1
0
mirror of https://github.com/django/django.git synced 2025-10-26 07:06:08 +00:00
Commit Graph

36 Commits

Author SHA1 Message Date
Moayad Mardini
2b0e9aa57d [1.6.x] Fixed #22493 - Added warnings to raw() and extra() docs about SQL injection
Thanks Erik Romijn for the suggestion.

Backport of 3776926cfe from master
2014-04-25 09:56:39 -04:00
Erik Romijn
5f0829a27e [1.6.x] Fixed queries that may return unexpected results on MySQL due to typecasting.
This is a security fix. Disclosure will follow shortly.

Backport of 75c0d4ea3a from master
2014-04-21 18:30:27 -04:00
Frank Tobia
5dcb287060 [1.6.x] Fixed typos. Changed grammar.
Backport of 6dd8631617 from master
2014-01-02 16:25:51 -05:00
Shai Berger
d097417025 Support 'pyformat' style parameters in raw queries, Refs #10070
Add support for Oracle, fix an issue with the repr of RawQuerySet,
add tests and documentations. Also added a 'supports_paramstyle_pyformat'
database feature, True by default, False for SQLite.

Thanks Donald Stufft for review of documentation.
2013-06-28 06:59:10 +03:00
Christopher Allen-Poole
a96bff179a Found a mistake in SQL documentation 2013-05-05 11:01:45 -04:00
Juan Catalano
78c842a323 Adapted uses of versionchanged/versionadded to the new form.
Refs #20104.
2013-04-20 17:18:35 +02:00
Claude Paroz
76aecfbc4b Fixed #9055 -- Standardized behaviour of parameter escaping in db cursors
Previously, depending on the database backend or the cursor type,
you'd need to double the percent signs in the query before passing
it to cursor.execute. Now cursor.execute consistently need percent
doubling whenever params argument is not None (placeholder substitution
will happen).
Thanks Thomas Güttler for the report and Walter Doekes for his work
on the patch.
2013-03-23 17:11:10 +01:00
Aymeric Augustin
6197935152 Fixed #19968 -- Dropped support for PostgreSQL < 8.4. 2013-03-18 21:16:29 +01:00
Aymeric Augustin
5e27debc5c Enabled database-level autocommit for all backends.
This is mostly a documentation change.

It has the same backwards-incompatibility consequences as those
described for PostgreSQL in a previous commit.
2013-03-11 14:48:54 +01:00
Tim Graham
9b5f64cc6e Fixed #19516 - Fixed remaining broken links.
Added -n to sphinx builds to catch issues going forward.
2013-01-02 18:32:57 -05:00
Tim Graham
837425b425 Fixed #18934 - Removed versionadded/changed annotations for Django 1.3 2012-09-20 19:06:55 -04:00
Aymeric Augustin
c28e700c7e Removed references to changes made in 1.2.
Thanks Florian Apolloner for the patch.
2012-06-07 15:02:35 +02:00
Claude Paroz
596cb9c7e2 Replaced print statement by print function (forward compatibility syntax). 2012-04-30 20:45:03 +02:00
Claude Paroz
723445f40e Fixed #16233 -- Added link to multiple databases docs from custom sql alias section. Thanks charlax for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17872 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-06 09:17:37 +00:00
Jannis Leidel
2eadc418af Fixed doc references to django.db.models.query.QuerySet and converted some tabs that were introduced in r16699 to spaces.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16915 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-30 10:28:39 +00:00
James Bennett
23b7758f75 Fixed #16293: Document a way to return dicts with column names from a DB cursor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16808 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-11 05:37:55 +00:00
Ramiro Morales
932b1b8d6d Converted links to external topics so they use intersphinx extension markup.
This allows to make these links more resilent to changes in the target URLs.
Thanks Jannis for the report and Aymeric Augustin for the patch.

Fixes #16586.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16720 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-04 21:17:30 +00:00
Luke Plant
528157ce73 Fixed #14201 - Add a "security overview" page to the docs
Thanks to davidfischer for the initial patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-10 15:14:36 +00:00
Timo Graham
8ad3c41c69 Fixed #16093 - Typo in "Performing raw SQL queries"; thanks direvus.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16293 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30 12:11:10 +00:00
Jacob Kaplan-Moss
fd2f18008c Fixed #14733: no longer "validate" .raw() queries.
Turns out that a lot more than just SELECT can return data, and this list is
very hard to define up front in a cross-database manner. So let's just assume
that anyone using raw() is at least halfway competant and can deal with
the error messages if they don't use a data-returning query.

Thanks to Christophe Pettus for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15803 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-14 19:49:53 +00:00
Russell Keith-Magee
6314a1b42e Fixed #9964 -- Ensure that all database operations make transactions dirty, not just write operations. Many thanks to Shai Berger for his work and persistence on this issue.
This is BACKWARDS INCOMPATIBLE for anyone relying on the current behavior that allows manually managed read-only transactions to be left dangling without a manual commit or rollback.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15493 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-12 13:03:34 +00:00
Alex Gaynor
b01cc1bd89 Fixed #15243 -- More clearly document that the transaction functions needs to be called with a using parameter to work with a non-default database. Thanks to Jason Kotenko for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15489 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-11 18:23:55 +00:00
Ramiro Morales
7a5c54e9b7 Fixed typo in raw SQL docs example.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14501 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-09 05:04:05 +00:00
Jacob Kaplan-Moss
728effcfbd Fixed #14141: docs now use the :doc: construct for links between documents.
Thanks, Ramiro Morales.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13608 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-19 19:27:44 +00:00
Russell Keith-Magee
2dc2ed87e5 Fixed #11800 -- Updated Sphinx metadata in queryset docs. Thanks to timo for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13548 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-07 14:26:07 +00:00
Russell Keith-Magee
b50a35a669 Fixed #12941 -- Added documentation for the connections dictionary. Thanks to atlithorn@gmail.com for the report, and Alex Gaynor for the original text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12709 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-08 03:19:26 +00:00
Russell Keith-Magee
6f9ba54bf5 Fixed #12519 -- Corrected documentation on .raw() queries. Thanks to boralyl for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12561 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-24 13:57:02 +00:00
Justin Bronn
7ca3e8fecf Updated patch applied in r12504. Refs #12806.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12508 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-23 06:04:06 +00:00
Justin Bronn
c4699b0b8a Fixed #12806 -- Added an implementation of RawQuerySet.__getitem__. Thanks, Bruno Renié.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12504 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-23 05:22:12 +00:00
Gary Wilson Jr
adb74a8f2e Fixed several broken and redirecting URLs in the documentation (fixes #12219, refs #12427).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11994 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-26 06:37:26 +00:00
Russell Keith-Magee
ff60c5f9de Fixed #1142 -- Added multiple database support.
This monster of a patch is the result of Alex Gaynor's 2009 Google Summer of Code project.
Congratulations to Alex for a job well done.

Big thanks also go to:
 * Justin Bronn for keeping GIS in line with the changes,
 * Karen Tracey and Jani Tiainen for their help testing Oracle support
 * Brett Hoerner, Jon Loyens, and Craig Kimmerer for their feedback.
 * Malcolm Treddinick for his guidance during the GSoC submission process.
 * Simon Willison for driving the original design process
 * Cal Henderson for complaining about ponies he wanted.

... and everyone else too numerous to mention that helped to bring this feature into fruition.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11952 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-22 15:18:51 +00:00
Russell Keith-Magee
79d6e402e3 Fixed #12409 -- Corrected some documentation typos in the docs on raw querysets. Also added a missing __init__.py file. Thanks to Alex Gaynor for the reports.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11924 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-21 01:53:39 +00:00
Jacob Kaplan-Moss
20ad30713e Fixed #11863: added a Model.objects.raw() method for executing raw SQL queries and yield models.
See `docs/topics/db/raw.txt` for details.

Thanks to seanoc for getting the ball rolling, and to Russ for wrapping things up.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11921 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-20 02:46:58 +00:00
Russell Keith-Magee
992ded1ad1 Fixed #9919 -- Added note on the need to mark transactions as dirty when using raw SQL.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11022 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-17 13:47:39 +00:00
Russell Keith-Magee
87d3ff731b Fixed #9206 -- Clarified documentation of transaction handling in raw SQL, and error recovery for Postgres. Thanks to Richard Davies for the suggestion and draft text.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10655 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-02 07:40:25 +00:00
Jacob Kaplan-Moss
97cb07c3a1 Massive reorganization of the docs. See the new docs online at http://docs.djangoproject.com/.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8506 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 22:25:40 +00:00