mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity
18,520 Commits 30 Branches 460 Tags
818e59a3f0fbadf6c447754d202d88df025f8f2a
Commit Graph

7115 Commits

Author SHA1 Message Date
Tim Graham
818e59a3f0 [1.7.x] Prevented views.static.serve() from using large memory on large files. 
This is a security fix. Disclosure following shortly.
 2015-01-13 13:02:56 -05:00
Tim Graham
de67dedc77 [1.7.x] Fixed is_safe_url() to handle leading whitespace. 
This is a security fix. Disclosure following shortly.
 2015-01-13 13:02:56 -05:00
Carl Meyer
41b4bc73ee [1.7.x] Stripped headers containing underscores to prevent spoofing in WSGI environ. 
This is a security fix. Disclosure following shortly.

Thanks to Jedediah Smith for the report.
 2015-01-13 13:02:56 -05:00
Tim Graham
33f1ccf5b1 [1.7.x] Added stub release notes for security releases. 2015-01-13 13:02:55 -05:00
Collin Anderson
6a08020fcf [1.7.x] Fixed bad model example in admin docs. 
Backport of e7771ec380 from master
 2015-01-13 11:53:59 -05:00
Markus Holtermann
ef5889409b [1.7.x] Fixed #24110 -- Rewrote migration unapply to preserve intermediate states 
Backport of fdc2cc9487 and be158e3625 from master
 2015-01-11 00:35:49 +01:00
Serafeim Papastefanos
1a352fe175 [1.7.x] Fixed #23967 -- Added formats for Greek 
Backport of 74f02557e0 from master
 2015-01-10 11:11:57 -05:00
Claude Paroz
7e65876b7c [1.7.x] Fixed #24097 -- Prevented AttributeError in redirect_to_login 
Thanks Peter Schmidt for the report and the initial patch.
Thanks to Oktay Sancak for writing the original failing test and
Alvin Savoy for supporting contributing back to the community.
Backport of d7bc37d61 from master.
 2015-01-10 10:13:50 +01:00
Claude Paroz
5e18f6f724 [1.7.x] Fixed #24083 -- Corrected is_bound nature in forms topic docs 
Thanks ajenhl Trac user for the report.
Backport of e0080cf57 from master.
 2015-01-06 09:00:27 +01:00
Claude Paroz
d8fb557a51 [1.7.x] Fixed #23815 -- Prevented UnicodeDecodeError in CSRF middleware 
Thanks codeitloadit for the report, living180 for investigations
and Tim Graham for the review.
Backport of 27dd7e7271 from master.
 2015-01-06 08:45:10 +01:00
Tim Graham
0e21fd4e40 [1.7.x] Added 1.4.18 release notes. 
Backport of ce17b045bf from master
 2015-01-05 14:25:36 -05:00
Tim Graham
4aed731154 [1.7.x] Increased the default PBKDF2 iterations. 2015-01-03 13:36:13 -05:00
Tim Graham
0a06ae9ef3 [1.7.x] Added 1.7.3 release notes stub. 
Backport of 439f15beab from master
 2015-01-03 13:27:46 -05:00
Alfred Perlstein
0148768412 [1.7.x] Fixed #23749 -- Documented how to use the database alias in RunPython. 
Thanks Markus Holtermann for review and feedback.

Backport of db3f7c15cb from master
 2015-01-03 12:07:28 -05:00
Bibhas
5f8761c639 [1.7.x] Fixed #24070 -- Added tutorial topics to doc index. 
Backport of b738178825 from master
 2015-01-03 08:48:59 -05:00
Tim Graham
20dcf5155b [1.7.x] Added dates to release notes. 
Backport of 15cd71ed24 from master
 2015-01-02 19:20:44 -05:00
Tim Graham
fda458c0b6 [1.7.x] Updated six to 1.9.0. 
Backport of 52f0b2b622 from master
 2015-01-02 13:23:18 -05:00
Tim Graham
1b83464391 [1.7.x] Removed obsolete item from deprecation timeline. 
Initial SQL data will be removed in Django 1.9 so changes to it
aren't relevant.

Backport of 1729a5250b from master
 2015-01-01 13:36:26 -05:00
Tim Graham
8e68b590ab [1.7.x] Removed doc note about PasswordResetForm requiring an integer PK. 
This limitation was lifted in refs #14881.

Backport of a7aaabfaf1 from master
 2015-01-01 11:40:08 -05:00
Tim Graham
f461bc02cb [1.7.x] Fixed #23366 -- Fixed a crash with the migrate --list command. 
Backport of b4bdd5262b from master
 2014-12-31 17:27:43 -05:00
Andrey Maslov
8de2a44064 [1.7.x] Fixed #24008 -- Fixed ValidationError crash with list of dicts. 
Backport of 7a878ca5cb from master
 2014-12-31 14:46:17 -05:00
Piotr Pawlaczek
e11ff3975f [1.7.x] Fixed #23758 -- Allowed more than 5 levels of subqueries 
Refactored bump_prefix() to avoid infinite loop and allow more than
than 5 subquires by extending the alphabet to use multi-letters.

Backport of 41fc1c0b5e from master
 2014-12-31 09:42:07 -05:00
Tim Graham
9311a94ca5 [1.7.x] Revert "Updated some docs for the delayed deprecation of legacy table creation; refs #22340." 
The deprecation was moved back to 1.9 in
61da5f3f02.

Backport of d7fc6eb8ca from master
 2014-12-30 11:53:33 -05:00
Tim Graham
a9da5dd5b6 [1.7.x] Fixed #23581 -- Prevented extraneous DROP DEFAULT statements. 
Thanks john_scott for the report and Markus Holtermann for review.

Backport of ab4f709da4 from master
 2014-12-30 08:31:18 -05:00
Tim Graham
79645529e7 Revert "[1.7.x] Fixed #23938 -- Added migration support for m2m to concrete fields and vice versa" 
This reverts commit 1702bc52cc.

This doesn't work on stable/1.7.x because #23844 wasn't backported and we're
not willing to do so because it's a large change.
 2014-12-29 15:37:15 -05:00
Markus Holtermann
1702bc52cc [1.7.x] Fixed #23938 -- Added migration support for m2m to concrete fields and vice versa 
Thanks to Michael D. Hoyle for the report and Tim Graham for the review.

Backport of 623ccdd598 from master
 2014-12-29 13:42:29 -05:00
Tim Graham
1cbdb49b0a [1.7.x] Fixed #24056 -- Fixed syntax highlighting in topics/testing/tools.txt. 
Backport of 3d0c3a0482 from master
 2014-12-27 19:51:33 -05:00
Aymeric Augustin
3483682749 [1.7.x] Fixed #23831 -- Supported strings escaped by third-party libs in Django. 
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.

Backport of 6d52f6f from master.
 2014-12-27 18:26:20 +01:00
Aymeric Augustin
b429a9796a [1.7.x] Fixed an inconsistency introduced in 547b1810. 
mark_safe and mark_for_escaping should have been kept similar.

On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.

Backport of 5c5eb5fe from master.
 2014-12-27 18:17:18 +01:00
Tim Graham
a79012f6d8 [1.7.x] Fixed #24000 -- Corrected contrib.sites default site creation in a multiple database setup. 
Backport of 89e2c60f43 from master
 2014-12-27 10:29:21 -05:00
Claude Paroz
322560489b [1.7.x] Fixed #24051 -- Made schema infrastructure honor tablespaces 
Partial backport of 30cbd5d36. Thanks Douglas J. Reynolds for the
report and initial patch.
 2014-12-27 15:12:17 +01:00
Collin Anderson
2af33a0719 [1.7.x] Clarified custom header instructions in tutorial 2. 
Backport of 0821b3d53c from master
 2014-12-26 18:29:52 -05:00
Tim Graham
1173140dbf [1.7.x] Fixed #24054 -- Enabled sqlsequencereset for apps with migrations. 
Backport of c2e419c267 from master
 2014-12-26 15:57:30 -05:00
Helen Sherwood-Taylor
b9169a100d [1.7.x] Fixed #24041 -- Documented effect of changing a model instance's primary key. 
Backport of 4ccdf6e57f from master
 2014-12-24 15:07:27 -05:00
Frankie Robertson
126eb58abe [1.7.x] Fixed #24035 -- Clarified docs on CACHE_MIDDLEWARE_KEY_PREFIX vs KEY_PREFIX 
Backport of 446b50b90e from master
 2014-12-23 14:40:35 -05:00
Tim Graham
51ea30a43b [1.7.x] Fixed #24037 -- Prevented data loss possibility when changing Meta.managed. 
The migrations autodetector now issues AlterModelOptions operations for
Meta.managed changes instead of DeleteModel + CreateModel.

Thanks iambibhas for the report and Simon and Markus for review.

Backport of 061caa5b38 from master
 2014-12-23 14:26:56 -05:00
Tim Graham
ac098867c0 [1.7.x] Fixed #23525 -- Fixed admindocs crash on apps installed as eggs. 
Thanks welbornprod for report and initial patch.

Backport of 01ab84c613 from master
 2014-12-22 15:19:48 -05:00
Alexander Schulze
4c92ecd705 [1.7.x] Fixed #23959 -- Clarified when checks automatically run. 
Backport of cf2390be16 from master
 2014-12-22 11:35:57 -05:00
David Cramer
66e9154399 [1.7.x] Corrected scoping of savepoint example 
Backport of 27f68f8659 from master
 2014-12-22 07:51:09 -05:00
Oscar Ramirez
1ad5deedd4 [1.7.x] Fixed #23998 -- Added datetime.time support to migrations questioner. 
Backport of 54085b0f9b from master
 2014-12-22 07:26:57 -05:00
Tim Graham
c24624025b [1.7.x] Added upgrade instructions for deprecated model _meta permission methods. 
Backport of a3d96bee36 from master
 2014-12-19 19:12:50 -05:00
Berker Peksag
a970d6d941 [1.7.x] Moved version directives to the bottom of the loaddata section. 
Backport of 6403e07c50 from master
 2014-12-19 06:57:50 -05:00
Claude Paroz
f46a16614d [1.7.x] Fixed #24015 -- Factorized create_index_sql expression 
Backport of 6072f17d0 from master, with one test reinforced.
Thanks Tim Graham for the review.
 2014-12-18 21:14:29 +01:00
Tim Graham
2f13a48f33 [1.7.x] Removed need to update Python version support note on each new release. 
Backport of 0c06f06131 from master
 2014-12-18 11:56:50 -05:00
Tim Graham
c2d8da7555 [1.7.x] Corrected indentation in docs to prevent inadvertent blockquote. 2014-12-18 11:34:11 -05:00
Claude Paroz
47912d9f2b [1.7.x] Fixed #24007 -- Ensure apps registry's ready before unpickling models 
This prevents AppRegistryNotReady errors when unpickling Django
models from an external script.
Backport of 108b8bf85 from master.
 2014-12-17 18:41:12 +01:00
Mosson, Andrew
6d8c14621e [1.7x.] Fixed #23497 -- Made admin system checks run for custom AdminSites. 
Backport of b7219c7ba5 from master
 2014-12-17 09:16:05 -05:00
Markus Holtermann
a38951948a [1.7.x] Fixed display of lists after website redesign 
Thanks Brian Jacobel for the report. refs django/djangoproject.com#197

Backport of c7786550c4 from master
 2014-12-17 08:24:27 -05:00
Alex Gaynor
ebfb1dab26 [1.7.x] Fixed the formatting of one section of the security page 
Backport of 104aaab704 from master
 2014-12-16 19:01:06 -05:00
Tim Graham
c085bea6c3 [1.7.x] Fixed #23975 -- Restored pre_migrate signal if all apps have migrations. 
Thanks kmmbvnr for the report.

Backport of d2ff8a7241 from master
 2014-12-16 18:39:19 -05:00