1
0
mirror of https://github.com/django/django.git synced 2025-01-13 11:57:01 +00:00
Commit Graph

19523 Commits

Author SHA1 Message Date
Aymeric Augustin
d3a982556d Deprecated TEMPLATE_STRING_IF_INVALID. 2014-12-28 17:02:30 +01:00
Aymeric Augustin
3dc01aaaaf Deprecated ALLOWED_INCLUDE_ROOTS. 2014-12-28 17:02:30 +01:00
Aymeric Augustin
84d7c93feb Raised an error when allowed_include_roots is a string.
This avoids leaving projects silently vulnerable when this option is set
to a string instead of a one-item tuple containing that string, a very
common misconfiguration.
2014-12-28 17:02:29 +01:00
Aymeric Augustin
cf1f36bb6e Deprecated current_app in TemplateResponse and render(_to_response). 2014-12-28 17:02:29 +01:00
Aymeric Augustin
e53495ba33 Preserved context class in inclusion_tag.
Previously, when a template was rendered with RequestContext, inclusion
tags were rendered with a plain context, losing additional information
available in the RequestContext.

The (admittedly bizarre) implementation of RequestContext.new() has the
side-effect of not running template context processors, making this
change backwards-compatible.
2014-12-28 17:02:29 +01:00
Aymeric Augustin
fdbfc98003 Deprecated some arguments of django.shortcuts.render(_to_response).
dictionary and context_instance and superseded by context.

Refactored tests that relied context_instance with more modern idioms.
2014-12-28 17:02:29 +01:00
Aymeric Augustin
a0141f9eac Simplified implementation of django.shortcuts.render(_to_response).
*args, **kwargs brought more confusion than concision.
2014-12-28 17:00:07 +01:00
Aymeric Augustin
92e8f1f302 Moved context_processors from django.core to django.template. 2014-12-28 17:00:07 +01:00
Aymeric Augustin
c599f233b1 Added a comment about the last use of Engine.get_default(). 2014-12-28 17:00:07 +01:00
Aymeric Augustin
969e082858 Added tests for django.template.loader.
Deprecated features aren't tested.
2014-12-28 17:00:07 +01:00
Aymeric Augustin
90805b240f Supported multiple template engines in render_to_string.
Adjusted its API through a deprecation path according to the DEP.
2014-12-28 16:23:02 +01:00
Aymeric Augustin
f9a6ebf6f5 Removed extraneous arguments in Engine.from_string.
This aligns the Django Template Engine API with the common template
backend API.
2014-12-28 16:23:02 +01:00
Aymeric Augustin
f50a09f2cd Removed private API get_template_from_string.
It wasn't documented and it wasn't used anywhere.
2014-12-28 16:23:01 +01:00
Aymeric Augustin
5523e4cdbb Removed private API find_template.
It wasn't documented and it wasn't used anywhere, except in a few tests
that don't test it specifically and can be rewritten with get_template.
2014-12-28 16:23:01 +01:00
Aymeric Augustin
4ea43ac915 Supported multiple template engines in get_template and select_template.
This commit changes the return type of these two functions. Instead of
returning a django.template.Template they return a backend-specific
Template class that must implement render(self, context).
2014-12-28 16:23:01 +01:00
Aymeric Augustin
6854998c8f Looked up the default template engine in the list of all engines. 2014-12-28 16:23:01 +01:00
Aymeric Augustin
92a2d049a2 Isolated template tests from Django settings. 2014-12-28 16:23:01 +01:00
Aymeric Augustin
b34b8a12b7 Passed a reference to the current engine when instantiating Template. 2014-12-28 16:23:00 +01:00
Aymeric Augustin
24dffaf0cb Removed some uses of global APIs from django.template.loader. 2014-12-28 16:23:00 +01:00
Aymeric Augustin
332154e726 Added basic tests for template backends. 2014-12-28 16:23:00 +01:00
Aymeric Augustin
1eca0e95cf Added Django template backend. 2014-12-28 16:08:35 +01:00
Aymeric Augustin
44de7218a5 Added jinja2 template backend. 2014-12-28 16:08:34 +01:00
Aymeric Augustin
86c75996f0 Added dummy template backend. 2014-12-28 16:08:34 +01:00
Aymeric Augustin
1acfd624d6 Added initial support for loading template engines. 2014-12-28 16:08:31 +01:00
Aymeric Augustin
b19693e6d8 Imported BaseEngine from the DEP.
i18n is left aside for now.
2014-12-28 15:57:11 +01:00
Aymeric Augustin
7eefdbf7ab Cleaned up the django.template namespace.
Since this package is going to hold both the implementation of the Django
Template Language and the infrastructure for Multiple Template Engines,
it should be untied from the DTL as much as possible within our
backwards-compatibility policy.

Only public APIs (i.e. APIs mentioned in the documentation) were left.
2014-12-28 14:47:31 +01:00
Aymeric Augustin
bfa21ddf76 Renamed get_template_from_string to from_string.
The shorter name is just as explicit and, well, shorter.
2014-12-28 14:47:31 +01:00
Aymeric Augustin
b3eda6ec3e Simplified handling of a default value. 2014-12-28 14:47:30 +01:00
Tim Graham
3d0c3a0482 Fixed #24056 -- Fixed syntax highlighting in topics/testing/tools.txt. 2014-12-27 19:49:16 -05:00
Christopher Grebs
508be27dbf Fixed #24057 -- Fixed typo in docs/howto/custom-lookups.txt. 2014-12-27 19:38:24 -05:00
Aymeric Augustin
7fd5629d23 Added release notes for the last two commits. 2014-12-27 18:26:48 +01:00
Aymeric Augustin
6d52f6f8e6 Fixed #23831 -- Supported strings escaped by third-party libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Aymeric Augustin
5c5eb5fea4 Fixed an inconsistency introduced in 547b1810.
mark_safe and mark_for_escaping should have been kept similar.

On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
2014-12-27 17:44:54 +01:00
Tim Graham
89e2c60f43 Fixed #24000 -- Corrected contrib.sites default site creation in a multiple database setup. 2014-12-27 09:42:13 -05:00
Claude Paroz
e112bacd21 Forward-ported release note for 322560489 2014-12-27 15:13:12 +01:00
Claude Paroz
2ceb10f3b0 Fixed #14180 -- Prevented unneeded index creation on MySQL-InnoDB
Thanks zimnyx for the report and Simon Charette, Tim Graham for
the reviews.
2014-12-27 12:52:44 +01:00
Josh Smeaton
4718296546 Fixed #23753 -- Added a suite of SQL Functions
Added functions and tests
Added docs and more tests
Added TextField converter to mysql backend
Aliased Value as V in example docs and tests
Removed unicode_compatible in example
Fixed console emulation in examples
2014-12-27 15:27:27 +11:00
Tim Graham
7c07612e90 Removed an unnecessary models file in the admin_scripts tests. 2014-12-26 19:31:54 -05:00
Tim Graham
75bbcfa332 Replaced sqlall in some bash_completion/admin_scripts tests.
sqlall will be removed in Django 1.9, so now's a good time to remove
its usage where it's not important.
2014-12-26 18:52:26 -05:00
Collin Anderson
0821b3d53c Clarified custom header instructions in tutorial 2. 2014-12-26 18:28:47 -05:00
Tim Graham
c2e419c267 Fixed #24054 -- Enabled sqlsequencereset for apps with migrations. 2014-12-26 15:55:34 -05:00
Tim Graham
1729a5250b Removed obsolete item from deprecation timeline.
Initial SQL data will be removed in Django 1.9 so changes to it
aren't relevant.
2014-12-26 13:48:13 -05:00
Gavin Wahl
b4e76f30d1 Fixed #23346 -- Fixed lazy() to lookup methods on the real object, not resultclasses.
Co-Authored-By: Rocky Meza <rmeza@fusionbox.com>
2014-12-26 11:30:34 -05:00
Tim Graham
c5fb34c47e Documented AdminSite.has_permission(); refs #22295. 2014-12-26 09:14:10 -05:00
Tim Graham
271d4f8f85 Fixed #23948 -- Moved password help text from the template to the form.
Thanks Mithos for the report and patch.
2014-12-26 08:09:12 -05:00
Tim Graham
3325ec869c Fixed #24045 -- Removed useless mark_safe() call in trans_null.py 2014-12-26 07:42:49 -05:00
Claude Paroz
ffa548fb56 Updated link to CSRF docs
Refs #23866.
2014-12-25 14:01:15 +01:00
Claude Paroz
234a2e0b6b Fixed #23866 -- Harmonized refs to Django documentation from code 2014-12-25 13:53:13 +01:00
Brian Scoles
a6f0b6a98f Fixed typo in docs/intro/tutorial01.txt. 2014-12-25 06:56:23 -05:00
Tim Graham
426ead27bd Removed shutil.copystat copied from stdlib (added to support an old Python?). 2014-12-24 19:29:33 -05:00