Claude Paroz
b1bf8d64fb
[1.7.x] Fixed #24193 -- Prevented unclosed file warnings in static.serve()
...
This regression was caused by 818e59a3f0
. The patch is a partial
backport of the new FileResponse class available in later Django
versions.
Thanks Raphaël Hertzog for the report, and Tim Graham and Collin
Anderson for the reviews.
2015-01-23 08:58:34 +01:00
Simon Charette
7b677fe063
[1.7.x] Fixed #24186 -- Fixed a typo in the admin docs.
...
Thanks to Keryn Knight for the report.
Backport of dccf41cff0
from master
2015-01-20 11:57:00 -05:00
Tim Graham
3e803f9cbd
[1.7.x] Designated Django 1.8 as the next LTS.
...
Backport of c38db4d7e0
from master
2015-01-19 12:08:20 -05:00
Markus Holtermann
db2a97870d
[1.7.x] Fixed #24163 -- Removed unique constraint after index on MySQL
...
Thanks Łukasz Harasimowicz for the report.
Backport of 5792e6a88c
from master
2015-01-19 17:25:05 +01:00
Tim Graham
bb2b4acc7a
[1.7.x] Added deprecation docs for legacy lookup support; refs #16187 .
...
Backport of 8e435a5640
from master
2015-01-19 10:45:55 -05:00
Tim Graham
07bd23d329
[1.7.x] Added missing items to deprecation timeline/1.7 release notes.
...
Backport of ecf109f215
from master.
2015-01-18 21:26:19 -05:00
Tim Graham
af523573fc
[1.7.x] Clarified deprecation of forms.forms.get_declared_fields(); refs #19617 .
...
Backport of 89e9f81601
from master
2015-01-18 16:07:48 -05:00
Tim Graham
e8191caca5
[1.7.x] Clarified a contrib.sites deprecation and added to 1.7 release notes.
...
Backport of ba27f89587
from master
2015-01-18 13:45:40 -05:00
Tim Graham
4df91d05e8
[1.7.x] Clarified contrib.contenttypes.generic deprecation; refs #19774 .
...
Backport of 737cd4ff3d
from stable/1.7.x
2015-01-18 13:43:47 -05:00
Tim Graham
eea66a6e97
[1.7.x] Added removal of check management command to deprecation timeline.
...
Backport of 20e4e8fc79
from master
2015-01-17 19:16:41 -05:00
Tim Graham
ecbe20fe20
[1.7.x] Added versionadded to ModelAdmin.get_formsets_with_inlines(); refs #20702 .
...
Backport of 7cfcdd98dc
from stable/1.8.x
2015-01-17 18:18:06 -05:00
Tim Graham
85c0eb1e3b
[1.7.x] Replaced deprecated requires_model_validation in docs.
...
Backport of 18192b9fa4
from master
2015-01-17 12:52:34 -05:00
Tim Graham
467fd7ea1a
[1.7.x] Updated tutorial 1 with actual migrate output.
2015-01-17 10:54:34 -05:00
Tim Graham
5f600db37a
[1.7.x] Documented django.utils.timezone.FixedOffset; thanks Aymeric.
...
Backport of 25264d4e2a
from master
2015-01-17 09:31:59 -05:00
Rick Hutcheson
be0bc9a9e7
[1.7.x] Fixed a typo in the test responses docs.
...
Backport of 996292d649
from master
2015-01-16 18:24:48 -05:00
Keryn Knight
bd08cfca6f
[1.7.x] Fixed #24143 -- Encouraged use of Http404 messages for debugging.
...
Backport of 726a9550db
from master
2015-01-16 09:42:03 -05:00
Tim Graham
065b2a82f6
[1.7.x] Fixed #24135 -- Made RenameModel rename many-to-many tables.
...
Thanks Simon and Markus for reviews.
Backport of 28db4af80a
from master
2015-01-15 20:43:49 -05:00
Luke Plant
327703c067
[1.7.x] Direct readers to format_html() in mark_safe() docs.
...
Backport of 4832c004e8
from master
2015-01-15 08:29:00 +00:00
Markus Holtermann
478546fcef
[1.7.x] Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth
...
Thanks Florian Apolloner for the report and Claude Paroz and Tim Graham for the review and help on the patch.
Backport of 737d24923a
from master.
2015-01-14 20:37:56 +01:00
Tim Graham
2e2617991a
[1.7.x] Added stub release notes for 1.7.4.
...
Backport of ec7ef5afbb
from master
2015-01-14 09:48:06 -05:00
Tim Graham
9b403a108c
[1.7.x] Added dates to release notes.
2015-01-13 13:09:34 -05:00
Tim Graham
bcfb47780c
[1.7.x] Fixed DoS possibility in ModelMultipleChoiceField.
...
This is a security fix. Disclosure following shortly.
Thanks Keryn Knight for the report and initial patch.
2015-01-13 13:02:56 -05:00
Tim Graham
818e59a3f0
[1.7.x] Prevented views.static.serve() from using large memory on large files.
...
This is a security fix. Disclosure following shortly.
2015-01-13 13:02:56 -05:00
Tim Graham
de67dedc77
[1.7.x] Fixed is_safe_url() to handle leading whitespace.
...
This is a security fix. Disclosure following shortly.
2015-01-13 13:02:56 -05:00
Carl Meyer
41b4bc73ee
[1.7.x] Stripped headers containing underscores to prevent spoofing in WSGI environ.
...
This is a security fix. Disclosure following shortly.
Thanks to Jedediah Smith for the report.
2015-01-13 13:02:56 -05:00
Tim Graham
33f1ccf5b1
[1.7.x] Added stub release notes for security releases.
2015-01-13 13:02:55 -05:00
Collin Anderson
6a08020fcf
[1.7.x] Fixed bad model example in admin docs.
...
Backport of e7771ec380
from master
2015-01-13 11:53:59 -05:00
Markus Holtermann
ef5889409b
[1.7.x] Fixed #24110 -- Rewrote migration unapply to preserve intermediate states
...
Backport of fdc2cc9487
and be158e3625
from master
2015-01-11 00:35:49 +01:00
Serafeim Papastefanos
1a352fe175
[1.7.x] Fixed #23967 -- Added formats for Greek
...
Backport of 74f02557e0
from master
2015-01-10 11:11:57 -05:00
Claude Paroz
7e65876b7c
[1.7.x] Fixed #24097 -- Prevented AttributeError in redirect_to_login
...
Thanks Peter Schmidt for the report and the initial patch.
Thanks to Oktay Sancak for writing the original failing test and
Alvin Savoy for supporting contributing back to the community.
Backport of d7bc37d61
from master.
2015-01-10 10:13:50 +01:00
Claude Paroz
5e18f6f724
[1.7.x] Fixed #24083 -- Corrected is_bound nature in forms topic docs
...
Thanks ajenhl Trac user for the report.
Backport of e0080cf57
from master.
2015-01-06 09:00:27 +01:00
Claude Paroz
d8fb557a51
[1.7.x] Fixed #23815 -- Prevented UnicodeDecodeError in CSRF middleware
...
Thanks codeitloadit for the report, living180 for investigations
and Tim Graham for the review.
Backport of 27dd7e7271
from master.
2015-01-06 08:45:10 +01:00
Tim Graham
0e21fd4e40
[1.7.x] Added 1.4.18 release notes.
...
Backport of ce17b045bf
from master
2015-01-05 14:25:36 -05:00
Tim Graham
4aed731154
[1.7.x] Increased the default PBKDF2 iterations.
2015-01-03 13:36:13 -05:00
Tim Graham
0a06ae9ef3
[1.7.x] Added 1.7.3 release notes stub.
...
Backport of 439f15beab
from master
2015-01-03 13:27:46 -05:00
Alfred Perlstein
0148768412
[1.7.x] Fixed #23749 -- Documented how to use the database alias in RunPython.
...
Thanks Markus Holtermann for review and feedback.
Backport of db3f7c15cb
from master
2015-01-03 12:07:28 -05:00
Bibhas
5f8761c639
[1.7.x] Fixed #24070 -- Added tutorial topics to doc index.
...
Backport of b738178825
from master
2015-01-03 08:48:59 -05:00
Tim Graham
20dcf5155b
[1.7.x] Added dates to release notes.
...
Backport of 15cd71ed24
from master
2015-01-02 19:20:44 -05:00
Tim Graham
fda458c0b6
[1.7.x] Updated six to 1.9.0.
...
Backport of 52f0b2b622
from master
2015-01-02 13:23:18 -05:00
Tim Graham
1b83464391
[1.7.x] Removed obsolete item from deprecation timeline.
...
Initial SQL data will be removed in Django 1.9 so changes to it
aren't relevant.
Backport of 1729a5250b
from master
2015-01-01 13:36:26 -05:00
Tim Graham
8e68b590ab
[1.7.x] Removed doc note about PasswordResetForm requiring an integer PK.
...
This limitation was lifted in refs #14881 .
Backport of a7aaabfaf1
from master
2015-01-01 11:40:08 -05:00
Tim Graham
f461bc02cb
[1.7.x] Fixed #23366 -- Fixed a crash with the migrate --list command.
...
Backport of b4bdd5262b
from master
2014-12-31 17:27:43 -05:00
Andrey Maslov
8de2a44064
[1.7.x] Fixed #24008 -- Fixed ValidationError crash with list of dicts.
...
Backport of 7a878ca5cb
from master
2014-12-31 14:46:17 -05:00
Piotr Pawlaczek
e11ff3975f
[1.7.x] Fixed #23758 -- Allowed more than 5 levels of subqueries
...
Refactored bump_prefix() to avoid infinite loop and allow more than
than 5 subquires by extending the alphabet to use multi-letters.
Backport of 41fc1c0b5e
from master
2014-12-31 09:42:07 -05:00
Tim Graham
9311a94ca5
[1.7.x] Revert "Updated some docs for the delayed deprecation of legacy table creation; refs #22340."
...
The deprecation was moved back to 1.9 in
61da5f3f02
.
Backport of d7fc6eb8ca
from master
2014-12-30 11:53:33 -05:00
Tim Graham
a9da5dd5b6
[1.7.x] Fixed #23581 -- Prevented extraneous DROP DEFAULT statements.
...
Thanks john_scott for the report and Markus Holtermann for review.
Backport of ab4f709da4
from master
2014-12-30 08:31:18 -05:00
Tim Graham
79645529e7
Revert "[1.7.x] Fixed #23938 -- Added migration support for m2m to concrete fields and vice versa"
...
This reverts commit 1702bc52cc
.
This doesn't work on stable/1.7.x because #23844 wasn't backported and we're
not willing to do so because it's a large change.
2014-12-29 15:37:15 -05:00
Markus Holtermann
1702bc52cc
[1.7.x] Fixed #23938 -- Added migration support for m2m to concrete fields and vice versa
...
Thanks to Michael D. Hoyle for the report and Tim Graham for the review.
Backport of 623ccdd598
from master
2014-12-29 13:42:29 -05:00
Tim Graham
1cbdb49b0a
[1.7.x] Fixed #24056 -- Fixed syntax highlighting in topics/testing/tools.txt.
...
Backport of 3d0c3a0482
from master
2014-12-27 19:51:33 -05:00
Aymeric Augustin
3483682749
[1.7.x] Fixed #23831 -- Supported strings escaped by third-party libs in Django.
...
Refs #7261 -- Made strings escaped by Django usable in third-party libs.
The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.
Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.
Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.
Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.
Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:
if isinstance(text, SafeData):
return text
else:
return escape(text)
render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.
This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.
Thanks mitsuhiko for the report.
Backport of 6d52f6f
from master.
2014-12-27 18:26:20 +01:00