1
0
mirror of https://github.com/django/django.git synced 2024-12-24 10:05:46 +00:00
Commit Graph

8977 Commits

Author SHA1 Message Date
Luke Plant
45c7f427ce Fixed #14445 - Use HMAC and constant-time comparison functions where needed.
All adhoc MAC applications have been updated to use HMAC, using SHA1 to
generate unique keys for each application based on the SECRET_KEY, which is
common practice for this situation. In all cases, backwards compatibility
with existing hashes has been maintained, aiming to phase this out as per
the normal deprecation process. In this way, under most normal
circumstances the old hashes will have expired (e.g. by session expiration
etc.) before they become invalid.

In the case of the messages framework and the cookie backend, which was
already using HMAC, there is the possibility of a backwards incompatibility
if the SECRET_KEY is shorter than the default 50 bytes, but the low
likelihood and low impact meant compatibility code was not worth it.

All known instances where tokens/hashes were compared using simple string
equality, which could potentially open timing based attacks, have also been
fixed using a constant-time comparison function.

There are no known practical attacks against the existing implementations,
so these security improvements will not be backported.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14218 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 20:54:30 +00:00
Jannis Leidel
36f2f7ee7c Fixed #14301 -- Handle email validation gracefully with email addresses containing non-ASCII characters. Thanks, Andi Albrecht.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14216 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 18:37:05 +00:00
Gabriel Hurley
767cf955d2 Fixed #5327 -- Added standardized field information to ModelChoiceField and ModelMultipleChoiceField documentation. Thanks to danielrubio for the report and PhiR for the text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14214 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 10:03:08 +00:00
Alex Gaynor
8d364763ed Fixed #14456 -- converted inline_formsets tests from doctests to unittests. We have always been at war with doctests. Thanks to prestontimmons for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14212 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 01:40:20 +00:00
Alex Gaynor
1ac4c101ae Fixed #14459 -- converted many_to_one_regress tests from doctests to unittests. We have always been at war with doctests. Patch from Gabriel Hurley.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14210 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 01:24:34 +00:00
Luke Plant
5bf73dd909 Fixed reference to removed function root() in AdminSite docstring.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14209 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 01:24:20 +00:00
Alex Gaynor
52efbf9715 Fixed #14460 -- converted managers_regress tests from doctests to unittests. We have always been at war with doctests. Patch from Gabriel Hurley.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14207 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 01:17:14 +00:00
Alex Gaynor
2bbea7555b Fixed #14458 -- converted m2m_regress tests from doctests to unittests. We have always been at war with doctests. Thanks to Gabriel Hurley for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14205 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 01:10:57 +00:00
Ramiro Morales
08d14925c9 Fixed #12192 -- Don't execute any DB query when the QS slicing being performed
will result in use of LIMIT 0. Thanks Suor for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14204 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-13 23:36:16 +00:00
Russell Keith-Magee
5f5a61e780 Added a skeleton for 'little features' in the 1.3 release notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14203 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-13 12:07:27 +00:00
Gabriel Hurley
3321171952 Correcting a typo and a copy/paste problem in the RequestFactory docs from [14192].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14202 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-13 11:29:18 +00:00
Chris Beaven
b37327caae Fix a typo in my bio
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-13 06:59:45 +00:00
Honza Král
00a685178a Fixed #14119 -- fields_for_model no longer returns all fields when fields parameter is the empty tuple. Thanks alexdutton!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14199 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-13 04:46:33 +00:00
Honza Král
52716ddd1b Fixed #12304 -- regression tests to make sure the validation messages for unique violations are sane, Thanks ramiro!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14198 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-13 04:36:51 +00:00
Honza Král
b7ed25a0f3 Fixed #14017 -- wrong comment on log_deletion method of ModelAdmin
Also added a transaction around the deletion view to preserve DB state (and rollback the creation of LogEntry object in case the deletion fails)

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14197 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-13 04:16:31 +00:00
Justin Bronn
2c3b710d0a Fixed #13830 -- Updated province name in Indonesian localflavor. Thanks, rodin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14195 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-13 01:23:07 +00:00
Honza Král
67f9663f52 Fixed #13811 -- Changed unique validation in model formsets to ignore None values, not just omit them
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14193 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-13 00:30:02 +00:00
Russell Keith-Magee
98dd10e62d Clarified the text and example describing the RequestFactory. Thanks to Alex for the feedback.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 23:55:38 +00:00
Russell Keith-Magee
eec45e8b71 Fixed #9002 -- Added a RequestFactory. This allows you to create request instances so you can unit test views as standalone functions. Thanks to Simon Willison for the suggestion and snippet on which this patch was originally based.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14191 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 23:37:47 +00:00
Justin Bronn
120aae2209 Enabled area calculations for geography columns.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14189 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 17:13:27 +00:00
Russell Keith-Magee
c7384af061 Modified the test_client tests to use the non-deprecated mail API.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14187 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 14:06:11 +00:00
Russell Keith-Magee
65dc518673 Refs #12991 -- Added release note about deprecation of DjangoTestRunner.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14186 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 07:53:37 +00:00
Russell Keith-Magee
03f00bcd42 Fixed #14447 -- Modified the auth and sitemaps tests to remove some assumptions about the environment in which the tests are run. Thanks to Gabriel Hurley for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14184 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 07:15:47 +00:00
Alex Gaynor
5506653b77 Fixed #5416 -- Added TestCase.assertNumQueries, which tests that a given function executes the correct number of queries.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14183 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 03:33:19 +00:00
Alex Gaynor
ceef628c19 Converted model_inheritance_select_related tests from doctests to unittests. We have always been at war with doctests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14181 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 02:09:13 +00:00
Alex Gaynor
977d588dc2 Converted initial_sql_regress tests from doctests (sort of...) to unittests. We have always been at war with doctests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14179 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 01:59:28 +00:00
Alex Gaynor
2d03070786 Converted get_or_create_regress tests from doctests to unittests. We have always been at war with doctests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14177 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 01:54:19 +00:00
Honza Král
9235d24d3f Added myself to committers
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14176 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 01:48:21 +00:00
Chris Beaven
e509c1527a Fixed #14425 -- Unused imports in contrib.admin. Thanks robhudson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14175 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 01:03:53 +00:00
Russell Keith-Magee
9079ecf4d6 Tweak to many_to_one_null doctest to avoid primary key assumptions (causing breakage on PostgreSQL).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14168 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 00:56:40 +00:00
Russell Keith-Magee
77ec3ce0c4 Migrated one_to_one doctests. Thanks to George Sakkis for the patch. (We have always been at war with doctests)
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14167 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 00:56:19 +00:00
Russell Keith-Magee
0ef3e86eef Migrated many_to_one_null doctests. Thanks to George Sakkis for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14166 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 00:55:55 +00:00
Russell Keith-Magee
c830dbe39f Migrated properties doctests. Thanks to George Sakkis for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14165 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 00:55:31 +00:00
Russell Keith-Magee
cdfbe79674 Migrated the mutually_referential doctests. Thanks to George Sakkis for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14164 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 00:55:05 +00:00
Russell Keith-Magee
539af4deec Migrated m2o_recursive and m2o_recursive2 tests, merging them into a single package. Thanks to George Sakkis for the patches.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14163 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-12 00:14:49 +00:00
Alex Gaynor
fbc1fca834 Fixed a reference in the docs to a non-existant PasswordField.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14162 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 23:57:03 +00:00
Luke Plant
3e0505459b Moved the good stuff to the top in releases/1.3.txt
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14161 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 23:50:59 +00:00
Jannis Leidel
6ddfe26932 Fixed #14349 -- Added Belgium localflavor. Thanks for the report and patch, Laurent Luce.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14160 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 23:35:23 +00:00
Jannis Leidel
d739737015 Fixed #13494 -- Correctly concat an email subject prefix with a translation string. Thanks, hcarvalhoalves and Andi Albrecht.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14157 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 22:27:45 +00:00
Gabriel Hurley
2ed554bd92 Fixed #14227 -- Added information about the "easy-pickings" keyword to the contributing docs. Thanks to Russ for the report and cmheisel for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14154 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 21:57:25 +00:00
Alex Gaynor
103a201449 Fixed #14444 -- Convert the pagination doctests to unittests. We have always been at war with doctests. Thanks to Gabriel Hurley for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14152 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 20:38:12 +00:00
Gabriel Hurley
dd22150b5f Fixed the same set of typos as were corrected in [14149], this time in the release notes. Thanks to Paul McMillan for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14151 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 20:34:16 +00:00
Justin Bronn
c4cbbb25a2 Updated version of PostGIS in GeoDjango install docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14150 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 19:48:15 +00:00
Gabriel Hurley
f85f79eb4a Fixed a few typos in the unittest2 docs introduced in [14139].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14149 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 19:19:01 +00:00
Alex Gaynor
39595a9e0e Converted ordering tests from doctests to unittests. We have always been at war with doctests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14147 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 18:17:37 +00:00
Alex Gaynor
3879c59074 Converted save_delete_hooks tests from doctests to unittests. We have always been at war with doctests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14145 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 17:41:44 +00:00
Jacob Kaplan-Moss
e01bce1bfb Fixed #14440 - Converted mail doctests to unittests.
Thanks to Rob Hudson for the patch and also to andialbrecht who filed a
similar patch that I didn't use.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14143 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 15:11:55 +00:00
Luke Plant
e0ec458360 Fixed #14433 - replaced a thread-unsafe solution to #10235 introduced in [13980]
This patch also addresses sitemap code found in contrib/gis, which [13980]
did not.

Thanks to gabrielhurley for the initial patch.

Refs #10235, #14386

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14141 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 14:34:42 +00:00
Russell Keith-Magee
5e319f5194 Refs #12991 -- Added extra docs for the unittest2 changes made in r14139.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14140 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 13:18:00 +00:00
Russell Keith-Magee
121d2e3678 Fixed #12991 -- Added unittest2 support. Thanks to PaulM for the draft patch, and to Luke, Karen, Justin, Alex, Łukasz Rekucki, and Chuck Harmston for their help testing and reviewing the final patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14139 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 12:55:17 +00:00