1
0
mirror of https://github.com/django/django.git synced 2025-01-26 18:19:18 +00:00

19492 Commits

Author SHA1 Message Date
Aymeric Augustin
6d52f6f8e6 Fixed #23831 -- Supported strings escaped by third-party libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Aymeric Augustin
5c5eb5fea4 Fixed an inconsistency introduced in 547b1810.
mark_safe and mark_for_escaping should have been kept similar.

On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
2014-12-27 17:44:54 +01:00
Tim Graham
89e2c60f43 Fixed #24000 -- Corrected contrib.sites default site creation in a multiple database setup. 2014-12-27 09:42:13 -05:00
Claude Paroz
e112bacd21 Forward-ported release note for 322560489 2014-12-27 15:13:12 +01:00
Claude Paroz
2ceb10f3b0 Fixed #14180 -- Prevented unneeded index creation on MySQL-InnoDB
Thanks zimnyx for the report and Simon Charette, Tim Graham for
the reviews.
2014-12-27 12:52:44 +01:00
Josh Smeaton
4718296546 Fixed #23753 -- Added a suite of SQL Functions
Added functions and tests
Added docs and more tests
Added TextField converter to mysql backend
Aliased Value as V in example docs and tests
Removed unicode_compatible in example
Fixed console emulation in examples
2014-12-27 15:27:27 +11:00
Tim Graham
7c07612e90 Removed an unnecessary models file in the admin_scripts tests. 2014-12-26 19:31:54 -05:00
Tim Graham
75bbcfa332 Replaced sqlall in some bash_completion/admin_scripts tests.
sqlall will be removed in Django 1.9, so now's a good time to remove
its usage where it's not important.
2014-12-26 18:52:26 -05:00
Collin Anderson
0821b3d53c Clarified custom header instructions in tutorial 2. 2014-12-26 18:28:47 -05:00
Tim Graham
c2e419c267 Fixed #24054 -- Enabled sqlsequencereset for apps with migrations. 2014-12-26 15:55:34 -05:00
Tim Graham
1729a5250b Removed obsolete item from deprecation timeline.
Initial SQL data will be removed in Django 1.9 so changes to it
aren't relevant.
2014-12-26 13:48:13 -05:00
Gavin Wahl
b4e76f30d1 Fixed #23346 -- Fixed lazy() to lookup methods on the real object, not resultclasses.
Co-Authored-By: Rocky Meza <rmeza@fusionbox.com>
2014-12-26 11:30:34 -05:00
Tim Graham
c5fb34c47e Documented AdminSite.has_permission(); refs #22295. 2014-12-26 09:14:10 -05:00
Tim Graham
271d4f8f85 Fixed #23948 -- Moved password help text from the template to the form.
Thanks Mithos for the report and patch.
2014-12-26 08:09:12 -05:00
Tim Graham
3325ec869c Fixed #24045 -- Removed useless mark_safe() call in trans_null.py 2014-12-26 07:42:49 -05:00
Claude Paroz
ffa548fb56 Updated link to CSRF docs
Refs #23866.
2014-12-25 14:01:15 +01:00
Claude Paroz
234a2e0b6b Fixed #23866 -- Harmonized refs to Django documentation from code 2014-12-25 13:53:13 +01:00
Brian Scoles
a6f0b6a98f Fixed typo in docs/intro/tutorial01.txt. 2014-12-25 06:56:23 -05:00
Tim Graham
426ead27bd Removed shutil.copystat copied from stdlib (added to support an old Python?). 2014-12-24 19:29:33 -05:00
Tim Graham
6571ed14b6 Fixed #24049 -- Removed obsolete Java notes for Mac OS. 2014-12-24 18:38:07 -05:00
Helen Sherwood-Taylor
4ccdf6e57f Fixed #24041 -- Documented effect of changing a model instance's primary key. 2014-12-24 15:06:09 -05:00
Niclas Olofsson
3daa9d60be Fixed #10414 -- Made select_related() fail on invalid field names. 2014-12-24 14:54:30 -05:00
Thomas Tanner
b27db97b23 Fixed #22461 -- Added if-unmodified-since support to the condition decorator. 2014-12-24 12:33:57 -05:00
Claude Paroz
fae551d765 Complemented pickle test for ValuesQuerySet with related field
Refs #14515.
2014-12-24 14:58:32 +01:00
Claude Paroz
7ce9644d93 Added a test to ensure bad assignation to M2M doesn't clear data
Refs #14394.
2014-12-24 14:18:00 +01:00
Collin Anderson
5dddd79433 Fixed #20349 -- Moved setting_changed signal to django.core.signals.
This removes the need to load django.test when not testing.
2014-12-24 07:18:43 -05:00
Tim Graham
c5c235cd4f Fixed typo in test_utils comment. 2014-12-24 07:10:34 -05:00
Claude Paroz
b3ebcb22a9 Ignored deprecation warnings for CreationIndexesTests 2014-12-24 10:45:53 +01:00
Claude Paroz
9699d8446e Moved test correction from 5b1fb0a75 2014-12-24 10:42:24 +01:00
Tim Graham
8842bc101c Fixed some docs spelling mistakes. 2014-12-23 14:41:53 -05:00
Frankie Robertson
446b50b90e Fixed #24035 -- Clarified docs on CACHE_MIDDLEWARE_KEY_PREFIX vs KEY_PREFIX 2014-12-23 14:35:30 -05:00
Tim Graham
061caa5b38 Fixed #24037 -- Prevented data loss possibility when changing Meta.managed.
The migrations autodetector now issues AlterModelOptions operations for
Meta.managed changes instead of DeleteModel + CreateModel.

Thanks iambibhas for the report and Simon and Markus for review.
2014-12-23 14:25:31 -05:00
Tim Graham
69ee7c8d76 Removed models.Field.bind() -- unused/undocumented since at least 1.0. 2014-12-23 14:23:58 -05:00
Claude Paroz
30cbd5d360 Replaced DatabaseCreation sql methods by schema editor equivalents
Also used schema editor in migrate to sync unmigrated apps (sync_apps).
Refs #22340. Thanks Tim Graham for the review.
2014-12-23 19:35:01 +01:00
Claude Paroz
15ba0d166f Added migration for site test app depending on contrib.sites 2014-12-23 19:01:33 +01:00
Claude Paroz
750dbb1133 Removed unneeded null param to ManyToManyField 2014-12-23 19:01:03 +01:00
Claude Paroz
90720d549a Removed admin_util test dependency on contrib.sites 2014-12-23 18:43:55 +01:00
Claude Paroz
f05b03f3d7 Removed model_package test dependency on contrib.sites 2014-12-23 18:10:07 +01:00
Anssi Kääriäinen
f233bf47dd Fixed #21414 -- Removed RelatedObject and deprecated Field.related. 2014-12-23 10:54:25 -05:00
Claude Paroz
6e08bde8c4 Added RasterSource/GDALBand GDAL objects
Based on Daniel Wiesmann's raster branch. Thanks Daniel Wiesmann
and Tim Graham for the reviews. Refs #23804.
2014-12-23 16:36:18 +01:00
Claude Paroz
9fecb86a52 Fixed #17946 -- Fixed deserialization of self-referencing M2M fields
Thanks Philip Mountifield for the report and excellent analysis, and
Simon Charette for the review.
2014-12-23 16:01:39 +01:00
Anssi Kääriäinen
227a4c48be Refs #2443 -- fixed format_dtdelta on SQLite
A test failed on Python 2 32-bit.
2014-12-23 07:05:44 -05:00
Marc Tamlyn
962bb9b6bd Refs #2443 -- Move the durationfield converter logic.
This reduces how frequently this logic is run significantly.

Thanks to Anssi for the suggestion.
2014-12-23 10:41:42 +00:00
Marc Tamlyn
5ca82e710e Fixed #24033 -- Use interval type on Oracle.
Use INTERVAL DAY(9) TO SECOND(6) for Durationfield on Oracle rather than
storing as a NUMBER(19) of microseconds.

There are issues with cx_Oracle which require some extra data
manipulation in the database backend when constructing queries, but it
handles the conversion back to timedelta objects cleanly.

Thanks to Shai for the review.
2014-12-23 10:38:32 +00:00
Marc Tamlyn
803947161b Merge pull request #3775 from collinanderson/jquery1.11.2
Upgrade jQuery from 1.11.1 to 1.11.2
2014-12-23 10:26:39 +00:00
Collin Anderson
a58cfe8e71 Upgrade jQuery from 1.11.1 to 1.11.2
refs #23355
2014-12-22 20:32:00 -05:00
Tim Graham
01ab84c613 Fixed #23525 -- Fixed admindocs crash on apps installed as eggs.
Thanks welbornprod for report and initial patch.
2014-12-22 15:19:18 -05:00
Alexander Schulze
cf2390be16 Fixed #23959 -- Clarified when checks automatically run. 2014-12-22 11:35:19 -05:00
Thomas Chaumeny
994d6137a2 Fixed #23792 -- Added test.utils.freeze_time() context manager. 2014-12-22 07:46:40 -05:00
Oscar Ramirez
54085b0f9b Fixed #23998 -- Added datetime.time support to migrations questioner. 2014-12-22 07:24:54 -05:00