Tim Graham
e63363f8e0
[1.7.x] Fixed an infinite loop possibility in strip_tags().
...
This is a security fix; disclosure to follow shortly.
2015-03-18 08:51:21 -04:00
John Giannelos
cb48e192fb
[1.7.x] Fixed #24427 -- Stopped writing migration files in dry run mode when merging.
...
Also added display of migration to stdout when verbosity=3.
Backport of 8758a63ddb
2015-03-16 19:58:08 -04:00
Matthew Wilkes
d0607a7eee
[1.7.x] Fixed #24354 -- Prevented repointing of relations on superclasses when migrating a subclass's name change
2015-03-14 15:35:16 -04:00
Tim Graham
084c97c29b
[1.7.x] Post-release version bump.
2015-03-09 11:57:04 -04:00
Tim Graham
40fb8f4ecd
[1.7.x] Bumped version for 1.7.6 release.
2015-03-09 10:18:18 -04:00
Baptiste Mispelon
2654e1b939
[1.7.x] Fixed #24461 -- Fixed XSS issue in ModelAdmin.readonly_fields
2015-03-09 10:17:54 -04:00
Jean-Louis Fuchs
283b630d63
Fixed #24447 -- Made migrations add FK constraints for existing columns
...
When altering from e.g. an IntegerField to a ForeignKey, Django didn't
add a constraint.
Backport of f4f0060fea
2015-03-07 14:30:28 +01:00
Gabriel Muñumel
0831a43c3a
[1.7.x] Fixed #24352 -- Fixed crash when coercing `ManyRelatedManager` to a string.
2015-02-26 11:00:52 -05:00
Tim Graham
2972fd2353
[1.7.x] Post-release version bump.
2015-02-25 09:07:25 -05:00
Tim Graham
634f4229c5
[1.7.x] Bumped version for 1.7.5 release.
2015-02-25 08:49:48 -05:00
Emin Mastizada
61705f0091
[1.7.x] Added formats for the Azerbaijani locale.
...
Backport of dda2a3cf4c
2015-02-23 07:37:46 -05:00
Aymeric Augustin
9b7d512d5f
[1.7.x] Fixed #24318 -- Set the transaction isolation level with psycopg >= 2.4.2.
...
Backport of 76356d96
2015-02-14 18:52:53 +01:00
Tim Graham
1b93b0977d
[1.7.x] Fixed #24332 -- Fixed contrib.sites create_default_site() when 'default' DATABASES is empty.
...
Backport of e8cf4f8abe
2015-02-13 07:08:49 -05:00
Tim Graham
0c9e006d5f
[1.7.x] Fixed #24293 -- Skipped a contrib.sites test if multiple databases aren't setup.
2015-02-12 07:56:49 -05:00
Markus Holtermann
f8c040e167
[1.7.x] Fixed #24236 -- Treated inherited m2m fields as such if they don't define get_internal_type()
...
Regression introduced in 3d4a826174
2015-02-09 16:48:51 +01:00
Markus Holtermann
208d5c42e7
[1.7.x] Revert "[1.7.x] Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth"
...
This reverts commit 478546fcef2832a9b028
2015-02-07 20:50:15 +01:00
Markus Holtermann
e6ffe43b67
[1.7.x] Revert "[1.7.x] Refs #24075 -- Silenced needless call_command output while running tests"
...
This reverts commit b419bd3843bd3d796ecd
2015-02-07 19:57:50 +01:00
Tim Graham
b25101a0d0
[1.7.x] Post-release version bump.
2015-01-27 12:27:03 -05:00
Tim Graham
b626c289cc
[1.7.x] Bumped version for 1.7.4 release.
2015-01-27 12:10:08 -05:00
Andriy Sokolovskiy
3d4a826174
[1.7.x] Fixed #24104 -- Fixed check to look on field.get_internal_type() instead of class instance
2015-01-27 14:40:39 +01:00
Claude Paroz
b1bf8d64fb
[1.7.x] Fixed #24193 -- Prevented unclosed file warnings in static.serve()
...
This regression was caused by 818e59a3f0
2015-01-23 08:58:34 +01:00
Tim Graham
7a1ccc0699
[1.7.x] Fixed #24153 -- Fixed cookie test compatibility with Python 3.4.3+
...
Backport of b19b81b396
2015-01-19 15:41:29 -05:00
Markus Holtermann
db2a97870d
[1.7.x] Fixed #24163 -- Removed unique constraint after index on MySQL
...
Thanks Łukasz Harasimowicz for the report.
Backport of 5792e6a88c
2015-01-19 17:25:05 +01:00
Tim Graham
065b2a82f6
[1.7.x] Fixed #24135 -- Made RenameModel rename many-to-many tables.
...
Thanks Simon and Markus for reviews.
Backport of 28db4af80a
2015-01-15 20:43:49 -05:00
Markus Holtermann
b419bd3843
[1.7.x] Refs #24075 -- Silenced needless call_command output while running tests
...
Thanks Tim Graham for the report
Backport of 51dc617b21
2015-01-15 21:13:27 +01:00
Markus Holtermann
478546fcef
[1.7.x] Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth
...
Thanks Florian Apolloner for the report and Claude Paroz and Tim Graham for the review and help on the patch.
Backport of 737d24923a
2015-01-14 20:37:56 +01:00
Tim Graham
f7ce66bc46
[1.7.x] Post-release version bump.
2015-01-13 14:14:05 -05:00
Tim Graham
6bf1930fb5
[1.7.x] Bumped version for 1.7.3 release.
2015-01-13 13:11:37 -05:00
Tim Graham
bcfb47780c
[1.7.x] Fixed DoS possibility in ModelMultipleChoiceField.
...
This is a security fix. Disclosure following shortly.
Thanks Keryn Knight for the report and initial patch.
2015-01-13 13:02:56 -05:00
Tim Graham
818e59a3f0
[1.7.x] Prevented views.static.serve() from using large memory on large files.
...
This is a security fix. Disclosure following shortly.
2015-01-13 13:02:56 -05:00
Tim Graham
de67dedc77
[1.7.x] Fixed is_safe_url() to handle leading whitespace.
...
This is a security fix. Disclosure following shortly.
2015-01-13 13:02:56 -05:00
Carl Meyer
41b4bc73ee
[1.7.x] Stripped headers containing underscores to prevent spoofing in WSGI environ.
...
This is a security fix. Disclosure following shortly.
Thanks to Jedediah Smith for the report.
2015-01-13 13:02:56 -05:00
Markus Holtermann
ef5889409b
[1.7.x] Fixed #24110 -- Rewrote migration unapply to preserve intermediate states
...
Backport of fdc2cc9487be158e3625
2015-01-11 00:35:49 +01:00
Serafeim Papastefanos
1a352fe175
[1.7.x] Fixed #23967 -- Added formats for Greek
...
Backport of 74f02557e0
2015-01-10 11:11:57 -05:00
Claude Paroz
7e65876b7c
[1.7.x] Fixed #24097 -- Prevented AttributeError in redirect_to_login
...
Thanks Peter Schmidt for the report and the initial patch.
Thanks to Oktay Sancak for writing the original failing test and
Alvin Savoy for supporting contributing back to the community.
Backport of d7bc37d61
2015-01-10 10:13:50 +01:00
Claude Paroz
d8fb557a51
[1.7.x] Fixed #23815 -- Prevented UnicodeDecodeError in CSRF middleware
...
Thanks codeitloadit for the report, living180 for investigations
and Tim Graham for the review.
Backport of 27dd7e7271
2015-01-06 08:45:10 +01:00
Tim Graham
4aed731154
[1.7.x] Increased the default PBKDF2 iterations.
2015-01-03 13:36:13 -05:00
Tim Graham
f7ec788bf5
[1.7.x] Post-release version bump.
2015-01-02 21:48:54 -05:00
Tim Graham
880d7638cf
[1.7.x] Bumped version for 1.7.2 release.
2015-01-02 19:44:36 -05:00
Tim Graham
fda458c0b6
[1.7.x] Updated six to 1.9.0.
...
Backport of 52f0b2b622
2015-01-02 13:23:18 -05:00
Tim Graham
f461bc02cb
[1.7.x] Fixed #23366 -- Fixed a crash with the migrate --list command.
...
Backport of b4bdd5262b
2014-12-31 17:27:43 -05:00
Andrey Maslov
8de2a44064
[1.7.x] Fixed #24008 -- Fixed ValidationError crash with list of dicts.
...
Backport of 7a878ca5cb
2014-12-31 14:46:17 -05:00
Piotr Pawlaczek
e11ff3975f
[1.7.x] Fixed #23758 -- Allowed more than 5 levels of subqueries
...
Refactored bump_prefix() to avoid infinite loop and allow more than
than 5 subquires by extending the alphabet to use multi-letters.
Backport of 41fc1c0b5e
2014-12-31 09:42:07 -05:00
Russell Keith-Magee
f1a22feaa8
[1.7.x] Renamed variables to avoid name collision with import of django.db.models.
...
Backport of 013c2d8d02
2014-12-31 08:02:06 -05:00
Tim Graham
a9da5dd5b6
[1.7.x] Fixed #23581 -- Prevented extraneous DROP DEFAULT statements.
...
Thanks john_scott for the report and Markus Holtermann for review.
Backport of ab4f709da4
2014-12-30 08:31:18 -05:00
Tim Graham
79645529e7
Revert "[1.7.x] Fixed #23938 -- Added migration support for m2m to concrete fields and vice versa"
...
This reverts commit 1702bc52cc#23844 wasn't backported and we're
not willing to do so because it's a large change.
2014-12-29 15:37:15 -05:00
Markus Holtermann
1702bc52cc
[1.7.x] Fixed #23938 -- Added migration support for m2m to concrete fields and vice versa
...
Thanks to Michael D. Hoyle for the report and Tim Graham for the review.
Backport of 623ccdd598
2014-12-29 13:42:29 -05:00
Aymeric Augustin
3483682749
[1.7.x] Fixed #23831 -- Supported strings escaped by third-party libs in Django.
...
Refs #7261 -- Made strings escaped by Django usable in third-party libs.
The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.
Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.
Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.
Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.
Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:
if isinstance(text, SafeData):
return text
else:
return escape(text)
render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.
This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.
Thanks mitsuhiko for the report.
Backport of 6d52f6f
2014-12-27 18:26:20 +01:00
Aymeric Augustin
b429a9796a
[1.7.x] Fixed an inconsistency introduced in 547b1810.
...
mark_safe and mark_for_escaping should have been kept similar.
On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
Backport of 5c5eb5fe
2014-12-27 18:17:18 +01:00
Tim Graham
a79012f6d8
[1.7.x] Fixed #24000 -- Corrected contrib.sites default site creation in a multiple database setup.
...
Backport of 89e2c60f43
2014-12-27 10:29:21 -05:00
