1
0
mirror of https://github.com/django/django.git synced 2025-07-10 20:59:12 +00:00

481 Commits

Author SHA1 Message Date
Mariusz Felisiak
beb3f3d559 [4.1.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator.
Thanks Seokchan Yoon for reports.
2023-07-03 08:27:05 +02:00
Mariusz Felisiak
0e5948b8df [4.1.x] Fixed MultipleFileFieldTest.test_file_multiple_validation() test if Pillow isn't installed.
Follow up to fb4c55d9ec4bb812a7fb91fa20510d91645e411b.
Backport of fcfbf08abe3e6dc54894df6988024f055abc6c40 from main
2023-05-04 08:09:50 +02:00
Mariusz Felisiak
e7c3a2ccc3 [4.1.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of validation when uploading multiple files using one form field.
Thanks Moataz Al-Sharida and nawaik for reports.

Co-authored-by: Shai Berger <shai@platonix.com>
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2023-05-03 13:54:21 +02:00
David Smith
a637d0bd22 [4.1.x] Refs #33476 -- Applied Black's 2023 stable style.
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.

https://github.com/psf/black/releases/tag/23.1.0

Backport of 097e3a70c1481ee7b042b2edd91b2be86fb7b5b6 from main.
2023-02-01 11:44:13 +01:00
Carlton Gibson
8aab03ab55 [4.1.x] Fixed #33876, Refs #32229 -- Made management forms render with div.html template.
Thanks to Claude Paroz for the report.

Backport of 89e695a69b16b8c0e720169b3ca4852cfd0c485f from main
2022-08-02 10:31:04 +02:00
Mariusz Felisiak
d3f5782a33 [4.1.x] Fixed warnings per flake8 5.0.0.
Backport of c18861804feb6a97afbeabb51be748dd60a04458 from main
2022-07-31 10:28:17 +02:00
David Smith
d126eba363 Refs #32339 -- Deprecated default.html form template.
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2022-05-17 11:16:54 +02:00
Kapil Bansal
3a82b5f655 Fixed #32559 -- Added 'step_size’ to numeric form fields.
Co-authored-by: Jacob Rief <jacob.rief@uibk.ac.at>
2022-05-12 14:16:52 +02:00
Marc Seguí Coll
262fde94de Fixed #33622 -- Allowed customizing error messages for invalid number of forms.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-05-10 13:42:31 +02:00
David Smith
ec5659382a Fixed #32339 -- Added div.html form template. 2022-05-05 14:32:43 +02:00
Carlton Gibson
476d4d5087 Refs #32339 -- Allowed renderer to specify default form and formset templates.
Co-authored-by: David Smith <smithdc@gmail.com>
2022-04-27 10:21:04 +02:00
L
37602e4948 Fixed #33656 -- Fixed MultiWidget crash when compressed value is a tuple. 2022-04-26 07:06:26 +02:00
David
c8459708a7 Refs #32339 -- Added use_fieldset to Widget. 2022-03-30 16:28:14 +02:00
Mariusz Felisiak
abfdb4d7f3
Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+."
This reverts commit 1d9d082acf6e152c06833bb9698f88d688b95e40.
2022-03-26 12:27:30 +01:00
Mariusz Felisiak
1d9d082acf
Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+.
See https://github.com/pallets/jinja/pull/1621.
2022-03-25 08:48:32 +01:00
Carlton Gibson
bb61f0186d Refs #32365 -- Removed internal uses of utils.timezone.utc alias.
Remaining test case ensures that uses of the alias are mapped
canonically by the migration writer.
2022-03-24 06:29:50 +01:00
Claude Paroz
4c76ffc2d6 Fixed #29490 -- Added support for object-based Media CSS and JS paths. 2022-02-10 08:48:27 +01:00
Mariusz Felisiak
7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Carlton Gibson
4b8e9492d9 Refs #32559 -- Added selenium test for FloatField client-side validation.
step="any" is required for non-integer values. See:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/number#step

Covers behaviour added in 7ec2a21be15af5b2c7513482c3bcfdd1e12782ed.
2022-02-03 13:50:37 +01:00
Mariusz Felisiak
c5cd878382
Refs #33476 -- Refactored problematic code before reformatting by Black.
In these cases Black produces unexpected results, e.g.

def make_random_password(
    self,
    length=10,
    allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):

or

cursor.execute("""
SELECT ...
""",
    [table name],
)
2022-02-03 11:20:46 +01:00
Claude Paroz
7c4f396509 Stopped including type="text/css" attributes for CSS link tags. 2022-01-22 16:38:14 +01:00
David
4c60c3edff Fixed #33419 -- Restored marking forms.Field.help_text as HTML safe.
Regression in 456466d932830b096d39806e291fe23ec5ed38d5.

Thanks Matt Westcott for the report.
2022-01-07 15:35:31 +01:00
Jacob Walls
03a6488116
Refs #31026 -- Changed @jinja2_tests imports to be relative. 2022-01-03 06:11:30 +01:00
David
cb82ded4b2 Refs #32339 -- Added rendering tests for forms with CheckboxSelectMultiple and SelectMultiple widgets. 2021-12-23 07:38:05 +01:00
Baptiste Mispelon
e95e6425ac Refs #24121 -- Added __repr__() to BaseFormSet. 2021-12-21 12:06:05 +01:00
mendespedro
e8b4feddc3 Fixed #33367 -- Fixed URLValidator crash in some edge cases. 2021-12-20 07:30:22 +01:00
mendespedro
4fd3044ca0 Fixed #33368 -- Fixed parse_duration() crash on invalid separators for decimal fractions. 2021-12-20 06:46:34 +01:00
Mariusz Felisiak
882647a82c
Used subTest() in forms.URLField() tests. 2021-12-16 06:35:44 +01:00
Adam Johnson
0d2435328a Added test for field names of ManagementForm. 2021-12-10 10:01:33 +01:00
David Smith
eba9a9b7f7 Refs #32338 -- Added Boundfield.legend_tag(). 2021-12-09 07:16:33 +01:00
Mariusz Felisiak
628b6a6869 Updated translations from Transifex.
This also fixes related i18n tests.

Forwardport of 4c5215ab036aa8fda9cd0148fd034f4d8f7d69d1 from stable/4.0.x

Co-authored-by: Claude Paroz <claude@2xlibre.net>
2021-12-06 20:31:03 +01:00
David Smith
c6c6cd3c5a Fixed #33235 -- Removed "for = ..." from MultiWidget's <label>.
This improves accessibility for screen reader users.
2021-11-05 11:05:52 +01:00
Carlton Gibson
2ccc0b22db Fixed #33211 -- Updated tests for Selenium 4.0.0.
Replaced deprecated `find_element[s]_by_*()` usages, in favour of
`find_element[s]()` with an explicit `By`.
2021-10-21 14:37:16 +02:00
David Smith
4884a87e02 Fixed #33134 -- Fixed recursion depth error when rendering Form with BoundFields.
Regression in 456466d932830b096d39806e291fe23ec5ed38d5.
2021-09-29 08:04:42 +02:00
Jaap Roes
7fe9b6f6df Fixed #33130 -- Restored form errors to be a dict.
Regression in 456466d932830b096d39806e291fe23ec5ed38d5.
2021-09-24 10:50:41 +02:00
Mariusz Felisiak
881a479911
Refs #31026 -- Fixed forms_tests if Jinja2 is not installed. 2021-09-21 10:16:44 +02:00
David Smith
456466d932 Fixed #31026 -- Switched form rendering to template engine.
Thanks Carlton Gibson, Keryn Knight, Mariusz Felisiak, and Nick Pope
for reviews.

Co-authored-by: Johannes Hoppe <info@johanneshoppe.com>
2021-09-20 15:50:18 +02:00
David Smith
4ca508a689 Refs #31026 -- Added extra form render tests. 2021-09-17 09:21:10 +02:00
David Smith
91e8b95d5b Refs #31026 -- Moved Template tests to separate class. 2021-09-17 09:20:02 +02:00
Claude Paroz
676bd084f2 Fixed #32873 -- Deprecated settings.USE_L10N.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-09-14 12:05:43 +02:00
David Smith
5942ab5eb1 Refs #32338 -- Made RadioSelect/CheckboxSelectMultiple render in <div> tags.
This improves accessibility for screen reader users.
2021-08-27 06:14:01 +02:00
David Smith
3a6431db54 Refs #29205 -- Added MultiValueField test for rendering of optional subfields. 2021-08-10 12:49:06 +02:00
Jacob Walls
2d0ae8da80 Fixed #29205 -- Corrected rendering of required attributes for MultiValueField subfields. 2021-08-04 17:37:04 +02:00
Jacob Rief
db1fc5cd3c Fixed #32855 -- Corrected BoundWidget.id_for_label() with custom auto_id. 2021-08-04 15:18:00 +02:00
Ties Jan Hefting
4f3acf9579 Fixed #32984 -- Allowed customizing a deletion field widget in formsets. 2021-08-03 13:12:50 +02:00
Ties Jan Hefting
47cb85b542 Fixed typos in tests/forms_tests/tests/test_formsets.py. 2021-08-03 12:53:45 +02:00
David Smith
fbb1984046
Refs #32956 -- Updated words ending in -wards.
AP styleguide: Virtually none of the words ending with -wards end with
an s.
2021-07-30 20:34:50 +02:00
yakimka
c542d0a072 Fixed #32949 -- Restored invalid number handling in DecimalField.validate().
DecimalField must itself validate() values, such as NaN, which cannot be
passed to validators, such as MaxValueValidator, during the
run_validators() phase.

Regression in cc3d24d7d577f174937a0744d886c4c7123cfa85.
2021-07-21 10:20:24 +02:00
Chris Jerdonek
0dc25526d8 Fixed #32924 -- Changed BaseForm.get_initial_for_field() to remove microseconds when needed. 2021-07-16 15:51:20 +02:00