1
0
mirror of https://github.com/django/django.git synced 2024-12-26 02:56:25 +00:00
Commit Graph

10044 Commits

Author SHA1 Message Date
Jacob Kaplan-Moss
174d8db57c Prevented non-admin users from accessing the admin redirect shortcut.
If the admin shortcut view (e.g. /admin/r/<content-type>/<pk>/) is
publically-accessible, and if a public users can guess a content-type ID
(which isn't hard given that they're sequential), then the redirect view could
possibly leak data by redirecting to pages a user shouldn't "know about." So
the redirect view needs the same protection as the rest of the admin site.

Thanks to Jason Royes for pointing this out.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15639 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-24 13:34:51 +00:00
Ramiro Morales
4b13e76deb Fixed #14012 (again) -- Admin app: Don't show the full user edition view after adding a user in a FK popup. Thanks dburke for reporting this regression introduced in r14628.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15637 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-24 01:00:57 +00:00
Russell Keith-Magee
12bd7bcb35 Fixed #12004 -- Improved error reporting when an abstract class is registered with the admin. Thanks to Matt Smalley for the report, and to mk and Julien Phalip for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15636 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-23 13:43:21 +00:00
Russell Keith-Magee
7aa84917a4 Fixed #15299 -- Started the process of migrating the auth context processor support classes into the auth context processor module. Thanks to shailesh for the report, and v1v3kn for the draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15635 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-23 13:36:58 +00:00
Simon Meers
6ce03dd888 Fixed #15375 -- clarified apparent contradiction in Form Wizard documentation. Thanks to codysomerville for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15633 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-23 09:41:38 +00:00
Russell Keith-Magee
b9a20d1e3b Fixed #15371 -- Ensure that a superuser created with the createsuperuser management command with --noinput has an invalid password, not a blank password. Thanks to yishaibeeri for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15631 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-22 11:33:04 +00:00
Luke Plant
37343bac8a Removed example CSRF jQuery code from release notes, replacing with link to improved code in the CSRF docs
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-22 11:27:58 +00:00
Ramiro Morales
337d102b86 Fixed #13510 -- Corrected colspan of non-field-specific error messages in admin app tabular inlines so it isn't greater than the actual number of field cells. Thanks KyleMac for the report and Julien Phalip for the patch fixing the issue.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15626 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-22 03:07:57 +00:00
Timo Graham
00fb22d836 Fixed #15257 - Add a link about field lookups to the tutorial; thanks dwillis.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15624 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-22 00:57:28 +00:00
Luke Plant
e57e296167 Corrected logging call in CSRF middleware
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15623 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 23:00:44 +00:00
Luke Plant
fdf9602961 Fixed #11058 - list_display_links doesn't allow callables not defined in the model
Thanks to dvine for the report and julien for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15619 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 19:15:02 +00:00
Luke Plant
1b062f6613 Fixed HTML error in admin when using list_editable.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15616 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 18:43:54 +00:00
Luke Plant
c411377bd5 Fixed #15349 - Bound FormSet produces bound empty_form
Thanks to hidde-jan for the report and patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15614 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 15:43:42 +00:00
Luke Plant
13f9fd38dc Fixed #14099 - BaseModelFormSet should use _should_delete_form
Thanks to kenth for the report and patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15612 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 14:23:02 +00:00
Jannis Leidel
ae10b2772b Fixed #15369 -- Added missing import in _os module. Thanks, jonash.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15611 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 14:16:29 +00:00
Luke Plant
6902824ac2 Fixed #11707 - limit_choices_to on a ForeignKey can render duplicate options in formfield
Thanks to Chris Wesseling for the report and patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15607 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 14:03:59 +00:00
Russell Keith-Magee
470d9b2602 Fixed #11852 -- Ensure that a long string in the password reset email can be translated. Thanks to pihentagy for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15606 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 13:46:13 +00:00
Russell Keith-Magee
b151bccdcc Fixed #15359 -- Ensure that the -h option is always honored by django-admin.py. Thanks to teubank for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15605 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 13:45:57 +00:00
Russell Keith-Magee
b700c3a918 Fixed #15364 -- Ensure files are closed correctly during file tests. Thanks to Mila for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15604 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 13:45:29 +00:00
Karen Tracey
f21fc714ea Fixed #15362: Added explicit deletion of file to test, needed now since files are no longer auto-deleted when a referencing object is deleted. Thanks mila.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15602 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 12:35:19 +00:00
Chris Beaven
4419f5fc00 Fix broken tests due to changes in r15591 by updating the test store_rendered_templates signal handler.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15600 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-21 10:12:23 +00:00
Russell Keith-Magee
01c42cbb99 Fixed #15358 -- Renamed a test to avoid a naming collision. Thanks to mila for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15598 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-20 23:43:55 +00:00
Ramiro Morales
52fc61e0cf Fixed #14529 -- Fixed representation of model names in admin messages after model object changes when the ModelAdmin queryset() uses defer() or only(). Thanks rlaager for report and initial patch, to rasca an julien for help in tracking the problem.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15596 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-20 23:09:25 +00:00
Russell Keith-Magee
674062c355 Tweaked the changes from changeset r15580 so as to avoid introducing a backwards incompatible context change to the change_list_results template. Refs #13126. Thanks to Sean Brant for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15593 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-20 13:43:52 +00:00
Chris Beaven
1073a83f2c Ensure render_to_string leaves the context instance stack in the state it was originally passed in.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15591 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-20 04:55:11 +00:00
Gabriel Hurley
8ee9a4627e Fixed #15341 -- Clarified where translation problems should be reported in the contributing docs. Thanks to bpeschier for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15590 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 23:59:59 +00:00
Gabriel Hurley
1d4640a58f Fixed #15351 -- Corrected a missing word in the template reference docs. Thanks to issackelly for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15589 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 22:28:39 +00:00
Russell Keith-Magee
1abf126e61 Fixed #9161 -- Ensure that ModelMultipleChoiceField respects to_field_name in validation. Thanks to Honza for the report, and Gregor Müllegger for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15587 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 14:45:54 +00:00
Russell Keith-Magee
75a1aaa1f9 Fixed #11513 -- Ensure that the redirect at the end of an object change won't redirect to a page for which the user doesn't have permission. Thanks to rlaager for the report and draft patch, and to Julien Phalip for the final patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15584 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 14:05:07 +00:00
Russell Keith-Magee
fe3c9ad551 Fixed #14355 -- Ensure that help_text is displayed for readonly fields in the admin. Thanks to jester for the report, and to alexbmeng, subsume, wamberg and Julien Phalip for ther work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15582 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 12:55:09 +00:00
Russell Keith-Magee
791ecb4be4 Fixed #13126 -- Ensured that individual form errors are displayed when errors occur on a list-editable changelist. Thanks to slafs for the report, and to Julien Phalip for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15580 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 11:48:42 +00:00
Russell Keith-Magee
de161fbf21 Fixed #12893 -- Added tests to validate that the right queryset is always used in model admins. Thanks to mk and Julien Phalip for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15578 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 08:37:46 +00:00
Russell Keith-Magee
b3c7e399a4 Fixed #15291 -- Corrected alignment issue when actions are disabled in a ModelAdmin. Thanks to Julien Phalip for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15573 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 08:10:57 +00:00
Russell Keith-Magee
d3cc5dbb32 Fixed #15290 -- Fixed a CSS styling issue with borders when the link item in a changelist isn't the first item in the list_display. Thanks to Julien Phalip for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15572 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 08:10:37 +00:00
Russell Keith-Magee
563a164c05 Fixed #15336 -- Silenced a warning about the DATABASES transition when a database backend isn't specified. Thanks to Ivan Sagalaev for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15571 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 08:10:19 +00:00
Russell Keith-Magee
c63bc87a98 Fixed #15292 -- Removed redundant code in admin list template tag. Thanks to Julien Phalip for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15570 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 08:10:01 +00:00
Russell Keith-Magee
127725c560 Fixed #15322 -- Removed a redundant check in admin logins. Thanks to melinath for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15569 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 08:09:40 +00:00
Russell Keith-Magee
670f4d9628 Fixed #15327 -- Modified the Oracle test database signature method to allow for the case where TEST_USER is unspecified. Thanks to depaolim for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15568 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 07:41:17 +00:00
Russell Keith-Magee
34662e7a30 Fixed #15324 -- Modified the connection creation code for the memcache cache backend. Thanks to dlowe for the report and initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15567 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 07:40:09 +00:00
Gabriel Hurley
f58dd619b8 Fixed #15347 -- Corrected a typo in the l10n docs. Thanks to RaceCondition for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15565 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-18 22:42:37 +00:00
Gabriel Hurley
eb80803454 Fixed #15342 -- Passed *args through to the parent class' dispatch method in the CBV example. Thanks to jnns for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15564 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-18 13:40:53 +00:00
Gabriel Hurley
e06dfda918 Fixed #15328 -- Corrected an example in the CBV docs and added a note about the parameters passed by method_deorator to the method on the class. Thanks to airstrike for the report and lrekucki for the correction.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15563 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-18 06:50:13 +00:00
Gabriel Hurley
fe1110018a Fixed #15335 -- Improved Sphinx crossref targets and metadata for the sites and flatpages reference docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15562 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-18 00:58:34 +00:00
Gabriel Hurley
f81d5d6854 Fixed #15233 -- Corrected a duplicate module directive that raised a warning on newer versions of Sphinx. Thanks to Aryeh Leib Taurog for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15561 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-17 21:08:45 +00:00
Carl Meyer
969217d455 Fixed #15260 -- Ensured that CACHE_MIDDLEWARE_ANONYMOUS_ONLY is effective with the cache_page decorator, not only the middleware. Thanks to brodie for report and draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15559 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-17 04:35:26 +00:00
Carl Meyer
ed7a30782b Reduced code duplication in cache middleware tests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15557 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-17 03:50:55 +00:00
Gabriel Hurley
5edb61438e Fixed #15310 -- Corrected a view path in the static files how to docs. Thanks to Bradley Ayers for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15556 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-17 02:11:44 +00:00
Ramiro Morales
8c3416f468 Changed strategy used to force evaluation of django.utils.translation in tests added in r15508 and r15513 to not use reload(). Thanks Alex for reporting it caused problems.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15554 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-16 22:30:44 +00:00
Alex Gaynor
9ebc9108de Fix the test isolation from [15552].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15553 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-16 15:44:13 +00:00
Jannis Leidel
ada08cd6d8 Fixed #15314 -- Added tests for the static URL pattern function added in r15530 and made sure the **kwargs are passed to the view correctly. Thanks for the report and initial patch, Bruno Renié.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15552 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-16 12:50:57 +00:00