1
0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Commit Graph

5343 Commits

Author SHA1 Message Date
Jon Ribbens
d3da505999 [5.1.x] Fixed #35681 -- Corrected geoip2 docs when describing GeoIP2Exception.
Backport of 826ef00668 from main.
2024-09-07 00:04:59 -03:00
Natalia
3c733c78d6 [5.1.x] Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails.
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.

Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
2024-09-03 09:24:21 -03:00
Sarah Boyce
022ab0a75c [5.1.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
2024-09-03 09:24:13 -03:00
Adam Johnson
fcb71a76cc [5.1.x] Removed outdated note about lack of subquery support in MySQL.
Backport of 26a67943ac from main.
2024-08-28 15:56:35 -03:00
Mariusz Felisiak
625aab3aea [5.1.x] Fixed typo in docs/ref/models/expressions.txt.
Backport of fed11ba461 from main.
2024-08-28 09:09:16 -03:00
David Smith
dbca05698a [5.1.x] Fixed typo of --no-startup in django-admin docs.
Backport of 5ae9922666 from main.
2024-08-13 11:21:06 +02:00
Jure Cuhalev
ecf13f192d [5.1.x] Doc'd that SessionMiddleware is required for the admin site.
The system check "admin.E410" was already checking for this, but the
requirement was not listed in docs/ref/contrib/admin/index.txt.

Backport of f8ef4579ea from main.
2024-08-08 08:50:27 -03:00
Andrew Miller
73fcb14cd8 [5.1.x] Refs #35591 -- Emphasized that runserver is not suitable for production.
Backport of cec62fb99e from main.
2024-08-08 10:10:29 +02:00
Adam Johnson
291fa5fbbe [5.1.x] Refs #31405 -- Improved LoginRequiredMiddleware documentation.
co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>

Backport of 49815f70e4 from main.
2024-08-08 10:07:12 +02:00
Mariusz Felisiak
20bd3f02be [5.1.x] Used :pypi: role in docs where appropriate.
Backport of 304d256674 from main.
2024-08-05 10:36:41 -03:00
Natalia
06fb6434b3 [5.1.x] Refs #35380 -- Updated screenshots in admin docs.
Backport of 90adba85b2 from main.
2024-08-05 09:14:24 -03:00
Lorenzo Peña
741f33eaf1 [5.1.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in get_supported_language_variant().
LocaleMiddleware didn't handle the ValueError raised by
get_supported_language_variant() when language codes were
over 500 characters.

Regression in 9e9792228a.

Backport of 0e94f292cd from main.
2024-07-25 09:40:49 +02:00
Sarah Boyce
e42defb63b [5.1.x] Fixed #35604, Refs #35326 -- Made FileSystemStorage.exists() behaviour independent from allow_overwrite.
Partially reverts 0b33a3abc2.

Storage.exists(name) was documented to "return False if
the name is available for a new file." but return True if
the file exists. This is ambiguous in the overwrite file
case. It will now always return whether the file exists.

Thank you to Natalia Bidart and Josh Schneier for the
review.

Backport of 8d6a20b656 from main.
2024-07-24 14:58:57 +02:00
Matthew Somerville
07d0d2975c [5.1.x] Updated example links in urlize docs.
goo.gl links are being removed in 2025:
https://developers.googleblog.com/en/google-url-shortener-links-will-no-longer-be-available/

Backport of fb7be022cb from main.
2024-07-23 14:04:05 +02:00
nessita
39062e7946 [5.1.x] Refs #10941 -- Reorganized querystring template tag docs.
Backport of cf03aa4e94 from main.
2024-07-22 10:33:46 -03:00
Sarah Boyce
91a5b5a4bb [5.1.x] Refs #10941 -- Renamed query_string template tag to querystring.
Backport of 27043bde5b from main.
2024-07-15 13:29:54 -03:00
Maryam Yusuf
bdfcda8c26 [5.1.x] Fixed #35464 -- Updated docs to note fieldsets have limited impact on TabularInlines.
Backport of b5f4d76bc4 from main.
2024-07-15 12:45:18 +02:00
Sarah Boyce
e99ccc4342 [5.1.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in get_supported_language_variant().
Language codes are now parsed with a maximum length limit of 500 chars.

Thanks to MProgrammer for the report.
2024-07-09 09:42:58 -03:00
Mariusz Felisiak
5cd070069d [5.1.x] Removed outdated note about limitations in Clickjacking protection.
There is no need to list old browser versions or point users to
workarounds.
Backport of f302343380 from main.
2024-07-04 18:10:47 -03:00
Carlton Gibson
3b5d04f879 [5.1.x] Removed unneeded hyphens in "counterintuitive".
Follow-up to 65ad4ade74 which added
counterintuitive to the wordlist. Removes unneeded (antiquated)
hyphenated usages.

See e.g. https://www.merriam-webster.com/dictionary/counterintuitive

Backport of 704192e478 from main.
2024-07-04 08:32:34 +02:00
Andrew Miller
fb140420bd [5.1.x] Fixed #23790 -- Warned about renaming AppConfig.label in docs/ref/applications.txt.
Backport of aa74c4083e from main.
2024-07-01 21:53:02 -03:00
lufafajoshua
a6dd2880f5 [5.1.x] Fixed #35470 -- Separated i18n and l10n globalization settings docs.
Backport of 8733e9af99 from main.
2024-07-01 16:33:28 -03:00
Sarah Boyce
9c7bff1ee4 [5.1.x] Optimized admin docs images.
Backport of 72b7b59680 from main.
2024-06-25 17:46:35 -03:00
nessita
3fb3b8a4fd [5.1.x] Refs #35380 -- Updated screenshots in admin docs.
When listing users, ensure that user first and last name are diverse.

Backport of bcc327aa32 from main.
2024-06-25 10:59:31 -03:00
lufafajoshua
3d55f2966d [5.1.x] Fixed #35306 -- Documented fallback localization formats in templates when localization is disabled.
Backport of 3ac0e43207 from main.
2024-06-24 18:08:50 +02:00
John Higgins
874fea63b4 [5.1.x] Fixed #35441 -- Documented Context and RequestContext keyword arguments.
Backport of 60acad933d from main.
2024-06-20 09:37:34 +02:00
Simon Törnqvist
e65b7d5b06 [5.1.x] Fixed #35443 -- Changed ordinal to return negative numbers unchanged.
Previously, `-1` was converted to `"-1th"`. This has been updated to
return negative numbers "as is", so that for example `-1` is
converted to `"-1"`. This is now explicit in the docs.

Co-authored-by: Martin Jonson <artin.onson@gmail.com>

Backport of d3a7ed5bcc from main.
2024-06-14 13:53:43 +02:00
Adam Zapletal
bf9a89f5d1 [5.1.x] Fixed #24076 -- Added warnings on usage of dates with DateTimeField and datetimes with DateField.
Backport of 99273fd525 from main.
2024-06-14 13:49:30 +02:00
Mariusz Felisiak
f0d592ed34 [5.1.x] Made cosmetic edits to code snippets reformatted with blacken-docs.
Backport of 0f694ce2eb from main.
2024-05-30 09:43:21 -03:00
Hisham Mahmood
c7fc9f20b4 Fixed #31405 -- Added LoginRequiredMiddleware.
Co-authored-by: Adam Johnson <me@adamj.eu>
Co-authored-by: Mehmet İnce <mehmet@mehmetince.net>
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-05-22 08:51:17 +02:00
Natalia
676060d683 Refs #35189 -- Updated ModelAdmin.fieldsets screenshot in admin docs. 2024-05-22 00:13:55 -03:00
Marijke Luttekes
e4a693f50a Fixed #35189 -- Improved admin collapsible fieldsets by using <details> elements.
This work improves the accessibility of the add and change pages in the
admin site by adding <details> and <summary> elements to the collapsible
fieldsets. This has the nice side effect of no longer requiring custom
JavaScript helpers to implement the fieldsets' show/hide capabilities.

Thanks to James Scholes for the accessibility advice, and to Sarah Boyce
and Tom Carrick for reviews.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-05-22 00:13:55 -03:00
Berker Peksag
4971a9afe5 Fixed #18119 -- Added a DomainNameValidator validator.
Thanks Claude Paroz for the review.

Co-authored-by: Nina Menezes <77671865+nmenezes0@users.noreply.github.com>
2024-05-21 23:11:12 +02:00
Ben Cail
0b33a3abc2 Fixed #35326 -- Added allow_overwrite parameter to FileSystemStorage. 2024-05-21 07:28:12 +02:00
Adam Johnson
50852b2c2c Replaced fictional class 'extrapretty' in admin fieldsets docs. 2024-05-16 21:25:23 -03:00
Sarah Boyce
d4f6e6c088 Moved FileSystemStorage note in docs to the correct place. 2024-05-16 11:17:57 +02:00
Mariusz Felisiak
f030236a86 Fixed #35275 -- Fixed Meta.constraints validation crash on UniqueConstraint with OpClass().
This also introduces Expression.constraint_validation_compatible that
allows specifying that expression should be ignored during a constraint
validation.
2024-05-14 10:34:30 +02:00
alexgmin
dba05042dd Added link to the csrf template tag in the csrf page. 2024-05-06 13:25:30 +02:00
sobolevn
9a27c76021 Fixed #35426 -- Updated querysets to be a required argument of GenericPrefetch. 2024-05-04 11:30:36 +02:00
Shamil
32d163e680 Fixed #35427 -- Corrected help text for makemessages --extension in docs/ref/django-admin.txt. 2024-05-03 22:48:17 -03:00
John Parton
914bf69171 Clarified when ImageField attributes are set. 2024-05-02 10:04:55 +02:00
Mariusz Felisiak
160c0ab13a Fixed rendering XOR section in docs. 2024-05-02 09:26:44 +02:00
Mariusz Felisiak
85c154da2f Fixed #35412 -- Dropped support for SQLite < 3.31. 2024-04-29 11:07:54 +02:00
Adam Zapletal
828b94b178 Fixed #20744 -- Removed hint that arbitrary kwargs are allowed when creating forms.Fields. 2024-04-26 11:23:38 -03:00
David Sanders
f0d50a9379 Doc'd that RemoveField also drops related database objects in PostgreSQL. 2024-04-16 13:11:06 -03:00
Mohammad Kazemi
47c608202a Extended docs for Q() objects mentioning the ~ (NOT) operator.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-04-15 13:16:35 -03:00
Adam Johnson
8bbf73ca74 Fixed settings path in docs for installing SpatiaLite with Homebrew.
Co-authored-by: Adam Zapletal <adamzap@gmail.com>
2024-04-10 18:15:42 -03:00
Carlton Gibson
ca5cd3e3e8 Refs #35354 -- Clarified FORCE_SCRIPT_NAME docs. 2024-04-05 15:13:54 +02:00
Giannis Terzopoulos
d658a3162f Fixed #35233 -- Moved template engine system checks to backend methods.
Thanks Adam Johnson for reviews.
2024-03-27 08:14:54 +01:00
Adam Zapletal
fd2514d17d Added RowNumber() link in Rank() docs. 2024-03-21 05:52:07 +01:00