1
0
mirror of https://github.com/django/django.git synced 2025-10-24 14:16:09 +00:00
Commit Graph

11934 Commits

Author SHA1 Message Date
Florian Apolloner
e34685034b [1.4.x] Fixed a security issue in http redirects. Disclosure and new release forthcoming.
Backport of 4129201c3e from master.
2012-07-30 22:03:33 +02:00
Florian Apolloner
c14f325c4e [1.4.x] Fixed second security issue in image uploading. Disclosure and release forthcoming.
Backport of b1d4634686 from master.
2012-07-30 22:00:17 +02:00
Florian Apolloner
da33d67181 [1.4.x] Fixed a security issue in image uploading. Disclosure and release forthcoming.
Backport of dd16b17099 from master.
2012-07-30 22:00:17 +02:00
Tim Graham
94e91f75b9 [1.4.X] Fixed #18656 -- Fixed LocaleMiddleware link; thanks mitar for the report.
Backport of 07d70e9b26 from master
2012-07-28 13:33:19 -04:00
Florian Apolloner
498bf5c26c Merge pull request #212 from kevinlondon/ticket_18614_1_4
[1.4] Ticket 18614 -- Add Imports and change render_to_response to render
2012-07-25 13:33:33 -07:00
Ramiro Morales
c2ff027861 [1.4.x] Made LiveServerTestCase to restore state on exit.
The piece of state is DB connections' allow_thread_sharing attribute
which gets munged when test are run when in-memory SQLite databases.

Thanks Anssi for suggesting the possible root cause and Julien for
implementing the fix.

Backport of ea667ee3ae from master.
2012-07-22 11:06:16 -03:00
Kevin London
c6d06a9453 [1.4.x] Fixed #18614 -- Added imports and changed render_to_response to render. 2012-07-15 21:29:13 -07:00
Tim Graham
8ba78a0daf [1.4.X] Fixed #18577 - Clarified middleware initialization.
Thanks Lukasz Balcerzak for the patch.

Backport of 590de18add from master
2012-07-08 19:30:11 -04:00
Tim Graham
dcede04715 [1.4.x] Fixed #18173 - Corrected ModelAdmin documentation for get_changelist.
Thanks Keryn Knight for the report and vanessagomes for the pckport of [d44aa98] from master.atch.

Backport of [d44aa98] from master.
2012-07-08 18:38:52 -04:00
Julien Phalip
9a2ca4266a [1.4.x] Fixed #17978 -- Fixed a minor layout issue when an inline contains a filter horizontal widget. Thanks to Aymeric Augustin for the report. 2012-07-07 15:44:26 -07:00
Claude Paroz
fd88fe657b [1.4.x] Fixed #18164 -- Precised startapp template context content
Backport of 249c445446 from master.
2012-07-07 23:12:02 +02:00
Aymeric Augustin
f1e416566a [1.4x] Fixed #18587 -- Typo in management command example
Thanks Frank Wiles.

Backport of 29ca3d3c4b from master.
2012-07-07 16:02:45 +02:00
Tim Graham
f5db3bddb3 [1.4.X] Fixed #17997 - Documented that the debug server is now multithreaded by default.
Thanks trey.smith@ for the report and vanessagomes for the patch.

Backport of e4a1407a9c from master
2012-07-05 08:40:20 -04:00
Tim Graham
c5e35afbcc [1.4.X] Fixed #17436 - Added warning about overriding Model.__init__()
Thanks zsiciarz for the draft patch.

Backport of 7313468f85 from master
2012-07-01 18:06:33 -04:00
Tim Graham
8bea1a7e4e [1.4.X] Fixed #16882 - Clarified why one should not use 'init_command' after initial database creation.
Backport of 9974069620 from master
2012-07-01 07:26:53 -04:00
Tim Graham
32bd77d392 [1.4.X] Fixed #18493 - Added instructions to locate the Django source files to the t
Thanks Claude Paroz for the draft patch.

Backport of c68f4c514c from master
2012-07-01 06:56:20 -04:00
Tim Graham
fea5e0b80f [1.4.X] Fixed #17705 - Updated TabularInline image and doc in tutorial 2.
Thanks xbito for the draft patch.

Backport of c5fb8299ef from master
2012-06-30 18:21:50 -04:00
Raúl Cumplido
342e8a6246 [1.4.X] Fixed #18145 -- Improved documentation of unique_together type fields
Backport of 55ffcf8e7b from master
2012-06-30 17:24:26 -04:00
Tim Graham
a89e76d151 [1.4.X] Fixed #17168 - Noted TransactionMiddleware only works with "default" database alias.
Thanks codeinthehole for the draft patch.

Backport of 5d81ad1af1 from master
2012-06-30 10:30:45 -04:00
Claude Paroz
d92c38a281 [1.4.x] Fixed #18528 -- Fixed custom field value_to_string example
Thanks anuraguniyal for the report.
2012-06-29 15:11:13 +02:00
Tim Graham
9014b138e6 [1.4.X] Fixed #17511 - Removed reference to deprecated "reset" management command in FAQ; thanks voxpuibr@ for the report.
Backport of c8928b91b5 from master
2012-06-27 18:56:04 -04:00
Tim Graham
3631a028e2 [1.4.X] Fixed #18369 - Fixed argument name in render() function; thanks qsolo825@ for the report.
Backport of 1cf8287e3a from master
2012-06-27 18:43:14 -04:00
Luke Plant
ff6ee5f06c [1.4.x] Added more explicit warnings about unconfigured reStructured Text usage in docs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17915 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Backport of 718f149b from master
2012-06-08 15:02:15 +01:00
Jacob Kaplan-Moss
45d43317b7 [1.4.X] Replaced documentation snippets using "gender" with less sensitive examples.
Backport of [7edf231] from master.
2012-06-06 13:55:09 +02:00
Luke Plant
0a8a6b92b2 [1.4.x] Noted that SECURE_PROXY_SSL_HEADER is needed by CSRF protection.
Both false positives and false negatives of HttpRequest.is_secure can be
dangerous.

Backport of 840ffd80ba from master
2012-06-04 21:49:42 +01:00
Luke Plant
3bd937aec2 [1.4.x] Rewrote security.txt SSL docs, noting SECURE_PROXY_SSL_HEADER.
Backport of 0199bdc0b from master
2012-06-04 21:46:37 +01:00
Karen Tracey
03f1d69f1e Merge pull request #109 from apollo13/fix4d2fdd
Fix test error.
2012-06-04 04:31:28 -07:00
Florian Apolloner
1c13cc023f [1.4.x] readd imports deleted in 4d2fdd 2012-06-04 13:24:05 +02:00
Julien Phalip
4d2fdd4185 [1.4.X] Fixed #18379 -- Made the sensitive_variables decorator work with object methods. 2012-06-03 23:59:01 -07:00
Michael Newman
0f69a16785 [1.4.x] Fixed #18135 -- Close connection used for db version checking
On MySQL when checking the server version, a new connection could be
created but never closed. This could result in open connections on
server startup.

Backport of 4423757c0c.
2012-05-27 21:51:03 +03:00
Adrian Holovaty
d3fa8d92ea [1.4.x] Updated docs/intro/whatsnext.txt to reference Git instead of SVN 2012-05-16 23:19:09 +02:00
Claude Paroz
6bb85d98b0 [1.4.x] Fixed #18019 -- Use threaded runserver only when database supports it. 2012-05-15 09:23:52 +02:00
Claude Paroz
589af4971e [1.4.x] Fixed #18301 -- Fixed url name in password reset example.
Thanks nicknnn for the report.
2012-05-11 20:19:32 +02:00
Jannis Leidel
35423f6fb1 [1.4.X] Set the post process cache when finished instead of one by one.
This should prevent a race condition if running collectstatic is
canceled or its cache is accessed from other processes, leaving the
cache in a corrupt state.
2012-05-10 18:30:46 +02:00
Claude Paroz
ffe620f203 Fixed #18270 -- Corrected variable name in password reset example.
Thanks schnippi for the report.
Backport of ec5423df05 from master.
2012-05-10 08:40:39 +02:00
Aymeric Augustin
a3c8201b77 [1.4.x] Fixed #17976 -- Made forms.BooleanField pickleable.
Backport of 9350d1d59c from master.

This was a regression in Django 1.4.
Thanks bronger for the report and claudep for the patch.
2012-05-08 23:20:05 +02:00
Claude Paroz
521fe472e5 [1.4.X] Fixed #18186 -- Fixed ReportLab Web site links. Thanks pablog for the report and the initial patch.
Backport of r17928 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17929 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-22 17:20:39 +00:00
Ramiro Morales
839a71b0a5 [1.4.X] Added documentation notes about lack of database savepoints support when using MySQL+MyISAM.
Refs #15507 and r17341.

Backport of r17923.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17924 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-21 22:57:32 +00:00
Claude Paroz
143305126b [1.4.X] Fixed #18156 -- Updated signature of ModelAdmin change_view in docs to reflect r17466. Thanks arthurprat for the report.
Backport of r17918 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17919 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-20 13:01:04 +00:00
Claude Paroz
64bbf5187c [1.4.X] Fixed #18316 -- Fixed pre-1.3 PermWrapper? location in docs. Thanks Adrien Lemaire for the patch.
Backport of r17913 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17914 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-16 11:40:25 +00:00
Claude Paroz
2fa8b3f143 [1.4.X] Fixed #18118 -- Improved documentation for contrib.auth.hashers utility functions. Thanks Mathieu Agopian for the report and Ramiro Morales for the review.
Backport of r17905 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17906 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-13 11:40:44 +00:00
Claude Paroz
3f77b84489 [1.4.X] Fixed #18027 -- Removed an HTMLParser test that doesn't raise any more in recent Python versions. Thanks Arfever and Anssi Kaariainen for the report and the patch.
Backport of r17900 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17901 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-11 21:27:18 +00:00
Claude Paroz
ee43524e22 [1.4.X] Fixed #18104 -- Added missing parentheses around two-lines deprecation string. Thanks Roy Smith for the report.
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17897 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-11 17:20:59 +00:00
Claude Paroz
8ed9e9074c [1.4.X] Fixed #18095 -- Added missing 'cc' mention in EmailMessage recipients() description. Thanks Stéphane Raimbault for the report and the patch.
Backport of r17891 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17892 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-10 20:02:56 +00:00
Aymeric Augustin
01dfe35b38 [1.4.X] Fixed #18090 -- Applied filters when running prefetch_related backwards through a one-to-one relation. Backport of r17888 from trunk.
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17889 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-10 06:06:14 +00:00
Claude Paroz
8adfdf08de [1.4.X] Fixed #17672 -- Precised MacPorts GeoDjango install instructions to install gdal with geos support. Thanks chosak for the report and the patch.
Backport of r17883 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17884 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-09 10:03:31 +00:00
Julien Phalip
a6ba67ffd1 [1.4.X] Fixed #18086 -- Restored '-pk' as the default order in the admin changelist. This rectifies a slight change in behavior introduced in Django 1.4 and r17635.
Backport of r17881 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17882 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-09 04:32:42 +00:00
Ramiro Morales
9a3e9c27c2 [1.4.X] Fixed #18074 -- Fixed description of dumpdata command --database option.
Thanks aruseni for the report.

Backport of r17873 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17874 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-06 18:59:06 +00:00
Claude Paroz
61b13444c5 [1.4.X] Fixed #18009 -- Cleaned up a comment about removal of the old contrib.syndication Feed class. Thanks Keryn Knight for the report.
Backport of r17866 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17867 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-02 19:52:32 +00:00
Claude Paroz
456d4db251 [1.4.X] Fixed #18045 -- Corrected the documented default value of SESSION_COOKIE_HTTPONLY setting. Missing bit of r17135.
Backport of r17862 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17863 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-01 17:17:21 +00:00