test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
10,302 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

10302 Commits

Author SHA1 Message Date
Carl Meyer 956b755d7e [1.3.x] Bump version to no longer claim to be 1.3.7 final. 2013-03-28 15:12:13 -06:00
James Bennett 304a5e0628 [1.3.x] Bump version numbers to roll a clean package. 2013-02-20 13:52:28 -06:00
Carl Meyer a57743c9ff [1.4.x] Note that ALLOWED_HOSTS default changes in Django 1.5. 2013-02-20 12:28:39 -07:00
Carl Meyer a6927d8219 [1.3.x] Fixed #19857 -- Fixed broken docs link in project template. 
Backport of 4cdfb24c98 from 1.4.x.
 2013-02-19 18:38:58 -07:00
Carl Meyer 2378c31430 [1.3.x] Don't characterize XML vulnerabilities as DoS-only. 2013-02-19 18:23:25 -07:00
James Bennett 747d3f0d03 [1.3.x] Bump version numbers for security release. 2013-02-19 14:18:32 -06:00
Carl Meyer f6f6f87a98 [1.3.x] Update 1.3.6 release notes for all security fixes. 2013-02-19 11:52:19 -07:00
Aymeric Augustin d7094bbce8 [1.3.x] Added a default limit to the maximum number of forms in a formset. 
This is a security fix. Disclosure and advisory coming shortly.
 2013-02-12 12:13:42 +01:00
Carl Meyer d3a45e10c8 [1.3.x] Checked object permissions on admin history view. 
This is a security fix. Disclosure and advisory coming shortly.

Patch by Russell Keith-Magee.
 2013-02-12 12:13:42 +01:00
Carl Meyer d19a27066b [1.3.x] Restrict the XML deserializer to prevent network and entity-expansion DoS attacks. 
This is a security fix. Disclosure and advisory coming shortly.
 2013-02-12 12:13:42 +01:00
Carl Meyer 27cd872e6e [1.3.x] Added ALLOWED_HOSTS setting for HTTP host header validation. 
This is a security fix; disclosure and advisory coming shortly.
 2013-02-12 11:41:43 +01:00
Florian Apolloner 6e70f67470 [1.3.X] Fixed a test failure in the comment tests. 
Backport of 1eb0da1c5b from master.
 2012-12-10 23:37:47 +01:00
James Bennett 59a3e26425 [1.3.x] Bump version numbers for security release. 2012-12-10 15:38:03 -06:00
Florian Apolloner 2da4ace0bc [1.3.X] Fixed a security issue in get_host. 
Full disclosure and new release forthcoming.
 2012-12-03 13:11:34 +01:00
Florian Apolloner 1515eb46da [1.3.X] Fixed #18856 -- Ensured that redirects can't be poisoned by malicious users. 2012-11-17 23:03:15 +01:00
Preston Holmes 6383d2358c Added missed poisoned host header test material 2012-10-18 11:21:54 -07:00
James Bennett 25d23d9846 [1.3.x] Bump version numbers for security release. 2012-10-17 17:25:52 -05:00
Preston Holmes b45c377f8f Fixed a security issue related to password resets 
Full disclosure and new release are forthcoming

backport from master
 2012-10-17 14:43:08 -07:00
James Bennett c718b4a036 [1.3.x] Bump version numbers for bugfix release. 2012-08-01 15:06:44 -05:00
Florian Apolloner d0d5dc6cd7 [1.3.x] Fixed #18692 -- Restored python 2.4 compatibility. 
Thanks to chipx86 for the report.
 2012-08-01 11:01:52 +02:00
James Bennett e2ac91735f [1.3.x] Use correct download URL. 2012-07-30 16:00:55 -05:00
James Bennett 0b0c51a095 [1.3.x] Bump version numbers for security releases. 2012-07-30 15:54:15 -05:00
Florian Apolloner 4dea4883e6 [1.3.x] Fixed a security issue in http redirects. Disclosure and new release forthcoming. 
Backport of 4129201c3e from master.
 2012-07-30 22:03:46 +02:00
Florian Apolloner b2eb4787a0 [1.3.x] Fixed second security issue in image uploading. Disclosure and release forthcoming. 
Backport of b1d4634686 from master.
 2012-07-30 21:58:22 +02:00
Florian Apolloner 9ca0ff6268 [1.3.x] Fixed a security issue in image uploading. Disclosure and release forthcoming. 
Backport of dd16b17099 from master.
 2012-07-30 21:55:23 +02:00
Anssi Kääriäinen 7ca10b1dac Reverted "[1.3.x] Fixed #18135 -- Close connection used for db version checking" 
This reverts commit a15d3b58d8. Django
1.3.x is in security fixes only state, and this wasn't a security
issue.
 2012-05-28 20:41:39 +03:00
Michael Newman a15d3b58d8 [1.3.x] Fixed #18135 -- Close connection used for db version checking 
On MySQL when checking the server version, a new connection could be
created but never closed. This could result in open connections on
server startup.

Backport of 4423757c0c.
 2012-05-27 22:09:49 +03:00
Julien Phalip e293d82c36 [1.3.X] Fixed #17972 -- Ensured that admin filters on a foreign key respect the to_field attribute. This fixes a regression introduced in [14674] and Django 1.3. Thanks to graveyboat and Karen Tracey for the report. 
Backport of r17854 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17857 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-31 18:42:38 +00:00
Aymeric Augustin 0bbe7379ee [1.3.X] Fixed #17634 -- Optimized the performance of MultiValueDict by using append instead of copy and by minimizing the number of dict lookups. Backport of r17464 from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17807 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-25 06:53:47 +00:00
Aymeric Augustin 15fb61c62c [1.3.X] Avoided a test failure if the settings module used to run the test suite is called "test_settings". 
The globbing feature and this test were removed in 1.4.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17806 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-24 13:56:48 +00:00
Aymeric Augustin 8e73302070 [1.3.x] Fixed #16481 -- Adapted one raw SQL query in cull implementation of the database-based cache backend so it works with Oracle. Backport of r16635 from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17805 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-24 12:26:46 +00:00
Aymeric Augustin fd2efb35fb [1.3.X] Fixed #16677 -- Fixed the future version of the ssi template tag to work with template file names that contain spaces. Backport of r16687 from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17804 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-24 07:43:24 +00:00
Aymeric Augustin 651c0414a8 [1.3.X] Fixed #16812 -- Percent-encode URLs in verify_exists, to fix test failures on Python 2.5 and 2.6. Backport of r16838 from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17803 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-24 07:36:23 +00:00
Ramiro Morales 92929d5ef4 [1.3.X] Fixed #17488 -- This test passed in 2011 only because 2012-01-01 is a Sunday. Thanks Florian Apolloner for the report and patch. 
Fixes #17912. Thanks Julien for the report.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17759 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-17 12:58:16 +00:00
Claude Paroz 1dd8848beb [1.3.X] Fixed #17841 -- Clarified caching note about authentication backends. Thanks auzigog for the proposal and lukegb for the patch. 
Backport of r17752 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17753 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-16 19:32:13 +00:00
Julien Phalip 2f6b8482f6 [1.3.X] Fixed #17908 -- Made some `contrib.markup` tests be skipped so they don't fail on old versions of Markdown. Thanks to Preston Holmes for the patch. 
Backport of r17749 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17750 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-16 00:38:18 +00:00
Julien Phalip 838adb2312 [1.3.X] Ensured that some staticfiles tests get properly cleaned up on teardown. Thanks to Claude Paroz for the patch. 
Backport of r17747 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17748 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-16 00:32:42 +00:00
Claude Paroz 2acf028b4b [1.3.X] Fixed #17900 -- StreamHandler output defaults to stderr. Thanks c4m3lo for the report. 
Backport of r17741 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17742 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-15 07:58:19 +00:00
Paul McMillan 1f924cf72d [1.3.X] Fixed #17837. Improved markdown safety. 
Markdown enable_attributes is now False when safe_mode is enabled. Documented
the markdown "safe" argument. Added warnings when the safe argument is
passed to versions of markdown which cannot be made safe.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17734 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-14 18:51:20 +00:00
Claude Paroz d498033818 [1.3.X] Updated some outdated external URLs in docs. 
Backport of r17710 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17711 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-14 07:48:03 +00:00
Claude Paroz ddfa89b959 Fixed #17584 -- Updated create_template_postgis-debian.sh script for PostgreSQL 9.1 installs. Thanks akaihola for the initial patch. 
Backport of r17706 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17707 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-13 22:25:10 +00:00
Jannis Leidel 6951879023 [1.3.X] Fixed the localization docs a little to point to the correct Transifex URL. Also reworded it a bit to follow the site's new UI. 
Backport from trunk (r17690).

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-12 22:13:34 +00:00
Jannis Leidel 523d6167d6 [1.3.X] Fixed #17737 -- Stopped the collectstatic management command from copying the wrong file in repeated runs. Thanks, pigletto. 
Backport from trunk (r17612).

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17613 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-01 23:03:46 +00:00
Carl Meyer dad3e55234 [1.3.X] Fixed broken link to python-markdown in contrib.markup docs. 
Backport of r17608 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-01 19:34:23 +00:00
Timo Graham 41cd3b2ab1 [1.3.X] Fixed #17743 - Typo in topics/i18n/index.txt 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17587 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-02-25 12:55:41 +00:00
Timo Graham c0258f1da7 [1.3.X] Fixed #17757 - Typo in docs/intro/overview.txt; thanks kaushik1618. 
Backport of r17584 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17585 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-02-24 22:54:00 +00:00
Timo Graham 38715d8af8 [1.3.X] Fixed #17749 - Documented better way of overriding ModelAdmin; thanks chrisdpratt and claudep. 
Backport of r17582 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17583 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-02-24 22:50:58 +00:00
Chris Beaven b45fbc6667 [1.3.X] Don't let ALLOWED_INCLUDE_ROOTS be accidentally set to a string rather than a tuple. 
Backport of r17571 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17572 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-02-22 00:52:19 +00:00
Timo Graham 0af93e108e [1.3.X] Fixed #16758 - Added a warning regarding overriding default settings; thanks cyclops for the suggestion & Aymeric Augustin for the patch. 
Backport of r17566 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17567 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-02-20 19:08:56 +00:00
Timo Graham 4f6c36435c [1.3.X] Fixed #17390 - Added a note to topics/auth.txt regarding how to decorate class-based generic views; thanks zsiciarz for the patch. 
Backport of r17564 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17565 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-02-20 18:58:34 +00:00