1
0
mirror of https://github.com/django/django.git synced 2024-11-18 15:34:16 +00:00
Commit Graph

22623 Commits

Author SHA1 Message Date
Shai Berger
5112e65ef2 Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
Tim Graham
6d9c5d46e6 Fixed #26636 -- Fixed typo in docs/ref/request-response.txt 2016-05-18 21:39:08 -04:00
Simon Charette
7694e196ce
Moved the AUTH_USER_MODEL setting changed receiver.
Test suites besides Django's may need the same behavior.
2016-05-18 09:56:29 -04:00
Marti Raudsepp
b9ae662c97 Fixed #26620 -- Made Model.refresh_from_db() fail when passed unknown kwargs. 2016-05-18 09:27:23 -04:00
Barthelemy Dagenais
a5c8072ab1 Fixed #26627 -- Fixed on_commit callbacks execution order when callbacks make transactions. 2016-05-18 09:09:48 -04:00
Loïc Bistuer
4ff1e6ef58 Fixed running auth_tests in isolation after 3a47d42fa3. 2016-05-18 06:38:42 -04:00
Josh Smeaton
2a4af0ea43 Fixed #25774 -- Refactor datetime expressions into public API 2016-05-18 20:14:58 +10:00
Josh Smeaton
77b73e79a4 Refs #25774 -- Made Oracle truncate microseconds if USE_TZ=False.
The tests for this change are in the fix for #25774.
2016-05-18 20:14:58 +10:00
Philip Liberato
3630b49b55 Fixed #26613 -- Made sqlite3 optional in SchemaEditor.quote_value(). 2016-05-17 21:43:37 -04:00
boaz85@gmail.com
5f23f904af Fixed #14415 -- Used the test database name in BaseDatabaseCreation.test_db_signature(). 2016-05-17 21:35:36 -04:00
Claude Paroz
5ccee815ff Updated translation catalogs 2016-05-17 23:21:35 +02:00
Simon Charette
f179113e6c
Fixed #24067 -- Renamed content types upon model renaming.
Thanks to Tim for the extensive review.
2016-05-17 12:14:58 -04:00
Tim Graham
354acd04af Refs #26601 -- Added a warning if both MIDDLEWARE AND MIDDLEWARE_CLASSES are set. 2016-05-17 07:24:45 -04:00
Tim Graham
ece4d24f8e Refs #26601 -- Deprecated old-style middleware. 2016-05-17 07:22:26 -04:00
Florian Apolloner
9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Florian Apolloner
05c888ffb8 Refs #26601 -- Refactored BaseHandler to prepare for new-style middleware. 2016-05-17 07:20:56 -04:00
Tim Graham
c999c8d8f6 Updated admin's jQuery to 2.2.3. 2016-05-17 07:20:06 -04:00
Loïc Bistuer
ed0ff913c6 Fixed #10506, #13793, #14891, #25201 -- Introduced new APIs to specify models' default and base managers.
This deprecates use_for_related_fields.

Old API:

class CustomManager(models.Model):
    use_for_related_fields = True

class Model(models.Model):
    custom_manager = CustomManager()

New API:

class Model(models.Model):
    custom_manager = CustomManager()

    class Meta:
        base_manager_name = 'custom_manager'

Refs #20932, #25897.

Thanks Carl Meyer for the guidance throughout this work.
Thanks Tim Graham for writing the docs.
2016-05-17 12:07:22 +07:00
Loïc Bistuer
3a47d42fa3 Fixed #20932, #25897 -- Streamlined manager inheritance. 2016-05-17 02:29:22 +07:00
Claude Paroz
9935f97cd2 Refs #21379 -- Normalized unicode username inputs 2016-05-16 19:38:02 +02:00
Claude Paroz
526575c641 Fixed #21379 -- Created auth-specific username validators
Thanks Tim Graham for the review.
2016-05-16 19:37:57 +02:00
Tim Graham
2265ff3710 Updated qunit to 1.23.1. 2016-05-16 13:28:16 -04:00
Tim Graham
ee9f947e60 Fixed malformed table in docs/ref/contrib/gis/install/geolibs.txt 2016-05-16 13:27:33 -04:00
Claude Paroz
ebaa2fef27 Fixed #26592 -- Confirmed support for GDAL 2.1
Thanks Daniel Wiesmann for the report and the appropriate fixes.
2016-05-16 18:54:26 +02:00
Daniel Wiesmann
078eb87626 Refs #26592 -- Fixed band statistics for empty bands and GDAL 2.1 2016-05-16 18:43:04 +02:00
Tim Graham
aa69f36984 Removed a redundant example in contenttypes docs. 2016-05-16 11:23:56 -04:00
Aron Podrigal
85ef98dc6e Fixed #24305 -- Allowed overriding fields on abstract models.
Fields inherited from abstract base classes may be overridden like
any other Python attribute. Inheriting from multiple models/classes
with the same attribute name will follow the MRO.
2016-05-16 07:32:21 -04:00
Simon Charette
61a16e0270 Fixed #24075 -- Used post-migration models in contrib apps receivers.
Thanks Markus and Tim for the review.
2016-05-15 19:51:16 -04:00
Simon Charette
f937c9ec97 Fixed #24100 -- Made the migration signals dispatch its plan and apps.
Thanks Markus for your contribution and Tim for your review.
2016-05-15 19:51:15 -04:00
Tim Graham
e475e84970 Refs #26021 -- Used hanging indentation in some doc examples. 2016-05-14 19:06:31 -04:00
Tim Graham
5238af3257 Used 'classmethod' annotation in docs/topics/auth/customizing.txt 2016-05-14 18:58:09 -04:00
Tim Graham
55c3133df8 Simplified a ClearableFileInput test. 2016-05-14 10:31:32 -04:00
Tim Graham
cb4be0262a Removed unused code in AlterField.database_forwards().
This code added in 107c9f5453 isn't
used after 4ce7a6bc84.
2016-05-14 06:43:40 -04:00
Tim Graham
3642835bde Removed redundant code in QuerySet._batched_insert(). 2016-05-14 06:42:50 -04:00
Bouke Haarsma
31501fb53e Refs #18599 -- Added a test for assigning a GenericForeignKey in Model.__init__().
The issue was fixed by 8a47ba679d
(refs #16508).
2016-05-13 21:26:48 -04:00
Tim Graham
094ea69e07 Fixed #26614 -- Used constant_time_compare() in checking session auth hash in login(). 2016-05-13 18:26:10 -04:00
Simon Charette
104727030c Adjusted a variable name in migration signal tests. 2016-05-13 16:47:02 -04:00
Simon Charette
c0118ff80b Refs #24201 -- Ignored order_with_respect_to private fields in migrations.
Thanks Tim for the review.
2016-05-13 15:43:23 -04:00
Simon Charette
18900e55c5 Added tests for the post_migrate signal. 2016-05-13 15:32:54 -04:00
Tim Graham
99d9d4e695 Cosmetic edits to tests/managers_regress/tests.py 2016-05-13 15:23:24 -04:00
Tim Graham
af69c9113c Fixed typo in docs/topics/db/models.txt 2016-05-13 15:18:33 -04:00
Matthew Somerville
1962a96a30 Fixed #24938 -- Added PostgreSQL trigram support. 2016-05-13 12:38:21 -04:00
Tim Graham
d7334b405f Refs #26333 -- Reverted inadvertent edits to fix tests. 2016-05-13 12:21:44 -04:00
Nicolas Noé
e158ec0ba0 Fixed #26333 -- Made GIS Geometry classes deconstructible. 2016-05-13 11:30:19 -04:00
David Sanders
32dc8c0beb Added David Sanders to AUTHORS 2016-05-13 10:16:05 -04:00
David Sanders
14c952d581 Fixed #26612 -- Fixed SelectFilter2 buttons changing URL. 2016-05-13 09:06:20 -04:00
eltronix
996cadfa5f Prevented findstatic argument from appearing as multiple options. 2016-05-12 20:26:33 -04:00
eltronix
f4bb2dce79 Fixed typo in docs/topics/conditional-view-processing.txt 2016-05-12 20:07:34 -04:00
Alex Simonides
0430ac95ab Updated ECMAScript link in docs/ref/request-response.txt 2016-05-12 20:06:34 -04:00
Vincenzo Pandolfo
069319396f Fixed #26277 -- Added support for null values in ChoicesFieldListFilter. 2016-05-12 12:40:14 -04:00