test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
27,089 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

3320 Commits

Author SHA1 Message Date
Mariusz Felisiak 868cd56f05 Added CVE-2019-12781 to the security release archive. 2019-07-01 10:14:36 +02:00
Mariusz Felisiak fc41401f33 Added release date for 2.2.3. 2019-07-01 07:48:45 +02:00
Carlton Gibson 54d0f5e62f Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
 2019-07-01 07:48:04 +02:00
Mariusz Felisiak 30b3ee9d0b Added stub release notes for security releases. 2019-07-01 06:57:27 +02:00
Claude Paroz d54baf6970 Updated translations from Transifex 
Forward port of b3f7262e6e from stable/2.2.x
 2019-06-29 16:17:16 +02:00
nsasaki128 a289e79679 Fixed #30594 -- Added 'private' Cache-Control directive to never_cache() decorator. 2019-06-26 09:25:24 +02:00
Tom Forbes 8454f6dea4 Fixed #30588 -- Fixed crash of autoreloader when __main__ module doesn't have __file__ attribute. 2019-06-26 06:44:10 +02:00
Nadège Michel 87b1ad6e73 Fixed #30421 -- Allowed symmetrical intermediate table for self-referential ManyToManyField. 2019-06-21 15:03:17 +02:00
Jon Dufresne 2ef6f209f7 Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes. 2019-06-21 07:07:23 +02:00
Andrew Godwin a415ce70be Fixed #30451 -- Added ASGI handler and coroutine-safety. 
This adds an ASGI handler, asgi.py file for the default project layout,
a few async utilities and adds async-safety to many parts of Django.
 2019-06-20 12:29:43 +02:00
Sanyam Khurana 87f5d07eed Fixed #12952 -- Adjusted admin log change messages to use form labels instead of field names. 2019-06-14 18:20:29 +02:00
can fde9b7d35e Fixed #30128 -- Fixed handling timedelta timezone in database functions. 2019-06-13 09:29:43 +02:00
Jon Dufresne 9e38ed0536 Fixed #27486 -- Fixed Python 3.7 DeprecationWarning in intword and filesizeformat filters. 
intword and filesizeformat passed floats to ngettext() which is
deprecated in Python 3.7. The rationale for this warning is documented
in BPO-28692: https://bugs.python.org/issue28692.

For filesizeformat, the filesize value is expected to be an int -- it
fills %d string formatting placeholders. It was likely coerced to a
float to ensure floating point division on Python 2. Python 3 always
does floating point division, so coerce to an int instead of a float to
fix the warning.

For intword, the number may contain a decimal component. In English, a
decimal component makes the noun plural. A helper function,
round_away_from_one(), was added to convert the float to an integer that
is appropriate for ngettext().
 2019-06-11 20:34:59 +02:00
Hasan Ramezani dcb8f00d06 Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields. 
Thank you to Nick Pope for review.

Co-authored-by: CHI Cheng <cloudream@gmail.com>
 2019-06-07 12:44:39 +02:00
Tobias Bengfort 581a0f4545 Refs #30226 -- Added User.get_user_permissions() method. 
Added to mirror the existing User.get_group_permissions().
 2019-06-05 13:56:37 +02:00
Tobias Bengfort 75337a6050 Fixed #30226 -- Added BaseBackend for authentication. 2019-06-05 13:39:46 +02:00
Étienne Beaulé 4b6dfe1622 Fixed #30542 -- Fixed crash of numerical aggregations with filter. 
Filters in annotations crashed when used with numerical-type
aggregations (i.e. Avg, StdDev, and Variance). This was caused as the
source expressions no not necessarily have an output_field (such as the
filter field), which lead to an AttributeError: 'WhereNode' object has
no attribute output_field.

Thanks to Chuan-Zheng Lee for the report.

Regression in c690afb873 and two following
commits.
 2019-06-05 08:06:26 +02:00
Mariusz Felisiak 1f81e2df69 Added stub release notes for 2.2.3. 2019-06-05 06:57:44 +02:00
Nick Pope 21b1d23912 Added CVE-2019-12308 to the security release archive. 2019-06-03 21:44:55 +02:00
Nick Pope 8fb0ea5583 Added CVE-2019-11358 to the security release archive. 2019-06-03 21:44:55 +02:00
Mariusz Felisiak 100ec901ae Fixed typos in 1.11.21, 2.1.9, 2.2.2 release notes. 2019-06-03 14:08:51 +02:00
Carlton Gibson 34ec52269a Applied jQuery patch for CVE-2019-11358. 2019-06-03 11:36:12 +02:00
Carlton Gibson deeba6d920 Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before rendering clickable link. 2019-06-03 11:36:12 +02:00
Carlton Gibson 98c0fe19ee Added stub release notes for security releases. 2019-06-03 10:48:52 +02:00
Hasan Ramezani e2de49ec2e Fixed #28520 -- Added --start-at/--start-after options to runtests.py. 2019-05-31 07:01:12 +02:00
Tom Forbes 480492fe70 Fixed #30523 -- Fixed updating file modification times on seen files in auto-reloader when using StatReloader. 
Previously we updated the file mtimes if the file has not been seen
before - i.e on the first iteration of the loop.

If the mtime has been changed we triggered the notify_file_changed()
method which in all cases except the translations will result in the
process being terminated. To be strictly correct we need to update the
mtime for either branch of the conditional.

Regression in 6754bffa2b.
 2019-05-29 09:41:24 +02:00
Tom Forbes 0344565179 Fixed #30516 -- Fixed crash of autoreloader when re-raising exceptions with custom signature. 
Regression in c8720e7696.
 2019-05-29 08:08:50 +02:00
Caio Ariede a3f91891d2 Fixed #30315 -- Fixed crash of ArrayAgg and StringAgg with ordering when used in Subquery. 2019-05-28 10:05:50 +02:00
Tom Forbes b2790f74d4 Fixed #30479 -- Fixed detecting changes in manage.py by autoreloader when using StatReloader. 
Regression in c8720e7696.
 2019-05-28 08:31:33 +02:00
Mariusz Felisiak b6c4766f53
Refs #29548 -- Updated docs for MariaDB support. 2019-05-27 19:59:49 +02:00
Johan Lübcke 0670b1b403 Fixed #30485 -- Adjusted django.utils.http.urlencode for doseq=False case. 2019-05-24 17:15:34 +02:00
Rob 58df8aa40f Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs. 
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
 2019-05-24 08:40:25 +02:00
Hasan Ramezani 9d6f981a66 Fixed #28763 -- Allowed overriding the session cookie age with SessionStore.get_session_cookie_age(). 2019-05-21 08:50:09 +02:00
Mariusz Felisiak df28ebd6c8 Fixed typo in docs/releases/3.0.txt. 2019-05-21 08:21:35 +02:00
Thomasina Lee c38e7a79f4 Fixed #30488 -- Removed redundant Coalesce call in SQL generated by SearchVector. 
Regression in 405c836336.
 2019-05-20 08:34:06 +02:00
ruchit2801 04042b2b44 Fixed #30463 -- Fixed crash of deprecation message when Meta.ordering contains expressions. 
Regression in 1b1f64ee5a.
 2019-05-18 19:29:00 +02:00
Johannes Hoppe 8d010f3986 Fixed #30220 -- Added support for headless mode in selenium tests. 2019-05-17 08:14:54 +02:00
Claude Paroz e286987a27 Fixed #30459 -- Delegated hide/show JS toggle to parent div. 
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
 2019-05-17 07:46:45 +02:00
Troon a3a4f5c144 Fixed #30310 -- Added support for looking up HttpHeaders.headers using underscores. 2019-05-09 16:26:52 +02:00
Jon Dufresne 48235ba807 Refs #30399 -- Made assertHTMLEqual normalize character and entity references. 2019-05-09 15:55:32 +02:00
Mariusz Felisiak 30dd43884e
Added stub release notes for 2.2.2. 2019-05-08 14:41:16 +02:00
Hasan Ramezani f038214d91 Fixed #29056 -- Fixed HTML5 validation of required SelectDateWidget. 
placeholder is required for "select" with "required" attribute.
 2019-05-08 12:46:30 +02:00
Jon Dufresne b915b9f10f Refs #27753 -- Deprecated django.utils.text.unescape_entities(). 
The function was undocumented and only required for compatibility with
Python 2.

Code should use Python's html.unescape() that was added in Python 3.4.
 2019-05-08 08:00:59 +02:00
Tobias Kunze 3166880301 Fixed #29352 -- Allowed specifying a Feed language. 2019-05-06 15:10:54 +02:00
Daniel Hahler 29601bca9b Ignored pywatchman.SocketTimeout in Watchman autoreloader. 
Bumped minimum supported pywatchman version to 1.2.0.

These exceptions don't require checking a server status.
 2019-05-03 13:56:49 +02:00
Mykola Kokalko ef082ebb84 Fixed #29529 -- Allowed models.fields.FilePathField to accept a callable path. 2019-05-02 11:11:56 +02:00
Mariusz Felisiak 2106b983c4
Added release date for 2.2.1. 2019-05-01 07:05:47 +02:00
François Freitag 568eed9e79 Fixed #30245 -- Added -k option to DiscoverRunner. 2019-04-30 16:20:51 +02:00
can 719b746620 Fixed #30412 -- Fixed crash when adding check constraints with OR'ed condition on Oracle and SQLite. 2019-04-30 12:32:27 +02:00
Jon Dufresne 6866c91b63 Fixed #30418 -- Added --skip-checks management command option. 2019-04-30 10:48:30 +02:00