Tim Graham
2a4113dbd5
[1.7.x] Made is_safe_url() reject URLs that start with control characters.
...
This is a security fix; disclosure to follow shortly.
2015-03-18 08:51:51 -04:00
Tim Graham
e63363f8e0
[1.7.x] Fixed an infinite loop possibility in strip_tags().
...
This is a security fix; disclosure to follow shortly.
2015-03-18 08:51:21 -04:00
John Giannelos
cb48e192fb
[1.7.x] Fixed #24427 -- Stopped writing migration files in dry run mode when merging.
...
Also added display of migration to stdout when verbosity=3.
Backport of 8758a63ddbbf7a2626bd84d50cfe83b477e8de0a from master
2015-03-16 19:58:08 -04:00
Matthew Wilkes
d0607a7eee
[1.7.x] Fixed #24354 -- Prevented repointing of relations on superclasses when migrating a subclass's name change
2015-03-14 15:35:16 -04:00
Baptiste Mispelon
2654e1b939
[1.7.x] Fixed #24461 -- Fixed XSS issue in ModelAdmin.readonly_fields
2015-03-09 10:17:54 -04:00
Jean-Louis Fuchs
283b630d63
Fixed #24447 -- Made migrations add FK constraints for existing columns
...
When altering from e.g. an IntegerField to a ForeignKey, Django didn't
add a constraint.
Backport of f4f0060feaee6bbd76a0d575487682bc541111e4 from master
2015-03-07 14:30:28 +01:00
Gabriel Muñumel
0831a43c3a
[1.7.x] Fixed #24352 -- Fixed crash when coercing `ManyRelatedManager
` to a string.
2015-02-26 11:00:52 -05:00
Aymeric Augustin
9b7d512d5f
[1.7.x] Fixed #24318 -- Set the transaction isolation level with psycopg >= 2.4.2.
...
Backport of 76356d96 from master
2015-02-14 18:52:53 +01:00
Markus Holtermann
37b50db092
[1.7.x] Refs #24236 -- Added regression test for 3d4a826174b7a411a03be39725e60c940944a7fe
...
Thanks irc user ris for the report
2015-02-09 16:48:51 +01:00
Andriy Sokolovskiy
3d4a826174
[1.7.x] Fixed #24104 -- Fixed check to look on field.get_internal_type() instead of class instance
2015-01-27 14:40:39 +01:00
Claude Paroz
b1bf8d64fb
[1.7.x] Fixed #24193 -- Prevented unclosed file warnings in static.serve()
...
This regression was caused by 818e59a3f0. The patch is a partial
backport of the new FileResponse class available in later Django
versions.
Thanks Raphaël Hertzog for the report, and Tim Graham and Collin
Anderson for the reviews.
2015-01-23 08:58:34 +01:00
Markus Holtermann
70845c6809
[1.7.x] Refs #24163 -- Fixed failing Oracle test when migrating from ForeignKey to OneToOneField
...
Thanks Tim Graham for review
Backport of 64ecb3f07db4be5eef4d9eb7687f783ee446c82f from master
2015-01-20 17:46:37 +01:00
Tim Graham
7a1ccc0699
[1.7.x] Fixed #24153 -- Fixed cookie test compatibility with Python 3.4.3+
...
Backport of b19b81b3960ec2090d40be65547502a3386a769b from master
2015-01-19 15:41:29 -05:00
Markus Holtermann
db2a97870d
[1.7.x] Fixed #24163 -- Removed unique constraint after index on MySQL
...
Thanks Łukasz Harasimowicz for the report.
Backport of 5792e6a88c1444d4ec84abe62077338ad3765b80 from master
2015-01-19 17:25:05 +01:00
Markus Holtermann
29737a2949
[1.7.x] Cleaned up migration writer tests
...
Backport of 65d55c409343aab7c2ae771c459720ef797b4cdb from master
2015-01-17 20:45:41 +01:00
Collin Anderson
cef3f805c2
[1.7.x] Fixed #24160 -- Fixed model_regress test on Windows; refs #24007 .
...
Backport of 5338ff4808c822a8b00e90154b884b7be3011e60 from master
2015-01-16 12:03:15 -05:00
Tim Graham
433e7dd507
[1.7.x] Fixed #23312 -- Marked an i18n test as expectedFailure on Windows/Python 3.
2015-01-16 10:31:49 -05:00
Tim Graham
065b2a82f6
[1.7.x] Fixed #24135 -- Made RenameModel rename many-to-many tables.
...
Thanks Simon and Markus for reviews.
Backport of 28db4af80a319485c0da724d692e2f8396aa57e3 from master
2015-01-15 20:43:49 -05:00
Tim Graham
02c059ff7f
[1.7.x] Fixed a static view test on Windows.
...
Backport of a6f144fd4fee0090de3a99b1f50a4142722e7946 from master
2015-01-14 13:57:10 -05:00
Tim Graham
bcfb47780c
[1.7.x] Fixed DoS possibility in ModelMultipleChoiceField.
...
This is a security fix. Disclosure following shortly.
Thanks Keryn Knight for the report and initial patch.
2015-01-13 13:02:56 -05:00
Tim Graham
818e59a3f0
[1.7.x] Prevented views.static.serve() from using large memory on large files.
...
This is a security fix. Disclosure following shortly.
2015-01-13 13:02:56 -05:00
Tim Graham
de67dedc77
[1.7.x] Fixed is_safe_url() to handle leading whitespace.
...
This is a security fix. Disclosure following shortly.
2015-01-13 13:02:56 -05:00
Carl Meyer
41b4bc73ee
[1.7.x] Stripped headers containing underscores to prevent spoofing in WSGI environ.
...
This is a security fix. Disclosure following shortly.
Thanks to Jedediah Smith for the report.
2015-01-13 13:02:56 -05:00
Markus Holtermann
ef5889409b
[1.7.x] Fixed #24110 -- Rewrote migration unapply to preserve intermediate states
...
Backport of fdc2cc948725866212a9bcc97b9b7cf21bb49b90 and be158e36251df0b07556657da47cdaf10913c57a from master
2015-01-11 00:35:49 +01:00
Claude Paroz
7e65876b7c
[1.7.x] Fixed #24097 -- Prevented AttributeError in redirect_to_login
...
Thanks Peter Schmidt for the report and the initial patch.
Thanks to Oktay Sancak for writing the original failing test and
Alvin Savoy for supporting contributing back to the community.
Backport of d7bc37d61 from master.
2015-01-10 10:13:50 +01:00
Tim Graham
bbcbacf0ad
[1.7.x] Silenced deprecation warning in test_runner app.
2015-01-08 09:44:21 -05:00
Tim Graham
600ea43e67
[1.7.x] Silenced initial_data fixtures warning in test suite.
2015-01-08 09:43:40 -05:00
Tim Graham
557c514f90
[1.7.x] Fixed #24095 -- Prevented WarningLoggerTests from leaking a warnings filter.
...
Backport of ade985999657eaef6a9510c2aeba9b2196d7bf6e from master
2015-01-08 09:09:24 -05:00
Claude Paroz
d8fb557a51
[1.7.x] Fixed #23815 -- Prevented UnicodeDecodeError in CSRF middleware
...
Thanks codeitloadit for the report, living180 for investigations
and Tim Graham for the review.
Backport of 27dd7e7271 from master.
2015-01-06 08:45:10 +01:00
Andrey Maslov
8de2a44064
[1.7.x] Fixed #24008 -- Fixed ValidationError crash with list of dicts.
...
Backport of 7a878ca5cb50ad65fc465cb263a44cc93629f75c from master
2014-12-31 14:46:17 -05:00
Tim Graham
4abfa73c18
[1.7.x] Renamed tests for util -> utils moves; refs #17627 .
...
Backport of 8a9b0c15a6c0ef60dea3ba3042317520bc201206 from master
2014-12-31 11:33:27 -05:00
Tim Graham
c0bed63889
[1.7.x] Fixed a queries test on Python 2 broken after importing six.moves.range().
...
Backport of 837fc2d8cdfefce375697d95e241836c7be12696 from master
2014-12-31 09:51:10 -05:00
Piotr Pawlaczek
e11ff3975f
[1.7.x] Fixed #23758 -- Allowed more than 5 levels of subqueries
...
Refactored bump_prefix() to avoid infinite loop and allow more than
than 5 subquires by extending the alphabet to use multi-letters.
Backport of 41fc1c0b5eac156e200a10233c7c9210a1c0fed8 from master
2014-12-31 09:42:07 -05:00
Markus Holtermann
d49b5851b4
[1.7.x] Added test for an intermediate swappable model change in migration state.
...
refs #22563
Backport of fca866763acb6b3414c20ca3772b94cb5d111733 from master
2014-12-30 10:03:41 -05:00
Tim Graham
a9da5dd5b6
[1.7.x] Fixed #23581 -- Prevented extraneous DROP DEFAULT statements.
...
Thanks john_scott for the report and Markus Holtermann for review.
Backport of ab4f709da4516672b0bd811f2b4d0c4ba9f5b636 from master
2014-12-30 08:31:18 -05:00
Tim Graham
79645529e7
Revert "[1.7.x] Fixed #23938 -- Added migration support for m2m to concrete fields and vice versa"
...
This reverts commit 1702bc52cc20ed0729893177fc8f4391b4b3183c.
This doesn't work on stable/1.7.x because #23844 wasn't backported and we're
not willing to do so because it's a large change.
2014-12-29 15:37:15 -05:00
Markus Holtermann
1702bc52cc
[1.7.x] Fixed #23938 -- Added migration support for m2m to concrete fields and vice versa
...
Thanks to Michael D. Hoyle for the report and Tim Graham for the review.
Backport of 623ccdd598625591d1a12fc1564cf3ef9a87581f from master
2014-12-29 13:42:29 -05:00
Aymeric Augustin
3483682749
[1.7.x] Fixed #23831 -- Supported strings escaped by third-party libs in Django.
...
Refs #7261 -- Made strings escaped by Django usable in third-party libs.
The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.
Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.
Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.
Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.
Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:
if isinstance(text, SafeData):
return text
else:
return escape(text)
render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.
This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.
Thanks mitsuhiko for the report.
Backport of 6d52f6f from master.
2014-12-27 18:26:20 +01:00
Aymeric Augustin
b429a9796a
[1.7.x] Fixed an inconsistency introduced in 547b1810.
...
mark_safe and mark_for_escaping should have been kept similar.
On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
Backport of 5c5eb5fe from master.
2014-12-27 18:17:18 +01:00
Claude Paroz
322560489b
[1.7.x] Fixed #24051 -- Made schema infrastructure honor tablespaces
...
Partial backport of 30cbd5d36. Thanks Douglas J. Reynolds for the
report and initial patch.
2014-12-27 15:12:17 +01:00
Tim Graham
51ea30a43b
[1.7.x] Fixed #24037 -- Prevented data loss possibility when changing Meta.managed.
...
The migrations autodetector now issues AlterModelOptions operations for
Meta.managed changes instead of DeleteModel + CreateModel.
Thanks iambibhas for the report and Simon and Markus for review.
Backport of 061caa5b386681dc7bdef16918873043224a299c from master
2014-12-23 14:26:56 -05:00
Oscar Ramirez
1ad5deedd4
[1.7.x] Fixed #23998 -- Added datetime.time support to migrations questioner.
...
Backport of 54085b0f9ba7d9f705f9b9c90d3433b0ef6aa042 from master
2014-12-22 07:26:57 -05:00
Claude Paroz
ea18652238
[1.7.x] Made model_regress unpickling test CWD-independent
...
Refs #24007 . Thanks Tim Graham for his help with the patch.
Backport of 1d9fc5caa947ff4ee72180185e91a9a145171712 and
995be4a1375340a53668dd80444756d77302000d from master
2014-12-19 14:26:46 -05:00
Claude Paroz
f46a16614d
[1.7.x] Fixed #24015 -- Factorized create_index_sql expression
...
Backport of 6072f17d0 from master, with one test reinforced.
Thanks Tim Graham for the review.
2014-12-18 21:14:29 +01:00
Claude Paroz
47912d9f2b
[1.7.x] Fixed #24007 -- Ensure apps registry's ready before unpickling models
...
This prevents AppRegistryNotReady errors when unpickling Django
models from an external script.
Backport of 108b8bf85 from master.
2014-12-17 18:41:12 +01:00
Mosson, Andrew
6d8c14621e
[1.7x.] Fixed #23497 -- Made admin system checks run for custom AdminSites.
...
Backport of b7219c7ba5fdfbf9349948b5a91af50e32822ee6 from master
2014-12-17 09:16:05 -05:00
Tim Graham
c085bea6c3
[1.7.x] Fixed #23975 -- Restored pre_migrate signal if all apps have migrations.
...
Thanks kmmbvnr for the report.
Backport of d2ff8a7241b621b8013c7ec1631e95ae4445f76d from master
2014-12-16 18:39:19 -05:00
Andriy Sokolovskiy
10482faf19
[1.7.x] Fixed #23983 -- Fixed a crash in migrations when adding order_with_respect_to to non-empty table.
...
Backport of 3dbbb8a89ca4beaabd5359fe82e32ed633b15140 from master
2014-12-16 10:56:35 -05:00
Tim Graham
66c0529b3e
[1.7.x] Fixed refs #23987 test on Oracle.
...
Backport of ac5f2a4ef7b9993502ebc02f487cbb06bfb9bf0a from master
2014-12-15 18:20:41 -05:00
Andriy Sokolovskiy
fdf4dc6cea
[1.7.x] Fixed #23405 -- Fixed makemigrations prompt when adding Text/CharField.
...
A default is no longer required.
Backport of d8f3b86a7691c8aa0ec8f5a064ad4c3218250fed from master
2014-12-15 14:58:01 -05:00