mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-09 08:52:32 +00:00
Code Issues 32 Releases Wiki Activity
32,321 Commits 29 Branches 437 Tags
Commit Graph

5261 Commits

Author SHA1 Message Date
Natalia
96d8404771 [5.0.x] Fixed CVE-2024-45231 -- Avoided server error on password reset when email sending fails. 
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.

Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
 2024-09-03 09:33:01 -03:00
Sarah Boyce
813de2672b [5.0.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
 2024-09-03 09:32:43 -03:00
Lorenzo Peña
e18601273a [5.0.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in get_supported_language_variant(). 
LocaleMiddleware didn't handle the ValueError raised by
get_supported_language_variant() when language codes were
over 500 characters.

Regression in 9e9792228a6bb5d6402a5d645bc3be4cf364aefb.

Backport of 0e94f292cda632153f2b3d9a9037eb0141ae9c2e from main.
 2024-07-25 09:42:17 +02:00
Matthew Somerville
68f65630c6 [5.0.x] Updated example links in urlize docs. 
goo.gl links are being removed in 2025:
https://developers.googleblog.com/en/google-url-shortener-links-will-no-longer-be-available/

Backport of fb7be022cb44d8faec52f17042fa58e4c9f02daf from main.
 2024-07-23 14:05:38 +02:00
Sarah Boyce
8e7a44e4be [5.0.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in get_supported_language_variant(). 
Language codes are now parsed with a maximum length limit of 500 chars.

Thanks to MProgrammer for the report.
 2024-07-09 10:03:38 -03:00
Mariusz Felisiak
43aa0c103b [5.0.x] Removed outdated note about limitations in Clickjacking protection. 
There is no need to list old browser versions or point users to
workarounds.
Backport of f302343380c77e1eb5dab3b64dd70895a95926ca from main.
 2024-07-04 18:13:25 -03:00
Andrew Miller
4cf7199078 [5.0.x] Fixed #23790 -- Warned about renaming AppConfig.label in docs/ref/applications.txt. 
Backport of aa74c4083e047473ac385753e047e075e8f04890 from main.
 2024-07-01 21:53:50 -03:00
Mariusz Felisiak
3925476ca0 [5.0.x] Made cosmetic edits to code snippets reformatted with blacken-docs. 
Backport of 0f694ce2ebce01356d48302c33c23902b4777537 from main.
 2024-05-30 09:42:50 -03:00
sobolevn
9b5029f048 [5.0.x] Fixed #35426 -- Updated querysets to be a required argument of GenericPrefetch. 
Backport of 9a27c76021f934201cccf12215514a3091325ec8 from main.
 2024-05-04 11:34:12 +02:00
Shamil
59c3f8a539 [5.0.x] Fixed #35427 -- Corrected help text for makemessages --extension in docs/ref/django-admin.txt. 
Backport of 32d163e680817e202e0def3fbb70d2450b02cffd from main.
 2024-05-03 23:06:29 -03:00
Adam Zapletal
f29922b6ef [5.0.x] Fixed #20744 -- Removed hint that arbitrary kwargs are allowed when creating forms.Fields. 
Backport of 828b94b178736f7882cc6e5cd86b5c8e84b62ece from main
 2024-04-26 14:38:41 -03:00
David Sanders
d36ecbd530 [5.0.x] Doc'd that RemoveField also drops related database objects in PostgreSQL. 
Backport of f0d50a937910571fc4adb7e6fb91045cdc215aa8 from main
 2024-04-16 13:11:41 -03:00
Mohammad Kazemi
10efefcb28 [5.0.x] Extended docs for Q() objects mentioning the ~ (NOT) operator. 
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>

Backport of 47c608202a58c8120d049c98d5d27c4609551d33 from main.
 2024-04-15 13:17:35 -03:00
Adam Johnson
f975cf10e0 [5.0.x] Fixed settings path in docs for installing SpatiaLite with Homebrew. 
Co-authored-by: Adam Zapletal <adamzap@gmail.com>

Backport of 8bbf73ca749d7740c82a7cd52f38289444070900 from main
 2024-04-10 19:47:39 -03:00
Carlton Gibson
58061fd2b4 [5.0.x] Refs #35354 -- Clarified FORCE_SCRIPT_NAME docs. 
Backport of ca5cd3e3e8e53f15e68ccd727ec8fe719cc48099 from main
 2024-04-05 16:31:13 -03:00
Adam Zapletal
71368b6f00 [5.0.x] Added RowNumber() link in Rank() docs. 
Backport of fd2514d17daaa561963e14297fb35cddf483728c from main
 2024-03-21 05:52:35 +01:00
Adam Zapletal
710ca57681 [5.0.x] Fixed #25595 -- Doc'd that URLValidator rejects file:// URIs without a host. 
Backport of 7326513a8f5d4d4e0aeec28540f9451b939b1dda from main
 2024-03-11 09:24:42 +01:00
canhuynh1998
ef23305a19 [5.0.x] Fixed #35280 -- Improved iriencode filter example in docs. 
Backport of a7baa874d8452859060ecd28c83cecd566f756e3 from main
 2024-03-10 18:50:11 +01:00
Mariusz Felisiak
85e2b08068 [5.0.x] Fixed broken links and redirects in docs. 
Backport of 177e6493961dfcdafb44e5b02894bf4201050910 from main
 2024-03-06 08:51:35 +01:00
Mohammad Alsakhawy
4dae21ad97 [5.0.x] Updated broken links in docs/ref/contrib/gis/tutorial.txt. 
Backport of f06bb7c88a03e03e1c041e4b10cdc90c8f710dda from main
 2024-03-06 06:48:58 +01:00
kbehlers
24de8113a8 [5.0.x] Fixed typo in docs/ref/contrib/admin/index.txt. 
Backport of 3cb1ba50ccde5b33d6bc5b7cc1ea22c8af3c2aa3 from main
 2024-02-29 08:31:46 +01:00
Mariusz Felisiak
bf7fedc446 [5.0.x] Removed #django-geo IRC channel in docs. 
It's been inactive for several years.
Backport of 11695b8fdd002362be8d5dc48bc78db09ddf33d8 from main
 2024-02-28 19:06:32 +01:00
David Sanders
a8de04f8db [5.0.x] Refs #34964 -- Doc'd that Q expression order is preserved. 
Backport of 7714ccfeae969aca52ad46c1d69a13fac4086c08 from main
 2024-02-28 13:06:30 +01:00
sandjio
e72fdc850a [5.0.x] Fixed #35153 -- Added note about locale name notation to FORMAT_MODULE_PATH docs. 
Co-authored-by: Paul Hermans <paul.hermans@benemtech.com>

Backport of 9bd849c8d5c587209a231af643a17ec2db802ab2 from main
 2024-02-20 06:11:51 +01:00
Adam Johnson
23c7cbfd24 [5.0.x] Fixed #28011 -- Corrected Field.hidden docs. 
Backport of 7ba6c9edc50dc989fc5c306b541636249b952f93 from main
 2024-02-17 19:22:20 +01:00
Alexander Lazarević
28d6db26a2 [5.0.x] Fixed #35141 -- Clarified the expected type of CACHE_MIDDLEWARE_SECONDS setting. 
Backport of a5365339eaee043895a79dbbdd7462f1399136e5 from main
 2024-01-29 19:24:10 +01:00
Mariusz Felisiak
0379e7532f [5.0.x] Applied Black's 2024 stable style. 
https://github.com/psf/black/releases/tag/24.1.0

Backport of 305757aec19c9d5111e4d76095ae0acd66163e4b from main
 2024-01-26 12:55:56 +01:00
duranbe
b2601a77f9 [5.0.x] Fixed #34971 -- Doc'd additional loggers. 
Co-authored-by: duranbe <benoit.durand.mail@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of 0450c9bdf1773297c61b4e36850ab997ffd5dde2 from main
 2024-01-24 08:48:17 -03:00
Emmanuel Katchy
c4a6a8d815 [5.0.x] Updated "Dive Into Python" links. 
Backport of 12ffcfc350a19bbfbc203126a9b6c84b5e0d0ba2 from main
 2024-01-20 22:22:49 +01:00
Baptiste Mispelon
a7b35aa7c9 [5.0.x] Used more specific link to email backends in EMAIL_BACKEND docs. 
Backport of 1592f0ac220c1fd37779f6d33efb28ebd60e2e66 from main
 2024-01-16 20:10:39 +01:00
jordanbae
dd2d76803c [5.0.x] Fixed #34949 -- Clarified when UniqueConstraints with include/nulls_distinct are not created. 
Backport of 4fec1d2ce37241fb8fa001971c441d360ed2a196 from main
 2024-01-15 14:16:12 +01:00
Salvo Polizzi
c69dbc7c10 [5.0.x] Fixed #35069 -- Fixed typo in docs/ref/forms/api.txt. 
Backport of dc26a3d563b1e1d98d40f5d351a6a61c34f12d98 from main
 2023-12-30 15:00:33 +01:00
Mariusz Felisiak
f33eddff8a [5.0.x] Corrected code-block directives in docs. 
Backport of 0be6dde81721e4a61caf45422987c599ebfcfe56 from main
 2023-12-28 19:53:02 +01:00
David D Lowe
7e3ba869a6 [5.0.x] Improved DEFAULT_FROM_EMAIL/SERVER_EMAIL docs. 
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>

Backport of 61aae838f77c2d3f1bb2b50095cdf3d79afffb02 from main
 2023-12-28 09:44:37 +01:00
Amin Shah Gilani
d8bff5adda [5.0.x] Doc'd that users with unusable passwords cannot request a password reset. 
Backport of 47033bfd486206d6809068c838d45b999e5c1bd2 from main
 2023-12-19 14:05:01 -03:00
Viicos
6bf8ca7b16 [5.0.x] Added missing import in docs/ref/models/expressions.txt. 
Backport of e28bd6776dfedc1ad4dce4719e4303ca34019a83 from main
 2023-12-15 11:17:32 +01:00
David Sanders
58274bbd37 [5.0.x] Added clarifications about the DATABASES.TIME_ZONE setting in docs. 
These include:
 - Doc'd which is the default used when DATABASES.TIME_ZONE is None.
 - Doc'd that the database connection's time zone setting is set for
   PostgreSQL and clarified that it may be necessary to set it to the
   same value as TIME_ZONE.

Co-authored-by: David Smith <39445562+smithdc1@users.noreply.github.com>
Co-authored-by: Natalia Bidart <124304+nessita@users.noreply.github.com>

Backport of acfc7e3a735ffa41dcd9ad7f4f8fef97c1a2c3c6 from main
 2023-12-14 14:38:25 -03:00
Yashas
6c992dc003 [5.0.x] Fixed #35016 -- Doc'd that DATABASES["OPTIONS"] are passed to new PostgreSQL connections. 
Backport of eeb2119985d9879b1d9ac3730ea0b53c0c019221 from main
 2023-12-08 09:38:54 +01:00
Adrien
b8a476b745 [5.0.x] Improved wording in auth.models.User field docs. 
Co-authored-by: Lily Foote <code@lilyf.org>

Backport of 79099a7ba454581ab521fcb4ea61fc6ed3dccf26 from main
 2023-12-01 11:28:37 +01:00
KimSia Sim
b4a29210cf [5.0.x] Updated conditions to retrieve primary keys in bulk_create() docs. 
Backport of c9ce764f59c1e809b210337980ae10c4b1d0f9be from main.
 2023-11-29 13:00:32 +01:00
Adam Johnson
0216d82066 [5.0.x] Removed link to lawrence.com in contrib.sites docs. 
lawrence.com has since become a redirect to LJWorld.com,
making the link pointless.
Backport of 9e7ac5890147a8271eb5eb19bb88ab93dadc6c6d from main
 2023-11-28 20:11:48 +01:00
Mariusz Felisiak
92af3d4d23 [5.0.x] Refs #34380 -- Added FORMS_URLFIELD_ASSUME_HTTPS transitional setting. 
This allows early adoption of the new default "https".

Backport of a4931cd75a1780923b02e43475ba5447df3adb31 from main.
 2023-11-28 20:08:10 +01:00
Adam Johnson
4c74dff759 [5.0.x] Refs #34380 -- Improved docs for forms.URLField.assume_scheme. 
Backport of 0203771b626c27c1af24cdeb0e425ccca3d19ad5 from main
 2023-11-25 18:53:34 +01:00
Tim Schilling
06bdf62b56 [5.0.x] Fixed #34990 -- Changed link to OWASP in CSRF docs. 
The OWASP site is the standard resource for web application
security information.
Backport of aceee39d44994df20d13104e55ae61845d7a1e95 from main
 2023-11-23 05:28:15 +01:00
David Smith
7f0275d8cb [5.0.x] Refs #32819 -- Used auto_id instead of id_for_label as unique identifier for the field. 
`id_for_label` is blank for widgets with multiple inputs such as radios
and multiple checkboxes. Therefore , `help_text` for fields using these
widgets cannot currently be associated using `aria-describedby`.
`id_for_label` is being used as a guard to avoid incorrectly adding
`aria-describedby` to those widgets.

This change uses `auto_id` as the unique identified for the fields
`help_text`. A guard is added to avoid incorrectly adding
`aria-describedby` to inputs by checking the widget's `use_fieldset`
attribute. Fields rendered in a `<fieldset>` should have
`aria-describedby` added to the `<fieldset>` and not every `<input>`.

Backport of 292f1ea90f90ff140617299a25884c8fda24aa64 from main
 2023-11-16 13:27:18 +01:00
William Hayes
effd704a1c [5.0.x] Refs #33690 -- Added missing data-theme selector to example in theming support docs. 
Backport of 640283711e6c8d25ad0e3c97453cd178a3e4d6a6 from main
 2023-11-15 05:27:51 +01:00
Mariusz Felisiak
fcc55f8c26 [5.0.x] Refs #34944 -- Propagated system checks for GeneratedField.output_field. 
Backport of c705625ebff0141ed2b95dd3c8174bda8270a47f from main
 2023-11-14 20:22:41 +01:00
Mariusz Felisiak
ddbe5c86e8 [5.0.x] Fixed #34944 -- Made GeneratedField.output_field required. 
Regression in f333e3513e8bdf5ffeb6eeb63021c230082e6f95.

Backport of 5875f03ce61b85dfd9ad34f7b871c231c358d432 from main
 2023-11-14 20:22:33 +01:00
Adam Johnson
8eba6efbf0 [5.0.x] Fixed #34457 -- Restored output for makemigrations --check. 
Co-authored-by: David Sanders <shang.xiao.sanders@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of f7389c4b07ceeb036436e065898e411b247bca78 from main
 2023-11-09 10:44:07 -03:00
Jacob Walls
97a78121b3 [5.0.x] Fixed typos in docs/ref/models/fields.txt. 
Backport of 427f0ed98d7ecf4381cebd4f7773f761e2446851 from main
 2023-11-09 09:58:53 +03:00