Commit Graph

7640 Commits

Author SHA1 Message Date
Tim Graham 7ecd654497 Removed blank lines from docs/releases/security.txt 2015-01-13 14:37:30 -05:00
Tim Graham cbbe6a6abb Added dates to release notes. 2015-01-13 13:08:57 -05:00
Tim Graham baf2542c4f Fixed DoS possibility in ModelMultipleChoiceField.
This is a security fix. Disclosure following shortly.

Thanks Keryn Knight for the report and initial patch.
2015-01-13 13:03:06 -05:00
Tim Graham a3bebfdc34 Ensured views.static.serve() doesn't use large memory on large files.
This issue was fixed in master by refs #24072.
2015-01-13 13:03:06 -05:00
Tim Graham 69b5e66738 Fixed is_safe_url() to handle leading whitespace.
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Carl Meyer 316b8d4974 Stripped headers containing underscores to prevent spoofing in WSGI environ.
This is a security fix. Disclosure following shortly.

Thanks to Jedediah Smith for the report.
2015-01-13 13:03:05 -05:00
Tim Graham 958aeda4b5 Added stub release notes for security releases. 2015-01-13 13:03:05 -05:00
Collin Anderson e7771ec380 Fixed bad model example in admin docs. 2015-01-13 11:53:03 -05:00
Michał Modzelewski 65246de7b1 Fixed #24031 -- Added CASE expressions to the ORM. 2015-01-12 18:15:34 -05:00
Tim Graham 5d7217dce3 Fixed typo in docs/release/1.8.txt & added word for spelling check. 2015-01-12 17:53:32 -05:00
Josh Smeaton 21b858cb67 Fixed #24060 -- Added OrderBy Expressions 2015-01-13 09:39:55 +11:00
Claude Paroz f48e2258a9 Fixed #24133 -- Replaced formatting syntax in success_url placeholders
Thanks Laurent Payot for the report, and Markus Holtermann, Tim Graham
for the reviews.
2015-01-12 22:51:22 +01:00
Aymeric Augustin 79deb6a071 Accounted for multiple template engines in template responses. 2015-01-12 21:01:34 +01:00
Aymeric Augustin a3e783fe11 Deprecated passing a Context to a generic Template.render.
A deprecation path is required because the return type of
django.template.loader.get_template changed during the
multiple template engines refactor.

test_csrf_token_in_404 was incorrect: it tested the case when the
hardcoded template was rendered, and that template doesn't depend on the
CSRF token. This commit makes it test the case when a custom template is
rendered.
2015-01-12 21:01:34 +01:00
Collin Anderson 26a92619f6 Fixed #24124 -- Changed context_processors in the default settings.py 2015-01-12 13:17:44 -05:00
Ng Zhi An 8f5d6c77b6 Fixed #23878 -- Moved Query and Prefetch documentation 2015-01-12 11:35:20 -05:00
Pavel Shpilev a7c256cb54 Fixed #9893 -- Allowed using a field's max_length in the Storage. 2015-01-12 09:09:18 -05:00
Marc Tamlyn b5c1a85b50 Fixed #24118 -- Added --debug-sql option for tests.
Added a --debug-sql option for tests and runtests.py which outputs the
SQL logger for failing tests. When combined with --verbosity=2, it also
outputs the SQL for passing tests.

Thanks to Berker, Tim, Markus, Shai, Josh and Anssi for review and
discussion.
2015-01-12 08:16:08 +00:00
Ola Sitarska d563e3be68 Fixed #23913 -- Deprecated the `=` comparison in `if` template tag. 2015-01-11 15:21:01 -05:00
Tim Graham 28de5cd4de Fixed spelling errors in docs. 2015-01-11 13:24:13 -05:00
Markus Holtermann be158e3625 Refs #24110 -- Added a more descriptive release note and fixed a spelling mistake. 2015-01-11 00:30:47 +01:00
Markus Holtermann fdc2cc9487 Fixed #24110 -- Rewrote migration unapply to preserve intermediate states 2015-01-10 23:14:15 +01:00
Aymeric Augustin d89019a84d Improved template ugrading docs.
Recommending Template(template_code) was dumb. Described alternatives.
2015-01-10 21:11:58 +01:00
Aymeric Augustin f01306a6d8 Updated templates API reference.
Accounted for multiple template engines and made a few small fixes.
2015-01-10 20:17:22 +01:00
Aymeric Augustin 4797af2bb8 Updated custom template tags how-to.
Accounted for multiple template engines and made a few small fixes.
2015-01-10 20:17:22 +01:00
Aymeric Augustin 3d495cfd77 Added release notes and upgrade instructions for templates. 2015-01-10 20:17:20 +01:00
Aymeric Augustin ee8d5b91e9 Wrote main documentation for templates. 2015-01-10 20:16:19 +01:00
Aymeric Augustin 6c392bb2c0 Moved doc on the DTL's syntax to the ref/ section.
This makes room for a more general introduction about templating.

Updated some links to point to the new location, but kept those that
didn't talk specifically about the DTL.
2015-01-10 19:41:14 +01:00
Simon Charette 07988744b3 Fixed #13165 -- Added edit and delete links to admin foreign key widgets.
Thanks to Collin Anderson for the review and suggestions and Tim for the
final review.
2015-01-10 12:24:52 -05:00
Marc Tamlyn 48ad288679 Fixed #24001 -- Added range fields for PostgreSQL.
Added support for PostgreSQL range types to contrib.postgres.

- 5 new model fields
- 4 new form fields
- New validators
- Uses psycopg2's range type implementation in python
2015-01-10 16:18:19 +00:00
Serafeim Papastefanos 74f02557e0 Fixed #23967 -- Added formats for Greek 2015-01-10 11:10:26 -05:00
Claude Paroz d7bc37d611 Fixed #24097 -- Prevented AttributeError in redirect_to_login
Thanks Peter Schmidt for the report and the initial patch.
Thanks to ​Oktay Sancak for writing the original failing test and
Alvin Savoy for supporting contributing back to the community.
2015-01-10 10:05:02 +01:00
Josh Smeaton f5c3a8bff5 Added Josh Smeaton bio to team 2015-01-10 13:48:37 +11:00
Markus Holtermann e174cce9dc Added my bio to the core team. 2015-01-10 00:53:09 +01:00
Tim Graham 7102b99653 Added best practices for versionadded/changed annotations. 2015-01-09 13:23:29 -05:00
Loic Bistuer 8f4877c89d Fixed #22583 -- Allowed RunPython and RunSQL to provide hints to the db router.
Thanks Markus Holtermann and Tim Graham for the review.
2015-01-10 00:30:48 +07:00
Markus Holtermann c8bac4b556 Fixed #24098 -- Added no-op attributes to RunPython and RunSQL
Thanks Loïc Bistuer and Tim Graham for the discussion and review.
2015-01-09 10:31:32 -05:00
Tim Graham 67d6a8c4e6 Fixed #24108 -- Updated Wilson's bio due to new Django Project Web site design. 2015-01-09 10:25:57 -05:00
Thomas Chaumeny 8fb7a0987c Fixed a typo in 1.8 release notes. 2015-01-09 07:38:11 -05:00
Sylvain Fankhauser c1493879d9 Fixed a typo in 1.8 release notes. 2015-01-08 16:02:18 -05:00
Tim Graham 13e4156518 Fixed a typo in 1.8 release notes. 2015-01-08 15:12:40 -05:00
Anssi Kääriäinen 0c7633178f Fixed #24020 -- Refactored SQL compiler to use expressions
Refactored compiler SELECT, GROUP BY and ORDER BY generation.
While there, also refactored select_related() implementation
(get_cached_row() and get_klass_info() are now gone!).

Made get_db_converters() method work on expressions instead of
internal_type. This allows the backend converters to target
specific expressions if need be.

Added query.context, this can be used to set per-query state.

Also changed the signature of database converters. They now accept
context as an argument.
2015-01-08 14:07:54 -05:00
Claude Paroz 543df07720 Fixed #24073 -- Returned None for get_language when translations are deactivated
This fixes a regression caused by f7c287fca9. Thanks Markus Holtermann
for identifying the regression.
2015-01-08 17:43:07 +01:00
Aymeric Augustin eaa1a22341 Added a request argument to render_to_string.
This is for consistency with Template.render.

It adds a little bit of knowledge about HTTP requests in
django.template.loader but I think consistency trumps purity.
2015-01-07 21:54:22 +01:00
Claude Paroz f7c287fca9 Fixed #24073 -- Deactivated translations when leave_locale_alone is False
Thanks Tim Graham and Markus Holtermann for the reviews.
2015-01-07 20:11:24 +01:00
Claude Paroz 2c0f64b5f6 Updated migration docs to match changes from a159b1fac 2015-01-07 20:10:30 +01:00
Josh Smeaton 5a4ac4ead9 Fixed #24078 -- Removed empty strings from GenericIPAddressField 2015-01-07 08:08:36 -05:00
Tim Graham 9b057b51ce Added 'loopback' to spelling word list. 2015-01-06 20:02:03 -05:00
Daniel Pyrathon fb48eb0581 Fixed #12663 -- Formalized the Model._meta API for retrieving fields.
Thanks to Russell Keith-Magee for mentoring this Google Summer of
Code 2014 project and everyone else who helped with the patch!
2015-01-06 19:25:12 -05:00
Danilo Bargen 2e65d56156 Fixed #20003 -- Improved and extended URLValidator
This adds support for authentication data (`user:password`) in URLs,
IPv6 addresses, and unicode domains.

The test suite has been improved by adding test URLs from
http://mathiasbynens.be/demo/url-regex (with a few adjustments,
like allowing local and reserved IPs).

The previous URL validation regex failed this test suite on 13
occasions, the validator was updated based on
https://gist.github.com/dperini/729294.
2015-01-06 14:04:25 -05:00
Tim Graham 6288fccfda Updated release instructions with latest process. 2015-01-06 13:51:19 -05:00
Claude Paroz e0080cf577 Fixed #24083 -- Corrected is_bound nature in forms topic docs
Thanks ajenhl Trac user for the report.
2015-01-06 08:56:53 +01:00
Claude Paroz 27dd7e7271 Fixed #23815 -- Prevented UnicodeDecodeError in CSRF middleware
Thanks codeitloadit for the report, living180 for investigations
and Tim Graham for the review.
2015-01-06 08:42:58 +01:00
Preston Timmons de9ebdd39c Fixed #24022 -- Deprecated the ssi tag. 2015-01-05 19:35:02 -05:00
Tim Graham ce17b045bf Added 1.4.18 release notes. 2015-01-05 14:24:34 -05:00
Tim Graham c87ee41954 Fixed #23861 -- Added an API to deprecate model fields.
Thanks Markus Holterman and Berker Peksag for review.
2015-01-05 11:35:36 -05:00
Claude Paroz 6e1c9c6568 Fixed #8280 -- Allowed management command discovery for eggs
Thanks jdetaeye for the report, bhuztez and jdetaeye for the
initial patches, Tim Graham and Berker Peksag for the reviews.
2015-01-05 17:19:35 +01:00
Tim Graham d94fe42ae5 Forwardported release note for 4aed731154. 2015-01-05 10:55:48 -05:00
Collin Anderson 3d2cae0896 Fixed #24072 -- Added FileResponse for streaming binary files. 2015-01-05 10:51:52 -05:00
Tim Graham 572ad9a92e Added release note for PBKDF2 iteration count increase.
refs 6732566967
2015-01-03 13:43:13 -05:00
Tim Graham 439f15beab Added 1.7.3 release notes stub. 2015-01-03 13:27:08 -05:00
Alfred Perlstein db3f7c15cb Fixed #23749 -- Documented how to use the database alias in RunPython.
Thanks Markus Holtermann for review and feedback.
2015-01-03 12:06:40 -05:00
Bibhas b738178825 Fixed #24070 -- Added tutorial topics to doc index. 2015-01-03 08:48:31 -05:00
Tim Graham 15cd71ed24 Added dates to release notes. 2015-01-02 19:20:18 -05:00
Tim Graham 52f0b2b622 Updated six to 1.9.0. 2015-01-02 12:35:41 -05:00
Andriy Sokolovskiy 23f1a8dad2 Added return value to Signal.disconnect(). 2015-01-02 12:00:41 -05:00
Daniel Pyrathon 8958170755 Fixed #9104 -- Moved FieldDoesNotExist to core.exceptions 2015-01-02 10:46:04 -05:00
Tim Graham f60c35cddc Removed release note for refs #23891 as the backport proved too difficult. 2015-01-01 13:59:38 -05:00
Tim Graham 40a8504357 Fixed #23891 -- Moved deprecation of IPAddressField to system check framework.
Thanks Markus Holtermann for review.
2015-01-01 13:30:52 -05:00
Tim Graham a7aaabfaf1 Removed doc note about PasswordResetForm requiring an integer PK.
This limitation was lifted in refs #14881.
2015-01-01 11:38:53 -05:00
Tim Graham e80f59e3bb Added showmigrations to spelling wordlist. 2015-01-01 09:18:57 -05:00
Tim Graham c4e796aa1b Fixed typo in docs/ref/contrib/admin/index.txt. 2015-01-01 08:18:39 -05:00
Tim Graham b4bdd5262b Fixed #23366 -- Fixed a crash with the migrate --list command. 2014-12-31 17:26:15 -05:00
Thomas Tanner 46068d850d Fixed #22295 -- Replaced permission check for displaying admin user-tools 2014-12-31 16:31:59 -05:00
Andrey Maslov 7a878ca5cb Fixed #24008 -- Fixed ValidationError crash with list of dicts. 2014-12-31 14:43:13 -05:00
Markus Holtermann a1487deebf Fixed #23359 -- Added showmigrations command to list migrations and plan.
Thanks to Collin Anderson, Tim Graham, Gabe Jackson, and Marc Tamlyn
for their input, ideas, and review.
2014-12-31 14:14:28 -05:00
Tim Graham 09bce0b2cb Fixed #22340 -- Removed DatabaseCreation deprecation from timeline. 2014-12-31 09:37:13 -05:00
Piotr Pawlaczek 41fc1c0b5e Fixed #23758 -- Allowed more than 5 levels of subqueries
Refactored bump_prefix() to avoid infinite loop and allow more than
than 5 subquires by extending the alphabet to use multi-letters.
2014-12-31 08:48:28 -05:00
Tim Graham 93d73dac91 Moved DatabaseCreation.data_types properties to DatabaseWrapper.
refs #22340.
2014-12-31 08:29:17 -05:00
Claude Paroz 66f9a74b45 Added ignore_warnings decorator
And removed Ignore*DeprecationWarningsMixin, now obsolete.
Thanks Berker Peksag and Tim Graham for the review.
2014-12-30 18:16:25 +01:00
Tim Graham d7fc6eb8ca Revert "Updated some docs for the delayed deprecation of legacy table creation; refs #22340."
This reverts commit a2e3c96948.

The deprecation was moved back to 1.9 in
61da5f3f02.
2014-12-30 11:50:50 -05:00
Andriy Sokolovskiy 8c99b7920e Fixed #12118 -- Added shared cache support to SQLite in-memory testing. 2014-12-30 10:14:33 -05:00
Tim Graham ab4f709da4 Fixed #23581 -- Prevented extraneous DROP DEFAULT statements.
Thanks john_scott for the report and Markus Holtermann for review.
2014-12-30 07:54:05 -05:00
Tim Graham 2d63889365 Removed release note for refs #23938 as it couldn't be backported to 1.7. 2014-12-29 15:38:16 -05:00
Markus Holtermann 623ccdd598 Fixed #23938 -- Added migration support for m2m to concrete fields and vice versa
Thanks to Michael D. Hoyle for the report and Tim Graham for the review.
2014-12-29 13:41:12 -05:00
Claude Paroz 1d24f073e6 Fixed #21255 -- Closed connections after management command ran
Thanks kabakov.as@gmail.com for the report, and Aymeric Augustin,
Simon Charette for the reviews.
2014-12-29 19:02:45 +01:00
Florian Apolloner 1ee9507eb3 Fixed a vesionadded directive. 2014-12-29 10:22:19 +01:00
Aymeric Augustin 9eb4f28e89 Deprecated TEMPLATE_CONTEXT_PROCESSORS. 2014-12-28 17:02:31 +01:00
Aymeric Augustin d3205e3e2e Deprecated TEMPLATE_DIRS. 2014-12-28 17:02:30 +01:00
Aymeric Augustin cf0fd65ed4 Deprecated TEMPLATE_LOADERS. 2014-12-28 17:02:30 +01:00
Aymeric Augustin d3a982556d Deprecated TEMPLATE_STRING_IF_INVALID. 2014-12-28 17:02:30 +01:00
Aymeric Augustin 3dc01aaaaf Deprecated ALLOWED_INCLUDE_ROOTS. 2014-12-28 17:02:30 +01:00
Aymeric Augustin cf1f36bb6e Deprecated current_app in TemplateResponse and render(_to_response). 2014-12-28 17:02:29 +01:00
Aymeric Augustin fdbfc98003 Deprecated some arguments of django.shortcuts.render(_to_response).
dictionary and context_instance and superseded by context.

Refactored tests that relied context_instance with more modern idioms.
2014-12-28 17:02:29 +01:00
Aymeric Augustin 92e8f1f302 Moved context_processors from django.core to django.template. 2014-12-28 17:00:07 +01:00
Aymeric Augustin 90805b240f Supported multiple template engines in render_to_string.
Adjusted its API through a deprecation path according to the DEP.
2014-12-28 16:23:02 +01:00
Aymeric Augustin f50a09f2cd Removed private API get_template_from_string.
It wasn't documented and it wasn't used anywhere.
2014-12-28 16:23:01 +01:00
Aymeric Augustin 5523e4cdbb Removed private API find_template.
It wasn't documented and it wasn't used anywhere, except in a few tests
that don't test it specifically and can be rewritten with get_template.
2014-12-28 16:23:01 +01:00
Aymeric Augustin 1acfd624d6 Added initial support for loading template engines. 2014-12-28 16:08:31 +01:00
Aymeric Augustin 7eefdbf7ab Cleaned up the django.template namespace.
Since this package is going to hold both the implementation of the Django
Template Language and the infrastructure for Multiple Template Engines,
it should be untied from the DTL as much as possible within our
backwards-compatibility policy.

Only public APIs (i.e. APIs mentioned in the documentation) were left.
2014-12-28 14:47:31 +01:00