Tim Graham 
							
						 
					 
					
						
						
							
						
						5ca045cd25 
					 
					
						
						
							
							Moved createsuperuser test app into auth_tests.  
						
						
						
						
					 
					
						2016-03-08 13:06:58 -05:00 
						 
				 
			
				
					
						
							
							
								Przemysław Suliga 
							
						 
					 
					
						
						
							
						
						96ec67a7cf 
					 
					
						
						
							
							Fixed   #26332  -- Fixed a race condition in BaseCache.get_or_set().  
						
						
						
						
					 
					
						2016-03-08 11:44:37 -05:00 
						 
				 
			
				
					
						
							
							
								Bas Westerbaan 
							
						 
					 
					
						
						
							
						
						b4250ea04a 
					 
					
						
						
							
							Fixed   #26033  -- Added Argon2 password hasher.  
						
						
						
						
					 
					
						2016-03-08 11:22:18 -05:00 
						 
				 
			
				
					
						
							
							
								harikrishnakanchi 
							
						 
					 
					
						
						
							
						
						74670498e9 
					 
					
						
						
							
							Fixed   #25971  -- Made BrokenLinkEmailsMiddleware ignore APPEND_SLASH redirects.  
						
						... 
						
						
						
						If APPEND_SLASH=True and the referer is the URL without a trailing '/', then
BrokenLinkEmailsMiddleware shouldn't send an email. 
						
						
					 
					
						2016-03-08 09:21:42 -05:00 
						 
				 
			
				
					
						
							
							
								Krzysztof Urbaniak 
							
						 
					 
					
						
						
							
						
						839a955d08 
					 
					
						
						
							
							Fixed   #25933  -- Allowed an unprefixed default language in i18n_patterns().  
						
						
						
						
					 
					
						2016-03-08 08:14:10 -05:00 
						 
				 
			
				
					
						
							
							
								John-Mark Bell 
							
						 
					 
					
						
						
							
						
						4b129ac81f 
					 
					
						
						
							
							Fixed   #26325  -- Made MultiPartParser ignore filenames that normalize to an empty string.  
						
						
						
						
					 
					
						2016-03-07 13:19:39 -05:00 
						 
				 
			
				
					
						
							
							
								George Marshall 
							
						 
					 
					
						
						
							
						
						75614f6d4c 
					 
					
						
						
							
							Fixed   #26331  -- Fixed test function names with typos  
						
						
						
						
					 
					
						2016-03-07 11:58:21 +01:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						95ca01f999 
					 
					
						
						
							
							Fixed   #26271  -- Fixed i18n_patterns resolution when no language is active  
						
						... 
						
						
						
						Thanks Marten Kenbeek for the report. 
						
						
					 
					
						2016-03-07 11:48:11 +01:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						4115288b4f 
					 
					
						
						
							
							Fixed   #26315  -- Allowed call_command() to accept a Command object as the first argument.  
						
						
						
						
					 
					
						2016-03-05 13:05:10 -05:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						8d3fcfa39e 
					 
					
						
						
							
							Cleaned up tests to use call_command() instead of Command.execute().  
						
						
						
						
					 
					
						2016-03-05 12:59:30 -05:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						552f03869e 
					 
					
						
						
							
							Added safety to URL decoding in is_safe_url() on Python 2  
						
						... 
						
						
						
						The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218ada7a4aef 
						
						
					 
					
						2016-03-04 23:33:35 +01:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						ada7a4aefb 
					 
					
						
						
							
							Fixed   #26308  -- Prevented crash with binary URLs in is_safe_url()  
						
						... 
						
						
						
						This fixes a regression introduced by c5544d2892 
						
						
					 
					
						2016-03-04 21:14:14 +01:00 
						 
				 
			
				
					
						
							
							
								Moritz Sichert 
							
						 
					 
					
						
						
							
						
						87994b40b3 
					 
					
						
						
							
							Refs  #25653  -- Corrected help text for runtests.py --selenium option.  
						
						
						
						
					 
					
						2016-03-03 18:21:07 -05:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						4e2da368db 
					 
					
						
						
							
							Cleaned up TestStaticFilePermissions to use call_command().  
						
						
						
						
					 
					
						2016-03-03 21:58:23 +01:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						d0451e4cad 
					 
					
						
						
							
							Fixed   #26295  -- Allowed using i18n_patterns() in any root URLconf.  
						
						... 
						
						
						
						Thanks Tim for the review. 
						
						
					 
					
						2016-03-03 12:08:49 -05:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						c92123cc1d 
					 
					
						
						
							
							Fixed   #26226  -- Made related managers honor the queryset used for prefetching their results.  
						
						... 
						
						
						
						Thanks Loïc for the suggested improvements and Tim for the review. 
						
						
					 
					
						2016-03-02 16:10:18 -05:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						5d240b070d 
					 
					
						
						
							
							Refs  #17001  -- Added a test for custom prefetch related queryset on generic relations.  
						
						
						
						
					 
					
						2016-03-02 16:08:37 -05:00 
						 
				 
			
				
					
						
							
							
								Marc Tamlyn 
							
						 
					 
					
						
						
							
						
						8ddc79a799 
					 
					
						
						
							
							Fixed   #26285  -- Deprecated the MySQL-specific __search lookup.  
						
						
						
						
					 
					
						2016-03-02 14:41:56 -05:00 
						 
				 
			
				
					
						
							
							
								acrefoot 
							
						 
					 
					
						
						
							
						
						04240b2365 
					 
					
						
						
							
							Refs  #19527  -- Allowed QuerySet.bulk_create() to set the primary key of its objects.  
						
						... 
						
						
						
						PostgreSQL support only.
Thanks Vladislav Manchev and alesasnouski for working on the patch. 
						
						
					 
					
						2016-03-02 14:29:09 -05:00 
						 
				 
			
				
					
						
							
							
								Matthew Schinckel 
							
						 
					 
					
						
						
							
						
						60633ef3de 
					 
					
						
						
							
							Fixed   #26304  -- Ignored unmanaged through model in table introspection.  
						
						
						
						
					 
					
						2016-03-02 13:54:27 -05:00 
						 
				 
			
				
					
						
							
							
								Alasdair Nicol 
							
						 
					 
					
						
						
							
						
						8c42cf0cbd 
					 
					
						
						
							
							Fixed   #26303  -- Updated links to mod_wsgi docs.  
						
						
						
						
					 
					
						2016-03-01 19:22:32 -05:00 
						 
				 
			
				
					
						
							
							
								Florian Apolloner 
							
						 
					 
					
						
						
							
						
						67b46ba701 
					 
					
						
						
							
							Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.  
						
						... 
						
						
						
						This is a security fix. 
						
						
					 
					
						2016-03-01 11:25:28 -05:00 
						 
				 
			
				
					
						
							
							
								Mark Striemer 
							
						 
					 
					
						
						
							
						
						c5544d2892 
					 
					
						
						
							
							Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.  
						
						... 
						
						
						
						This is a security fix. 
						
						
					 
					
						2016-03-01 11:25:28 -05:00 
						 
				 
			
				
					
						
							
							
								Alasdair Nicol 
							
						 
					 
					
						
						
							
						
						65bd053f11 
					 
					
						
						
							
							Fixed   #26229  -- Improved check for model admin check admin.E124  
						
						... 
						
						
						
						Refs #22792  
						
						
					 
					
						2016-03-01 08:20:14 -05:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						0223e213dd 
					 
					
						
						
							
							Fixed   #26186  -- Documented how app relative relationships of abstract models behave.  
						
						... 
						
						
						
						This partially reverts commit bc7d201bdb#25858 . 
						
						
					 
					
						2016-02-29 22:07:05 -05:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						eac1423f9e 
					 
					
						
						
							
							Removed obsolete test CreatesuperuserManagementCommandTestCase.test_nolocale.  
						
						... 
						
						
						
						Test was added in 4c934f3921 
						
						
					 
					
						2016-02-29 08:46:37 -05:00 
						 
				 
			
				
					
						
							
							
								chenesan 
							
						 
					 
					
						
						
							
						
						b84f5ab4ec 
					 
					
						
						
							
							Fixed   #26230  -- Made default_related_name affect related_query_name.  
						
						
						
						
					 
					
						2016-02-27 08:48:32 -05:00 
						 
				 
			
				
					
						
							
							
								Attila Tovt 
							
						 
					 
					
						
						
							
						
						5e2c4d7afb 
					 
					
						
						
							
							Fixed   #26264  -- Fixed prefetch_related() crashes with values_list(flat=True)  
						
						
						
						
					 
					
						2016-02-26 19:26:15 -05:00 
						 
				 
			
				
					
						
							
							
								Tore Lundqvist 
							
						 
					 
					
						
						
							
						
						3389c5ea22 
					 
					
						
						
							
							Fixed   #21608  -- Prevented logged out sessions being resurrected by concurrent requests.  
						
						... 
						
						
						
						Thanks Simon Charette for the review. 
						
						
					 
					
						2016-02-26 18:56:56 -05:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						3938b3ccaa 
					 
					
						
						
							
							Fixed   #26286  -- Prevented content type managers from sharing their cache.  
						
						... 
						
						
						
						This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.
Thanks Tim for the review.
Refs #23822 . 
						
						
					 
					
						2016-02-26 16:18:16 -05:00 
						 
				 
			
				
					
						
							
							
								Adam Chainz 
							
						 
					 
					
						
						
							
						
						ef33bc2d4d 
					 
					
						
						
							
							Fixed   #25279  -- Made prefetch_related_objects() public.  
						
						
						
						
					 
					
						2016-02-26 14:55:01 -05:00 
						 
				 
			
				
					
						
							
							
								Yoong Kang Lim 
							
						 
					 
					
						
						
							
						
						d5f89ff6e8 
					 
					
						
						
							
							Fixed   #24974  -- Fixed inheritance of formfield_callback for modelform_factory forms.  
						
						
						
						
					 
					
						2016-02-26 12:27:27 -05:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						766afc22a1 
					 
					
						
						
							
							Fixed   #24793  -- Unified temporal difference support.  
						
						
						
						
					 
					
						2016-02-26 12:25:12 -05:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						31098e3288 
					 
					
						
						
							
							Used setUpTestData for the timedelta expression tests.  
						
						
						
						
					 
					
						2016-02-26 12:25:12 -05:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						62ea86448e 
					 
					
						
						
							
							Cleaned up session backends tests.  
						
						... 
						
						
						
						Made SessionTestsMixin backend agnostic and removed code obsoleted by the test
discovery refactor. 
						
						
					 
					
						2016-02-26 11:22:33 -05:00 
						 
				 
			
				
					
						
							
							
								Ivan Tsouvarev 
							
						 
					 
					
						
						
							
						
						8890c533e0 
					 
					
						
						
							
							Fixed   #26280  -- Fixed cached template loader crash when loading nonexistent template.  
						
						
						
						
					 
					
						2016-02-26 08:02:10 -05:00 
						 
				 
			
				
					
						
							
							
								Edwar Baron 
							
						 
					 
					
						
						
							
						
						eb44172760 
					 
					
						
						
							
							Fixed   #25811  -- Added a helpful error when making _in queries across different databases.  
						
						
						
						
					 
					
						2016-02-26 07:31:56 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						7fec264e46 
					 
					
						
						
							
							Removed try/fail antipattern from model_options tests.  
						
						
						
						
					 
					
						2016-02-25 20:04:51 -05:00 
						 
				 
			
				
					
						
							
							
								Nick Malakhov 
							
						 
					 
					
						
						
							
						
						ee69789f45 
					 
					
						
						
							
							Fixed   #26269  -- Prohibited spaces in is_valid_ipv6_address().  
						
						
						
						
					 
					
						2016-02-25 18:52:50 -05:00 
						 
				 
			
				
					
						
							
							
								Scott Sexton 
							
						 
					 
					
						
						
							
						
						fc584f0685 
					 
					
						
						
							
							Fixed   #26117  -- Consulted database routers in initial migration detection.  
						
						... 
						
						
						
						Thanks Simon Charette for help. 
						
						
					 
					
						2016-02-25 09:56:00 -05:00 
						 
				 
			
				
					
						
							
							
								Olivier Le Thanh Duong 
							
						 
					 
					
						
						
							
						
						10781b4c6f 
					 
					
						
						
							
							Fixed   #12233  -- Allowed redirecting authenticated users away from the login view.  
						
						... 
						
						
						
						contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.
Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review. 
						
						
					 
					
						2016-02-25 07:18:33 -05:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						4c18a8a378 
					 
					
						
						
							
							Fixed   #14098  -- Prevented crash for introspection errors in inspectdb  
						
						... 
						
						
						
						Thanks Tim Graham for the review. 
						
						
					 
					
						2016-02-25 08:43:56 +01:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						8ad7b8118c 
					 
					
						
						
							
							Used addCleanup() to call recorder.flush() in migration loader tests.  
						
						
						
						
					 
					
						2016-02-24 11:22:09 -05:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						c5517b9e74 
					 
					
						
						
							
							Fixed   #26266  -- Output the primary key in the GeoJSON serializer properties  
						
						... 
						
						
						
						Thanks Tim Graham for the review. 
						
						
					 
					
						2016-02-24 16:10:46 +01:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						b412681359 
					 
					
						
						
							
							Fixed   #26267  -- Fixed BoundField to reallow slices of subwidgets.  
						
						
						
						
					 
					
						2016-02-24 07:02:51 -05:00 
						 
				 
			
				
					
						
							
							
								James Aylett 
							
						 
					 
					
						
						
							
						
						1ff6e37de4 
					 
					
						
						
							
							Fixed   #23832  -- Added timezone aware Storage API.  
						
						... 
						
						
						
						New Storage.get_{accessed,created,modified}_time() methods convert the
naive time from now-deprecated {accessed,created_modified}_time()
methods into aware objects in UTC if USE_TZ=True. 
						
						
					 
					
						2016-02-23 18:51:43 -05:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						eda306f1ce 
					 
					
						
						
							
							Fixed   #26232  -- Fixed Popen mocking environment in i18n tests  
						
						... 
						
						
						
						Refs #25925 . Thanks Jeroen Pulles for the report. 
						
						
					 
					
						2016-02-23 20:06:18 +01:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						c30086159d 
					 
					
						
						
							
							Used setupTestData in prefetch_related tests.  
						
						
						
						
					 
					
						2016-02-23 13:53:58 -05:00 
						 
				 
			
				
					
						
							
							
								Aymeric Augustin 
							
						 
					 
					
						
						
							
						
						7f6fbc906a 
					 
					
						
						
							
							Prevented static file corruption when URL fragment contains '..'.  
						
						... 
						
						
						
						When running collectstatic with a hashing static file storage backend,
URLs referencing other files were normalized with posixpath.normpath.
This could corrupt URLs: for example 'a.css#b/../c' became just 'c'.
Normalization seems to be an artifact of the historical implementation.
It contained a home-grown implementation of posixpath.join which relied
on counting occurrences of .. and /, so multiple / had to be collapsed.
The new implementation introduced in the previous commit doesn't suffer
from this issue. So it seems safe to remove the normalization.
There was a test for this normalization behavior but I don't think it's
a good test. Django shouldn't modify CSS that way. If a developer has
rendundant /s, it's mostly an aesthetic issue and it isn't Django's job
to fix it. Conversely, if the user wants a series of /s, perhaps in the
URL fragment, Django shouldn't destroy it.
Refs #26249 . 
						
						
					 
					
						2016-02-23 19:35:16 +01:00 
						 
				 
			
				
					
						
							
							
								Aymeric Augustin 
							
						 
					 
					
						
						
							
						
						706b33fef8 
					 
					
						
						
							
							Fixed   #26249  -- Fixed collectstatic crash for files in STATIC_ROOT referenced by absolute URL.  
						
						... 
						
						
						
						collectstatic crashed when:
* a hashing static file storage backend was used
* a static file referenced another static file located directly in
  STATIC_ROOT (not a subdirectory) with an absolute URL (which must
  start with STATIC_URL, which cannot be empty)
It seems to me that the current code reimplements relative path joining
and doesn't handle edge cases correctly. I suspect it assumes that
STATIC_URL is of the form r'/[^/]+/'.
Throwing out that code in favor of the posixpath module makes the logic
easier to follow. Handling absolute paths correctly also becomes easier. 
						
						
					 
					
						2016-02-23 19:34:21 +01:00