2011-03-23 05:03:22 +00:00
|
|
|
|
========================
|
|
|
|
|
Django 1.3 release notes
|
|
|
|
|
========================
|
2010-06-21 12:19:32 +00:00
|
|
|
|
|
2011-03-23 05:03:22 +00:00
|
|
|
|
*March 23, 2011*
|
2010-06-21 12:19:32 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
Welcome to Django 1.3!
|
2010-06-21 12:19:32 +00:00
|
|
|
|
|
2016-06-02 15:41:49 +00:00
|
|
|
|
Nearly a year in the making, Django 1.3 includes quite a few :ref:`new features
|
|
|
|
|
<whats-new-1.3>` and plenty of bug fixes and improvements to existing features.
|
|
|
|
|
These release notes cover the new features in 1.3, as well as some
|
|
|
|
|
:ref:`backwards-incompatible changes <backwards-incompatible-changes-1.3>`
|
|
|
|
|
you'll want to be aware of when upgrading from Django 1.2 or older versions.
|
2011-03-22 06:57:12 +00:00
|
|
|
|
|
|
|
|
|
Overview
|
|
|
|
|
========
|
|
|
|
|
|
|
|
|
|
Django 1.3's focus has mostly been on resolving smaller, long-standing
|
|
|
|
|
feature requests, but that hasn't prevented a few fairly significant
|
|
|
|
|
new features from landing, including:
|
|
|
|
|
|
|
|
|
|
* A framework for writing `class-based views`_.
|
|
|
|
|
|
|
|
|
|
* Built-in support for `using Python's logging facilities`_.
|
|
|
|
|
|
|
|
|
|
* Contrib support for `easy handling of static files`_.
|
|
|
|
|
|
|
|
|
|
* Django's testing framework now supports (and ships with a copy of)
|
|
|
|
|
`the unittest2 library`_.
|
2010-06-21 12:19:32 +00:00
|
|
|
|
|
2020-05-01 12:37:21 +00:00
|
|
|
|
Wherever possible, new features are introduced in a backwards-compatible manner
|
|
|
|
|
per :doc:`our API stability policy </misc/api-stability>` policy. As a result
|
|
|
|
|
of this policy, Django 1.3 :ref:`begins the deprecation process for some
|
|
|
|
|
features <deprecated-features-1.3>`.
|
2011-03-22 06:57:12 +00:00
|
|
|
|
|
|
|
|
|
.. _using Python's logging facilities: `Logging`_
|
|
|
|
|
.. _easy handling of static files: `Extended static files handling`_
|
|
|
|
|
.. _the unittest2 library: `unittest2 support`_
|
2010-10-11 23:50:59 +00:00
|
|
|
|
|
2011-03-23 05:03:22 +00:00
|
|
|
|
Python compatibility
|
|
|
|
|
====================
|
|
|
|
|
|
|
|
|
|
The release of Django 1.2 was notable for having the first shift in
|
|
|
|
|
Django's Python compatibility policy; prior to Django 1.2, Django
|
|
|
|
|
supported any 2.x version of Python from 2.3 up. As of Django 1.2, the
|
2011-03-23 05:04:19 +00:00
|
|
|
|
minimum requirement was raised to Python 2.4.
|
2011-03-23 05:03:22 +00:00
|
|
|
|
|
|
|
|
|
Django 1.3 continues to support Python 2.4, but will be the final
|
|
|
|
|
Django release series to do so; beginning with Django 1.4, the minimum
|
|
|
|
|
supported Python version will be 2.5. A document outlining our full
|
|
|
|
|
timeline for deprecating Python 2.x and moving to Python 3.x will be
|
|
|
|
|
published shortly after the release of Django 1.3.
|
|
|
|
|
|
2016-06-02 15:41:49 +00:00
|
|
|
|
.. _whats-new-1.3:
|
|
|
|
|
|
2010-10-11 23:50:59 +00:00
|
|
|
|
What's new in Django 1.3
|
|
|
|
|
========================
|
|
|
|
|
|
2010-10-18 13:34:47 +00:00
|
|
|
|
Class-based views
|
2016-01-03 10:56:22 +00:00
|
|
|
|
-----------------
|
2010-10-18 13:34:47 +00:00
|
|
|
|
|
|
|
|
|
Django 1.3 adds a framework that allows you to use a class as a view.
|
|
|
|
|
This means you can compose a view out of a collection of methods that
|
2010-11-11 08:22:58 +00:00
|
|
|
|
can be subclassed and overridden to provide common views of data without
|
|
|
|
|
having to write too much code.
|
2010-10-18 13:34:47 +00:00
|
|
|
|
|
|
|
|
|
Analogs of all the old function-based generic views have been
|
|
|
|
|
provided, along with a completely generic view base class that can be
|
|
|
|
|
used as the basis for reusable applications that can be easily
|
|
|
|
|
extended.
|
|
|
|
|
|
2012-06-11 08:34:00 +00:00
|
|
|
|
See :doc:`the documentation on class-based generic views</topics/class-based-views/index>`
|
2012-04-25 19:17:47 +00:00
|
|
|
|
for more details. There is also a document to help you `convert
|
2010-10-18 13:34:47 +00:00
|
|
|
|
your function-based generic views to class-based
|
2021-04-27 15:38:57 +00:00
|
|
|
|
views <https://raw.githubusercontent.com/django/django/ea9dc9f4b03ae034c1dc080730422dda7a9c2e47/docs/topics/generic-views-migration.txt>`_.
|
2010-10-18 13:34:47 +00:00
|
|
|
|
|
2010-10-11 23:50:59 +00:00
|
|
|
|
Logging
|
2016-01-03 10:56:22 +00:00
|
|
|
|
-------
|
2010-10-11 23:50:59 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
Django 1.3 adds framework-level support for Python's ``logging``
|
|
|
|
|
module. This means you can now easily configure and control logging
|
|
|
|
|
as part of your Django project. A number of logging handlers and
|
|
|
|
|
logging calls have been added to Django's own code as well -- most
|
2021-10-18 16:06:00 +00:00
|
|
|
|
notably, the error emails sent on an HTTP 500 server error are now
|
2011-03-22 06:57:12 +00:00
|
|
|
|
handled as a logging activity. See :doc:`the documentation on Django's
|
|
|
|
|
logging interface </topics/logging>` for more details.
|
2010-10-11 23:50:59 +00:00
|
|
|
|
|
2010-11-11 21:43:04 +00:00
|
|
|
|
Extended static files handling
|
2016-01-03 10:56:22 +00:00
|
|
|
|
------------------------------
|
2010-11-11 21:43:04 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
Django 1.3 ships with a new contrib app --
|
|
|
|
|
``django.contrib.staticfiles`` -- to help developers handle the static
|
2015-04-30 19:39:29 +00:00
|
|
|
|
media files (images, CSS, JavaScript, etc.) that are needed to render
|
2011-03-22 06:57:12 +00:00
|
|
|
|
a complete web page.
|
2010-11-11 21:43:04 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
In previous versions of Django, it was common to place static assets
|
|
|
|
|
in :setting:`MEDIA_ROOT` along with user-uploaded files, and serve
|
|
|
|
|
them both at :setting:`MEDIA_URL`. Part of the purpose of introducing
|
|
|
|
|
the ``staticfiles`` app is to make it easier to keep static files
|
|
|
|
|
separate from user-uploaded files. Static assets should now go in
|
|
|
|
|
``static/`` subdirectories of your apps or in other static assets
|
|
|
|
|
directories listed in :setting:`STATICFILES_DIRS`, and will be served
|
|
|
|
|
at :setting:`STATIC_URL`.
|
2010-11-11 21:43:04 +00:00
|
|
|
|
|
|
|
|
|
See the :doc:`reference documentation of the app </ref/contrib/staticfiles>`
|
|
|
|
|
for more details or learn how to :doc:`manage static files
|
2013-03-07 19:15:39 +00:00
|
|
|
|
</howto/static-files/index>`.
|
2010-11-11 21:43:04 +00:00
|
|
|
|
|
2018-07-31 15:32:38 +00:00
|
|
|
|
``unittest2`` support
|
|
|
|
|
----------------------
|
2010-10-11 23:50:59 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
Python 2.7 introduced some major changes to the ``unittest`` library,
|
2010-10-11 23:50:59 +00:00
|
|
|
|
adding some extremely useful features. To ensure that every Django
|
2011-03-22 06:57:12 +00:00
|
|
|
|
project can benefit from these new features, Django ships with a copy
|
2023-04-16 23:14:09 +00:00
|
|
|
|
of :pypi:`unittest2`, a copy of the Python 2.7 ``unittest`` library,
|
|
|
|
|
backported for Python 2.4 compatibility.
|
2010-10-11 23:50:59 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
To access this library, Django provides the ``django.utils.unittest``
|
|
|
|
|
module alias. If you are using Python 2.7, or you have installed
|
|
|
|
|
``unittest2`` locally, Django will map the alias to the installed
|
2018-07-31 15:32:38 +00:00
|
|
|
|
version of the ``unittest`` library. Otherwise, Django will use its own
|
|
|
|
|
bundled version of ``unittest2``.
|
2010-10-11 23:50:59 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
To take advantage of this alias, simply use::
|
2010-10-11 23:50:59 +00:00
|
|
|
|
|
|
|
|
|
from django.utils import unittest
|
|
|
|
|
|
|
|
|
|
wherever you would have historically used::
|
|
|
|
|
|
|
|
|
|
import unittest
|
|
|
|
|
|
2018-07-31 15:32:38 +00:00
|
|
|
|
If you want to continue to use the base ``unittest`` library, you can --
|
|
|
|
|
you just won't get any of the nice new ``unittest2`` features.
|
2010-10-11 23:50:59 +00:00
|
|
|
|
|
2010-10-19 19:38:15 +00:00
|
|
|
|
Transaction context managers
|
2016-01-03 10:56:22 +00:00
|
|
|
|
----------------------------
|
2010-10-19 19:38:15 +00:00
|
|
|
|
|
2013-03-04 22:26:31 +00:00
|
|
|
|
Users of Python 2.5 and above may now use transaction management functions as
|
2016-05-08 22:07:43 +00:00
|
|
|
|
context managers. For example::
|
2010-10-19 19:38:15 +00:00
|
|
|
|
|
|
|
|
|
with transaction.autocommit():
|
2023-01-23 20:29:05 +00:00
|
|
|
|
...
|
2010-10-19 19:38:15 +00:00
|
|
|
|
|
2010-11-09 16:46:42 +00:00
|
|
|
|
Configurable delete-cascade
|
2016-01-03 10:56:22 +00:00
|
|
|
|
---------------------------
|
2010-11-09 16:46:42 +00:00
|
|
|
|
|
|
|
|
|
:class:`~django.db.models.ForeignKey` and
|
|
|
|
|
:class:`~django.db.models.OneToOneField` now accept an
|
|
|
|
|
:attr:`~django.db.models.ForeignKey.on_delete` argument to customize behavior
|
|
|
|
|
when the referenced object is deleted. Previously, deletes were always
|
|
|
|
|
cascaded; available alternatives now include set null, set default, set to any
|
|
|
|
|
value, protect, or do nothing.
|
|
|
|
|
|
|
|
|
|
For more information, see the :attr:`~django.db.models.ForeignKey.on_delete`
|
|
|
|
|
documentation.
|
|
|
|
|
|
2010-11-17 15:37:33 +00:00
|
|
|
|
Contextual markers and comments for translatable strings
|
2016-01-03 10:56:22 +00:00
|
|
|
|
--------------------------------------------------------
|
2010-11-04 10:48:27 +00:00
|
|
|
|
|
|
|
|
|
For translation strings with ambiguous meaning, you can now
|
|
|
|
|
use the ``pgettext`` function to specify the context of the string.
|
|
|
|
|
|
2010-11-17 15:37:33 +00:00
|
|
|
|
And if you just want to add some information for translators, you
|
|
|
|
|
can also add special translator comments in the source.
|
|
|
|
|
|
|
|
|
|
For more information, see :ref:`contextual-markers` and
|
|
|
|
|
:ref:`translator-comments`.
|
2010-11-04 10:48:27 +00:00
|
|
|
|
|
2011-03-06 07:14:32 +00:00
|
|
|
|
Improvements to built-in template tags
|
2016-01-03 10:56:22 +00:00
|
|
|
|
--------------------------------------
|
2011-03-06 07:14:32 +00:00
|
|
|
|
|
|
|
|
|
A number of improvements have been made to Django's built-in template tags:
|
|
|
|
|
|
2011-10-14 00:12:01 +00:00
|
|
|
|
* The :ttag:`include` tag now accepts a ``with`` option, allowing
|
|
|
|
|
you to specify context variables to the included template
|
2011-03-06 07:14:32 +00:00
|
|
|
|
|
2011-10-14 00:12:01 +00:00
|
|
|
|
* The :ttag:`include` tag now accepts an ``only`` option, allowing
|
|
|
|
|
you to exclude the current context from the included context
|
2011-03-06 07:14:32 +00:00
|
|
|
|
|
2011-10-14 00:12:01 +00:00
|
|
|
|
* The :ttag:`with` tag now allows you to define multiple context
|
|
|
|
|
variables in a single :ttag:`with` block.
|
2011-03-06 07:14:32 +00:00
|
|
|
|
|
2011-10-14 00:12:01 +00:00
|
|
|
|
* The :ttag:`load` tag now accepts a ``from`` argument, allowing
|
|
|
|
|
you to load a single tag or filter from a library.
|
2011-03-06 07:14:32 +00:00
|
|
|
|
|
2010-12-07 13:57:01 +00:00
|
|
|
|
TemplateResponse
|
2016-01-03 10:56:22 +00:00
|
|
|
|
----------------
|
2010-12-07 13:57:01 +00:00
|
|
|
|
|
|
|
|
|
It can sometimes be beneficial to allow decorators or middleware to
|
|
|
|
|
modify a response *after* it has been constructed by the view. For
|
|
|
|
|
example, you may want to change the template that is used, or put
|
|
|
|
|
additional data into the context.
|
|
|
|
|
|
|
|
|
|
However, you can't (easily) modify the content of a basic
|
|
|
|
|
:class:`~django.http.HttpResponse` after it has been constructed. To
|
|
|
|
|
overcome this limitation, Django 1.3 adds a new
|
2011-03-22 20:12:17 +00:00
|
|
|
|
:class:`~django.template.response.TemplateResponse` class. Unlike basic
|
2010-12-07 13:57:01 +00:00
|
|
|
|
:class:`~django.http.HttpResponse` objects,
|
2011-03-22 20:12:17 +00:00
|
|
|
|
:class:`~django.template.response.TemplateResponse` objects retain the details
|
2010-12-07 13:57:01 +00:00
|
|
|
|
of the template and context that was provided by the view to compute
|
|
|
|
|
the response. The final output of the response is not computed until
|
|
|
|
|
it is needed, later in the response process.
|
|
|
|
|
|
2011-01-14 08:31:14 +00:00
|
|
|
|
For more details, see the :doc:`documentation </ref/template-response>`
|
2011-03-22 20:12:17 +00:00
|
|
|
|
on the :class:`~django.template.response.TemplateResponse` class.
|
2010-12-07 13:57:01 +00:00
|
|
|
|
|
2010-12-21 15:19:19 +00:00
|
|
|
|
Caching changes
|
2016-01-03 10:56:22 +00:00
|
|
|
|
---------------
|
2010-12-21 15:19:19 +00:00
|
|
|
|
|
|
|
|
|
Django 1.3 sees the introduction of several improvements to the
|
|
|
|
|
Django's caching infrastructure.
|
|
|
|
|
|
|
|
|
|
Firstly, Django now supports multiple named caches. In the same way
|
|
|
|
|
that Django 1.2 introduced support for multiple database connections,
|
|
|
|
|
Django 1.3 allows you to use the new :setting:`CACHES` setting to
|
|
|
|
|
define multiple named cache connections.
|
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
Secondly, :ref:`versioning <cache_versioning>`, :ref:`site-wide
|
2010-12-21 15:19:19 +00:00
|
|
|
|
prefixing <cache_key_prefixing>` and :ref:`transformation
|
2011-03-22 06:57:12 +00:00
|
|
|
|
<cache_key_transformation>` have been added to the cache API.
|
2010-12-21 15:19:19 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
Thirdly, :ref:`cache key creation <using-vary-headers>` has been
|
|
|
|
|
updated to take the request query string into account on ``GET``
|
|
|
|
|
requests.
|
2011-03-02 12:47:36 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
Finally, support for pylibmc_ has been added to the memcached cache
|
2010-12-21 15:19:19 +00:00
|
|
|
|
backend.
|
|
|
|
|
|
2011-01-14 08:31:14 +00:00
|
|
|
|
For more details, see the :doc:`documentation on
|
|
|
|
|
caching in Django</topics/cache>`.
|
2010-12-21 15:19:19 +00:00
|
|
|
|
|
|
|
|
|
.. _pylibmc: http://sendapatch.se/projects/pylibmc/
|
|
|
|
|
|
2010-12-21 19:18:12 +00:00
|
|
|
|
Permissions for inactive users
|
2016-01-03 10:56:22 +00:00
|
|
|
|
------------------------------
|
2010-12-21 19:18:12 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
If you provide a custom auth backend with ``supports_inactive_user``
|
|
|
|
|
set to ``True``, an inactive ``User`` instance will check the backend
|
|
|
|
|
for permissions. This is useful for further centralizing the
|
2012-12-28 19:00:11 +00:00
|
|
|
|
permission handling. See the :doc:`authentication docs </topics/auth/index>`
|
2011-03-22 06:57:12 +00:00
|
|
|
|
for more details.
|
2010-12-21 19:18:12 +00:00
|
|
|
|
|
2010-12-22 00:21:35 +00:00
|
|
|
|
GeoDjango
|
2016-01-03 10:56:22 +00:00
|
|
|
|
---------
|
2010-12-22 00:21:35 +00:00
|
|
|
|
|
|
|
|
|
The GeoDjango test suite is now included when
|
|
|
|
|
:ref:`running the Django test suite <running-unit-tests>` with ``runtests.py``
|
|
|
|
|
when using :ref:`spatial database backends <spatial-backends>`.
|
|
|
|
|
|
2011-05-29 17:41:04 +00:00
|
|
|
|
:setting:`MEDIA_URL` and :setting:`STATIC_URL` must end in a slash
|
2016-01-03 10:56:22 +00:00
|
|
|
|
------------------------------------------------------------------
|
2011-01-02 01:33:11 +00:00
|
|
|
|
|
2011-03-22 20:12:17 +00:00
|
|
|
|
Previously, the :setting:`MEDIA_URL` setting only required a trailing slash if
|
|
|
|
|
it contained a suffix beyond the domain name.
|
2011-01-02 01:33:11 +00:00
|
|
|
|
|
2011-03-22 20:12:17 +00:00
|
|
|
|
A trailing slash is now *required* for :setting:`MEDIA_URL` and the new
|
|
|
|
|
:setting:`STATIC_URL` setting as long as it is not blank. This ensures there is
|
2011-01-02 01:33:11 +00:00
|
|
|
|
a consistent way to combine paths in templates.
|
|
|
|
|
|
|
|
|
|
Project settings which provide either of both settings without a trailing
|
2011-03-22 06:57:12 +00:00
|
|
|
|
slash will now raise a ``PendingDeprecationWarning``.
|
2011-01-02 01:33:11 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
In Django 1.4 this same condition will raise ``DeprecationWarning``,
|
|
|
|
|
and in Django 1.5 will raise an ``ImproperlyConfigured`` exception.
|
2011-01-02 01:33:11 +00:00
|
|
|
|
|
2010-10-13 12:07:27 +00:00
|
|
|
|
Everything else
|
2016-01-03 10:56:22 +00:00
|
|
|
|
---------------
|
2010-10-13 12:07:27 +00:00
|
|
|
|
|
|
|
|
|
Django :doc:`1.1 <1.1>` and :doc:`1.2 <1.2>` added
|
|
|
|
|
lots of big ticket items to Django, like multiple-database support,
|
|
|
|
|
model validation, and a session-based messages framework. However,
|
|
|
|
|
this focus on big features came at the cost of lots of smaller
|
|
|
|
|
features.
|
|
|
|
|
|
|
|
|
|
To compensate for this, the focus of the Django 1.3 development
|
|
|
|
|
process has been on adding lots of smaller, long standing feature
|
|
|
|
|
requests. These include:
|
|
|
|
|
|
2011-03-22 20:12:17 +00:00
|
|
|
|
* Improved tools for accessing and manipulating the current
|
|
|
|
|
:class:`~django.contrib.sites.models.Site` object in
|
|
|
|
|
:doc:`the sites framework </ref/contrib/sites>`.
|
2010-10-13 12:07:27 +00:00
|
|
|
|
|
2013-09-09 08:59:47 +00:00
|
|
|
|
* A :class:`~django.test.RequestFactory` for mocking requests
|
2011-03-22 06:57:12 +00:00
|
|
|
|
in tests.
|
2010-10-13 12:07:27 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
* A new test assertion --
|
2013-05-18 22:04:34 +00:00
|
|
|
|
:meth:`~django.test.TransactionTestCase.assertNumQueries` -- making it
|
2011-03-22 06:57:12 +00:00
|
|
|
|
easier to test the database activity associated with a view.
|
2010-10-13 12:07:27 +00:00
|
|
|
|
|
2011-03-22 20:12:17 +00:00
|
|
|
|
* Support for lookups spanning relations in admin's
|
|
|
|
|
:attr:`~django.contrib.admin.ModelAdmin.list_filter`.
|
2010-11-21 19:29:15 +00:00
|
|
|
|
|
2018-06-25 13:21:21 +00:00
|
|
|
|
* Support for HttpOnly_ cookies.
|
2010-11-26 13:30:50 +00:00
|
|
|
|
|
2011-03-22 20:12:17 +00:00
|
|
|
|
* :meth:`~django.core.mail.mail_admins()` and
|
|
|
|
|
:meth:`~django.core.mail.mail_managers()` now support easily attaching
|
|
|
|
|
HTML content to messages.
|
2010-12-06 14:21:51 +00:00
|
|
|
|
|
2011-03-22 20:12:17 +00:00
|
|
|
|
* :class:`~django.core.mail.EmailMessage` now supports CC's.
|
2010-12-19 15:01:45 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
* Error emails now include more of the detail and formatting of the
|
|
|
|
|
debug server error page.
|
2010-12-06 14:21:51 +00:00
|
|
|
|
|
2011-03-22 20:12:17 +00:00
|
|
|
|
* :meth:`~django.template.Library.simple_tag` now accepts a
|
|
|
|
|
``takes_context`` argument, making it easier to write simple
|
|
|
|
|
template tags that require access to template context.
|
2010-12-19 15:00:50 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
* A new :meth:`~django.shortcuts.render()` shortcut -- an alternative
|
2015-12-22 15:21:24 +00:00
|
|
|
|
to ``django.shortcuts.render_to_response()`` providing a
|
2011-03-22 06:57:12 +00:00
|
|
|
|
:class:`~django.template.RequestContext` by default.
|
2010-12-21 17:18:41 +00:00
|
|
|
|
|
2013-09-06 17:57:25 +00:00
|
|
|
|
* Support for combining :class:`F expressions <django.db.models.F>`
|
2018-07-31 15:32:38 +00:00
|
|
|
|
with ``timedelta`` values when retrieving or updating database values.
|
2010-12-22 03:34:04 +00:00
|
|
|
|
|
2020-06-15 07:44:08 +00:00
|
|
|
|
.. _HttpOnly: https://owasp.org/www-community/HttpOnly
|
2010-11-26 13:30:50 +00:00
|
|
|
|
|
2010-06-21 12:19:32 +00:00
|
|
|
|
.. _backwards-incompatible-changes-1.3:
|
|
|
|
|
|
|
|
|
|
Backwards-incompatible changes in 1.3
|
|
|
|
|
=====================================
|
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
CSRF validation now applies to AJAX requests
|
2016-01-03 10:56:22 +00:00
|
|
|
|
--------------------------------------------
|
2011-02-10 09:27:38 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
Prior to Django 1.2.5, Django's CSRF-prevention system exempted AJAX
|
|
|
|
|
requests from CSRF verification; due to `security issues`_ reported to
|
|
|
|
|
us, however, *all* requests are now subjected to CSRF
|
2011-03-22 14:35:14 +00:00
|
|
|
|
verification. Consult :doc:`the Django CSRF documentation
|
2014-10-31 22:39:46 +00:00
|
|
|
|
</ref/csrf>` for details on how to handle CSRF verification in
|
2011-03-22 06:57:12 +00:00
|
|
|
|
AJAX requests.
|
2011-02-10 09:27:38 +00:00
|
|
|
|
|
2012-03-13 17:53:31 +00:00
|
|
|
|
.. _security issues: https://www.djangoproject.com/weblog/2011/feb/08/security/
|
2011-03-22 14:35:14 +00:00
|
|
|
|
|
2011-02-10 11:55:24 +00:00
|
|
|
|
Restricted filters in admin interface
|
2016-01-03 10:56:22 +00:00
|
|
|
|
-------------------------------------
|
2011-02-10 11:55:24 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
Prior to Django 1.2.5, the Django administrative interface allowed
|
|
|
|
|
filtering on any model field or relation -- not just those specified
|
2011-04-17 20:46:48 +00:00
|
|
|
|
in ``list_filter`` -- via query string manipulation. Due to security
|
|
|
|
|
issues reported to us, however, query string lookup arguments in the
|
2011-03-22 06:57:12 +00:00
|
|
|
|
admin must be for fields or relations specified in ``list_filter`` or
|
|
|
|
|
``date_hierarchy``.
|
2011-02-10 09:27:38 +00:00
|
|
|
|
|
2011-05-10 00:19:02 +00:00
|
|
|
|
Deleting a model doesn't delete associated files
|
2016-01-03 10:56:22 +00:00
|
|
|
|
------------------------------------------------
|
2011-01-26 07:46:19 +00:00
|
|
|
|
|
|
|
|
|
In earlier Django versions, when a model instance containing a
|
|
|
|
|
:class:`~django.db.models.FileField` was deleted,
|
|
|
|
|
:class:`~django.db.models.FileField` took it upon itself to also delete the
|
|
|
|
|
file from the backend storage. This opened the door to several data-loss
|
|
|
|
|
scenarios, including rolled-back transactions and fields on different models
|
2011-05-10 00:19:02 +00:00
|
|
|
|
referencing the same file. In Django 1.3, when a model is deleted the
|
2013-08-05 16:23:26 +00:00
|
|
|
|
:class:`~django.db.models.FileField`’s ``delete()`` method won't be called. If
|
2013-01-01 13:12:42 +00:00
|
|
|
|
you need cleanup of orphaned files, you'll need to handle it yourself (for
|
2011-05-10 00:19:02 +00:00
|
|
|
|
instance, with a custom management command that can be run manually or
|
|
|
|
|
scheduled to run periodically via e.g. cron).
|
2011-01-26 07:46:19 +00:00
|
|
|
|
|
2010-08-06 14:25:58 +00:00
|
|
|
|
PasswordInput default rendering behavior
|
2016-01-03 10:56:22 +00:00
|
|
|
|
----------------------------------------
|
2010-08-06 14:25:58 +00:00
|
|
|
|
|
2010-11-12 16:12:38 +00:00
|
|
|
|
The :class:`~django.forms.PasswordInput` form widget, intended for use
|
|
|
|
|
with form fields which represent passwords, accepts a boolean keyword
|
|
|
|
|
argument ``render_value`` indicating whether to send its data back to
|
|
|
|
|
the browser when displaying a submitted form with errors. Prior to
|
|
|
|
|
Django 1.3, this argument defaulted to ``True``, meaning that the
|
|
|
|
|
submitted password would be sent back to the browser as part of the
|
|
|
|
|
form. Developers who wished to add a bit of additional security by
|
|
|
|
|
excluding that value from the redisplayed form could instantiate a
|
|
|
|
|
:class:`~django.forms.PasswordInput` passing ``render_value=False`` .
|
|
|
|
|
|
|
|
|
|
Due to the sensitive nature of passwords, however, Django 1.3 takes
|
|
|
|
|
this step automatically; the default value of ``render_value`` is now
|
|
|
|
|
``False``, and developers who want the password value returned to the
|
|
|
|
|
browser on a submission with errors (the previous behavior) must now
|
2010-11-12 16:35:40 +00:00
|
|
|
|
explicitly indicate this. For example::
|
2010-08-06 14:25:58 +00:00
|
|
|
|
|
|
|
|
|
class LoginForm(forms.Form):
|
|
|
|
|
username = forms.CharField(max_length=100)
|
2010-10-11 23:57:03 +00:00
|
|
|
|
password = forms.CharField(widget=forms.PasswordInput(render_value=True))
|
2010-06-21 12:19:32 +00:00
|
|
|
|
|
2010-10-01 02:02:58 +00:00
|
|
|
|
Clearable default widget for FileField
|
2016-01-03 10:56:22 +00:00
|
|
|
|
--------------------------------------
|
2010-10-01 02:02:58 +00:00
|
|
|
|
|
2011-03-22 20:12:17 +00:00
|
|
|
|
Django 1.3 now includes a :class:`~django.forms.ClearableFileInput` form widget
|
|
|
|
|
in addition to :class:`~django.forms.FileInput`. ``ClearableFileInput`` renders
|
|
|
|
|
with a checkbox to clear the field's value (if the field has a value and is not
|
|
|
|
|
required); ``FileInput`` provided no means for clearing an existing file from
|
|
|
|
|
a ``FileField``.
|
2010-10-01 02:02:58 +00:00
|
|
|
|
|
|
|
|
|
``ClearableFileInput`` is now the default widget for a ``FileField``, so
|
|
|
|
|
existing forms including ``FileField`` without assigning a custom widget will
|
|
|
|
|
need to account for the possible extra checkbox in the rendered form output.
|
|
|
|
|
|
|
|
|
|
To return to the previous rendering (without the ability to clear the
|
|
|
|
|
``FileField``), use the ``FileInput`` widget in place of
|
|
|
|
|
``ClearableFileInput``. For instance, in a ``ModelForm`` for a hypothetical
|
|
|
|
|
``Document`` model with a ``FileField`` named ``document``::
|
|
|
|
|
|
|
|
|
|
from django import forms
|
|
|
|
|
from myapp.models import Document
|
|
|
|
|
|
2023-02-28 19:53:28 +00:00
|
|
|
|
|
2010-10-01 02:02:58 +00:00
|
|
|
|
class DocumentForm(forms.ModelForm):
|
|
|
|
|
class Meta:
|
|
|
|
|
model = Document
|
2023-02-28 19:53:28 +00:00
|
|
|
|
widgets = {"document": forms.FileInput}
|
2010-10-01 02:02:58 +00:00
|
|
|
|
|
2010-10-28 11:56:37 +00:00
|
|
|
|
New index on database session table
|
2016-01-03 10:56:22 +00:00
|
|
|
|
-----------------------------------
|
2010-10-28 11:56:37 +00:00
|
|
|
|
|
|
|
|
|
Prior to Django 1.3, the database table used by the database backend
|
|
|
|
|
for the :doc:`sessions </topics/http/sessions>` app had no index on
|
|
|
|
|
the ``expire_date`` column. As a result, date-based queries on the
|
|
|
|
|
session table -- such as the query that is needed to purge old
|
|
|
|
|
sessions -- would be very slow if there were lots of sessions.
|
|
|
|
|
|
|
|
|
|
If you have an existing project that is using the database session
|
|
|
|
|
backend, you don't have to do anything to accommodate this change.
|
|
|
|
|
However, you may get a significant performance boost if you manually
|
|
|
|
|
add the new index to the session table. The SQL that will add the
|
2023-01-23 20:29:05 +00:00
|
|
|
|
index can be found by running the ``sqlindexes`` admin command:
|
|
|
|
|
|
|
|
|
|
.. code-block:: shell
|
2010-10-28 11:56:37 +00:00
|
|
|
|
|
|
|
|
|
python manage.py sqlindexes sessions
|
|
|
|
|
|
2010-10-28 12:36:51 +00:00
|
|
|
|
No more naughty words
|
2016-01-03 10:56:22 +00:00
|
|
|
|
---------------------
|
2010-10-28 12:36:51 +00:00
|
|
|
|
|
|
|
|
|
Django has historically provided (and enforced) a list of profanities.
|
2014-03-21 11:05:36 +00:00
|
|
|
|
The comments app has enforced this list of profanities, preventing people from
|
|
|
|
|
submitting comments that contained one of those profanities.
|
2010-10-28 12:36:51 +00:00
|
|
|
|
|
|
|
|
|
Unfortunately, the technique used to implement this profanities list
|
2011-03-22 06:57:12 +00:00
|
|
|
|
was woefully naive, and prone to the `Scunthorpe problem`_. Improving
|
|
|
|
|
the built-in filter to fix this problem would require significant
|
|
|
|
|
effort, and since natural language processing isn't the normal domain
|
|
|
|
|
of a web framework, we have "fixed" the problem by making the list of
|
2010-10-28 12:36:51 +00:00
|
|
|
|
prohibited words an empty list.
|
|
|
|
|
|
|
|
|
|
If you want to restore the old behavior, simply put a
|
2014-03-21 11:05:36 +00:00
|
|
|
|
``PROFANITIES_LIST`` setting in your settings file that includes the
|
2021-04-27 18:50:49 +00:00
|
|
|
|
words that you want to prohibit (see the :commit:`commit that implemented this
|
|
|
|
|
change <edd767d2612d891a906268cf590571f541dd164f>` if you want to see the list
|
|
|
|
|
of words that was historically prohibited). However, if avoiding profanities is
|
|
|
|
|
important to you, you would be well advised to seek out a better, less naive
|
|
|
|
|
approach to the problem.
|
2010-10-28 12:36:51 +00:00
|
|
|
|
|
2015-08-08 10:02:32 +00:00
|
|
|
|
.. _Scunthorpe problem: https://en.wikipedia.org/wiki/Scunthorpe_problem
|
2010-10-28 12:36:51 +00:00
|
|
|
|
|
2010-11-01 00:52:58 +00:00
|
|
|
|
Localflavor changes
|
2016-01-03 10:56:22 +00:00
|
|
|
|
-------------------
|
2010-11-01 00:52:58 +00:00
|
|
|
|
|
|
|
|
|
Django 1.3 introduces the following backwards-incompatible changes to
|
|
|
|
|
local flavors:
|
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
* Canada (ca) -- The province "Newfoundland and Labrador" has had its
|
|
|
|
|
province code updated to "NL", rather than the older "NF". In
|
|
|
|
|
addition, the Yukon Territory has had its province code corrected to
|
|
|
|
|
"YT", instead of "YK".
|
2010-11-01 00:52:58 +00:00
|
|
|
|
|
2011-03-22 14:35:14 +00:00
|
|
|
|
* Indonesia (id) -- The province "Nanggroe Aceh Darussalam (NAD)" has
|
|
|
|
|
been removed from the province list in favor of the new official
|
|
|
|
|
designation "Aceh (ACE)".
|
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
* United States of America (us) -- The list of "states" used by
|
|
|
|
|
``USStateField`` has expanded to include Armed Forces postal
|
|
|
|
|
codes. This is backwards-incompatible if you were relying on
|
|
|
|
|
``USStateField`` not including them.
|
2011-03-17 00:59:30 +00:00
|
|
|
|
|
2010-11-21 17:27:01 +00:00
|
|
|
|
FormSet updates
|
2016-01-03 10:56:22 +00:00
|
|
|
|
---------------
|
2010-11-21 17:27:01 +00:00
|
|
|
|
|
|
|
|
|
In Django 1.3 ``FormSet`` creation behavior is modified slightly. Historically
|
|
|
|
|
the class didn't make a distinction between not being passed data and being
|
|
|
|
|
passed empty dictionary. This was inconsistent with behavior in other parts of
|
|
|
|
|
the framework. Starting with 1.3 if you pass in empty dictionary the
|
|
|
|
|
``FormSet`` will raise a ``ValidationError``.
|
|
|
|
|
|
2023-01-23 20:29:05 +00:00
|
|
|
|
For example with a ``FormSet``:
|
|
|
|
|
|
|
|
|
|
.. code-block:: pycon
|
2010-11-21 17:27:01 +00:00
|
|
|
|
|
|
|
|
|
>>> class ArticleForm(Form):
|
|
|
|
|
... title = CharField()
|
|
|
|
|
... pub_date = DateField()
|
2023-02-28 19:53:28 +00:00
|
|
|
|
...
|
2010-11-21 17:27:01 +00:00
|
|
|
|
>>> ArticleFormSet = formset_factory(ArticleForm)
|
|
|
|
|
|
2023-01-23 20:29:05 +00:00
|
|
|
|
the following code will raise a ``ValidationError``:
|
|
|
|
|
|
|
|
|
|
.. code-block:: pycon
|
2010-11-21 17:27:01 +00:00
|
|
|
|
|
|
|
|
|
>>> ArticleFormSet({})
|
|
|
|
|
Traceback (most recent call last):
|
|
|
|
|
...
|
|
|
|
|
ValidationError: [u'ManagementForm data is missing or has been tampered with']
|
|
|
|
|
|
|
|
|
|
if you need to instantiate an empty ``FormSet``, don't pass in the data or use
|
2023-01-23 20:29:05 +00:00
|
|
|
|
``None``:
|
|
|
|
|
|
|
|
|
|
.. code-block:: pycon
|
2010-11-21 17:27:01 +00:00
|
|
|
|
|
|
|
|
|
>>> formset = ArticleFormSet()
|
|
|
|
|
>>> formset = ArticleFormSet(data=None)
|
|
|
|
|
|
2011-01-13 13:47:21 +00:00
|
|
|
|
Callables in templates
|
2016-01-03 10:56:22 +00:00
|
|
|
|
----------------------
|
2011-01-13 13:47:21 +00:00
|
|
|
|
|
|
|
|
|
Previously, a callable in a template would only be called automatically as part
|
|
|
|
|
of the variable resolution process if it was retrieved via attribute
|
|
|
|
|
lookup. This was an inconsistency that could result in confusing and unhelpful
|
2023-01-23 20:29:05 +00:00
|
|
|
|
behavior:
|
|
|
|
|
|
|
|
|
|
.. code-block:: pycon
|
2011-01-13 13:47:21 +00:00
|
|
|
|
|
2023-02-28 19:53:28 +00:00
|
|
|
|
>>> Template("{{ user.get_full_name }}").render(Context({"user": user}))
|
2011-01-13 13:47:21 +00:00
|
|
|
|
u'Joe Bloggs'
|
2023-02-28 19:53:28 +00:00
|
|
|
|
>>> Template("{{ full_name }}").render(Context({"full_name": user.get_full_name}))
|
2011-01-13 13:47:21 +00:00
|
|
|
|
u'<bound method User.get_full_name of <...
|
|
|
|
|
|
|
|
|
|
This has been resolved in Django 1.3 - the result in both cases will be ``u'Joe
|
2011-05-13 04:33:42 +00:00
|
|
|
|
Bloggs'``. Although the previous behavior was not useful for a template language
|
2011-01-13 13:47:21 +00:00
|
|
|
|
designed for web designers, and was never deliberately supported, it is possible
|
|
|
|
|
that some templates may be broken by this change.
|
2010-11-01 00:52:58 +00:00
|
|
|
|
|
2011-01-18 16:43:01 +00:00
|
|
|
|
Use of custom SQL to load initial data in tests
|
2016-01-03 10:56:22 +00:00
|
|
|
|
-----------------------------------------------
|
2011-01-18 16:43:01 +00:00
|
|
|
|
|
|
|
|
|
Django provides a custom SQL hooks as a way to inject hand-crafted SQL
|
|
|
|
|
into the database synchronization process. One of the possible uses
|
|
|
|
|
for this custom SQL is to insert data into your database. If your
|
|
|
|
|
custom SQL contains ``INSERT`` statements, those insertions will be
|
|
|
|
|
performed every time your database is synchronized. This includes the
|
|
|
|
|
synchronization of any test databases that are created when you run a
|
|
|
|
|
test suite.
|
|
|
|
|
|
|
|
|
|
However, in the process of testing the Django 1.3, it was discovered
|
|
|
|
|
that this feature has never completely worked as advertised. When
|
|
|
|
|
using database backends that don't support transactions, or when using
|
|
|
|
|
a TransactionTestCase, data that has been inserted using custom SQL
|
|
|
|
|
will not be visible during the testing process.
|
|
|
|
|
|
|
|
|
|
Unfortunately, there was no way to rectify this problem without
|
|
|
|
|
introducing a backwards incompatibility. Rather than leave
|
|
|
|
|
SQL-inserted initial data in an uncertain state, Django now enforces
|
|
|
|
|
the policy that data inserted by custom SQL will *not* be visible
|
|
|
|
|
during testing.
|
|
|
|
|
|
|
|
|
|
This change only affects the testing process. You can still use custom
|
2014-12-26 17:34:26 +00:00
|
|
|
|
SQL to load data into your production database as part of the ``syncdb``
|
2011-01-18 16:43:01 +00:00
|
|
|
|
process. If you require data to exist during test conditions, you
|
|
|
|
|
should either insert it using :ref:`test fixtures
|
|
|
|
|
<topics-testing-fixtures>`, or using the ``setUp()`` method of your
|
|
|
|
|
test case.
|
|
|
|
|
|
2011-02-07 18:48:40 +00:00
|
|
|
|
Changed priority of translation loading
|
2016-01-03 10:56:22 +00:00
|
|
|
|
---------------------------------------
|
2011-02-07 18:48:40 +00:00
|
|
|
|
|
2011-03-14 13:53:45 +00:00
|
|
|
|
Work has been done to simplify, rationalize and properly document the algorithm
|
2011-03-23 08:48:18 +00:00
|
|
|
|
used by Django at runtime to build translations from the different translations
|
2011-03-14 13:53:45 +00:00
|
|
|
|
found on disk, namely:
|
2011-02-07 18:48:40 +00:00
|
|
|
|
|
|
|
|
|
For translatable literals found in Python code and templates (``'django'``
|
|
|
|
|
gettext domain):
|
|
|
|
|
|
2011-10-14 00:12:01 +00:00
|
|
|
|
* Priorities of translations included with applications listed in the
|
|
|
|
|
:setting:`INSTALLED_APPS` setting were changed. To provide a behavior
|
|
|
|
|
consistent with other parts of Django that also use such setting (templates,
|
|
|
|
|
etc.) now, when building the translation that will be made available, the
|
|
|
|
|
apps listed first have higher precedence than the ones listed later.
|
|
|
|
|
|
|
|
|
|
* Now it is possible to override the translations shipped with applications by
|
|
|
|
|
using the :setting:`LOCALE_PATHS` setting whose translations have now higher
|
|
|
|
|
precedence than the translations of :setting:`INSTALLED_APPS` applications.
|
|
|
|
|
The relative priority among the values listed in this setting has also been
|
|
|
|
|
modified so the paths listed first have higher precedence than the
|
|
|
|
|
ones listed later.
|
|
|
|
|
|
|
|
|
|
* The ``locale`` subdirectory of the directory containing the settings, that
|
2012-09-06 11:00:16 +00:00
|
|
|
|
usually coincides with and is known as the *project directory* is being
|
2011-10-14 00:12:01 +00:00
|
|
|
|
deprecated in this release as a source of translations. (the precedence of
|
|
|
|
|
these translations is intermediate between applications and :setting:`LOCALE_PATHS`
|
|
|
|
|
translations). See the `corresponding deprecated features section`_
|
|
|
|
|
of this document.
|
2011-02-07 18:48:40 +00:00
|
|
|
|
|
2015-04-30 19:39:29 +00:00
|
|
|
|
For translatable literals found in JavaScript code (``'djangojs'`` gettext
|
2011-02-07 18:48:40 +00:00
|
|
|
|
domain):
|
|
|
|
|
|
2011-10-14 00:12:01 +00:00
|
|
|
|
* Similarly to the ``'django'`` domain translations: Overriding of
|
|
|
|
|
translations shipped with applications by using the :setting:`LOCALE_PATHS`
|
|
|
|
|
setting is now possible for this domain too. These translations have higher
|
|
|
|
|
precedence than the translations of Python packages passed to the
|
2017-09-08 04:19:48 +00:00
|
|
|
|
``javascript_catalog()`` view. Paths listed first have higher precedence than
|
|
|
|
|
the ones listed later.
|
2011-02-07 18:48:40 +00:00
|
|
|
|
|
2011-10-14 00:12:01 +00:00
|
|
|
|
* Translations under the ``locale`` subdirectory of the *project directory*
|
|
|
|
|
have never been taken in account for JavaScript translations and remain in
|
|
|
|
|
the same situation considering the deprecation of such location.
|
2011-02-07 18:48:40 +00:00
|
|
|
|
|
2011-03-14 13:53:45 +00:00
|
|
|
|
.. _corresponding deprecated features section: loading_of_project_level_translations_
|
2011-02-07 18:48:40 +00:00
|
|
|
|
|
2011-02-12 13:03:34 +00:00
|
|
|
|
Transaction management
|
2016-01-03 10:56:22 +00:00
|
|
|
|
----------------------
|
2011-02-12 13:03:34 +00:00
|
|
|
|
|
|
|
|
|
When using managed transactions -- that is, anything but the default
|
|
|
|
|
autocommit mode -- it is important when a transaction is marked as
|
2014-03-24 15:42:56 +00:00
|
|
|
|
"dirty". Dirty transactions are committed by the ``commit_on_success``
|
|
|
|
|
decorator or the ``django.middleware.transaction.TransactionMiddleware``, and
|
|
|
|
|
``commit_manually`` forces them to be closed explicitly; clean transactions
|
|
|
|
|
"get a pass", which means they are usually rolled back at the end of a request
|
|
|
|
|
when the connection is closed.
|
2011-02-12 13:03:34 +00:00
|
|
|
|
|
|
|
|
|
Until Django 1.3, transactions were only marked dirty when Django was
|
|
|
|
|
aware of a modifying operation performed in them; that is, either some
|
|
|
|
|
model was saved, some bulk update or delete was performed, or the user
|
|
|
|
|
explicitly called ``transaction.set_dirty()``. In Django 1.3, a
|
|
|
|
|
transaction is marked dirty when *any* database operation is
|
|
|
|
|
performed.
|
|
|
|
|
|
|
|
|
|
As a result of this change, you no longer need to set a transaction
|
|
|
|
|
dirty explicitly when you execute raw SQL or use a data-modifying
|
|
|
|
|
``SELECT``. However, you *do* need to explicitly close any read-only
|
2015-04-03 00:35:15 +00:00
|
|
|
|
transactions that are being managed using ``commit_manually()``. For example::
|
2011-02-12 13:03:34 +00:00
|
|
|
|
|
|
|
|
|
@transaction.commit_manually
|
|
|
|
|
def my_view(request, name):
|
2011-03-22 14:35:14 +00:00
|
|
|
|
obj = get_object_or_404(MyObject, name__iexact=name)
|
2023-02-28 19:53:28 +00:00
|
|
|
|
return render_to_response("template", {"object": obj})
|
2011-02-12 13:03:34 +00:00
|
|
|
|
|
|
|
|
|
Prior to Django 1.3, this would work without error. However, under
|
2011-03-22 20:12:17 +00:00
|
|
|
|
Django 1.3, this will raise a
|
|
|
|
|
:class:`~django.db.transaction.TransactionManagementError` because
|
2011-02-12 13:03:34 +00:00
|
|
|
|
the read operation that retrieves the ``MyObject`` instance leaves the
|
|
|
|
|
transaction in a dirty state.
|
|
|
|
|
|
2011-03-14 22:49:14 +00:00
|
|
|
|
No password reset for inactive users
|
2016-01-03 10:56:22 +00:00
|
|
|
|
------------------------------------
|
2011-03-14 22:49:14 +00:00
|
|
|
|
|
|
|
|
|
Prior to Django 1.3, inactive users were able to request a password reset email
|
|
|
|
|
and reset their password. In Django 1.3 inactive users will receive the same
|
|
|
|
|
message as a nonexistent account.
|
|
|
|
|
|
2013-07-08 19:01:37 +00:00
|
|
|
|
Password reset view now accepts ``from_email``
|
2016-01-03 10:56:22 +00:00
|
|
|
|
----------------------------------------------
|
2013-07-08 19:01:37 +00:00
|
|
|
|
|
2017-09-02 23:24:18 +00:00
|
|
|
|
The ``django.contrib.auth.views.password_reset()`` view now accepts a
|
2013-08-05 16:23:26 +00:00
|
|
|
|
``from_email`` parameter, which is passed to the ``password_reset_form``’s
|
2013-07-08 19:01:37 +00:00
|
|
|
|
``save()`` method as a keyword argument. If you are using this view with a
|
|
|
|
|
custom password reset form, then you will need to ensure your form's ``save()``
|
|
|
|
|
method accepts this keyword argument.
|
|
|
|
|
|
2010-08-28 02:40:57 +00:00
|
|
|
|
.. _deprecated-features-1.3:
|
2010-06-21 12:19:32 +00:00
|
|
|
|
|
|
|
|
|
Features deprecated in 1.3
|
|
|
|
|
==========================
|
|
|
|
|
|
2010-08-28 02:40:57 +00:00
|
|
|
|
Django 1.3 deprecates some features from earlier releases.
|
|
|
|
|
These features are still supported, but will be gradually phased out
|
|
|
|
|
over the next few release cycles.
|
2010-06-21 12:19:32 +00:00
|
|
|
|
|
2010-08-28 02:40:57 +00:00
|
|
|
|
Code taking advantage of any of the features below will raise a
|
|
|
|
|
``PendingDeprecationWarning`` in Django 1.3. This warning will be
|
2011-09-04 21:17:30 +00:00
|
|
|
|
silent by default, but may be turned on using Python's :mod:`warnings`
|
2013-03-22 09:50:45 +00:00
|
|
|
|
module, or by running Python with a ``-Wd`` or ``-Wall`` flag.
|
2010-08-28 02:40:57 +00:00
|
|
|
|
|
|
|
|
|
In Django 1.4, these warnings will become a ``DeprecationWarning``,
|
|
|
|
|
which is *not* silent. In Django 1.5 support for these features will
|
|
|
|
|
be removed entirely.
|
|
|
|
|
|
|
|
|
|
.. seealso::
|
|
|
|
|
|
|
|
|
|
For more details, see the documentation :doc:`Django's release process
|
|
|
|
|
</internals/release-process>` and our :doc:`deprecation timeline
|
2010-11-17 01:57:23 +00:00
|
|
|
|
</internals/deprecation>`.
|
2010-08-28 02:40:57 +00:00
|
|
|
|
|
|
|
|
|
``mod_python`` support
|
2016-01-03 10:56:22 +00:00
|
|
|
|
----------------------
|
2010-08-28 02:40:57 +00:00
|
|
|
|
|
|
|
|
|
The ``mod_python`` library has not had a release since 2007 or a commit since
|
|
|
|
|
2008. The Apache Foundation board voted to remove ``mod_python`` from the set
|
|
|
|
|
of active projects in its version control repositories, and its lead developer
|
|
|
|
|
has shifted all of his efforts toward the lighter, slimmer, more stable, and
|
|
|
|
|
more flexible ``mod_wsgi`` backend.
|
|
|
|
|
|
2010-11-22 12:13:18 +00:00
|
|
|
|
If you are currently using the ``mod_python`` request handler, you
|
|
|
|
|
should redeploy your Django projects using another request handler.
|
2011-10-22 04:30:10 +00:00
|
|
|
|
:doc:`mod_wsgi </howto/deployment/wsgi/modwsgi>` is the request handler
|
2014-11-19 17:21:49 +00:00
|
|
|
|
recommended by the Django project, but FastCGI is also supported. Support for
|
2010-11-22 12:13:18 +00:00
|
|
|
|
``mod_python`` deployment will be removed in Django 1.5.
|
2010-06-21 12:19:32 +00:00
|
|
|
|
|
2010-10-18 13:34:47 +00:00
|
|
|
|
Function-based generic views
|
2016-01-03 10:56:22 +00:00
|
|
|
|
----------------------------
|
2010-10-18 13:34:47 +00:00
|
|
|
|
|
|
|
|
|
As a result of the introduction of class-based generic views, the
|
|
|
|
|
function-based generic views provided by Django have been deprecated.
|
|
|
|
|
The following modules and the views they contain have been deprecated:
|
|
|
|
|
|
2012-12-29 15:35:12 +00:00
|
|
|
|
* ``django.views.generic.create_update``
|
|
|
|
|
* ``django.views.generic.date_based``
|
|
|
|
|
* ``django.views.generic.list_detail``
|
|
|
|
|
* ``django.views.generic.simple``
|
2010-10-18 13:34:47 +00:00
|
|
|
|
|
2010-10-10 02:16:33 +00:00
|
|
|
|
Test client response ``template`` attribute
|
2016-01-03 10:56:22 +00:00
|
|
|
|
-------------------------------------------
|
2010-10-10 02:16:33 +00:00
|
|
|
|
|
|
|
|
|
Django's :ref:`test client <test-client>` returns
|
2013-09-09 08:59:47 +00:00
|
|
|
|
:class:`~django.test.Response` objects annotated with extra testing
|
2012-12-29 15:35:12 +00:00
|
|
|
|
information. In Django versions prior to 1.3, this included a ``template``
|
|
|
|
|
attribute containing information about templates rendered in generating the
|
|
|
|
|
response: either None, a single :class:`~django.template.Template` object, or a
|
|
|
|
|
list of :class:`~django.template.Template` objects. This inconsistency in
|
|
|
|
|
return values (sometimes a list, sometimes not) made the attribute difficult
|
|
|
|
|
to work with.
|
|
|
|
|
|
|
|
|
|
In Django 1.3 the ``template`` attribute is deprecated in favor of a new
|
2013-09-09 08:59:47 +00:00
|
|
|
|
:attr:`~django.test.Response.templates` attribute, which is always a
|
2012-12-29 15:35:12 +00:00
|
|
|
|
list, even if it has only a single element or no elements.
|
2010-10-12 07:53:37 +00:00
|
|
|
|
|
|
|
|
|
``DjangoTestRunner``
|
2016-01-03 10:56:22 +00:00
|
|
|
|
--------------------
|
2010-10-12 07:53:37 +00:00
|
|
|
|
|
2018-07-31 15:32:38 +00:00
|
|
|
|
As a result of the introduction of support for ``unittest2``, the features
|
2012-12-29 15:35:12 +00:00
|
|
|
|
of ``django.test.simple.DjangoTestRunner`` (including fail-fast
|
2010-10-12 07:53:37 +00:00
|
|
|
|
and Ctrl-C test termination) have been made redundant. In view of this
|
2012-12-29 15:35:12 +00:00
|
|
|
|
redundancy, ``DjangoTestRunner`` has been turned into an empty placeholder
|
|
|
|
|
class, and will be removed entirely in Django 1.5.
|
2010-11-20 06:22:28 +00:00
|
|
|
|
|
2015-08-17 13:34:50 +00:00
|
|
|
|
Changes to ``url`` and ``ssi``
|
2016-01-03 10:56:22 +00:00
|
|
|
|
------------------------------
|
2010-11-20 06:22:28 +00:00
|
|
|
|
|
|
|
|
|
Most template tags will allow you to pass in either constants or
|
2023-01-23 20:29:05 +00:00
|
|
|
|
variables as arguments -- for example:
|
|
|
|
|
|
|
|
|
|
.. code-block:: html+django
|
2010-11-20 06:22:28 +00:00
|
|
|
|
|
|
|
|
|
{% extends "base.html" %}
|
|
|
|
|
|
|
|
|
|
allows you to specify a base template as a constant, but if you have a
|
2023-01-23 20:29:05 +00:00
|
|
|
|
context variable ``templ`` that contains the value ``base.html``:
|
|
|
|
|
|
|
|
|
|
.. code-block:: html+django
|
2010-11-20 06:22:28 +00:00
|
|
|
|
|
|
|
|
|
{% extends templ %}
|
|
|
|
|
|
|
|
|
|
is also legal.
|
|
|
|
|
|
2015-08-17 13:34:50 +00:00
|
|
|
|
However, due to an accident of history, the ``url`` and ``ssi`` are different.
|
|
|
|
|
These tags use the second, quoteless syntax, but interpret the argument as a
|
|
|
|
|
constant. This means it isn't possible to use a context variable as the target
|
|
|
|
|
of a ``url`` and ``ssi`` tag.
|
2010-11-20 06:22:28 +00:00
|
|
|
|
|
|
|
|
|
Django 1.3 marks the start of the process to correct this historical
|
|
|
|
|
accident. Django 1.3 adds a new template library -- ``future`` -- that
|
2015-08-17 13:34:50 +00:00
|
|
|
|
provides alternate implementations of the ``url`` and ``ssi``
|
2010-11-20 06:22:28 +00:00
|
|
|
|
template tags. This ``future`` library implement behavior that makes
|
|
|
|
|
the handling of the first argument consistent with the handling of all
|
2023-01-23 20:29:05 +00:00
|
|
|
|
other variables. So, an existing template that contains:
|
|
|
|
|
|
|
|
|
|
.. code-block:: html+django
|
2010-11-20 06:22:28 +00:00
|
|
|
|
|
|
|
|
|
{% url sample %}
|
|
|
|
|
|
2023-01-23 20:29:05 +00:00
|
|
|
|
should be replaced with:
|
|
|
|
|
|
|
|
|
|
.. code-block:: html+django
|
2010-11-20 06:22:28 +00:00
|
|
|
|
|
|
|
|
|
{% load url from future %}
|
|
|
|
|
{% url 'sample' %}
|
|
|
|
|
|
|
|
|
|
The tags implementing the old behavior have been deprecated, and in
|
|
|
|
|
Django 1.5, the old behavior will be replaced with the new behavior.
|
|
|
|
|
To ensure compatibility with future versions of Django, existing
|
|
|
|
|
templates should be modified to use the new ``future`` libraries and
|
|
|
|
|
syntax.
|
2010-12-02 00:44:35 +00:00
|
|
|
|
|
|
|
|
|
Changes to the login methods of the admin
|
2016-01-03 10:56:22 +00:00
|
|
|
|
-----------------------------------------
|
2010-12-02 00:44:35 +00:00
|
|
|
|
|
|
|
|
|
In previous version the admin app defined login methods in multiple locations
|
|
|
|
|
and ignored the almost identical implementation in the already used auth app.
|
|
|
|
|
A side effect of this duplication was the missing adoption of the changes made
|
2021-04-27 18:50:49 +00:00
|
|
|
|
in :commit:`r12634 <c8015052d935a99a5c8f96434b2d0cd16d8a4e14>` to support a
|
|
|
|
|
broader set of characters for usernames.
|
2010-12-02 00:44:35 +00:00
|
|
|
|
|
2011-03-23 08:48:18 +00:00
|
|
|
|
This release refactors the admin's login mechanism to use a subclass of the
|
2010-12-02 00:44:35 +00:00
|
|
|
|
:class:`~django.contrib.auth.forms.AuthenticationForm` instead of a manual
|
|
|
|
|
form validation. The previously undocumented method
|
|
|
|
|
``'django.contrib.admin.sites.AdminSite.display_login_form'`` has been removed
|
|
|
|
|
in favor of a new :attr:`~django.contrib.admin.AdminSite.login_form`
|
|
|
|
|
attribute.
|
|
|
|
|
|
2010-12-12 22:58:25 +00:00
|
|
|
|
``reset`` and ``sqlreset`` management commands
|
2016-01-03 10:56:22 +00:00
|
|
|
|
----------------------------------------------
|
2010-12-12 22:58:25 +00:00
|
|
|
|
|
|
|
|
|
Those commands have been deprecated. The ``flush`` and ``sqlflush`` commands
|
|
|
|
|
can be used to delete everything. You can also use ALTER TABLE or DROP TABLE
|
|
|
|
|
statements manually.
|
2010-12-22 00:21:35 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
GeoDjango
|
2016-01-03 10:56:22 +00:00
|
|
|
|
---------
|
2010-12-22 00:21:35 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
* The function-based :setting:`TEST_RUNNER` previously used to execute
|
2012-12-29 15:35:12 +00:00
|
|
|
|
the GeoDjango test suite, ``django.contrib.gis.tests.run_gis_tests``, was
|
|
|
|
|
deprecated for the class-based runner,
|
2013-05-11 03:08:45 +00:00
|
|
|
|
``django.contrib.gis.tests.GeoDjangoTestSuiteRunner``.
|
2010-12-22 17:43:30 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
* Previously, calling
|
|
|
|
|
:meth:`~django.contrib.gis.geos.GEOSGeometry.transform` would
|
|
|
|
|
silently do nothing when GDAL wasn't available. Now, a
|
|
|
|
|
:class:`~django.contrib.gis.geos.GEOSException` is properly raised
|
|
|
|
|
to indicate possible faulty application code. A warning is now
|
|
|
|
|
raised if :meth:`~django.contrib.gis.geos.GEOSGeometry.transform` is
|
|
|
|
|
called when the SRID of the geometry is less than 0 or ``None``.
|
2010-12-27 07:41:26 +00:00
|
|
|
|
|
|
|
|
|
``CZBirthNumberField.clean``
|
2016-01-03 10:56:22 +00:00
|
|
|
|
----------------------------
|
2010-12-27 07:41:26 +00:00
|
|
|
|
|
|
|
|
|
Previously this field's ``clean()`` method accepted a second, gender, argument
|
|
|
|
|
which allowed stronger validation checks to be made, however since this
|
|
|
|
|
argument could never actually be passed from the Django form machinery it is
|
|
|
|
|
now pending deprecation.
|
2011-01-24 20:35:46 +00:00
|
|
|
|
|
|
|
|
|
``CompatCookie``
|
2016-01-03 10:56:22 +00:00
|
|
|
|
----------------
|
2011-01-24 20:35:46 +00:00
|
|
|
|
|
|
|
|
|
Previously, ``django.http`` exposed an undocumented ``CompatCookie`` class,
|
2012-06-08 09:26:22 +00:00
|
|
|
|
which was a bugfix wrapper around the standard library ``SimpleCookie``. As the
|
2011-01-24 20:35:46 +00:00
|
|
|
|
fixes are moving upstream, this is now deprecated - you should use ``from
|
|
|
|
|
django.http import SimpleCookie`` instead.
|
2011-02-07 18:48:40 +00:00
|
|
|
|
|
2011-03-14 13:53:45 +00:00
|
|
|
|
.. _loading_of_project_level_translations:
|
2011-02-07 18:48:40 +00:00
|
|
|
|
|
2011-03-14 13:53:45 +00:00
|
|
|
|
Loading of *project-level* translations
|
2016-01-03 10:56:22 +00:00
|
|
|
|
---------------------------------------
|
2011-02-07 18:48:40 +00:00
|
|
|
|
|
|
|
|
|
This release of Django starts the deprecation process for inclusion of
|
2011-03-14 13:53:45 +00:00
|
|
|
|
translations located under the so-called *project path* in the translation
|
|
|
|
|
building process performed at runtime. The :setting:`LOCALE_PATHS` setting can
|
|
|
|
|
be used for the same task by adding the filesystem path to a ``locale``
|
|
|
|
|
directory containing project-level translations to the value of that setting.
|
2011-02-07 18:48:40 +00:00
|
|
|
|
|
|
|
|
|
Rationale for this decision:
|
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
* The *project path* has always been a loosely defined concept
|
|
|
|
|
(actually, the directory used for locating project-level
|
|
|
|
|
translations is the directory containing the settings module) and
|
|
|
|
|
there has been a shift in other parts of the framework to stop using
|
|
|
|
|
it as a reference for location of assets at runtime.
|
2011-02-07 18:48:40 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
* Detection of the ``locale`` subdirectory tends to fail when the
|
|
|
|
|
deployment scenario is more complex than the basic one. e.g. it
|
|
|
|
|
fails when the settings module is a directory (ticket #10765).
|
2011-02-07 18:48:40 +00:00
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
* There are potential strange development- and deployment-time
|
|
|
|
|
problems like the fact that the ``project_dir/locale/`` subdir can
|
|
|
|
|
generate spurious error messages when the project directory is added
|
|
|
|
|
to the Python path (``manage.py runserver`` does this) and then it
|
|
|
|
|
clashes with the equally named standard library module, this is a
|
2023-01-23 20:29:05 +00:00
|
|
|
|
typical warning message:
|
|
|
|
|
|
|
|
|
|
.. code-block:: pytb
|
2011-02-07 18:48:40 +00:00
|
|
|
|
|
2011-03-14 13:53:45 +00:00
|
|
|
|
/usr/lib/python2.6/gettext.py:49: ImportWarning: Not importing directory '/path/to/project/locale': missing __init__.py.
|
2011-02-07 18:48:40 +00:00
|
|
|
|
import locale, copy, os, re, struct, sys
|
|
|
|
|
|
2011-03-22 06:57:12 +00:00
|
|
|
|
* This location wasn't included in the translation building process
|
|
|
|
|
for JavaScript literals. This deprecation removes such
|
|
|
|
|
inconsistency.
|
2011-02-23 13:36:58 +00:00
|
|
|
|
|
|
|
|
|
``PermWrapper`` moved to ``django.contrib.auth.context_processors``
|
2016-01-03 10:56:22 +00:00
|
|
|
|
-------------------------------------------------------------------
|
2011-02-23 13:36:58 +00:00
|
|
|
|
|
|
|
|
|
In Django 1.2, we began the process of changing the location of the
|
|
|
|
|
``auth`` context processor from ``django.core.context_processors`` to
|
|
|
|
|
``django.contrib.auth.context_processors``. However, the
|
|
|
|
|
``PermWrapper`` support class was mistakenly omitted from that
|
|
|
|
|
migration. In Django 1.3, the ``PermWrapper`` class has also been
|
|
|
|
|
moved to ``django.contrib.auth.context_processors``, along with the
|
|
|
|
|
``PermLookupDict`` support class. The new classes are functionally
|
|
|
|
|
identical to their old versions; only the module location has changed.
|
2011-03-03 13:28:20 +00:00
|
|
|
|
|
|
|
|
|
Removal of ``XMLField``
|
2016-01-03 10:56:22 +00:00
|
|
|
|
-----------------------
|
2011-03-03 13:28:20 +00:00
|
|
|
|
|
2012-12-29 15:35:12 +00:00
|
|
|
|
When Django was first released, Django included an ``XMLField`` that performed
|
|
|
|
|
automatic XML validation for any field input. However, this validation function
|
|
|
|
|
hasn't been performed since the introduction of ``newforms``, prior to the 1.0
|
|
|
|
|
release. As a result, ``XMLField`` as currently implemented is functionally
|
2011-03-22 20:12:17 +00:00
|
|
|
|
indistinguishable from a simple :class:`~django.db.models.TextField`.
|
2011-03-03 13:28:20 +00:00
|
|
|
|
|
|
|
|
|
For this reason, Django 1.3 has fast-tracked the deprecation of
|
|
|
|
|
``XMLField`` -- instead of a two-release deprecation, ``XMLField``
|
|
|
|
|
will be removed entirely in Django 1.4.
|
|
|
|
|
|
|
|
|
|
It's easy to update your code to accommodate this change -- just
|
|
|
|
|
replace all uses of ``XMLField`` with ``TextField``, and remove the
|
|
|
|
|
``schema_path`` keyword argument (if it is specified).
|