mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-14 19:30:46 +00:00
Code Issues 32 Releases Wiki Activity
18,703 Commits 29 Branches 437 Tags
Commit Graph

1247 Commits

Author SHA1 Message Date
Tim Graham
ae49b4d994 [1.7.x] Prevented newlines from being accepted in some validators. 
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
 2015-07-08 07:35:43 -04:00
Carl Meyer
1828f4341e [1.7.x] Fixed #19324 -- Avoided creating a session record when loading the session. 
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
 2015-07-08 07:35:39 -04:00
Tim Graham
9eda28ac48 [1.7.x] Added security release note stubs. 2015-07-08 07:35:17 -04:00
Luke Plant
f23656cd1a [1.7.x] Corrected example code for get_query_set upgrade in 1.6 release notes 
The conditional setting of `get_query_set` is required for correct behaviour
if running Django 1.8. The full gory details are here:

http://lukeplant.me.uk/blog/posts/handling-django%27s-get_query_set-rename-is-hard/

Backport of f87e552d9842ff9591a9c51ebdb5f96e4dd54b00 from master
 2015-07-08 11:07:52 +01:00
Tim Graham
207da07d59 [1.7.x] Fixed #24903 -- Fixed assertRaisesMessage on Python 2.7.10. 
A regression found in in Python 2.7.10 rc1 wasn't reverted for the final
release: https://bugs.python.org/issue24134

Backport of two commits from master:
* c2bc1cefdcbbf074408f4a4cace88b315cf9d652
* e89c3a46035e9fe17c373a6c9cd63b9fd631d596
 2015-06-09 16:14:49 -04:00
Andriy Sokolovskiy
927d90ee1e [1.7.x] Fixed #24817 -- Prevented loss of null info in MySQL field renaming. 
Backport of 80ad5472ce4b6ba6e94227422d0727371e97cdf0 from master
 2015-05-28 10:26:27 -04:00
Tim Graham
57a0e7dda9 [1.7.x] Added dates to release notes. 
Backport of 06aaed41a4a9b8da8aca5854a45e457c0b72210e from master
 2015-05-01 16:25:20 -04:00
Claude Paroz
ada0845dda [1.7.x] Fixed #24595 -- Prevented loss of null info in MySQL field alteration 
Thanks Simon Percivall for the report, and Simon Charette and Tim
Graham for the reviews.
Backport of 02260ea3f61b from master.
 2015-04-17 10:48:13 +02:00
Anssi Kääriäinen
c3a9820251 [1.7.x] Fixed #24605 -- Fixed incorrect reference to alias in subquery. 
Thanks to charettes and priidukull for investigating the issue, and to
kurevin for the report.

Backport of 355c5edd9390caad5725375abca03460805f663b from master
 2015-04-16 09:32:23 -04:00
Simon Charette
ad63e70565 [1.7.x] Fixed typos in the 1.7.7 release notes. 
Backport of 28e89783254ac0899a26eee324555a9033ccbe9a from master
 2015-04-14 22:15:33 -04:00
Markus Holtermann
a5d79832fe [1.7.x] Fixed title in 1.7.8 release notes 
Refs d74903e4fb381576e5cb0cbfbd19555bcd255752

Backport of 825bb0ab08cec353edcd2b9aea651bfe9392ef97 from master
 2015-04-14 19:29:04 +02:00
peterfarrell
d74903e4fb [1.7.x] Fixed #24637 -- Fixed database introspection with SQLite 3.8.9. 
Backport of f8e8853b51476af1cc75a229dadc990c9ccf45ec from master
 2015-04-14 11:30:38 -04:00
Tim Graham
2a4113dbd5 [1.7.x] Made is_safe_url() reject URLs that start with control characters. 
This is a security fix; disclosure to follow shortly.
 2015-03-18 08:51:51 -04:00
Tim Graham
e63363f8e0 [1.7.x] Fixed an infinite loop possibility in strip_tags(). 
This is a security fix; disclosure to follow shortly.
 2015-03-18 08:51:21 -04:00
Tim Graham
26fd726274 [1.7.x] Added stub release notes for security releases. 2015-03-18 08:50:49 -04:00
Tim Graham
1189271371 [1.7.x] Refs #24487 -- Added upgrade tips about removal of SortedDict. 
Thanks Pascal Chambon for the initial patch.

Backport of c5c8751147d41913a05e86097ea29ccc9fc2e5be from master
 2015-03-17 13:42:57 -04:00
John Giannelos
cb48e192fb [1.7.x] Fixed #24427 -- Stopped writing migration files in dry run mode when merging. 
Also added display of migration to stdout when verbosity=3.

Backport of 8758a63ddbbf7a2626bd84d50cfe83b477e8de0a from master
 2015-03-16 19:58:08 -04:00
Steven Das
2583ee2a7e [1.7.x] Added comma to improve readability in 1.7 release notes. 
Backport of 4f494ed0c60cdfc44b65aeea7f42f6b7245c03af from master
 2015-03-16 08:17:15 -04:00
Matthew Wilkes
d0607a7eee [1.7.x] Fixed #24354 -- Prevented repointing of relations on superclasses when migrating a subclass's name change 2015-03-14 15:35:16 -04:00
Tim Graham
ee24ba2666 [1.7.x] Added stub release notes for 1.7.7. 
Backport of ea9157f681654d393c970108866edb344b65a1aa from master
 2015-03-09 13:10:15 -04:00
Baptiste Mispelon
2654e1b939 [1.7.x] Fixed #24461 -- Fixed XSS issue in ModelAdmin.readonly_fields 2015-03-09 10:17:54 -04:00
Tim Graham
5a3b531121 [1.7.x] Clarified an item in 1.7.6 release notes. 
Backport of 300fdbbebba45cb4e7f32edc524171019d9bce80 from master
 2015-03-09 10:11:49 -04:00
Jean-Louis Fuchs
283b630d63 Fixed #24447 -- Made migrations add FK constraints for existing columns 
When altering from e.g. an IntegerField to a ForeignKey, Django didn't
add a constraint.

Backport of f4f0060feaee6bbd76a0d575487682bc541111e4 from master
 2015-03-07 14:30:28 +01:00
Gabriel Muñumel
0831a43c3a [1.7.x] Fixed #24352 -- Fixed crash when coercing `ManyRelatedManager` to a string. 2015-02-26 11:00:52 -05:00
Tim Graham
aa6853da22 [1.7.x] Added stub release notes for 1.7.6. 
Backport of 71820721a19f5628b3176f16813d47378cb2c3cb from master
 2015-02-25 09:11:47 -05:00
Tim Graham
10f7c96f01 [1.7.x] Added release date for 1.7.5 release. 
Backport of aca73737da8ba173ad9435b1e9e1fe5d8516f3b3 from master
 2015-02-25 08:48:02 -05:00
Kenneth Kam
6e8f42cfc7 [1.7.x] Fixed #23762 -- clarified CACHE_MIDDLEWARE_ANONYMOUS_ONLY deprecation in docs 
Backport of e83aba0e2cce16cd1b32d1c172239a4e20867e95 from master
 2015-02-23 09:23:59 -05:00
Emin Mastizada
61705f0091 [1.7.x] Added formats for the Azerbaijani locale. 
Backport of dda2a3cf4cc29d01de180f66d19441f300732e52 from master
 2015-02-23 07:37:46 -05:00
Sean Wang
a3f7b034d7 [1.7.x] Fixed #24358 -- Corrected code-block directives for console sessions. 
Backport of eba6dff581aa8bd6a1c08456e83e68ad09ae4ec3 from master
 2015-02-22 09:38:54 -05:00
Tim Graham
c231ec1af0 [1.7.x] Fixed typo in path to is_safe_url() 
Backport of dd0b487872de4e3ff966da51e3610bac996e44f0 from master
 2015-02-20 09:22:24 -05:00
Aymeric Augustin
9b7d512d5f [1.7.x] Fixed #24318 -- Set the transaction isolation level with psycopg >= 2.4.2. 
Backport of 76356d96 from master
 2015-02-14 18:52:53 +01:00
Tim Graham
1b93b0977d [1.7.x] Fixed #24332 -- Fixed contrib.sites create_default_site() when 'default' DATABASES is empty. 
Backport of e8cf4f8abec87b9da6ed8e5c8cf833af9b27f4dd from master
 2015-02-13 07:08:49 -05:00
Markus Holtermann
f8c040e167 [1.7.x] Fixed #24236 -- Treated inherited m2m fields as such if they don't define get_internal_type() 
Regression introduced in 3d4a826174b7a411a03be39725e60c940944a7fe

Thanks IRC user ris for the report, Loïc Bistuer, Anssi Kääriäinen and
Andriy Sokolovskiy for the discussion and Tim Graham for the review.
 2015-02-09 16:48:51 +01:00
Markus Holtermann
208d5c42e7 [1.7.x] Revert "[1.7.x] Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth" 
This reverts commit 478546fcef38d95866a92bc44d10e15b26c7254c.

Backport of 2832a9b028c267997b2fd3dd0989670d57cdd08f from master
 2015-02-07 20:50:15 +01:00
Tim Graham
39a8640e30 [1.7.x] Added stub 1.7.5 release notes. 
Backport of ac6033d8835ac54c1222801f6aeb47f9997b517a from master
 2015-01-28 06:39:22 -05:00
Tim Graham
c93fb26527 [1.7.x] Added 1.4.19 release notes. 
Backport of 6f8418089c5e81d12718187da2140394ed30da43 from master
 2015-01-27 11:48:33 -05:00
Andriy Sokolovskiy
3d4a826174 [1.7.x] Fixed #24104 -- Fixed check to look on field.get_internal_type() instead of class instance 2015-01-27 14:40:39 +01:00
Claude Paroz
b1bf8d64fb [1.7.x] Fixed #24193 -- Prevented unclosed file warnings in static.serve() 
This regression was caused by 818e59a3f0. The patch is a partial
backport of the new FileResponse class available in later Django
versions.
Thanks Raphaël Hertzog for the report, and Tim Graham and Collin
Anderson for the reviews.
 2015-01-23 08:58:34 +01:00
Markus Holtermann
db2a97870d [1.7.x] Fixed #24163 -- Removed unique constraint after index on MySQL 
Thanks Łukasz Harasimowicz for the report.

Backport of 5792e6a88c1444d4ec84abe62077338ad3765b80 from master
 2015-01-19 17:25:05 +01:00
Tim Graham
bb2b4acc7a [1.7.x] Added deprecation docs for legacy lookup support; refs #16187. 
Backport of 8e435a564034c59ac408ec71283d8ac6ede2ce1f from master
 2015-01-19 10:45:55 -05:00
Tim Graham
07bd23d329 [1.7.x] Added missing items to deprecation timeline/1.7 release notes. 
Backport of ecf109f2159f4581adb354263406116c2bda11d7 from master.
 2015-01-18 21:26:19 -05:00
Tim Graham
af523573fc [1.7.x] Clarified deprecation of forms.forms.get_declared_fields(); refs #19617. 
Backport of 89e9f81601f7a343690e1153e70fd56091246d0b from master
 2015-01-18 16:07:48 -05:00
Tim Graham
e8191caca5 [1.7.x] Clarified a contrib.sites deprecation and added to 1.7 release notes. 
Backport of ba27f895878bb155fefb8c1b9beee2c9f3d85b3f from master
 2015-01-18 13:45:40 -05:00
Tim Graham
065b2a82f6 [1.7.x] Fixed #24135 -- Made RenameModel rename many-to-many tables. 
Thanks Simon and Markus for reviews.

Backport of 28db4af80a319485c0da724d692e2f8396aa57e3 from master
 2015-01-15 20:43:49 -05:00
Markus Holtermann
478546fcef [1.7.x] Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth 
Thanks Florian Apolloner for the report and Claude Paroz and Tim Graham for the review and help on the patch.

Backport of 737d24923ac69bb8b89af1bb2f3f4c4c744349e8 from master.
 2015-01-14 20:37:56 +01:00
Tim Graham
2e2617991a [1.7.x] Added stub release notes for 1.7.4. 
Backport of ec7ef5afbbd12abe74314d557aabb3d85d667749 from master
 2015-01-14 09:48:06 -05:00
Tim Graham
9b403a108c [1.7.x] Added dates to release notes. 2015-01-13 13:09:34 -05:00
Tim Graham
bcfb47780c [1.7.x] Fixed DoS possibility in ModelMultipleChoiceField. 
This is a security fix. Disclosure following shortly.

Thanks Keryn Knight for the report and initial patch.
 2015-01-13 13:02:56 -05:00
Tim Graham
818e59a3f0 [1.7.x] Prevented views.static.serve() from using large memory on large files. 
This is a security fix. Disclosure following shortly.
 2015-01-13 13:02:56 -05:00
Tim Graham
de67dedc77 [1.7.x] Fixed is_safe_url() to handle leading whitespace. 
This is a security fix. Disclosure following shortly.
 2015-01-13 13:02:56 -05:00