Commit Graph

2488 Commits

Author SHA1 Message Date
Rinat Khabibiev ca9c69a968 Fixed #27199 -- Made AdminIntegerFieldWidget use NumberInput. 2016-09-09 09:42:39 -04:00
Jon Dufresne 331ca5391e Fixed #27175 -- Deprecated silencing exceptions from the {% include %} template tag.
Thanks Tim Graham for the review.
2016-09-08 18:24:22 -07:00
Jon Dufresne 66e1ebbffc Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView.
Allows specifying additional hosts to redirect after login and log out.
2016-09-07 19:56:25 -07:00
Jon Dufresne f227b8d15d Refs #26956 -- Allowed is_safe_url() to validate against multiple hosts 2016-09-07 19:56:25 -07:00
Nicola Jordan 978a00e39f Fixed #27143 -- Allowed combining SearchQuery with more than one & or | operators. 2016-09-07 15:26:52 -04:00
Markus Gerards 2b64ff68cc Fixed #27180 -- Fixed a crash in MySQL checks where SELECT @@sql_mode doesn't return a result. 2016-09-07 11:15:41 -04:00
Tim Graham 6a2af01452 Fixed #24865 -- Added remove_stale_contenttypes management command.
Thanks Simon Charette for the review.
2016-09-06 09:48:58 -04:00
Tim Graham 277fe2e8f2 Fixed #25788 -- Enabled the cached template loader if debug is False. 2016-09-03 09:06:33 -04:00
Daniel Hahler b1d6b0a7b1 Fixed #26098 -- Used cdnjs.cloudflare for OpenLayers.js. 2016-09-03 06:52:25 -04:00
Shai Berger c93ac9cf42 Refs #25850, #27142, #27110 -- Documented migration history consistency checks. 2016-09-01 18:49:10 -04:00
Tim Graham de7f9758ac Added stub release notes for 1.10.2. 2016-09-01 16:27:45 -04:00
Tim Graham 894df3e327 Added release date for 1.10.1. 2016-09-01 16:24:46 -04:00
Tim Graham 098c07a032 Fixed #27142, #27110 -- Made makemigrations consistency checks respect database routers.
Partially reverted refs #27054 except for one of the tests as this
solution supersedes that one.

Thanks Shai Berger for the review.
2016-09-01 16:19:29 -04:00
Sergei Maertens 32c02f2a0e Fixed #5908 -- Added {% resetcycle %} template tag.
Thanks to Simon Litchfield for the report, Uninen for the initial
patch, akaihola, jamesp, b.schube, and Florian Appoloner for
subsequent patches, tests, and documentation.
2016-09-01 15:52:21 -04:00
Ed Morley d8ef5b0e65 Fixed #27152 -- Supported comma delimiter in memcached LOCATION string. 2016-08-31 17:23:41 -04:00
Ed Morley 65ec8fa8ca Fixed #20892 -- Allowed configuring memcached client using OPTIONS.
Previously, the MemcachedCache backend ignored `OPTIONS` and
PyLibMCCache used them to set pylibmc behaviors. Both backends now
pass `OPTIONS` as keyword arguments to the client constructors.
2016-08-31 12:50:14 -04:00
Olexander Yermakov b7fb608142 Fixed #27154 -- Allowed comparing CallableBool with bitwise or.
Thanks Tim for the review.
2016-08-31 08:27:37 -04:00
Kevan Swanberg 35504f74a8 Fixed #26685 -- Added dwithin lookup support on SpatiaLite. 2016-08-30 20:45:47 -04:00
Baptiste Mispelon 61b45dff6b Fixed #27126 -- Made {% regroup %} return a namedtuple to ease unpacking. 2016-08-26 16:59:21 -04:00
Chris Jerdonek 42dcceba61 Fixed #26942 -- Added support for subtests during parallel testing. 2016-08-26 14:24:27 -04:00
Mattias Loverot 2315114090 Fixed #27067 -- Deprecated string_concat() in favor of format_lazy(). 2016-08-25 16:12:40 -04:00
Claude Paroz 13c3e5d5a0 Fixed #25995 -- Added an encoder option to JSONField
Thanks Berker Peksag and Tim Graham for the reviews.
2016-08-25 21:42:42 +02:00
Akshesh 989f6108d3 Added class-based indexes to 1.11 release notes. 2016-08-25 09:51:54 -04:00
Tim Graham 4bc6b93994 Fixed #27039 -- Fixed empty data fallback to model field default in model forms. 2016-08-24 17:50:10 -04:00
Berker Peksag 3c18f8a3d2 Fixed #27111 -- Fixed KeyError if USERNAME_FIELD isn't in UserCreationForm.fields. 2016-08-24 13:20:12 -04:00
Simon Charette d5c4ea5246 Fixed #27100 -- Included already applied migration changes in the pre-migrate state.
Refs #24100.

Thanks Tim for the review.
2016-08-24 01:17:48 -04:00
Simon Charette d1757d8df4 Fixed #27044 -- Included already applied migration changes in the post-migrate state when the execution plan is empty.
Refs #24100.

Thanks tkhyn for the report and Tim for the review.
2016-08-24 01:17:18 -04:00
Tim Graham ad25fe7350 Fixed #27089 -- Added database alias to InconsistentMigrationHistory message. 2016-08-23 17:39:58 -04:00
Collin Anderson 384f89f8f8 Fixed #26998 -- Reverted some admin checks from checking field.many_to_many back to isinstance(field, models.ManyToManyField).
This partially reverts 983c158da7
2016-08-23 16:00:12 -04:00
Chris Jerdonek a3db480393 Fixed #27061 -- Added a TEST['TEMPLATE'] setting for PostgreSQL. 2016-08-23 15:08:20 -04:00
Helen Sherwood-Taylor bc1e2d8e8e Fixed #27018 -- Fixed admindocs crash with a view in a class.
Generated correct admindocs URLs on Python 3. URLs generate 404s on
Python 2, as in older versions of Django.
2016-08-20 10:01:57 -04:00
Przemysław Suliga 1f68bb5683 Refs #26902 -- Protected against insecure redirects in set_language(). 2016-08-19 19:16:00 -04:00
Przemysław Suliga 549b90fab3 Refs #26902 -- Protected against insecure redirects in Login/LogoutView. 2016-08-19 19:01:01 -04:00
Tim Graham 1d1e246db6 Removed DateTimeAwareJSONEncoder alias. 2016-08-19 15:00:16 -04:00
Matthew Wilkes 4f138fe5a4 Fixed #22288 -- Fixed F() expressions with the __range lookup. 2016-08-19 13:40:56 -04:00
Tim Graham 518eaf1fa2 Fixed #26807 -- Documented how to replicate SubfieldBase's assignment behavior. 2016-08-18 20:59:40 -04:00
Jon Dufresne f5c6d3c8d9 Fixed #27068 -- Unified form field initial data retrieval. 2016-08-18 17:55:47 -07:00
Ian Foote 39f35d4b9d Fixed #25871 -- Added expressions support to QuerySet.values(). 2016-08-18 16:05:15 -04:00
Loïc Bistuer d4eefc7e2a Fixed #27073 -- Removed duplicated managers in `Model._meta.managers`. 2016-08-19 01:24:45 +07:00
Jim Nicholls 76ab885118 Fixed #27054 -- Fixed makemigrations crash with a read-only database. 2016-08-18 08:27:40 -04:00
Chris Lamb 97513269d7 Refs #26983 -- Added test for isnull lookup to CharField with primary_key=True. 2016-08-17 21:08:15 -04:00
Andreas Pelme e76981b433 Fixed #26840 -- Added test.utils.setup/teardown_databases(). 2016-08-17 13:55:04 -04:00
Tim Graham 7549eb0004 Fixed #27009 -- Made update_session_auth_hash() rotate the session key. 2016-08-15 19:29:12 -04:00
Tim Graham 937d752d3d Fixed #27058 -- Reallowed the {% for %} tag to unpack any iterable.
Thanks Sergei Maertens for the report and patch.
2016-08-15 15:39:22 -04:00
Daniel Wiesmann 89f17e7caf Fixed #27014 -- Fixed annotations with database functions on PostGIS.
Thanks Sean Mc Allister for providing a test.
2016-08-15 14:23:10 -04:00
Tim Graham c6cd9f4ae2 Fixed typo in docs/releases/1.11.txt 2016-08-13 08:33:58 -04:00
Chris Jerdonek 5890b1613c Fixed #27008 -- Added --debug-mode option to DiscoverRunner. 2016-08-12 20:43:17 -04:00
Michael Schwarz 72d541b61c Fixed #27007 -- Handled non-UTF-8 bytes objects for text/* attachments.
The fallback logic which allows non-UTF-8 encoded files to be passed to
attach_file() even when a `text/*` mime type has been specified is
moved to attach(). Both functions now fall back to a content type of
`application/octet-stream`.

A side effect is that a file's content is decoded in memory instead of
opening it in text mode and reading it into a string.

Some mimetype-related logic in _create_attachment() has become
obsolete as the code moved from attach_file() to attach() already
handles this.
2016-08-12 16:35:09 -04:00
Jon Dufresne fab46ce6f5 Fixed #27037 -- Prevented required attribute on ClearableFileInput when initial data exists. 2016-08-12 13:59:01 -04:00
Akshesh f842d1011c Refs #20888 -- Added index order introspection. 2016-08-12 11:51:09 -04:00
Tim Graham 5eab1f6f83 Fixed typo in docs/releases/1.9.txt 2016-08-12 07:29:29 -04:00
Moritz Sichert 08b8c46971 Refs #23960 -- Documented how to restore absolute redirect URLs. 2016-08-11 16:35:59 -04:00
Tim Graham e2dfa81ff7 Refs #18682 -- Edited explanation in stale content type deletion.
Follow up to 8db889eaf7.
2016-08-10 21:19:09 -04:00
Ed Morley 3c2447dd13 Fixed #26947 -- Added an option to enable the HSTS header preload directive. 2016-08-10 20:23:54 -04:00
Tim Graham 1e32e1cc95 Fixed #26973 -- Fixed views.static.serve() crash with show_indexes enabled. 2016-08-10 11:27:03 -04:00
jordij 0814566bf1 Fixed #26960 -- Added PasswordResetConfirmView option to automatically log in after a reset. 2016-08-10 10:23:16 -04:00
Chris Jerdonek a3a5ef4d0e Fixed #27035 -- Eased changing settings.DEBUG for DiscoverRunner. 2016-08-09 13:40:29 -04:00
Claude Paroz ade681b9ad Unified SpatiaLite spelling 2016-08-09 18:46:28 +02:00
Tim Graham 79a9603ba8 Corrected Django 1.8 EOL in 1.11 release notes. 2016-08-09 10:24:35 -04:00
Claude Paroz a6baada7bd Fixed #26940 -- Removed makemessages from no_settings_commands whitelist
As makemessages uses several settings for proper run (FILE_CHARSET,
LOCALE_PATHS, MEDIA_ROOT, and STATIC_ROOT), we should require settings
configuration for this command.
2016-08-08 19:52:57 +02:00
Simon Charette b8e6e1b43b
Fixed #26500 -- Added SKIP LOCKED support to select_for_update().
Thanks Tim for the review.
2016-08-08 12:01:43 -04:00
Chris Jerdonek e7fb724cd2 Fixed #27032 -- Prevented setup_test_environment() from being called twice. 2016-08-08 10:40:29 -04:00
Sjoerd Job Postmus 3246d2b4bb Fixed #27026 -- Fixed state initialization of bulk_create() objects if can_return_ids_from_bulk_insert. 2016-08-06 10:24:57 -04:00
Ben Demboski fc8f097117 Fixed #27027 -- Restored Client.force_login() defaulting to the first auth backend. 2016-08-06 08:41:41 -04:00
Jarek Glowacki d117567c7d Fixed #27004 -- Made migrations consistency check ignore unapplied squashed migrations. 2016-08-05 18:01:55 -04:00
Yoong Kang Lim d30febb4e5 Fixed #26706 -- Made RelatedManager modification methods clear prefetch_related() cache. 2016-08-05 13:32:27 -04:00
Tim Graham 3c20aa49d7 Fixed #26986 -- Documented force_login() delegation to auth backends. 2016-08-05 10:52:30 -04:00
Jon Dufresne 50e299dbfb Fixed #26928 -- Changed forms' checked attribute to HTML5 boolean style. 2016-08-04 19:16:54 -04:00
Chris Jerdonek ebed9ee8d5 Fixed #26981 -- Added DiscoverRunner.get_test_runner_kwargs(). 2016-08-04 14:45:44 -04:00
Claude Paroz 272eccf7ff Fixed #26983 -- Fixed isnull filtering on ForeignKey with to_field
Thanks weidwonder for the report.
2016-08-04 16:05:21 +02:00
Tim Graham 5c63b3e5a7 Fixed #27005 -- Fixed crash if request.META[''CONTENT_LENGTH']=''. 2016-08-03 13:12:40 -04:00
Alex Hill c5ebfda002 Fixed #27001 -- Fixed a query count regression in ModelChoiceField with RadioSelect. 2016-08-03 10:45:55 -04:00
Sergey Yurchenko 4e64e3bb6e Fixed #26997 -- Fixed checks crash with empty Meta.default_permissions. 2016-08-03 09:14:01 -04:00
Tim Graham f4b1f972dc Fixed #26999 -- Documented model_to_dict() ManyToManyField change in 1.10. 2016-08-03 08:49:47 -04:00
Tim Graham ccd5a23fba Fixed #27000 -- Removed BaseCommand.usage() per deprecation timeline (refs #19973). 2016-08-02 18:50:12 -04:00
Tim Graham 54afa960d1 Fixed #26988 -- Improved/clarified User.is_authenticated/anonymous compatibility.
Thanks marktranchant for the report and review.
2016-08-02 11:01:08 -04:00
Tim Graham d95c669c29 Fixed #26991 -- Fixed a crash in MySQL where SQL_AUTO_IS_NULL doesn't return a result. 2016-08-02 10:52:31 -04:00
Tim Graham 9af0a58756 Added stub release notes for 1.10.1. 2016-08-01 14:57:10 -04:00
Tim Graham 95b47c009b Added release dates for 1.10 and 1.9.9 2016-08-01 13:55:08 -04:00
Sergey Fedoseev 9031a4c13b Fixed #26657 -- Made GeomValue omit SRID for MySQL.
This fixes some test failures on MySQL 5.7+.
2016-07-28 16:51:47 -04:00
Andrew Nester 0ba179194b Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login(). 2016-07-28 11:57:02 -04:00
Tim Graham ec4a6b33a9 Fixed #26946 -- Clarified instructions for customizing collectstatic's ignore_patterns. 2016-07-25 10:05:40 -04:00
Markus Holtermann e69091b34a Refs #25232 -- Documented AllowAll*Backend in "new features" section of 1.10 release notes. 2016-07-25 09:09:54 -04:00
Jon Dufresne 348cfccd90
Fixed #26938 -- Fixed invalid HTML in template postmortem on the debug page. 2016-07-24 18:18:57 +02:00
Jon Dufresne b2e54aec58
Added stub release notes for 1.9.9. 2016-07-24 18:18:57 +02:00
Tim Graham bc53af13cb Added CVE-2016-6186 to the security release archive. 2016-07-18 15:19:35 -04:00
Tim Graham 93c538694e Fixed XSS in admin's add/change related popup.
This is a security fix.
2016-07-18 11:17:01 -04:00
Claude Paroz 255fb99284 Fixed #17209 -- Added password reset/change class-based views
Thanks Tim Graham for the review.
2016-07-16 10:36:12 +02:00
Claude Paroz 3e71f6544f Fixed #26897 -- Fixed makemessages crash on Python 2 with non-ASCII file names
Thanks Tim Graham for the review.
2016-07-14 20:37:56 +02:00
Will Hardy 8ef78b8165 Fixed #26656 -- Added duration (timedelta) support to DjangoJSONEncoder. 2016-07-14 13:34:15 -04:00
Priy a7b5dfd170 Fixed #26821 -- Fixed forms.Email/URLField crash on None value. 2016-07-14 12:59:14 -04:00
Tim Graham 944e66cb1d Reverted "Fixed #25388 -- Added an option to allow disabling of migrations during test database creation"
This reverts commit 157d7f1f1d since it
disables migrations all the time, not just during tests.
2016-07-14 09:21:28 -04:00
Jon Dufresne 2e4cfcd2b9 Fixed #26889 -- Fixed missing PostgreSQL index in SchemaEditor.add_field(). 2016-07-13 14:33:54 -07:00
Tim Graham ee2f0f311a Linked "Features removed" release notes to corresponding deprecation notes. 2016-07-11 15:22:32 -04:00
Julien Hartmann f4afb85d7e Fixed #26749 -- Preserved behavior of use_for_related_field during deprecation. 2016-07-11 13:30:44 -04:00
Simon Charette 8a4f017f45 Fixed #26348 -- Added TruncTime and exposed it through the __time lookup.
Thanks Tim for the review.
2016-07-08 12:35:34 -04:00
Simon Charette 082c52dbed Refs #25774, #26348 -- Allowed Trunc functions to operate with time fields.
Thanks Josh for the amazing testing setup and Tim for the review.
2016-07-08 12:35:34 -04:00
Tim Graham 415ae960bb Fixed capitalization of "URL pattern". 2016-07-06 15:31:12 -04:00
Erik Romijn 8db889eaf7 Fixed #18682 -- Expanded explanation in stale content type deletion. (#6869) 2016-07-03 15:55:14 +02:00
Berker Peksag 12b4280444 Fixed #21548 -- Added FileExtensionValidator and validate_image_file_extension. 2016-06-30 09:08:50 -04:00
Berker Peksag 52a991d976 Fixed #24694 -- Added support for context_processors to Jinja2 backend. 2016-06-28 14:30:54 -04:00
Berker Peksag c1b6f554e4 Fixed #15091 -- Allowed passing custom encoder to JSON serializer. 2016-06-28 11:10:07 -04:00
Claude Paroz 9588718cd4 Fixed #5897 -- Added the Content-Length response header in CommonMiddleware
Thanks Tim Graham for the review.
2016-06-27 10:44:57 +02:00
Bang Dao + Tam Huynh 09119dff14 Fixed #26719 -- Normalized email in AbstractUser.clean(). 2016-06-24 10:37:38 -04:00
Claude Paroz 78963495d0 Refs #17209 -- Added LoginView and LogoutView class-based views
Thanks Tim Graham for the review.
2016-06-24 10:45:13 +02:00
Tim Graham 81cdcb66bc Fixed #26791 -- Replaced LiveServerTestCase port ranges with binding to port 0. 2016-06-23 12:04:05 -04:00
jasisz b5a1c3a6f5 Fixed #25920 -- Added support for non-uniform NUMBER_GROUPING. 2016-06-22 17:28:49 -04:00
Zbigniew Siciarz 46338296aa Fixed typo in 1.11 release notes. 2016-06-22 12:10:42 -04:00
Tim Graham 91c02ca7ba Fixed a heading typo in docs/releases/1.11.txt 2016-06-22 11:16:18 -04:00
Tim Graham 39805686b3 Refs #21379, #26719 -- Moved username normalization to AbstractBaseUser.
Thanks Huynh Thanh Tam for the initial patch and Claude Paroz for review.
2016-06-21 16:19:37 -04:00
Sergey Fedoseev 5ce660cd65 Fixed #25940 -- Added OGRGeometry.from_gml() and GEOSGeometry.from_gml(). 2016-06-21 15:46:27 -04:00
Tim Graham 20d1cb33c2 Fixed #26787 -- Documented deleting and reloading of model instance fields.
Thanks Julien Hartmann for the report.
2016-06-21 14:39:17 -04:00
Tobias McNulty 17e661641d Refs #26666 -- Added ALLOWED_HOSTS validation when running tests.
Also used ALLOWED_HOSTS to check for external hosts in assertRedirects().
2016-06-20 11:07:46 -04:00
Claude Paroz f7a363ee1d Fixed #26753 -- Made GDAL a required dependency for contrib.gis
Thanks Tim Graham for the review.
2016-06-18 10:58:02 +02:00
Jon Dufresne 267dc4addd Fixed #4136 -- Made ModelForm save empty values for nullable CharFields as NULL.
Previously, empty values were saved as strings.
2016-06-13 09:14:36 -04:00
Vytis Banaitis 83120af2c1 Refs #26524 -- Fixed an error in 1.11 release notes. 2016-06-09 20:34:53 -04:00
Berker Peksag ae2a7da86b Fixed #20468 -- Added loaddata --exclude option.
Thanks Alex Morozov for the initial patch.
2016-06-09 10:35:32 -04:00
krishbharadwaj f6681393d3 Fixing #26524 -- Made a foreign key id reference in ModelAdmin.list_display display the id. 2016-06-08 17:20:03 -04:00
Berker Peksag 724dd2043e Fixed #26717 -- Added Serializer.stream_class to customize the stream. 2016-06-08 11:08:18 -04:00
Scott Vitale be729b6120 Fixed #10107 -- Allowed using mark_safe() as a decorator.
Thanks ArcTanSusan for the initial patch.
2016-06-07 12:24:03 -04:00
wim glenn 5ebebd1159 Fixed #26707 -- Added QueryDict.fromkeys() 2016-06-06 08:54:25 -04:00
Tom Christie da22079c21 Linked to upgrade guide from release notes. 2016-06-06 07:28:55 -04:00
Tim Graham 01e567864e Added stub release notes for 1.9.8. 2016-06-04 19:58:14 -04:00
Tim Graham 1f5eb521a0 Added release date for 1.9.7. 2016-06-04 19:24:51 -04:00
Vytis Banaitis 2f9c4e2b6f Fixed #19963 -- Added support for date_hierarchy across relations. 2016-06-04 12:14:02 -04:00
Holly Becker 55fec16aaf Fixed #26628 -- Changed CSRF logger to django.security.csrf. 2016-06-04 10:17:06 -04:00
Anton I. Sipos c3495bb984 Fixed #12666 -- Added EMAIL_USE_LOCALTIME setting.
When EMAIL_USE_LOCALTIME=True, send emails with a Date header
in the local time zone.
2016-06-04 09:55:50 -04:00
Tim Graham e2296e7f0a Fixed #26667 -- Fixed a regression in queries on a OneToOneField that has to_field and primary_key=True.
Thanks Simon Charette for review.
2016-06-04 08:04:51 -04:00
mieciu 19ff506878 Fixed #26698 -- Fixed PostgreSQL dbshell crash on an empty database name. 2016-06-03 12:30:21 -04:00
Will Koster 9899347641 Fixed #26638 -- Allowed callable arguments for QuerySet.get_or_create()/update_or_create() defaults. 2016-06-03 10:00:53 -04:00
jrabbit d65e2899b2 Fixes #26700 -- Added how to upgrade to TEMPLATES link in 1.10 release notes. 2016-06-02 20:27:33 -04:00
Brad Melin f6517a5335 Fixed #26672 -- Fixed HStoreField to raise ValidationError instead of crashing on non-dict JSON input. 2016-06-02 16:28:01 -04:00
Rustam Kashapov df8412d2e5 Fixed #26617 -- Added distinct argument to contrib.postgres's StringAgg. 2016-06-02 13:48:35 -04:00
Tim Graham 149ace94df Updated release notes links to prevent warnings with Sphinx 1.4.2. 2016-06-02 11:41:49 -04:00
Tim Graham 3db04d4422 Fixed #26084 -- Documented that deprecation warnings are no longer loud. 2016-06-01 15:17:25 -04:00
Tim Graham bc84278615 Fixed #26675 -- Dropped support for PostgreSQL 9.2/PostGIS 2.0. 2016-06-01 07:45:22 -04:00
Tim Graham 47f22e8286 Fixed #25645 -- Dropped support for SpatiaLite < 4.0. 2016-05-31 11:31:51 -04:00
Ketan Bhatt f31fbbae1a Fixed #26653 -- Made SyndicationFeed.latest_post_date() return time in UTC. 2016-05-30 18:36:15 -04:00
Simon Charette 4f474607de
Fixed #26646 -- Added IOBase methods required by TextIOWrapper to File.
Thanks Tim for the review.
2016-05-27 21:05:58 -04:00
Tim Graham 0e7e47b5d7 Fixed #26652 -- Documented removal of model instance _(default/base)_manager attributes. 2016-05-27 10:36:16 -04:00
Tim Graham 1915a7e5c5 Increased the default PBKDF2 iterations. 2016-05-20 09:19:19 -04:00
Tim Graham 97c3dfe12e Added stub 1.11 release notes. 2016-05-19 22:28:24 -04:00
Tim Graham 0eac5535f7 Removed unused sections in 1.10 release notes. 2016-05-19 11:49:15 -04:00
Shai Berger 5112e65ef2 Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
Barthelemy Dagenais a5c8072ab1 Fixed #26627 -- Fixed on_commit callbacks execution order when callbacks make transactions. 2016-05-18 09:09:48 -04:00
Josh Smeaton 2a4af0ea43 Fixed #25774 -- Refactor datetime expressions into public API 2016-05-18 20:14:58 +10:00
Tim Graham ece4d24f8e Refs #26601 -- Deprecated old-style middleware. 2016-05-17 07:22:26 -04:00
Florian Apolloner 9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Tim Graham c999c8d8f6 Updated admin's jQuery to 2.2.3. 2016-05-17 07:20:06 -04:00
Loïc Bistuer ed0ff913c6 Fixed #10506, #13793, #14891, #25201 -- Introduced new APIs to specify models' default and base managers.
This deprecates use_for_related_fields.

Old API:

class CustomManager(models.Model):
    use_for_related_fields = True

class Model(models.Model):
    custom_manager = CustomManager()

New API:

class Model(models.Model):
    custom_manager = CustomManager()

    class Meta:
        base_manager_name = 'custom_manager'

Refs #20932, #25897.

Thanks Carl Meyer for the guidance throughout this work.
Thanks Tim Graham for writing the docs.
2016-05-17 12:07:22 +07:00