1
0
mirror of https://github.com/django/django.git synced 2024-12-29 12:36:08 +00:00
Commit Graph

34 Commits

Author SHA1 Message Date
Shai Berger
17d3a6d804 Fixed catastrophic backtracking in URLValidator.
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Tim Graham
014247ad19 Prevented newlines from being accepted in some validators.
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
2015-07-08 15:23:03 -04:00
Carl Meyer
df049ed77a Fixed #19324 -- Avoided creating a session record when loading the session.
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Tim Graham
125eaa19b2 Added security release note stubs. 2015-07-08 15:23:03 -04:00
Chris Bainbridge
e5cfa394d7 Refs #23882 -- Added detection for moved files when using inotify polling
Commit 15f82c7 ("used pyinotify as change detection system when
available") introduced a regression where editing a file in vim with
default settings (writebackup=auto) no longer causes the dev server
to be restarted. On a write, vim moves the monitored file to a backup
path and then creates a new file in the original. The new file is not
monitored as it has a different inode. Fixed this by also watching for
inotify events IN_DELETE_SELF and IN_MOVE_SELF.
2015-07-07 12:23:04 -04:00
Alexey Sveshnikov
bc98bc56a5 Fixed #25059 -- Allowed Punycode TLDs in URLValidator 2015-07-06 15:08:43 -04:00
Noam
e291fc4757 Fixed #25031 -- Fixed a regression in the unordered_list template filter. 2015-06-27 09:37:41 -04:00
Jason Hoos
a50b66da30 Fixed #24958 -- Fixed inline forms using UUID-PK parents with auto-PK children. 2015-06-26 09:09:09 -04:00
薛丞宏
d3e12c9017 Fixed #25016 -- Reallowed non-ASCII values for ForeignKey.related_name on Python 3. 2015-06-26 08:30:05 -04:00
Tim Graham
aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap.
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Markus Holtermann
d3d66d4722 Fixed #24940 -- Made model managers hashable
Thanks Federico Jaramillo Martínez for the report and Tim Graham for the
test and review.
2015-06-19 19:02:01 +02:00
Andriy Sokolovskiy
cf6ce279c7 Fixed #24948 -- Fixed crash when uploading bitmap images in forms.ImageField 2015-06-16 14:37:58 -04:00
Adam Brenecki
65296b3be3 Fixed #24972 -- Fixed removing unique_together indexes on MySQL. 2015-06-15 17:28:13 -04:00
Brian King
bfb5b7150f Fixed #24912 -- Fixed prefetch_related failure for UUIDField primary keys
This resolves a problem on databases besides PostgreSQL when using
prefetch_related with a source model that uses a UUID primary key.
2015-06-15 09:37:38 -04:00
Rivo Laks
a0047c6242 Fixed #24769 -- Cast optparse verbosity argument to an integer for better backwards compatibility.
Using `BaseCommand.options_list` makes Django use the legacy optparse
parser, which does not set the verbosity attribute correctly. Now the
verbosity argument is always cast to int. Regression in 8568638 (#19973).

Initial report and patch from blueyed.
2015-06-09 19:03:23 -04:00
Tim Graham
90c59db7a3 Forwardported release notes for refs #24903. 2015-06-09 17:57:21 -04:00
Andriy Sokolovskiy
08232ef84d Fixed #24744 - Fixed relabeled_clone for the Transform 2015-06-06 09:04:53 -04:00
Mark Lavin
541f4ea546 Fixed #24924 -- Join promotion for multiple Case expressions 2015-06-05 12:22:43 -04:00
Andriy Sokolovskiy
286d0e6ab1 Refs #24833 -- Forwardported some of "Fixed Case expressions with exclude()."
Partial forwardport of 469f1e362b from stable/1.8.x
as the issue was already fixed in master.
2015-06-05 11:21:31 -04:00
Carl Meyer
492537ac18 Fixed #24628 -- Fixed applied status for squashed migrations. 2015-06-02 16:15:13 -06:00
Carl Meyer
84522c0d16 Fixed #24895 -- Fixed loading a pair of squashed migrations with a dependency. 2015-06-02 12:07:54 -06:00
zauddelig
262d4db8c4 Fixed #24897 -- Allowed using choices longer than 1 day with DurationField 2015-06-02 12:39:34 -04:00
Andriy Sokolovskiy
2913d6b77d Fixed #24831 -- Fixed pickling queryset with prefetch_related() after deleting objects. 2015-06-02 09:54:53 -04:00
Tim Graham
e1e6399c2c Fixed #24893 -- Fixed lack of unique constraint when changing a field from primary_key=True to unique=True 2015-06-02 09:25:47 -04:00
Tim Graham
5ab8680983 Fixed #24892 -- Fixed quoting of SQL when renaming a field to AutoField in PostgreSQL 2015-06-02 09:13:55 -04:00
Tim Graham
ad0f0daf8c Fixed #24851 -- Fixed crash with reverse one-to-one relation in ModelAdmin.list_display
Forwardport of 2456276b02 from stable/1.8.x
2015-05-28 10:52:50 -04:00
Andriy Sokolovskiy
80ad5472ce Fixed #24817 -- Prevented loss of null info in MySQL field renaming. 2015-05-28 10:07:52 -04:00
Paweł Marczewski
300e8baf94 Fixed #24847 -- Prevented items set on a RequestContext from being lost. 2015-05-27 10:04:57 -04:00
Tim Graham
70be31bba7 Fixed #24836 -- Made force_text() resolve lazy objects. 2015-05-27 09:48:53 -04:00
Tim Graham
f4cb350c79 Added release notes for refs #24844. 2015-05-25 21:03:41 -04:00
Paweł Marczewski
801a84ae32 Fixed #24835 -- Fixed QuerySet.exists() after an annotation with Count()
QuerySet.exists() incorrectly handled query.group_by = True
case (grouping by all select fields), causing GROUP BY
expressions to be wiped along with select fields.
2015-05-25 20:46:20 -04:00
Marten Kenbeek
d73176a842 Fixed #24848 -- Fixed ValueError for faulty migrations module.
Added apps to unmigrated apps if the migrations module is a file
or a folder missing __init__.py.

Thanks to Ernest0x for the bug report.
2015-05-25 13:47:50 -04:00
Villiers Strauss
614bec41b5 Fixed #24841 -- Made BaseRangeField.prepare_value() call base_field's prepare_value() 2015-05-25 12:06:55 -04:00
Tim Graham
7b8008a078 Added stub release notes for 1.8.3. 2015-05-20 14:17:59 -04:00