mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-06 07:22:32 +00:00
Code Issues 32 Releases Wiki Activity
21,134 Commits 29 Branches 434 Tags
Commit Graph

7040 Commits

Author SHA1 Message Date
Shai Berger
17d3a6d804 Fixed catastrophic backtracking in URLValidator. 
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
 2015-07-08 15:23:03 -04:00
Tim Graham
014247ad19 Prevented newlines from being accepted in some validators. 
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
 2015-07-08 15:23:03 -04:00
Carl Meyer
df049ed77a Fixed #19324 -- Avoided creating a session record when loading the session. 
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
 2015-07-08 15:23:03 -04:00
Andriy Sokolovskiy
13dca01af0 Replaced try..except blocks by context manager in custom lookups tests 2015-07-07 12:03:58 -04:00
David Wolever
0d71349773 Fixed #22804 -- Added warning for unsafe value of 'sep' in Signer 
Thanks Jaap Roes for completing the patch.
 2015-07-07 11:44:37 -04:00
Tim Graham
6bd8462380 Refs #23658 -- Fixed dbshell tests on Windows. 2015-07-06 16:17:56 -04:00
Alexey Sveshnikov
bc98bc56a5 Fixed #25059 -- Allowed Punycode TLDs in URLValidator 2015-07-06 15:08:43 -04:00
Andriy Sokolovskiy
b40c551fdf Fixed some unclosed objects in tests 2015-07-06 10:10:40 -04:00
Tim Graham
e7c6a2cf9f Refs #4960 -- Fixed selenium test failures for CharField strip changes. 2015-07-06 08:52:50 -04:00
Sylvain Fankhauser
f5d5867a4a Fixed #24877 -- Added middleware handling of response.render() errors. 2015-07-03 12:06:40 -04:00
Rigel Di Scala
b91a2a499f Fixed #23190 -- Made Paginator.page_range an iterator 2015-07-03 11:34:34 -04:00
Michael Manfre
f9c3587b51 Fixed #25055 -- Made m2m long name testing friendlier for 3rd party databases. 2015-07-03 09:00:08 -04:00
Jan Pazdziora
3353684102 Fixed #25032 -- Removed double redirect in admin login. 2015-07-03 08:53:10 -04:00
Tim Graham
ca58181bac Fixed #25056 -- Documented minimum version of jinja2 for testing. 2015-07-03 08:20:53 -04:00
Tim Graham
c0c7fa4837 Refs #25050 -- Corrected test assertion in serializers test. 2015-07-03 08:03:20 -04:00
Jan Pazdziora
a570701e02 Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication. 2015-07-02 17:38:10 -04:00
Grégoire ROCHER
c6cce4de38 Fixed #25050 -- Allowed serialization of models with deferred fields. 2015-07-02 14:46:16 -04:00
Tim Graham
7edd912cfb Used assertRaisesMessage in managers_regress tests. 2015-07-02 14:23:28 -04:00
Chris Lamb
61f3e22e38 Fixed #25054 -- Added app_label to swapped model AttributeError 2015-07-02 14:18:10 -04:00
William Schwartz
9a5cfa05a0 Fixed #24997 -- Enabled bulk_create() on proxy models 2015-07-02 13:53:51 -04:00
jpic
fedef7b2c6 Fixed #24908 -- Fixed duplicate readonly field rendering. 
ModelAdmin added readonly_fields to exclude, but would not undeclare
them if they were overridden.
 2015-07-02 13:37:30 -04:00
Kai Richard Koenig
60f795c060 Fixed #25040 -- Fixed migrations state crash with GenericForeignKey 2015-07-02 12:48:29 -04:00
Curtis
11cac1bd8e Fixed #4960 -- Added "strip" option to CharField 2015-07-01 17:47:05 -04:00
Tim Graham
b535eb3fcb Refs #23658 -- Fixed unclosed file in dbshell tests. 2015-07-01 13:45:02 -04:00
Jon Dufresne
b44dee16e6 Fixed #20916 -- Added Client.force_login() to bypass authentication. 2015-07-01 13:01:08 -04:00
Matthew Somerville
839edcebb3 Fixed #21695 -- Added asvar option to blocktrans. 
Thanks Bojan Mihelac for the initial patch.
 2015-07-01 10:03:00 -04:00
Moritz Sichert
b35b43dff8 Fixed #24982 -- Split staticfiles tests into multiple files 2015-07-01 09:41:27 -04:00
Michael Tänzer
3bbaf84d65 Fixed #18247 -- Added cast to NUMERIC for Decimals on sqlite 
On sqlite the SUM() of a decimal column doesn't have a NUMERIC type so
when comparing it to a string literal (which a Decimal gets converted to
in Django) it is not compared as expected.
 2015-06-30 18:27:42 -04:00
Jean-Michel Vourgère
b64c0d4d61 Fixed #23658 -- Provided the password to PostgreSQL dbshell command 
The password from settings.py is written in a temporary .pgpass file
file whose name is given to psql using the PGPASSFILE environment
variable.
 2015-06-30 18:21:51 -04:00
Marten Kenbeek
aabb58428b Refs #23621 -- Fixed warning message when reloading models. 2015-06-30 15:00:10 -04:00
Andreas Pelme
00a1d4d042 Fixed #21803 -- Added support for post-commit callbacks 
Made it possible to register and run callbacks after a database
transaction is committed with the `transaction.on_commit()` function.

This patch is heavily based on Carl Meyers django-transaction-hooks
<https://django-transaction-hooks.readthedocs.org/>. Thanks to
Aymeric Augustin, Carl Meyer, and Tim Graham for review and feedback.
 2015-06-30 14:51:00 -04:00
Jonas Degrave
4352e865a7 Fixed #24911 -- Made BaseManager.get_queryset() allow custom queryset args. 2015-06-30 13:48:30 -04:00
Ned Batchelder
3b81dbe844 Used %r in the TextNode repr to show newlines better. 2015-06-30 09:54:18 -04:00
Andriy Sokolovskiy
c31bf8cb54 Refs #20203 -- Added tests to check inherited custom default manager 2015-06-29 21:17:51 -04:00
Andriy Sokolovskiy
c0cf73a57d Refs #20203 -- Allowed adding custom default manager to the model state 
If the only manager on the model is the default manager defined
by Django (`objects = models.Manager()`), this manager will not
be added to the model state. If it is custom, it needs to be
passed to the model state.
 2015-06-29 21:15:37 -04:00
Luke Plant
aef2a0ec59 Fixed #25018 -- Changed simple_tag to apply conditional_escape() to its output. 
This is a security hardening fix to help prevent XSS (and incorrect HTML)
for the common use case of simple_tag.

Thanks to Tim Graham for the review.
 2015-06-29 08:16:19 -04:00
Anssi Kääriäinen
9ed82154bd Fixed #23791 -- Corrected object type check for pk__in=qs 
When the pk was a relation field, qs.filter(pk__in=qs) didn't work.

In addition, fixed Restaurant.objects.filter(place=restaurant_instance),
where place is an OneToOneField and the primary key of Restaurant.

A big thank you to Josh for review and to Tim for review and cosmetic
edits.

Thanks to Beauhurst for commissioning the work on this ticket.
 2015-06-29 07:49:31 -04:00
Tim Graham
1e63652e44 Renamed MySQL-specific dbshell test file. 2015-06-27 16:22:11 -04:00
Tim Graham
7da3923ba0 Sorted imports in __init__.py files. 2015-06-27 11:53:33 -04:00
Greg Chapple
4a66a69239 Fixed #24887 -- Removed one-arg limit from models.aggregate 2015-06-27 11:44:33 -04:00
Tim Graham
6c592e79e1 Removed unused code after refs #25017. 2015-06-27 10:08:59 -04:00
Noam
e291fc4757 Fixed #25031 -- Fixed a regression in the unordered_list template filter. 2015-06-27 09:37:41 -04:00
sujayskumar
2e70bf3785 Fixed #25017 -- Allowed customizing the DISALLOWED_USER_AGENTS response 2015-06-27 08:46:23 -04:00
Jason Hoos
a50b66da30 Fixed #24958 -- Fixed inline forms using UUID-PK parents with auto-PK children. 2015-06-26 09:09:09 -04:00
Claude Paroz
0cc39e50e1 Pushed GDAL skip condition inside test 
As GDAL_VERSION is conditionnaly imported, it cannot be referenced
in skipIf decorator.
 2015-06-26 14:57:45 +02:00
Daniel Wiesmann
b647ccfa67 Refs #24840 -- Added skip flag to raster transform test for GDAL<1.8.1. 
Thanks to Simon Charette for the report.
 2015-06-26 14:30:54 +02:00
薛丞宏
d3e12c9017 Fixed #25016 -- Reallowed non-ASCII values for ForeignKey.related_name on Python 3. 2015-06-26 08:30:05 -04:00
Claude Paroz
3f9dca62cb Updated GeoIP test for newer versions 2015-06-25 21:47:54 +02:00
Simon Charette
bdb382b2a4 Refs #25002 -- Supported textual to temporal column alteration on Oracle. 
Thanks to Tim Graham for the report and Shai Berger for the review.
 2015-06-24 19:37:55 -04:00
Tim Graham
aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap. 
Forwardport of ae1d663b7913f6da233c55409c4973248372d302
from stable/1.8.x plus more.
 2015-06-24 16:08:20 -04:00