1
0
mirror of https://github.com/django/django.git synced 2025-01-15 12:52:31 +00:00

2595 Commits

Author SHA1 Message Date
Shai Berger
5112e65ef2 Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
Barthelemy Dagenais
a5c8072ab1 Fixed #26627 -- Fixed on_commit callbacks execution order when callbacks make transactions. 2016-05-18 09:09:48 -04:00
Josh Smeaton
2a4af0ea43 Fixed #25774 -- Refactor datetime expressions into public API 2016-05-18 20:14:58 +10:00
Tim Graham
ece4d24f8e Refs #26601 -- Deprecated old-style middleware. 2016-05-17 07:22:26 -04:00
Florian Apolloner
9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Tim Graham
c999c8d8f6 Updated admin's jQuery to 2.2.3. 2016-05-17 07:20:06 -04:00
Loïc Bistuer
ed0ff913c6 Fixed #10506, #13793, #14891, #25201 -- Introduced new APIs to specify models' default and base managers.
This deprecates use_for_related_fields.

Old API:

class CustomManager(models.Model):
    use_for_related_fields = True

class Model(models.Model):
    custom_manager = CustomManager()

New API:

class Model(models.Model):
    custom_manager = CustomManager()

    class Meta:
        base_manager_name = 'custom_manager'

Refs #20932, #25897.

Thanks Carl Meyer for the guidance throughout this work.
Thanks Tim Graham for writing the docs.
2016-05-17 12:07:22 +07:00
Claude Paroz
526575c641 Fixed #21379 -- Created auth-specific username validators
Thanks Tim Graham for the review.
2016-05-16 19:37:57 +02:00
Aron Podrigal
85ef98dc6e Fixed #24305 -- Allowed overriding fields on abstract models.
Fields inherited from abstract base classes may be overridden like
any other Python attribute. Inheriting from multiple models/classes
with the same attribute name will follow the MRO.
2016-05-16 07:32:21 -04:00
Simon Charette
f937c9ec97 Fixed #24100 -- Made the migration signals dispatch its plan and apps.
Thanks Markus for your contribution and Tim for your review.
2016-05-15 19:51:15 -04:00
Matthew Somerville
1962a96a30 Fixed #24938 -- Added PostgreSQL trigram support. 2016-05-13 12:38:21 -04:00
Andre Cruz
929684d6ee Fixed #21231 -- Enforced a max size for GET/POST values read into memory.
Thanks Tom Christie for review.
2016-05-12 10:17:52 -04:00
Tim Graham
2f0e0eee45 Fixed #24046 -- Deprecated the "escape" half of utils.safestring. 2016-05-10 12:46:47 -04:00
Claude Paroz
c3e1086949 Stopped truncating AdminEmailHandler message subjects
Refs #26572, #17281. The RFC doesn't limit total length, just the line length
which is already taken care of by Python itself.
Thanks Tim Graham for the review.
2016-05-10 18:17:43 +02:00
Simon Charette
207c5b4acd
Fixed #26603 -- Forced lazy template names to text when computing cache key.
Refs #26536.

Thanks Sylvain Fankhauser for the very detailed report.
2016-05-10 10:03:01 -04:00
Tim Graham
f5ff5010cd Fixed #26483 -- Updated docs.python.org links to use Intersphinx. 2016-05-08 18:07:43 -04:00
Vitaly Bogomolov
aec4f97555 Fixed #26402 -- Added relative path support in include/extends template tags. 2016-05-07 16:21:57 -04:00
Claude Paroz
b26fedacef Fixed #26544 -- Delayed translations of SetPasswordForm help_texts
Thanks Michael Bitzi for the reporti and Tim Graham for the review.
2016-05-07 10:17:49 +02:00
Daniel Wiesmann
bbfad84dd9 Fixed #25588 -- Added spatial lookups to RasterField.
Thanks Tim Graham for the review.
2016-05-06 09:17:18 -04:00
Claude Paroz
388bb5bd9a Fixed #22936 -- Obsoleted Field.get_prep_lookup()/get_db_prep_lookup()
Thanks Tim Graham for completing the initial patch.
2016-05-04 20:02:01 +02:00
Dan Stephenson
1206eea11e Fixed #26558 -- Removed need for request context processor on admin login page. 2016-05-04 09:43:24 -04:00
Ville Skyttä
575a9a791e Normalized "an SQL" spelling. 2016-05-03 19:30:48 -04:00
Michal Petrucha
8a47ba679d Refs #16508 -- Made Model.__init__() aware of virtual fields.
It's no longer necessary for GenericForeignKey (and any other virtual fields)
to intercept the field's values using the pre_init signal.
2016-05-03 09:06:26 -04:00
Tim Graham
8a55982e70 Added stub release notes for 1.9.7. 2016-05-02 19:02:21 -04:00
Tim Graham
f0b8da7350 Added release date for 1.9.6/1.8.13. 2016-05-02 18:16:36 -04:00
Cristiano
914c72be2a Fixed #26058 -- Delegated os.path bits of FileField's filename generation to the Storage. 2016-04-30 17:22:40 -04:00
Claude Paroz
b16b124996 Fixed #26341 -- Fixed makemessages breaking location comments for HTML files
Thanks Sylvain Garancher for the report and Veranika Sabiashchanskaya for the
initial patch.
2016-04-30 12:08:20 +02:00
Anssi Kääriäinen
7f51876f99 Fixed #26207 -- Replaced dynamic classes with non-data descriptors for deferred instance loading. 2016-04-29 13:06:32 -04:00
Tim Graham
9f8941eda4 Refs #26557 -- Added forgotten release notes. 2016-04-29 10:18:49 -04:00
Joshua Phillips
4681d65048 Fixed #26557 -- Converted empty strings to None when saving GenericIPAddressField. 2016-04-29 10:11:49 -04:00
Tim Graham
2f698cd991 Refs #26428 -- Added support for relative path redirects to the test client.
Thanks iktyrrell for the patch.
2016-04-29 09:15:28 -04:00
Tim Graham
f945fb24a3 Fixed #26554 -- Updated docs URLs to readthedocs.io 2016-04-28 10:09:57 -04:00
Tim Graham
bb0b4b705b Fixed #26052 -- Moved conditional_content_removal() processing to the test client. 2016-04-25 07:56:07 -04:00
Simon Charette
bd145e7209 Fixed #26536 -- Preserved leading dashes of the cached template loader keys.
Thanks Anders Roos for the report.
2016-04-24 22:15:45 -04:00
Tim Graham
859eeaa0f0 Fixed #26533 -- Renamed Widget._format_value() to format_value(). 2016-04-23 13:15:45 -04:00
Tim Graham
87338198e9 Fixed #26320 -- Deprecated implicit OneToOnField parent_link. 2016-04-22 12:59:41 -04:00
Marc Tamlyn
2d877da855 Refs #3254 -- Added full text search to contrib.postgres.
Adds a reasonably feature complete implementation of full text search
using the built in PostgreSQL engine. It uses public APIs from
Expression and Lookup.

With thanks to Tim Graham, Simon Charettes, Josh Smeaton, Mikey Ariel
and many others for their advice and review. Particular thanks also go
to the supporters of the contrib.postgres kickstarter.
2016-04-22 10:44:37 +01:00
Jon Dufresne
ec6121693f Fixed #22383 -- Added support for HTML5 required attribute on required form fields. 2016-04-21 19:16:38 -04:00
Tobias Kroenke
b040ac06eb Fixed #26520 -- Fixed a regression where SessionBase.pop() didn't return a KeyError. 2016-04-20 13:06:47 -04:00
Markus Amalthea Magnuson
08cd6a0e56 Fixed #16327 -- Redirected "Save as new" to change view instead of the changelist. 2016-04-20 11:31:44 -04:00
Matthew Schinckel
5402f3ab09 Fixed #26475 -- Added functools.partial() support to migrations autodetector. 2016-04-19 10:17:11 -04:00
Jon Dufresne
500e5a6886 Fixed #26516 -- Added minlength attribute when forms.CharField.min_length is set. 2016-04-19 08:54:27 -04:00
Lukasz Wiecek
d3c87a2425 Fixed #26498 -- Fixed TimeField microseconds round-tripping on MySQL and SQLite.
Thanks adamchainz for the report and review.
2016-04-18 09:39:46 -04:00
Claude Paroz
9686c888d6 Fixed #25951 -- Trimmed default representation of GEOSGeometry
Thanks Sergey Fedoseev for the report.
2016-04-17 15:31:12 +02:00
krishbharadwaj
e494b9ffb6 Fixed #26509 -- Deprecated the contrib.gis.utils.precision_wkt() function. 2016-04-16 16:47:04 -04:00
Claude Paroz
de40cfbe74 Fixed #19567 -- Added JavaScriptCatalog and JSONCatalog class-based views
Thanks Cristiano Coelho and Tim Graham for the reviews.
2016-04-15 17:28:54 +02:00
Tim Graham
ad3c72118f Added stub release notes for 1.8.13. 2016-04-13 13:21:20 -04:00
Michal Petrucha
c339a5a6f7 Refs #16508 -- Renamed the current "virtual" fields to "private".
The only reason why GenericForeignKey and GenericRelation are stored
separately inside _meta is that they need to be cloned for every model
subclass, but that's not true for any other virtual field. Actually,
it's only true for GenericRelation.
2016-04-13 10:10:53 -04:00
Jeremy Lainé
c1aec0feda Fixed #25847 -- Made User.is_(anonymous|authenticated) properties. 2016-04-09 14:54:18 -04:00
Alasdair Nicol
c16b9dd8e0 Fixed #26479 -- Added 'is not' operator to the if tag. 2016-04-09 13:01:15 -04:00