Commit Graph

253 Commits

Author SHA1 Message Date
Jacob Kaplan-Moss 9f8287a3f1 SECURITY ALERT: Corrected regular expressions for URL and email fields.
Certain email addresses/URLs could trigger a catastrophic backtracking situation, causing 100% CPU and server overload. If deliberately triggered, this could be the basis of a denial-of-service attack.

This security vulnerability was disclosed in public, so we're skipping our
normal security release process to get the fix out as soon as possible.

This is a security related update. A full announcement, as well as backports for the 1.1.X and 1.0.X series will follow.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11603 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-09 20:57:59 +00:00
Luke Plant 7c53c2618d Fixed #10968 - Form.errors should use Form.error_class.
Thanks for report and initial patch, matehat.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11498 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-11 10:47:40 +00:00
Russell Keith-Magee 5663258de1 Fixed #10792 -- Ensured that ModelChoiceFields don't provide an empty option when the underlying field has blank=False and there is a default value available. Thanks to carljm for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10729 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-10 07:44:27 +00:00
Jacob Kaplan-Moss 7caf21aa2e Make sure that all uses of max_length in the test suite use values smaller than 255. If we use max_length > 255 the test suite can't be run on MySQL 4.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10697 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-07 18:06:22 +00:00
Russell Keith-Magee f6cca736a0 Fixed #9609 -- Modified the clean method of(Null)Boolean field to accept '1' and '0' as valid inputs. Thanks to psagers for the patch.
This is required to support the use of non-default form widgets such as RadioSelect when the data comes from MySQL, which uses 1/0 to represent booleans.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-02 14:52:34 +00:00
Russell Keith-Magee fbf5eaac94 Fixed #10349 -- Modified ManyToManyFields to allow initial form values to be callables. Thanks to fas for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10652 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-02 07:03:33 +00:00
Russell Keith-Magee 2ba9df2f41 Fixed #10082 -- Modified BaseFormSet so that ordering checks work when the formset is empty. Thanks to Petr Marhoun for the report and test case, and bmathieu for the fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10643 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-28 14:17:18 +00:00
Russell Keith-Magee 6312de0279 Fixed #10288 -- Corrected _has_changed handling of DateTimeInput, DateInput, TimeInput, and SplitDateTimeWidget when a custom date/time format is in use. Thanks to Koen Biermans for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10641 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-28 13:19:30 +00:00
Jacob Kaplan-Moss 002e3fd9e4 Fixed #9124: fixed `SelectDateWidget` with `required=False`. Thanks, Bernd Schlapsi.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10584 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-18 17:35:53 +00:00
Russell Keith-Magee 419ed44436 Fixed #10363 -- Modified ModelForm handling to ensure that excluded fields can't be saved onto the model. Thanks to jgoldberg for the report, an Alex Gaynor for the fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10575 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-16 14:26:08 +00:00
Russell Keith-Magee 6590061a00 Fixed #9948 -- Corrected URLField validation to match RFC1035 (URL analog of #9890). Thanks to kratorius for the report and fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10574 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-16 14:25:18 +00:00
Russell Keith-Magee 48b459a83e Fixed #9890 -- Modified the regex validation for email addresses to match RFC822/1035. Thanks to ozgur for the report, and kratorius for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10573 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-16 14:24:27 +00:00
Jacob Kaplan-Moss 95f5e4a8da Fixed #10774: accessing form media types in templates (i.e. ``{{ form.media.js }}``) now works. Thanks, tarequeh and Alex Gaynor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10489 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-10 17:07:25 +00:00
Malcolm Tredinnick f6309cbf80 Fixed #8515 -- Fixed validation of Polish REGON numbers.
Patch from Piotr Lewandowski.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10460 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-10 01:03:44 +00:00
Karen Tracey d0c897d660 Made a set of small test changes to avoid leaving temp files hanging around after running the test suite. First, fixed a couple of places where temp dirs were (or could be) created without later being deleted. Second, added a missing close() before unlink() since Windows raises an error on an attempt to remove an open file. Finally, in the file_uploads tests, avoided opening-by-name temporary files that we already have a descriptor for. Doing additional opens seems to run afoul of the Windows issue with deleting open files, so it generally works better to just seek back to 0 instead of calling open multiple times.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10406 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-05 20:59:20 +00:00
Joseph Kocherhans fea6c73538 Fixed #10149. FileFields in a form now validate max_length. Based on a patch by Massimo Scamarcia.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10227 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-30 22:52:16 +00:00
Joseph Kocherhans 08056572e8 Fixed #9587. Formset.is_valid() now returns True if an invalid form is marked for deletion. Thanks for the test and intial patch, kratorius.
Note that this leaves the form and formset errors alone. Those forms still have errors, it's just that it doesn't matter that they're invalid in the context of the formset and deletion.
Also fixed #9665 while I was in there. Thanks, mark_hildreth.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10206 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-30 19:36:19 +00:00
Karen Tracey 14b160957e Fixed #8962 -- Consistently support format and input_format in the various (individual, combined, split) date and time form fields and widgets.
Many thanks to Tai Lee for doing all the work here.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@10115 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-22 16:13:06 +00:00
Malcolm Tredinnick ec710220dd Fixed some test output in the wake of r9940.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9944 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-02 04:17:00 +00:00
Russell Keith-Magee b2a4377651 Fixed #9066 -- Added Czech localflavor. Thanks to Elvard for the contribution.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9876 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-22 07:51:57 +00:00
Jacob Kaplan-Moss 79138a6106 Fixed #10041: use a tempdir for files in the forms test. Thanks, Marty Alchin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9765 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-16 21:31:58 +00:00
Malcolm Tredinnick bfab9d62ee Added a way to iterate over hidden/visible fields in a form. Useful for manual
form layout.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9569 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-05 04:22:00 +00:00
Karen Tracey ad4e1a7a72 Add tests mistakenly left out of r9397.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9388 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-10 20:01:51 +00:00
Karen Tracey d82aaef844 Fixed #7064: Made DemicmalField validation support max_digits equal to decimal_places.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9387 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-10 19:52:53 +00:00
Karen Tracey 8cdc53a265 Fixed #6035 -- Gave the SplitDateTimeField the proper default widget. Thanks dtulig.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9385 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-10 19:42:55 +00:00
Karen Tracey bcd63cbfb0 Fixed #6160, #9111 -- Consistently apply conditional_escape to form errors and labels when outputing them as HTML.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9365 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-06 19:49:24 +00:00
Malcolm Tredinnick 7cec38b076 Fixed #9259 -- Fixed a validation error for Spanish identity card numbers.
Patch from Marc Garcia.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9129 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-05 05:59:04 +00:00
Malcolm Tredinnick 9931c9e132 Fixed #9125 -- When displaying errors for a form with only hidden fields, make sure the resulting XHTML is correct.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9067 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-18 07:16:08 +00:00
Malcolm Tredinnick a27ff1c8ae Fixed #8865 -- Improved the robustness of some file path tests.
Based on a patch from pythonhead@gentoo.org.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9065 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-17 09:32:36 +00:00
Brian Rosner 7c7ad041b3 Fixed #7975 -- Callable defaults in inline model formsets now work correctly. Based on patch from msaelices. Thanks for your hard work msaelices.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8816 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-01 21:28:32 +00:00
Jacob Kaplan-Moss 4ae746b574 Added a `TypedChoiceField` which acts just like `ChoiceField`, except that it
returns a value coerced by some provided function. Refs #6967.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8771 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-31 20:10:50 +00:00
Malcolm Tredinnick 24bacb19de Fixed #5216 -- Fixed a case of a string not being a unicode string.
Thanks to Vadim Fint for the test case.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8761 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-31 11:39:06 +00:00
Jacob Kaplan-Moss b99cc935eb Fixed #7753: clean `NullBooleanField` correctly when using `HiddenInput`. Thanks to julien and ElliottM.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-28 15:06:18 +00:00
Jacob Kaplan-Moss 1abfb1df19 Fixed #8276: corrected another couple of names in localflavor.pl.forms. Patch by Piotr Lewandowski.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8643 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-27 23:05:25 +00:00
Malcolm Tredinnick 1fc8f84f58 Fixed #8566 -- Allow safe-strings in the "attrs" parameter to form widgets.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8601 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-26 21:32:17 +00:00
Jacob Kaplan-Moss 744d882110 Fixed #8425: removed the independant nations of Palau, Marshall Islands, and Micronesia from localflavor's list of US states.
...

Man, commit messages like that are incredibly fun to write.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8550 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 19:11:41 +00:00
Jacob Kaplan-Moss cbd574881c Updated `TimeInput` changes from [8491] to allow time widgets to be used with unicode values. Fixes #7499.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8549 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 19:09:44 +00:00
Malcolm Tredinnick 6d6fb392b4 Fixed #7195 -- Fixed the validation of MultipleChoice fields so that they can
be populated from request.REQUEST. Based on a patch from Daniel Roseman.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8525 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 00:32:32 +00:00
Malcolm Tredinnick 8a3ef1f8bc Fixed #7499 -- Trim microseconds off rendering of form.TimeFields by default so
that they validate. Previous code didn't work with microseconds anyway, so this
is backwards compatible. Thanks to kevin for the patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8491 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 17:33:09 +00:00
Malcolm Tredinnick 5608dfabc3 Fixed #8434 -- I forgot to update the tests when committing [8443]. Thanks,
jarrow.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8449 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-20 15:56:07 +00:00
Russell Keith-Magee cbcc415934 Fixed #8229: Added handling for a special case in the validation of Spanish ID numbers. Thanks to Marc Garcia for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8405 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-16 07:00:30 +00:00
Gary Wilson Jr 727133109c Fixed #8290 -- Fixed DecimalField's cleaning of values with a large number of decimal places, based on patch from dgouldin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8391 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15 20:09:47 +00:00
Malcolm Tredinnick 4adf048a51 Fixed #8276 -- Changed the names of a few Polish localflavor classes to match
their common names/acronyms, similar to other localflavors.

Backwards incompatible if you're using these classes.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8345 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 04:29:02 +00:00
Gary Wilson Jr ef48a3e69c Fixed #7830 -- Removed all of the remaining, deprecated, non-oldforms features:
* Support for representing files as strings was removed. Use `django.core.files.base.ContentFile` instead.
 * Support for representing uploaded files as dictionaries was removed. Use `django.core.files.uploadedfile.SimpleUploadedFile` instead.
 * The `filename`, `file_name`, `file_size`, and `chuck` properties of `UploadedFile` were removed. Use the `name`, `name`, `size`, and `chunks` properties instead, respectively.
 * The `get_FIELD_filename`, `get_FIELD_url`, `get_FIELD_size`, and `save_FIELD_file` methods for Models with `FileField` fields were removed. Instead, use the `path`, `url`, and `size` attributes and `save` method on the field itself, respectively.
 * The `get_FIELD_width` and `get_FIELD_height` methods for Models with `ImageField` fields were removed. Use the `width` and `height` attributes on the field itself instead.
 * The dispatcher `connect`, `disconnect`, `send`, and `sendExact` functions were removed. Use the signal object's own `connect`, `disconnect`, `send`, and `send` methods instead, respectively.
 * The `form_for_model` and `form_for_instance` functions were removed. Use a `ModelForm` subclass instead.
 * Support for importing `django.newforms` was removed. Use `django.forms` instead.
 * Support for importing `django.utils.images` was removed. Use `django.core.files.images` instead.
 * Support for the `follow` argument in the `create_object` and `update_object` generic views was removed. Use the `django.forms` package and the new `form_class` argument instead.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8291 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-10 21:10:47 +00:00
Gary Wilson Jr cbbd54d5cd Fixed #7920 -- Made tests compatible with Python 2.6's Decimal repr change, patch from Karen Tracey.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8190 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-02 04:48:14 +00:00
Malcolm Tredinnick 82a85fdbae Fixed #6427 -- Added some more features to the Austrian localflavor.
Thanks, Horst Gutmann.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8113 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-27 18:54:56 +00:00
Malcolm Tredinnick 108b604b51 Fixed #7345 -- When normalising the URLField form field, attach a trailing
slash when only a host (no path) is given. Thanks, jpwatts.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8089 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-26 05:18:39 +00:00
Malcolm Tredinnick a26ba33111 Fixed #7686 -- Added an Austrian localflavor. Thanks, bernd.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8087 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-26 04:25:42 +00:00
Brian Rosner 9d8f41baac Made the semi-private _max_form_count live on the public API of formsets by renaming it to max_num. This also removes the ManagementForm use of MAX_COUNT since that usage should just be referenced to the formset's max_num property. Refs #7899. Thanks Peter of the Norse for straightening me out.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8058 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-23 04:28:52 +00:00
Gary Wilson Jr 80ac41e2f7 Corrected typo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8013 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-21 03:50:40 +00:00