Commit Graph

1630 Commits

Author SHA1 Message Date
Tim Graham 011a54315e Made is_safe_url() reject URLs that start with control characters.
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Tim Graham 1c83fc88d6 Fixed an infinite loop possibility in strip_tags().
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Tim Graham 9ddfe9b301 Added stub release notes for security releases. 2015-03-18 19:20:07 -04:00
Karl Hobley 81e1a35c36 Fixed #24495 -- Allowed unsaved model instance assignment check to be bypassed. 2015-03-18 19:00:09 -04:00
Claude Paroz a0c2eb46dd Fixed #23960 -- Removed http.fix_location_header
Thanks Carl Meyer for the report and Tim Graham for the review.
2015-03-18 18:22:50 +01:00
Tim Graham c5c8751147 Refs #24487 -- Added upgrade tips about removal of SortedDict.
Thanks Pascal Chambon for the initial patch.
2015-03-17 13:41:11 -04:00
Andriy Sokolovskiy 81c2d9f60b Fixed #15579 -- Added ability to delete only child models in multi-table inheritance. 2015-03-17 08:33:16 -04:00
Daniel Wiesmann f269c1d6f6 Added write support for GDALRaster
- Instantiation of GDALRaster instances from dict or json data.
- Retrieve and write pixel values in GDALBand objects.
- Support for the GDALFlushCache in gdal C prototypes
- Added private flush method to GDALRaster to make sure all
  data is written to files when file-based rasters are changed.
- Replaced ``ptr`` with ``_ptr`` for internal ptr variable

Refs #23804. Thanks Claude Paroz and Tim Graham for the reviews.
2015-03-16 19:37:43 +01:00
John Giannelos 8758a63ddb Fixed #24427 -- Stopped writing migration files in dry run mode when merging.
Also added display of migration to stdout when verbosity=3.
2015-03-16 14:04:37 -04:00
Preston Timmons 388e79e9fc Fixed #24493 -- Added BaseContext.setdefault() 2015-03-16 13:13:02 -04:00
Thomas Tanner 28986da4ca Fixed #5986 -- Added ability to customize order of Form fields 2015-03-16 09:12:57 -04:00
Steven Das 4f494ed0c6 Added comma to improve readability in 1.7 release notes. 2015-03-16 08:15:17 -04:00
Tomáš Ehrlich 8414fcf16b Fixes #23643 -- Added chained exception details to debug view. 2015-03-14 16:08:23 -04:00
Matthew Wilkes ae87ad005f Refs #24354 -- Prevented repointing of relations on superclasses when migrating a subclass's name change
Forwardport of test and release note from stable/1.7.x
2015-03-14 15:37:40 -04:00
Berker Peksag 34fb909180 Fixed #12982 -- Added a get_or_set() method to the BaseCache backend. 2015-03-14 20:07:16 +02:00
Claude Paroz aa5ab114e3 Fixed #24122 -- Redirected to translated url after setting language
Thanks gbdlin for the initial patch and Tim Graham for the review.
2015-03-13 16:46:40 +01:00
Jon Dufresne d861f95c44 Fixed #24139 -- Changed HttpResponse.reason_phrase to evaluate based on status_code. 2015-03-12 20:18:06 -04:00
Tim Graham e4a578e70e Fixed #24226 -- Changed admin EMPTY_CHANGELIST_VALUE from (None) to - 2015-03-12 09:40:56 -04:00
Tim Graham 0cb6a85f5e Added yesterday's security issue to archive. 2015-03-10 11:01:18 -04:00
Tim Graham ea9157f681 Added stub release notes for 1.7.7. 2015-03-09 13:09:39 -04:00
Baptiste Mispelon 82c9169077 Refs #24461 -- Added test/release notes for XSS issue in ModelAdmin.readonly_fields
This issue was fixed by refs #24464.
2015-03-09 10:12:21 -04:00
Tim Graham 300fdbbebb Clarified an item in 1.7.6 release notes. 2015-03-09 10:06:18 -04:00
Erik Romijn fa350e2f30 Fixed #24464 -- Made built-in HTML template filter functions escape their input by default.
This may cause some backwards compatibility issues, but may also
resolve security issues in third party projects that fail to heed warnings
in our documentation.

Thanks Markus Holtermann for help with tests and docs.
2015-03-09 09:29:58 -04:00
Tim Graham 9eab328444 Forwardported 1.7.6 release note. 2015-03-07 08:12:44 -05:00
Jean-Louis Fuchs f4f0060fea Fixed #24447 -- Made migrations add FK constraints for existing columns
When altering from e.g. an IntegerField to a ForeignKey, Django didn't
add a constraint.
2015-03-07 14:09:56 +01:00
Tim Graham c36b60836b Fixed #24451 -- Deprecated comma-separated {% cycle %} syntax. 2015-03-07 07:42:39 -05:00
Grzegorz Slusarek 668d53cd12 Fixed #21495 -- Added settings.CSRF_HEADER_NAME 2015-03-05 15:03:40 -05:00
Tim Graham d61ebc8fed Fixed #19538 -- Removed window.__admin_media_prefix__ from admin templates. 2015-03-05 06:44:16 -05:00
Preston Timmons 70123cf084 Fixed #24399 -- Made filesystem loaders use more specific exceptions. 2015-03-03 21:20:46 +01:00
Tim Graham 71820721a1 Added stub release notes for 1.7.6. 2015-02-25 09:11:19 -05:00
Tim Graham aca73737da Added release date for 1.7.5 release. 2015-02-25 08:47:11 -05:00
Tim Graham d298b1ba50 Reverted "Fixed #24325 -- Documented change in ModelForm.save() foreign key access."
This reverts commit 0af3822dc3.
It's obsoleted by refs #24395.
2015-02-24 11:50:21 -05:00
Kenneth Kam e83aba0e2c Fixed #23762 -- clarified CACHE_MIDDLEWARE_ANONYMOUS_ONLY deprecation in docs 2015-02-23 09:23:07 -05:00
Emin Mastizada dda2a3cf4c Added formats for the Azerbaijani locale. 2015-02-23 07:37:13 -05:00
Michael Manfre 7fa7dd48c4 Fixed signature of BaseDatabaseOperations.date_interval_sql() and document the change. 2015-02-22 23:23:16 -05:00
Sean Wang eba6dff581 Fixed #24358 -- Corrected code-block directives for console sessions. 2015-02-22 09:35:39 -05:00
Loic Bistuer bed504d70b Fixed #24351, #24346 -- Changed the signature of allow_migrate().
The new signature enables better support for routing RunPython and
RunSQL operations, especially w.r.t. reusable and third-party apps.

This commit also takes advantage of the deprecation cycle for the old
signature to remove the backward incompatibility introduced in #22583;
RunPython and RunSQL won't call allow_migrate() when when the router
has the old signature.

Thanks Aymeric Augustin and Tim Graham for helping shape up the patch.

Refs 22583.
2015-02-20 21:34:09 +07:00
Tim Graham dd0b487872 Fixed typo in path to is_safe_url() 2015-02-20 09:21:39 -05:00
Tim Graham 3adc5f1ee6 Fixed #24335 -- Bumped required psycopg2 version to 2.4.5 (2.5 for contrib.postgres). 2015-02-16 18:07:27 -05:00
Aymeric Augustin 15b711b5ee Deprecated TEMPLATE_DEBUG setting. 2015-02-15 20:47:04 +01:00
Aymeric Augustin 76356d963c Fixed #24318 -- Set the transaction isolation level with psycopg >= 2.4.2. 2015-02-14 18:51:11 +01:00
Tim Graham 0af3822dc3 Fixed #24325 -- Documented change in ModelForm.save() foreign key access. 2015-02-14 08:08:05 -05:00
Claude Paroz 1791a7e75a Fixed #15779 -- Allowed 'add' primary key in admin edition
Thanks Marwan Alsabbagh for the report, and Simon Charette and
Tim Graham for the reviews.
2015-02-14 11:19:55 +01:00
Markus Holtermann f287bec583 Fixed #24184 -- Prevented automatic soft-apply of migrations
Previously Django only checked for the table name in CreateModel
operations in initial migrations and faked the migration automatically.
This led to various errors and unexpected behavior. The newly introduced
--fake-initial flag to the migrate command must be passed to get the
same behavior again. With this change Django will bail out in with a
"duplicate relation / table" error instead.

Thanks Carl Meyer and Tim Graham for the documentation update, report
and review.
2015-02-13 14:29:59 +01:00
Loic Bistuer 00a889167f Fixed #24295 -- Allowed ModelForm meta to specify form field classes.
Thanks Carl Meyer and Markus Holtermann for the reviews.
2015-02-13 19:13:05 +07:00
Tim Graham e8cf4f8abe Fixed #24332 -- Fixed contrib.sites create_default_site() when 'default' DATABASES is empty. 2015-02-13 07:01:28 -05:00
Tim Graham a93c5fb2bf Forwardported item in 1.7.5 release notes. 2015-02-12 14:05:52 -05:00
Josh Smeaton 1fbe8a2de3 Fixed #24200 -- Made introspection bypass statement cache 2015-02-10 23:24:34 +02:00
Markus Holtermann 2832a9b028 Revert "Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth"
This reverts commit 737d24923a.
2015-02-07 20:14:49 +01:00
Loic Bistuer 71ada3a8e6 Fixed #6707 -- Added RelatedManager.set() and made descriptors' __set__ use it.
Thanks Anssi Kääriäinen, Carl Meyer, Collin Anderson, and Tim Graham for the reviews.
2015-02-05 12:45:08 +07:00
Preston Timmons 5bc5ddd8b5 Fixed #24235 -- Removed is_usable attribute from template loaders. 2015-02-04 07:47:28 -05:00
darkryder 9ec8aa5e5d Fixed #24149 -- Normalized tuple settings to lists. 2015-02-03 14:59:45 -05:00
Preston Timmons cd4282816d Fixed #18651 -- Enabled optional assignments for simple_tag(). 2015-02-03 10:44:33 -05:00
Anssi Kääriäinen 8adc59038c Fixed #23617 -- Added get_pk_value_on_save()
The method is mainly intended for use with UUIDField. For UUIDField we
want to call the field's default even when primary key value is
explicitly set to None to match the behavior of AutoField.

Thanks to Marc Tamlyn and Tim Graham for review.
2015-02-03 09:23:44 -05:00
Tim Graham 75303b01a9 Fixed #24245 -- Added introspection for database defaults.
Needed for tests for migrations handling of database defaults.
2015-01-31 12:33:11 -05:00
Tim Graham 888054bff7 Fixed #24208 -- Documented changes in private model relations. 2015-01-31 11:01:55 -05:00
Claude Paroz a0b5f15ea5 Fixed #14483 -- Allowed using subqueries with GIS lookups 2015-01-30 20:27:18 +01:00
Loic Bistuer 4c3bfe9053 Fixed #24211 -- Removed ValuesQuerySet() and ValuesListQuerySet().
Thanks Anssi Kääriäinen, Marc Tamlyn, and Tim Graham for the reviews.
2015-01-30 22:02:58 +07:00
Tim Graham 29c0073335 Fixed #24164 -- Fixed Oracle GIS limited aggregation test failure. 2015-01-30 06:28:47 -05:00
Jon Dufresne 24b2bc635e Fixed #24137 -- Switched to HTTP reason phrases from Python stdlib. 2015-01-28 06:59:40 -05:00
Tim Graham ac6033d883 Added stub 1.7.5 release notes. 2015-01-28 06:38:31 -05:00
Loic Bistuer 332139d23d Fixed typo in docs. Thanks Berker. 2015-01-28 01:50:05 +07:00
Markus Holtermann 335df82a3f Corrected naming of method and attribute 2015-01-27 19:45:52 +01:00
Tim Graham 6f8418089c Added 1.4.19 release notes. 2015-01-27 11:48:04 -05:00
Loic Bistuer 728b6fd9ca Fixed #24219 -- Moved SelectDateWidget together with the other widgets
and deprecated django.forms.extras.

Thanks Berker Peksag and Tim Graham for the reviews.
2015-01-27 22:40:02 +07:00
Markus Holtermann da224d6be0 Refs #24104 -- Added missing release notes
Forwardport of 3d4a826174 from stable/1.7.x
2015-01-27 15:35:34 +01:00
seanwestfall 7a90b53d60 Fixed #24053 -- Removed admin CSS & images for IE6 & 7. 2015-01-27 07:48:11 -05:00
Josh Smeaton e77c1bc181 Refs #24154 -- Added deprecation release notes 2015-01-27 15:30:59 +11:00
Florian Apolloner 16ee52d21d Fixed #24205 -- Deprecated Signal.disconnect weak parameter. 2015-01-23 14:37:12 -05:00
Claude Paroz f8e4e4a935 Fixed warning leak in static.serve() test
Partial forward port of b1bf8d64fb from 1.7.x. Refs #24193.
2015-01-23 09:09:48 +01:00
Fabio C. Barrionuevo da Luz bd691f4586 Fixed #24177 -- Added documentation about database view support in inspectdb 2015-01-20 01:07:34 +01:00
Tim Graham 33457cd3b0 Removed IPAddressField per deprecation timeline; refs #20439. 2015-01-19 11:12:57 -05:00
Markus Holtermann 5792e6a88c Fixed #24163 -- Removed unique constraint after index on MySQL
Thanks Łukasz Harasimowicz for the report.
2015-01-19 16:52:26 +01:00
Tim Graham 8e435a5640 Added deprecation docs for legacy lookup support; refs #16187. 2015-01-19 09:42:26 -05:00
Tim Graham 840f2bfae6 Copied additional items from deprecation timeline to 1.9 release notes. 2015-01-18 21:57:38 -05:00
Tim Graham ecf109f215 Added missing items to deprecation timeline/1.7 release notes. 2015-01-18 21:23:06 -05:00
Tim Graham 89e9f81601 Clarified deprecation of forms.forms.get_declared_fields(); refs #19617. 2015-01-18 16:06:56 -05:00
Tim Graham 7e8cf74dc7 Removed support for syncing apps without migrations per deprecation timeline.
Kept support for creating models without migrations when running tests
(especially for Django's test suite).
2015-01-18 15:58:06 -05:00
Tim Graham 7468c948b6 Clarified deprecation of test.utils.TestTemplateLoader. 2015-01-18 14:18:53 -05:00
Tim Graham ba27f89587 Clarified a contrib.sites deprecation and added to 1.7 release notes. 2015-01-18 13:33:19 -05:00
Tim Graham d029fafea1 Removed utils.module_loading.import_by_path() per deprecation timeline; refs #21674. 2015-01-18 12:51:15 -05:00
Tim Graham 20e4e8fc79 Added removal of check management command to deprecation timeline. 2015-01-17 19:14:44 -05:00
Tim Graham 0622bca5d1 Removed the validate management command per deprecation timeline. 2015-01-17 19:12:03 -05:00
Tim Graham 4aa089a9a9 Removed support for custom SQL per deprecation timeline. 2015-01-17 10:16:06 -05:00
Collin Anderson a420f83e7d Fixed #24055 -- Keep reference to view class for resolve() 2015-01-17 22:09:10 +07:00
Tim Graham d038c547b5 Removed django.core.cache.get_cache() per deprecation timeline; refs #21012. 2015-01-17 09:55:18 -05:00
Tim Graham f6463bb380 Removed the syncdb command per deprecation timeline. 2015-01-17 09:20:12 -05:00
Tim Graham f4f24d30e0 Removed pre_syncdb and post_syncdb signals per deprecation timeline. 2015-01-17 09:07:00 -05:00
Tim Graham c820892eed Removed django.utils.datastructures.SortedDict per deprecation timeline. 2015-01-17 08:40:23 -05:00
Tim Graham 41f0d3d3bc Removed FastCGI support per deprecation timeline; refs #20766. 2015-01-17 08:32:31 -05:00
Tim Graham c51258882b Increased the default PBKDF2 iterations. 2015-01-16 19:27:10 -05:00
Tim Graham 3fe3bddc28 Added stub release notes for Django 1.9. 2015-01-16 18:00:45 -05:00
Jannis Leidel a17724b791 Fixed the length of a headline in the 1.8 release notes.
This broke the website design in the sidebar because the line could not be wrapped.
2015-01-16 21:29:28 +01:00
Tim Graham 8e8daf7c9b Removed empty sections in 1.8 minor features. 2015-01-16 14:41:05 -05:00
Claude Paroz b4ac232907 Fixed #24099 -- Removed contenttype.name deprecated field
This finsishes the work started on #16803.
Thanks Simon Charette, Tim Graham and Collin Anderson for the
reviews.
2015-01-16 20:21:34 +01:00
Claude Paroz a79e6b6717 Fixed #24152 -- Deprecated GeoQuerySet aggregate methods
Thanks Josh Smeaton and Tim Graham for the reviews.
2015-01-16 19:53:02 +01:00
Tim Graham 28db4af80a Fixed #24135 -- Made RenameModel rename many-to-many tables.
Thanks Simon and Markus for reviews.
2015-01-15 20:34:33 -05:00
Tim Graham 28308078f3 Fixed #22603 -- Reorganized classes in django.db.backends. 2015-01-14 14:16:20 -05:00
Markus Holtermann 737d24923a Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth
Thanks Florian Apolloner for the report and Claude Paroz and Tim Graham for the review and help on the patch.
2015-01-14 19:59:39 +01:00
Tim Graham ec7ef5afbb Added stub release notes for 1.7.4. 2015-01-14 09:47:29 -05:00