mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-20 06:10:46 +00:00
Code Issues32 Releases Wiki Activity
18,525 Commits 29 Branches 438 Tags
2e2617991a
Commit Graph

18525 Commits

Author SHA1 Message Date
Tim Graham
2e2617991a [1.7.x] Added stub release notes for 1.7.4. 
Backport of ec7ef5afbbd12abe74314d557aabb3d85d667749 from master
 2015-01-14 09:48:06 -05:00
Tim Graham
f7ce66bc46 [1.7.x] Post-release version bump. 2015-01-13 14:14:05 -05:00
Tim Graham
6bf1930fb5 [1.7.x] Bumped version for 1.7.3 release. 1.7.3 2015-01-13 13:11:37 -05:00
Tim Graham
9b403a108c [1.7.x] Added dates to release notes. 2015-01-13 13:09:34 -05:00
Tim Graham
bcfb47780c [1.7.x] Fixed DoS possibility in ModelMultipleChoiceField. 
This is a security fix. Disclosure following shortly.

Thanks Keryn Knight for the report and initial patch.
 2015-01-13 13:02:56 -05:00
Tim Graham
818e59a3f0 [1.7.x] Prevented views.static.serve() from using large memory on large files. 
This is a security fix. Disclosure following shortly.
 2015-01-13 13:02:56 -05:00
Tim Graham
de67dedc77 [1.7.x] Fixed is_safe_url() to handle leading whitespace. 
This is a security fix. Disclosure following shortly.
 2015-01-13 13:02:56 -05:00
Carl Meyer
41b4bc73ee [1.7.x] Stripped headers containing underscores to prevent spoofing in WSGI environ. 
This is a security fix. Disclosure following shortly.

Thanks to Jedediah Smith for the report.
 2015-01-13 13:02:56 -05:00
Tim Graham
33f1ccf5b1 [1.7.x] Added stub release notes for security releases. 2015-01-13 13:02:55 -05:00
Collin Anderson
6a08020fcf [1.7.x] Fixed bad model example in admin docs. 
Backport of e7771ec380a116dbef481001fb1ce664f5c7311e from master
 2015-01-13 11:53:59 -05:00
Markus Holtermann
ef5889409b [1.7.x] Fixed -- Rewrote migration unapply to preserve intermediate states 
Backport of fdc2cc948725866212a9bcc97b9b7cf21bb49b90 and be158e36251df0b07556657da47cdaf10913c57a from master
 2015-01-11 00:35:49 +01:00
Serafeim Papastefanos
1a352fe175 [1.7.x] Fixed -- Added formats for Greek 
Backport of 74f02557e0183812d6d60e2548985c5c40b3d27b from master
 2015-01-10 11:11:57 -05:00
Claude Paroz
7e65876b7c [1.7.x] Fixed -- Prevented AttributeError in redirect_to_login 
Thanks Peter Schmidt for the report and the initial patch.
Thanks to Oktay Sancak for writing the original failing test and
Alvin Savoy for supporting contributing back to the community.
Backport of d7bc37d61 from master.
 2015-01-10 10:13:50 +01:00
Tim Graham
bbcbacf0ad [1.7.x] Silenced deprecation warning in test_runner app. 2015-01-08 09:44:21 -05:00
Tim Graham
600ea43e67 [1.7.x] Silenced initial_data fixtures warning in test suite. 2015-01-08 09:43:40 -05:00
Tim Graham
557c514f90 [1.7.x] Fixed -- Prevented WarningLoggerTests from leaking a warnings filter. 
Backport of ade985999657eaef6a9510c2aeba9b2196d7bf6e from master
 2015-01-08 09:09:24 -05:00
Claude Paroz
5e18f6f724 [1.7.x] Fixed -- Corrected is_bound nature in forms topic docs 
Thanks ajenhl Trac user for the report.
Backport of e0080cf57 from master.
 2015-01-06 09:00:27 +01:00
Claude Paroz
d8fb557a51 [1.7.x] Fixed -- Prevented UnicodeDecodeError in CSRF middleware 
Thanks codeitloadit for the report, living180 for investigations
and Tim Graham for the review.
Backport of 27dd7e7271 from master.
 2015-01-06 08:45:10 +01:00
Tim Graham
0e21fd4e40 [1.7.x] Added 1.4.18 release notes. 
Backport of ce17b045bf5629aac66f872c3f548205906e04db from master
 2015-01-05 14:25:36 -05:00
Tim Graham
4aed731154 [1.7.x] Increased the default PBKDF2 iterations. 2015-01-03 13:36:13 -05:00
Tim Graham
0a06ae9ef3 [1.7.x] Added 1.7.3 release notes stub. 
Backport of 439f15beabe2e4d21232798f805ba69367611276 from master
 2015-01-03 13:27:46 -05:00
Alfred Perlstein
0148768412 [1.7.x] Fixed -- Documented how to use the database alias in RunPython. 
Thanks Markus Holtermann for review and feedback.

Backport of db3f7c15cbf4c9025e83065d1302d0e61d570331 from master
 2015-01-03 12:07:28 -05:00
Bibhas
5f8761c639 [1.7.x] Fixed -- Added tutorial topics to doc index. 
Backport of b738178825ec9378198d77ac69699513774f0884 from master
 2015-01-03 08:48:59 -05:00
Tim Graham
f7ec788bf5 [1.7.x] Post-release version bump. 2015-01-02 21:48:54 -05:00
Tim Graham
880d7638cf [1.7.x] Bumped version for 1.7.2 release. 1.7.2 2015-01-02 19:44:36 -05:00
Tim Graham
20dcf5155b [1.7.x] Added dates to release notes. 
Backport of 15cd71ed24945ff7be5716580603fd65c0d45ef7 from master
 2015-01-02 19:20:44 -05:00
Tim Graham
fda458c0b6 [1.7.x] Updated six to 1.9.0. 
Backport of 52f0b2b62262743d5f935ddae29428e661b5d8ea from master
 2015-01-02 13:23:18 -05:00
Tim Graham
1b83464391 [1.7.x] Removed obsolete item from deprecation timeline. 
Initial SQL data will be removed in Django 1.9 so changes to it
aren't relevant.

Backport of 1729a5250b052832540cd696df3ff0a0a77baddf from master
 2015-01-01 13:36:26 -05:00
Tim Graham
8e68b590ab [1.7.x] Removed doc note about PasswordResetForm requiring an integer PK. 
This limitation was lifted in refs .

Backport of a7aaabfaf1fa4c20065ab1133d49f40d4de6b409 from master
 2015-01-01 11:40:08 -05:00
Tim Graham
f461bc02cb [1.7.x] Fixed -- Fixed a crash with the migrate --list command. 
Backport of b4bdd5262b18644456d12a00d475adf9897a9255 from master
 2014-12-31 17:27:43 -05:00
Andrey Maslov
8de2a44064 [1.7.x] Fixed -- Fixed ValidationError crash with list of dicts. 
Backport of 7a878ca5cb50ad65fc465cb263a44cc93629f75c from master
 2014-12-31 14:46:17 -05:00
Tim Graham
4abfa73c18 [1.7.x] Renamed tests for util -> utils moves; refs . 
Backport of 8a9b0c15a6c0ef60dea3ba3042317520bc201206 from master
 2014-12-31 11:33:27 -05:00
Tim Graham
c0bed63889 [1.7.x] Fixed a queries test on Python 2 broken after importing six.moves.range(). 
Backport of 837fc2d8cdfefce375697d95e241836c7be12696 from master
 2014-12-31 09:51:10 -05:00
Piotr Pawlaczek
e11ff3975f [1.7.x] Fixed -- Allowed more than 5 levels of subqueries 
Refactored bump_prefix() to avoid infinite loop and allow more than
than 5 subquires by extending the alphabet to use multi-letters.

Backport of 41fc1c0b5eac156e200a10233c7c9210a1c0fed8 from master
 2014-12-31 09:42:07 -05:00
Russell Keith-Magee
f1a22feaa8 [1.7.x] Renamed variables to avoid name collision with import of django.db.models. 
Backport of 013c2d8d02e679c969255d9b11214d020dd34418 from master
 2014-12-31 08:02:06 -05:00
Tim Graham
9311a94ca5 [1.7.x] Revert "Updated some docs for the delayed deprecation of legacy table creation; refs #22340." 
The deprecation was moved back to 1.9 in
61da5f3f02f34810aaa6fcddac3808318a5b95c4.

Backport of d7fc6eb8ca67a6a628e8c7ce669731cf563606e7 from master
 2014-12-30 11:53:33 -05:00
Markus Holtermann
d49b5851b4 [1.7.x] Added test for an intermediate swappable model change in migration state. 
refs 

Backport of fca866763acb6b3414c20ca3772b94cb5d111733 from master
 2014-12-30 10:03:41 -05:00
Tim Graham
a9da5dd5b6 [1.7.x] Fixed -- Prevented extraneous DROP DEFAULT statements. 
Thanks john_scott for the report and Markus Holtermann for review.

Backport of ab4f709da4516672b0bd811f2b4d0c4ba9f5b636 from master
 2014-12-30 08:31:18 -05:00
Tim Graham
79645529e7 Revert "[1.7.x] Fixed -- Added migration support for m2m to concrete fields and vice versa" 
This reverts commit 1702bc52cc20ed0729893177fc8f4391b4b3183c.

This doesn't work on stable/1.7.x because  wasn't backported and we're
not willing to do so because it's a large change.
 2014-12-29 15:37:15 -05:00
Markus Holtermann
1702bc52cc [1.7.x] Fixed -- Added migration support for m2m to concrete fields and vice versa 
Thanks to Michael D. Hoyle for the report and Tim Graham for the review.

Backport of 623ccdd598625591d1a12fc1564cf3ef9a87581f from master
 2014-12-29 13:42:29 -05:00
Tim Graham
1cbdb49b0a [1.7.x] Fixed -- Fixed syntax highlighting in topics/testing/tools.txt. 
Backport of 3d0c3a0482496fc1914a40ec3c3eb70e67f0d643 from master
 2014-12-27 19:51:33 -05:00
Aymeric Augustin
3483682749 [1.7.x] Fixed -- Supported strings escaped by third-party libs in Django. 
Refs  -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.

Backport of 6d52f6f from master.
 2014-12-27 18:26:20 +01:00
Aymeric Augustin
b429a9796a [1.7.x] Fixed an inconsistency introduced in 547b1810. 
mark_safe and mark_for_escaping should have been kept similar.

On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.

Backport of 5c5eb5fe from master.
 2014-12-27 18:17:18 +01:00
Tim Graham
a79012f6d8 [1.7.x] Fixed -- Corrected contrib.sites default site creation in a multiple database setup. 
Backport of 89e2c60f4396241c667b7a1de37765b7c96d702f from master
 2014-12-27 10:29:21 -05:00
wrwrwr
965a999ae5 [1.7.x] Fixed -- Added more tests for create_default_site. 
Backport of 1f98ec2e53e4636863396ab54f671f4546f9ba4c from master
 2014-12-27 10:26:43 -05:00
Claude Paroz
322560489b [1.7.x] Fixed -- Made schema infrastructure honor tablespaces 
Partial backport of 30cbd5d36. Thanks Douglas J. Reynolds for the
report and initial patch.
 2014-12-27 15:12:17 +01:00
Collin Anderson
2af33a0719 [1.7.x] Clarified custom header instructions in tutorial 2. 
Backport of 0821b3d53ccd575de92ed679d173d779e1ad5acd from master
 2014-12-26 18:29:52 -05:00
Tim Graham
1173140dbf [1.7.x] Fixed -- Enabled sqlsequencereset for apps with migrations. 
Backport of c2e419c26781b88f2b34b445f450b735267155b0 from master
 2014-12-26 15:57:30 -05:00
Helen Sherwood-Taylor
b9169a100d [1.7.x] Fixed -- Documented effect of changing a model instance's primary key. 
Backport of 4ccdf6e57f49d7e981dcd88c1db65229b8b92487 from master
 2014-12-24 15:07:27 -05:00
Frankie Robertson
126eb58abe [1.7.x] Fixed -- Clarified docs on CACHE_MIDDLEWARE_KEY_PREFIX vs KEY_PREFIX 
Backport of 446b50b90e9e60760618b236d8b0ea75a3b19d5a from master
 2014-12-23 14:40:35 -05:00