1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00
Commit Graph

1430 Commits

Author SHA1 Message Date
Russell Keith-Magee
96658ef2d2 Fixed #12057 -- Corrected regression of caching performance when a model contained a callable default. Thanks to Michael Thornhill for the excellent assistance tracking this problem.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11681 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-29 14:32:01 +00:00
Jacob Kaplan-Moss
4281bf3db0 Fixed #11057: having no actions in the admin (actions=None) no longer messes up the layout. Thanks, rvdrijst.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11670 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 20:56:12 +00:00
Luke Plant
7230a995ce Moved contrib.csrf.* to core code.
There is stub code for backwards compatiblity with Django 1.1 imports.

The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:36:34 +00:00
Luke Plant
8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Jacob Kaplan-Moss
d1da261417 Fixed #11371: Made django.test.Client.put() work for non-form-data PUT (i.e. JSON, etc.). Thanks, phyfus.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11656 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 15:02:54 +00:00
Luke Plant
2b2f92ae8e Fixed a bug in r11646 - refs #11402
The one line of code not covered by a test... ;-)


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11647 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 00:37:01 +00:00
Jacob Kaplan-Moss
9f70783b14 Fixed a couple of test-ordering-dependant failures introduced in [11639] that caused test failures when running the whole test suite.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11645 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 00:23:47 +00:00
Jacob Kaplan-Moss
8be1bb2268 Fixed #11625: added comment moderation via admin actions.
This is BACKWARDS INCOMPATIBLE if you were using the completely undocumented moderation view from 1.1. That view's been removed in favor of the admin actions.

Thanks, Thejaswi Puthraya.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11639 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-23 19:22:31 +00:00
Luke Plant
162fade2b7 Fixed #12060 - equality tests between User and SimpleLazyObject-wrapped User failed.
Also added more tests for SimpleLazyObject

Thanks to ericholscher for report.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11637 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-20 14:11:08 +00:00
Luke Plant
22be3d7612 Fixed #12049 - LazyObject-wrapped User breaks queries in template tags
Thanks to chipx86 for the report and patch.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11634 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-19 21:13:22 +00:00
Brian Rosner
cb7a3262b5 Moved the call to _get_foreign_key to run in all cases catching incorrect inline setup sooner.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11631 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-19 19:17:20 +00:00
Brian Rosner
5fc35c9caf Fixed #11709 — Pass inline fk_name attribute when grabbing foreign key to test for exclusion. Thanks yishaibeeri for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11630 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-19 19:17:07 +00:00
Luke Plant
a2d8acbacd Fixed a regression on Python 2.6 caused by r11623
This might fix #12037, but I cannot reproduce that bug.
Refs #12037



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11625 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-15 14:12:34 +00:00
Luke Plant
c161bf21f0 Fixed #6552, #12031 - Make django.core.context_processors.auth lazy to avoid "Vary: Cookie"
Thanks to olau@iola.dk, Suor for the report



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11623 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-14 18:09:13 +00:00
Jacob Kaplan-Moss
9f8287a3f1 SECURITY ALERT: Corrected regular expressions for URL and email fields.
Certain email addresses/URLs could trigger a catastrophic backtracking situation, causing 100% CPU and server overload. If deliberately triggered, this could be the basis of a denial-of-service attack.

This security vulnerability was disclosed in public, so we're skipping our
normal security release process to get the fix out as soon as possible.

This is a security related update. A full announcement, as well as backports for the 1.1.X and 1.0.X series will follow.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11603 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-09 20:57:59 +00:00
Luke Plant
6e3a72585a Added 'key_prefix' keyword argument to cache_page()
This was available before r11586, but undocumented.  It has now been
re-added with documentation and explicit support, as it seems like a useful
feature and people were using it before.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11595 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-28 21:54:54 +00:00
Luke Plant
a97648a7e0 Corrected regressions introduced in r11586 and r11593
I read the order of arguments in the docs incorrectly, doh!


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11594 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-26 19:39:42 +00:00
Luke Plant
afeafcd492 Fixed #6371 - several decorators don't work with bound methods.
This involved changing the way the internal function
decorator_from_middleware works slightly, breaking some code that relied on
the old behaviour.  As a result, it is much simpler, but cache_page has been
made slightly more complex to cope with the change.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11586 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-21 22:31:51 +00:00
Russell Keith-Magee
d56c1ab7f0 Fixed #11886 -- Corrected handling of F() expressions that use parentheses. Thanks to Brent Hagany for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11581 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-16 12:09:47 +00:00
Russell Keith-Magee
0757607217 Fixed #11820 -- Corrected the spelling of Grace Hopper's name in a test. Thanks to shields@msrl.com for the report, and apologies to Admiral Hopper for the error.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11551 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 04:32:55 +00:00
Luke Plant
7c53c2618d Fixed #10968 - Form.errors should use Form.error_class.
Thanks for report and initial patch, matehat.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11498 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-11 10:47:40 +00:00
Luke Plant
84ef9dabfa Fixed #11061: Malformed POST request causes TypeError in AdminSite.login().
Thanks vvd


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11493 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-10 16:50:57 +00:00
Luke Plant
a2b46ca5fd Fixed #11833: name conflict in filter test.
Thanks steveire



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11492 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-10 16:35:23 +00:00
Ian Kelly
dcf3be7a62 Fixed #10566: Added support for cx_Oracle compiled with the WITH_UNICODE flag.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11477 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-24 15:45:48 +00:00
Matt Boersma
e263cc0dc5 Fixed #11049: introspection on Oracle now identifies IntegerFields correctly.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11475 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-21 21:42:39 +00:00
Matt Boersma
e0ce9d76e1 Fixed an assumed ordering in the queries regression tests by making it explicit.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11474 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-20 16:05:25 +00:00
Karen Tracey
e6e96d871d Fix the expressions modeltest to work on Pythons earlier than 2.5.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11423 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-08-09 15:44:09 +00:00
Russell Keith-Magee
8bee4604a1 SECURITY ALERT: Corrected a problem with the Admin media handler that could lead to the exposure of system files. Thanks to Gary Wilson for the patch.
This is a security-related update. A full announcement, as well as backports for 1.0.X and 0.96.X will be forthcoming.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11351 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-29 02:40:14 +00:00
Russell Keith-Magee
3412860f89 Fixed #11428 -- Ensured that SQL generating commands and dumpdata don't include proxy models in their output. Thanks to Anssi Kaariainen for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11343 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-27 14:32:30 +00:00
Russell Keith-Magee
4a01812c15 Fixed #11546 -- Modified the mail regression test to avoid getting hung up on 32/64 bit differences. Thanks to Richard Davies for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11328 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-25 05:14:46 +00:00
Russell Keith-Magee
b2f72fc040 Fixed #11527 -- Added unit tests and documentation for the use of F() expressions in single object updates. Thanks to Zachary Voase for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11322 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-24 13:38:36 +00:00
Russell Keith-Magee
53d16b1175 Fixed #11532 -- Corrected the link used for edit_inline foreign keys in admin when the admin is deployed using the old style admin.root approach. Thanks to JP for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11314 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-23 14:31:33 +00:00
Ian Kelly
bbac0cc965 Fixed #11487: pass long strings to Oracle as CLOB rather than NCLOB to prevent an encoding bug that occurs in some installations.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11285 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-21 21:20:18 +00:00
Russell Keith-Magee
8d48eaa064 Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:16:13 +00:00
Russell Keith-Magee
e992e57d3e Fixed #11416 -- Restored use of the never_cache decorator on admin views. Thanks to Ramiro Morales and Michael Newmann for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11229 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-13 13:46:31 +00:00
Russell Keith-Magee
52bc782621 Fixed #11107 -- Corrected the generation of sequence reset SQL for m2m fields with an intermediate model. Thanks to J Clifford Dyer for the report and fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11215 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-11 14:22:52 +00:00
Russell Keith-Magee
7ecb8b08b3 Fixed #10922 -- Corrected handling of POST data to ensure that the right objects are updated on save when the ordering field is editable. Thanks to Alex Gaynor, Karen Tracy, and Will Hardy for their contributions to this patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-03 03:05:17 +00:00
Russell Keith-Magee
735309341e Fixed #10834 -- Added bucket condition to ensure that URL resolvers won't ever return None. Thanks to Chris Cahoon for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11120 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-29 14:02:17 +00:00
Russell Keith-Magee
e522e61a80 Fixed #11392 -- Enforced a predictable result order for a couple of test cases. Thanks to Nathan Auch for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11119 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-29 12:29:48 +00:00
Russell Keith-Magee
cbbe60c7fc Fixed #11270 -- Modified cache template tag to prevent the creation of very long cache keys. Thanks to 235 for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11068 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 15:04:00 +00:00
Russell Keith-Magee
8950a40cec Fixed #11270 -- Corrected naming conflict in templatetag test. Thanks to steveire for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11067 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 15:03:17 +00:00
Russell Keith-Magee
191203b48d Fixed #9023 -- Corrected a problem where cached attribute values would cause a delete to cascade to a related object even when the relationship had been set to None. Thanks to TheShark for the report and test case, and to juriejan and Jacob for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11009 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-15 14:30:51 +00:00
Russell Keith-Magee
b38cf5db5c Fixed #11311 -- Reverted [10952], Refs #10785. Changeset [10952] caused problems with m2m relations between models that had non-integer primary keys. Thanks to Ronny for the report and test case.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11007 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-15 11:47:01 +00:00
Luke Plant
9294121d3c Fixed #9367 - EmailMultiAlternatives does not properly handle attachments.
Thanks to Loek Engels for the bulk of the patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@10983 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-12 13:56:40 +00:00
Russell Keith-Magee
d3bd3203f9 Fixed #11286 -- Ensured that dumpdata uses the default manager, rather than always using the manager called objects. Thanks to Marc Remolt for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10967 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-09 13:14:40 +00:00
Russell Keith-Magee
031385e4cc Fixed #11194 -- Corrected loading of Proxy models from fixtures (and, by extension, save_base(raw=True) for Proxy models).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10955 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-08 13:35:39 +00:00
Russell Keith-Magee
81aedbd157 Fixed #10672 -- Altered save_base to ensure that proxy models send a post_save signal.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10954 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-08 13:04:22 +00:00
Russell Keith-Magee
6cd37e0a1f Fixed #10785 -- Corrected a case for foreign key lookup where the related object is a custom primary key. Thanks to Alex Gaynor for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10952 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-08 04:50:24 +00:00
Brian Rosner
89df572c47 Fixed #11274 -- Corrected doctests to not cause test failures due to missing newlines. Thanks Honza Kral.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10941 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-07 18:07:53 +00:00
Russell Keith-Magee
151d88af4e Fixed #11082 -- Ensured that subqueries used in an exclude(X__in=) clause aren't pre-evaluated. Thanks to Henry Andrews for the report, and clement for the fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10929 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-06 13:35:33 +00:00