mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-10 17:32:41 +00:00
Code Issues 32 Releases Wiki Activity
21,205 Commits 29 Branches 437 Tags
Commit Graph

8340 Commits

Author SHA1 Message Date
Shai Berger
17d3a6d804 Fixed catastrophic backtracking in URLValidator. 
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
 2015-07-08 15:23:03 -04:00
Tim Graham
014247ad19 Prevented newlines from being accepted in some validators. 
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
 2015-07-08 15:23:03 -04:00
Carl Meyer
df049ed77a Fixed #19324 -- Avoided creating a session record when loading the session. 
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
 2015-07-08 15:23:03 -04:00
Tim Graham
125eaa19b2 Added security release note stubs. 2015-07-08 15:23:03 -04:00
Tim Graham
bdfce4db21 Removed a confusing sentence in tutorial 5. 2015-07-08 15:11:40 -04:00
Luke Plant
f87e552d98 Corrected example code for get_query_set upgrade in 1.6 release notes 
The conditional setting of `get_query_set` is required for correct behaviour
if running Django 1.8. The full gory details are here:

http://lukeplant.me.uk/blog/posts/handling-django%27s-get_query_set-rename-is-hard/
 2015-07-08 10:58:07 +01:00
Chris Bainbridge
e5cfa394d7 Refs #23882 -- Added detection for moved files when using inotify polling 
Commit 15f82c7 ("used pyinotify as change detection system when
available") introduced a regression where editing a file in vim with
default settings (writebackup=auto) no longer causes the dev server
to be restarted. On a write, vim moves the monitored file to a backup
path and then creates a new file in the original. The new file is not
monitored as it has a different inode. Fixed this by also watching for
inotify events IN_DELETE_SELF and IN_MOVE_SELF.
 2015-07-07 12:23:04 -04:00
David Wolever
0d71349773 Fixed #22804 -- Added warning for unsafe value of 'sep' in Signer 
Thanks Jaap Roes for completing the patch.
 2015-07-07 11:44:37 -04:00
Alexey Sveshnikov
bc98bc56a5 Fixed #25059 -- Allowed Punycode TLDs in URLValidator 2015-07-06 15:08:43 -04:00
Tim Graham
a871cf422d Fixed #25051 -- Clarified return type of {% now %} tag. 2015-07-04 08:46:49 -04:00
Sylvain Fankhauser
f5d5867a4a Fixed #24877 -- Added middleware handling of response.render() errors. 2015-07-03 12:06:40 -04:00
Rigel Di Scala
b91a2a499f Fixed #23190 -- Made Paginator.page_range an iterator 2015-07-03 11:34:34 -04:00
Luke
fd869cceac Fixed mistake in Model.from_db() example. 2015-07-03 09:08:22 -04:00
Tim Graham
0e3193a386 Updated mock note since Django no longer works with Python 3.2. 2015-07-03 08:24:58 -04:00
Tim Graham
ca58181bac Fixed #25056 -- Documented minimum version of jinja2 for testing. 2015-07-03 08:20:53 -04:00
Jan Pazdziora
a570701e02 Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only external authentication. 2015-07-02 17:38:10 -04:00
William Schwartz
9a5cfa05a0 Fixed #24997 -- Enabled bulk_create() on proxy models 2015-07-02 13:53:51 -04:00
Curtis
11cac1bd8e Fixed #4960 -- Added "strip" option to CharField 2015-07-01 17:47:05 -04:00
Jon Dufresne
b44dee16e6 Fixed #20916 -- Added Client.force_login() to bypass authentication. 2015-07-01 13:01:08 -04:00
Matthew Somerville
839edcebb3 Fixed #21695 -- Added asvar option to blocktrans. 
Thanks Bojan Mihelac for the initial patch.
 2015-07-01 10:03:00 -04:00
Claude Paroz
3d7a713156 Fixed typo in writing migrations docs 2015-07-01 09:16:17 +02:00
Trey Hunner
2d0dead224 DEP 0003 -- Added JavaScript unit tests. 
Setup QUnit, added tests, and measured test coverage.

Thanks to Nick Sanford for the initial tests.
 2015-06-30 21:04:16 -04:00
Jean-Michel Vourgère
b64c0d4d61 Fixed #23658 -- Provided the password to PostgreSQL dbshell command 
The password from settings.py is written in a temporary .pgpass file
file whose name is given to psql using the PGPASSFILE environment
variable.
 2015-06-30 18:21:51 -04:00
Shai Berger
eecd42ea7d Removed datetime_cast_sql, which is never overridden or used anywhere in Django. 
Thanks Tim Graham for review.
 2015-07-01 00:43:45 +03:00
Andreas Pelme
00a1d4d042 Fixed #21803 -- Added support for post-commit callbacks 
Made it possible to register and run callbacks after a database
transaction is committed with the `transaction.on_commit()` function.

This patch is heavily based on Carl Meyers django-transaction-hooks
<https://django-transaction-hooks.readthedocs.org/>. Thanks to
Aymeric Augustin, Carl Meyer, and Tim Graham for review and feedback.
 2015-06-30 14:51:00 -04:00
Tim Graham
9f0d67137c Fixed #25038 -- Reverted incorrect documentation about inspectdb introspecting views. 
This reverts commit bd691f4586c8ad45bd059ff9d3621cbf8afdcdce (refs #24177).
 2015-06-30 14:23:29 -04:00
Luke Plant
aef2a0ec59 Fixed #25018 -- Changed simple_tag to apply conditional_escape() to its output. 
This is a security hardening fix to help prevent XSS (and incorrect HTML)
for the common use case of simple_tag.

Thanks to Tim Graham for the review.
 2015-06-29 08:16:19 -04:00
Trey Hunner
ec4f219ecb Fixed #22463 -- Added code style guide and JavaScript linting (EditorConfig and ESLint) 2015-06-27 16:36:26 -04:00
Tim Graham
f59667c121 Fixed #25033 -- Added context_processors.auth to documented admin dependencies. 2015-06-27 14:27:03 -04:00
Noam
e291fc4757 Fixed #25031 -- Fixed a regression in the unordered_list template filter. 2015-06-27 09:37:41 -04:00
sujayskumar
2e70bf3785 Fixed #25017 -- Allowed customizing the DISALLOWED_USER_AGENTS response 2015-06-27 08:46:23 -04:00
Jason Hoos
a50b66da30 Fixed #24958 -- Fixed inline forms using UUID-PK parents with auto-PK children. 2015-06-26 09:09:09 -04:00
薛丞宏
d3e12c9017 Fixed #25016 -- Reallowed non-ASCII values for ForeignKey.related_name on Python 3. 2015-06-26 08:30:05 -04:00
Marten Kenbeek
6364df6887 Refs #24127 -- Added documentation for HttpRequest.current_app. 2015-06-25 19:54:50 +02:00
Tim Graham
aed437d567 Updated release process for new release schedule. 2015-06-25 11:36:17 -04:00
Tim Graham
aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap. 
Forwardport of ae1d663b7913f6da233c55409c4973248372d302
from stable/1.8.x plus more.
 2015-06-24 16:08:20 -04:00
Daniel Wiesmann
c078021555 Refs #24840 -- Added GDALRaster Warp and transform methods 
Thanks to Tim Graham for the review.
 2015-06-24 18:31:22 +02:00
Tim Graham
c45fbd060a Added white-space: pre-wrap; to docs code blocks to match docs.dp.com. 2015-06-22 15:56:06 -04:00
Wim Feijen
514b69cb9e Updated indentation of example template in docs/topics/i18n/translation.txt. 2015-06-22 15:42:09 -04:00
Ola Sitarska
f1635ba433 Added Ola Sitarska to the team page. 2015-06-22 15:30:20 -04:00
Tim Graham
5ae0dd6abf Fixed #25001 -- Doc'd caveat about collectstatic and removing INSTALLED_APPS. 
Thanks aRkadeFR for the initial patch.
 2015-06-22 12:36:38 -04:00
Tim Graham
256aebbdaa Simplified wording of Python support policy. 2015-06-22 12:07:53 -04:00
Bipin Suresh
34047b23e2 Fixed #24983 -- Clarified contrib.sites Site.domain is fully qualified. 2015-06-22 09:39:54 -04:00
Tim Graham
7f155a0703 Refs #25006 -- Added a '6 p.m.' option to the admin's time picker. 2015-06-22 07:24:57 -04:00
Rolo
e7b4bd48c7 Fixed #24970 -- Added --managers and --admins options to the sendtestemail management command. 2015-06-22 07:21:26 -04:00
Claude Paroz
1c90a3dcca Fixed #24985 -- Added note about possible invalid feed content 
Thanks Michael Wood for the report and Tim Graham for the review.
 2015-06-21 20:53:01 +02:00
Tim Graham
4a66564888 Fixed #25010 -- Documented APP_DIRS default in startproject's settings.py 2015-06-20 19:28:17 -04:00
Marten Kenbeek
738c0de300 Fixed #14200 -- Added a fallback if HttpRequest.urlconf is None. 
Made BaseHandler fall back to settings.ROOT_URLCONF if
HttpRequest.urlconf is set to None, rather than raising
ImproperlyConfigured.
 2015-06-20 18:52:33 -04:00
Claude Paroz
ffdf507ec0 Added GDAL 2.0 support 2015-06-20 14:40:50 +02:00
Claude Paroz
9368f51e12 Fixed #20197 -- Made XML serializer fail loudly when outputting unserializable chars 
Thanks Tim Graham for the review.
 2015-06-19 20:54:46 +02:00