Commit Graph

783 Commits

Author SHA1 Message Date
Paolo Melchiorre 3b0293370a Fixed typo in docs/releases/1.4.9.txt. 2013-10-25 07:55:05 -04:00
SusanTan 4e0a2fe59c Fixed #21271 -- Added timeout parameter to SMTP EmailBackend.
Thanks Tobias McNulty and Tim Graham for discussions and code review.
Thanks Andre Cruz the suggestion and initial patch.
2013-10-24 20:38:00 -04:00
Vajrasky Kok 9eecb91695 Fixed #21219 -- Added a way to set different permission for static files.
Previously, when collecting static files, the files would receive permission
from FILE_UPLOAD_PERMISSIONS. Now, there's an option to give different
permission from uploaded files permission by subclassing any of the static
files storage classes and setting the file_permissions_mode parameter.

Thanks dblack at atlassian.com for the suggestion.
2013-10-24 17:40:01 -04:00
Curtis Maloney 8688f03eef Fixed #20945 -- Allowed cache tag to use a specific cache. 2013-10-23 19:27:08 -04:00
Tim Graham 4ce5c119b5 Bumped release date for 1.5.5 & 1.4.9. 2013-10-23 18:28:41 -04:00
Collin Anderson d72059c2ae typo on 1.7 release notes 2013-10-23 10:56:13 -04:00
Tim Graham 2eb8f15516 Added 1.5.5 and 1.4.9 release notes 2013-10-22 17:41:10 -04:00
Florian Hahn 5240b83462 Fixed #17027 -- Added support for the power operator in F expressions.
Thanks dan at dlo.me for the initial patch.

- Added __pow__ and __rpow__ to ExpressionNode
- Added oracle and mysql specific power expressions
- Added used-defined power function for sqlite
2013-10-22 10:29:57 -04:00
Bouke Haarsma 0d0f4f020a Fixed #5789 -- Changed LocaleMiddleware session variable to '_language'.
The old 'django_language' variable will still be read from in order
to migrate users. The backwards-compatability shim will be removed in
Django 1.8.

Thanks to jdunck for the report and stugots for the initial patch.
2013-10-22 09:24:42 -04:00
Tim Graham 28b70425af Added docs for the hasher's iteration count changes. 2013-10-21 20:32:02 +02:00
Tim Graham 651bb73ab3 Fixed ReST error in 1.6. release notes. 2013-10-18 08:47:28 -04:00
Tim Graham d97bec5ee3 Removed 1.6 release note text regarding password limit length.
This changed was reverted in 5d74853e15.
2013-10-17 18:58:24 -04:00
Bouke Haarsma 2fb5a51fa3 Fixed #18659 -- Deprecated request.REQUEST and MergeDict
Thanks Aymeric Augustin for the suggestion.
2013-10-17 09:42:28 -04:00
Marc Tamlyn 349c12d3f5 Fixed #16855 -- select_related() chains as expected.
select_related('foo').select_related('bar') is now equivalent to
select_related('foo', 'bar').

Also reworded docs to recommend select_related(*fields) over select_related()
2013-10-15 15:59:36 +01:00
Unai Zalakain c7634cd7fe Fixed #7603 -- Added a 'scheme' property to the HttpRequest object
`HttpRequest.scheme` is `https` if `settings.SECURE_PROXY_SSL_HEADER` is
appropriately set and falls back to `HttpRequest._get_scheme()` (a hook
for subclasses to implement) otherwise.

`WSGIRequest._get_scheme()` makes use of the `wsgi.url_scheme` WSGI
environ variable to determine the request scheme.

`HttpRequest.is_secure()` simply checks if `HttpRequest.scheme` is
`https`.

This provides a way to check the current scheme in templates, for example.
It also allows us to deal with other schemes.

Thanks nslater for the suggestion.
2013-10-15 09:04:12 -04:00
Loic Bistuer b16dd1fe01 Fixed #8620 -- Updated the Form metaclass to support excluding fields by shadowing them. 2013-10-14 22:42:33 +07:00
Loic Bistuer ac5ec7b8bc Fixed #19617 -- Refactored Form metaclasses to support more inheritance scenarios.
Thanks apollo13, funkybob and mjtamlyn for the reviews.
2013-10-14 21:59:30 +07:00
Claude Paroz 1e8eadc94e Fixed #15888 -- Made tablename argument of createcachetable optional
Thanks Aymeric Augustin for the report and the documentation and
Tim Graham for the review.
2013-10-14 13:24:40 +02:00
Claude Paroz 21c2bfdff3 Updated OpenLayers version from 2.11 to 2.13 2013-10-12 18:08:07 +02:00
Tai Lee e527c0b6d8 Fixed #13252 -- Added ability to serialize with natural primary keys.
Added ``--natural-foreign`` and ``--natural-primary`` options and
deprecated the ``--natural`` option to the ``dumpdata`` management
command.

Added ``use_natural_foreign_keys`` and ``use_natural_primary_keys``
arguments and deprecated the ``use_natural_keys`` argument to
``django.core.serializers.Serializer.serialize()``.

Thanks SmileyChris for the suggestion.
2013-10-11 12:52:57 -04:00
Tim Graham 945e033a69 Fixed #8918 -- Made FileField.upload_to optional.
Thanks leahculver for the suggestion and dc and vajrasky for work
on the patch.
2013-10-11 08:07:25 -04:00
Tim Graham 1dae4ac177 Whitespace cleanup.
* Removed trailing whitespace.
* Added newline to EOF if missing.
* Removed blank lines at EOF.
* Removed some stray tabs.
2013-10-10 16:49:20 -04:00
Russell Keith-Magee ddb53856b6 Fixed #21164 -- Added documentation for issue with test users.
The package renaming restores the older package names (which were also the
documented package names). This doesn't affect test discovery because the
module in question doesn't contain any tests.

Thanks to Carl for the design discussion.
2013-10-08 10:32:56 +08:00
Ryan Kaskel 8b0014869f Fixed #19321 -- Allowed redirect middleware HTTP responses to be overridden.
Thanks Melevir for the suggestion.
2013-10-04 07:36:39 -04:00
Emil Stenström 7a97df190c Fixed #19277 -- Added LocaleMiddleware.response_redirect_class
Thanks ppetrid at yawd.eu for the suggestion.
2013-10-03 16:15:29 -04:00
Simon Charette fa2e1371cd Fixed #21216 -- Allow `OneToOneField` reverse accessor to be hidden. 2013-10-03 13:20:05 -04:00
Baptiste Mispelon e1b7723817 Changed the doc to use gender-neutral pronouns when possible. 2013-10-02 16:41:04 +02:00
Ramiro Morales 1d0fc61b1c Fixed #15185 -- Allowed ModelAdmin.list_display_links=None to disable change list links.
Thanks rm_ for the suggestion.
2013-10-01 14:25:54 -04:00
Michael Manfre bf757a2f4d Fixed #21147 -- Avoided time.time precision issue with cache backends.
The precision of time.time() is OS specific and it is possible for the
resolution to be low enough to allow reading a cache key previously set
with a timeout of 0.
2013-10-01 13:42:59 -04:00
Russell Keith-Magee 9595183d03 Fixed #13724: Corrected routing of write queries involving managers.
Previously, if a database request spanned a related object manager, the
first manager encountered would cause a request to the router, and this
would bind all subsequent queries to the same database returned by the
router. Unfortunately, the first router query would be performed using
a read request to the router, resulting in bad routing information being
used if the subsequent query was actually a write.

This change defers the call to the router until the final query is acutally
made.

It includes a small *BACKWARDS INCOMPATIBILITY* on an edge case - see the
release notes for details.

Thanks to Paul Collins (@paulcollinsiii) for the excellent debugging
work and patch.
2013-09-30 13:05:43 +08:00
Erik Romijn 1a63092981 Fixed #20439 -- Started deprecation of IPAddressField 2013-09-28 10:55:32 +02:00
Michael Manfre 99c87f1410 Fixed #17671 - Cursors are now context managers. 2013-09-25 21:47:26 +03:00
Loic Bistuer 04a2a6b0f9 Fixed #3871 -- Custom managers when traversing reverse relations. 2013-09-25 21:15:59 +03:00
Ramiro Morales bebb449ac3 Added docs for changes in commit dd3a883894.
Refs #20693.
2013-09-22 15:43:27 -03:00
Rogério Yokomizo 1b4b710355 Fixed #21141 -- Update Sphinx URL
Updated Sphinx URL from http://sphinx.pocoo.org/ to http://sphinx-doc.org/.
2013-09-22 14:44:09 -03:00
tschilling 0d1ba84d13 Fixed #20702 -- Deprecated get_formsets in favor of get_formsets_with_inlines.
Thanks stanislas.guerra at gmail.com for the report.
2013-09-20 07:47:24 -04:00
Paul McMillan f8f47718ab Merge pull request #1644 from PaulMcMillan/bump_hash_iterations
Increase default PBKDF2 iterations
2013-09-19 12:17:56 -07:00
yokomizor df27803a55 Fixed #9532 -- Added min_num and validate_min on formsets.
Thanks gsf for the suggestion.
2013-09-19 13:11:49 -04:00
Paul McMillan a075e2ad0d Increase default PBKDF2 iterations
Increases the default PBKDF2 iterations, since computers have gotten
faster since 2011. In the future, we plan to increment by 10% per
major version.
2013-09-19 18:02:25 +01:00
Curtis Maloney 4e9f800742 Fixed #21125 -- Removed support for cache URI syntax 2013-09-19 10:01:39 -04:00
Russell Keith-Magee 9d3e60aa3e Reworked security issue list to be per-issue, not per-release. 2013-09-19 14:57:01 +08:00
Russell Keith-Magee 8e134c27c9 Corrected markup problems in new security summary page. 2013-09-19 13:57:02 +08:00
Alex Gaynor 8b3bae9466 Fixed two typos in the docs 2013-09-18 23:29:55 -05:00
Alex Gaynor c65ae7c969 Fixed a typo in the docs 2013-09-18 23:26:24 -05:00
James Bennett a2e25e8a83 Fix #21121: Add archive of security issues. 2013-09-18 23:13:04 -05:00
Brian Holdefehr 98514849dc Fixed #19414 -- Added admin registration decorator
Thanks stavros for the suggestion.
2013-09-18 11:44:10 -04:00
Berker Peksag 2f0566fa61 Fixed #4278 -- Added a dirs parameter to a few functions to override TEMPLATE_DIRS.
* django.template.loader.get_template()
* django.template.loader.select_template()
* django.shortcuts.render()
* django.shortcuts.render_to_response()

Thanks amcnabb for the suggestion.
2013-09-18 07:37:08 -04:00
Tim Graham 18ffdb1772 Fixed #17627 -- Renamed util.py files to utils.py
Thanks PaulM for the suggestion and Luke Granger-Brown and
Wiktor Kołodziej for the initial patch.
2013-09-16 12:52:05 -04:00
Tim Graham 8d29005524 Cleaned up 1.5.4/1.4.8 release notes 2013-09-15 14:14:26 -04:00
Russell Keith-Magee aae5a96d57 Ensure that passwords are never long enough for a DoS.
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.
2013-09-15 13:42:23 +08:00