19:09:44 +00:00
6d6fb392b4
Fixed #7195 -- Fixed the validation of MultipleChoice fields so that they can
...
be populated from request.REQUEST. Based on a patch from Daniel Roseman.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8525 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 00:32:32 +00:00
8a3ef1f8bc
Fixed #7499 -- Trim microseconds off rendering of form.TimeFields by default so
...
that they validate. Previous code didn't work with microseconds anyway, so this
is backwards compatible. Thanks to kevin for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8491 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 17:33:09 +00:00
5608dfabc3
Fixed #8434 -- I forgot to update the tests when committing [8443]. Thanks,
...
jarrow.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8449 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-20 15:56:07 +00:00
cbcc415934
Fixed #8229 : Added handling for a special case in the validation of Spanish ID numbers. Thanks to Marc Garcia for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8405 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-16 07:00:30 +00:00
727133109c
Fixed #8290 -- Fixed DecimalField's cleaning of values with a large number of decimal places, based on patch from dgouldin.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8391 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15 20:09:47 +00:00
4adf048a51
Fixed #8276 -- Changed the names of a few Polish localflavor classes to match
...
their common names/acronyms, similar to other localflavors.
Backwards incompatible if you're using these classes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8345 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 04:29:02 +00:00
ef48a3e69c
Fixed #7830 -- Removed all of the remaining, deprecated, non-oldforms features:
...
* Support for representing files as strings was removed. Use `django.core.files.base.ContentFile` instead.
* Support for representing uploaded files as dictionaries was removed. Use `django.core.files.uploadedfile.SimpleUploadedFile` instead.
* The `filename`, `file_name`, `file_size`, and `chuck` properties of `UploadedFile` were removed. Use the `name`, `name`, `size`, and `chunks` properties instead, respectively.
* The `get_FIELD_filename`, `get_FIELD_url`, `get_FIELD_size`, and `save_FIELD_file` methods for Models with `FileField` fields were removed. Instead, use the `path`, `url`, and `size` attributes and `save` method on the field itself, respectively.
* The `get_FIELD_width` and `get_FIELD_height` methods for Models with `ImageField` fields were removed. Use the `width` and `height` attributes on the field itself instead.
* The dispatcher `connect`, `disconnect`, `send`, and `sendExact` functions were removed. Use the signal object's own `connect`, `disconnect`, `send`, and `send` methods instead, respectively.
* The `form_for_model` and `form_for_instance` functions were removed. Use a `ModelForm` subclass instead.
* Support for importing `django.newforms` was removed. Use `django.forms` instead.
* Support for importing `django.utils.images` was removed. Use `django.core.files.images` instead.
* Support for the `follow` argument in the `create_object` and `update_object` generic views was removed. Use the `django.forms` package and the new `form_class` argument instead.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8291 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-10 21:10:47 +00:00
cbbd54d5cd
Fixed #7920 -- Made tests compatible with Python 2.6's Decimal repr change, patch from Karen Tracey.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8190 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-02 04:48:14 +00:00
82a85fdbae
Fixed #6427 -- Added some more features to the Austrian localflavor.
...
Thanks, Horst Gutmann.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8113 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-27 18:54:56 +00:00
108b604b51
Fixed #7345 -- When normalising the URLField form field, attach a trailing
...
slash when only a host (no path) is given. Thanks, jpwatts.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8089 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-26 05:18:39 +00:00
a26ba33111
Fixed #7686 -- Added an Austrian localflavor. Thanks, bernd.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8087 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-26 04:25:42 +00:00
9d8f41baac
Made the semi-private _max_form_count live on the public API of formsets by renaming it to max_num. This also removes the ManagementForm use of MAX_COUNT since that usage should just be referenced to the formset's max_num property. Refs #7899 . Thanks Peter of the Norse for straightening me out.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8058 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-23 04:28:52 +00:00
80ac41e2f7
Corrected typo.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8013 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-21 03:50:40 +00:00
Jacob Kaplan-Moss
Luke Plant
Russell Keith-Magee
Malcolm Tredinnick
Karen Tracey
Joseph Kocherhans
Brian Rosner
Gary Wilson Jr