mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-16 04:10:45 +00:00
Code Issues 32 Releases Wiki Activity
12,026 Commits 29 Branches 437 Tags
Commit Graph

12026 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tim Graham
efee30e6b0 [1.4.x] Bump version post-release. 2013-09-15 12:59:10 -04:00
Claude Paroz
629813a804 [1.4.x] Fixed geos test to prevent random failure 
Points in the test fixtures have 20 as max coordinate.

Backport of 87854b0bdf354059f949350a4d63a0ed071d564c from master.
 2013-09-15 11:45:16 +02:00
Russell Keith-Magee
6903d1690a [1.4.x] Removed usage of b"" string syntax for Python 2.5 compatibility. 
Refs commit 3f3d887a6844ec2db743fee64c9e53e04d39a368.
1.4.8 		2013-09-15 14:02:38 +08:00
James Bennett
3ffc7b52f8 [1.4.x] Add release notes and bump version numbers for 1.4.8 security release. 2013-09-14 23:53:07 -06:00
Russell Keith-Magee
3f3d887a68 [1.4.x] Ensure that passwords are never long enough for a DoS. 
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
 * Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.

Backport of aae5a96d5754ad34e48b7f673ef2411a3bbc1015 from master.
 2013-09-15 13:49:16 +08:00
Tim Graham
75d2bcda10 Fixed #18923 -- Corrected usage of sensitive_post_parameters in contrib.auth 
Thanks Collin Anderson for the report.

Backport of 425d076d0c from master
 2013-09-13 10:18:55 -04:00
Tim Graham
cca302cde6 [1.4.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH. 
Thanks EvilDMP for the report and Russell Keith-Magee
for the draft text.

Backport of da843e7dba from master
 2013-09-11 08:18:56 -04:00
Florian Apolloner
434d122a74 Merge pull request #1616 from loic/fix1.4 
Fixed failing test introduced by 87d2750b39.
 2013-09-11 04:30:45 -07:00
Tim Graham
fba6af5a1e [1.4.x] Bump version post-release. 2013-09-11 07:06:09 -04:00
Loic Bistuer
3203f684e8 Fixed failing test introduced by 87d2750b39. 
The {% ssi %} tag in Django 1.4 doesn't support spaces in its argument.
Skip the test if run from a location that contains a space.
 2013-09-11 18:05:39 +07:00
James Bennett
701c1a11bc [1.4.x] Bump version numbers for 1.4.7 security release. 1.4.7 2013-09-10 20:15:38 -05:00
Tim Graham
d1dc8a0d00 Added 1.4.7 release notes 
Backport of baec6a26dd from master
 2013-09-10 21:09:47 -04:00
Tim Graham
87d2750b39 [1.4.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths. 
Thanks Rainer Koirikivi for the report and draft patch.

This is a security fix; disclosure to follow shortly.

Backport of 7fe5b656c9 from master
 2013-09-10 21:05:47 -04:00
Садовский Николай
9ab7ed9b72 [1.4.x] Fixed #20707 -- Added explicit quota assignment to Oracle test user 
To enable testing on Oracle 12c
 2013-09-09 15:13:18 +03:00
Shai Berger
7826824aef [1.4.x] Fixed #20907 - Test failure on Oracle 
Backport of the Oracle-specific part of commit a18e43c5bb8cb7c82
from master. This commit made get_indexes more consistent across
backends.

Thanks Tim Graham for pointer to the commit, akaariai and ikelly
for the original commit.
 2013-08-18 01:45:01 +03:00
Shai Berger
d9dc98159d [1.4.x] Fixed #20904: Test failure on Oracle 
Just skip the failing test, the failure isn't really relevant; also,
both the test and the reason for its failure were removed in 1.5.

Thanks Tim Graham for advice on 1.5.
 2013-08-17 23:12:01 +03:00
Luke Plant
d5da495a2e [1.4.x] Fixed #20906 -- Fixed a dependence on set-ordering in tests 
Backport of 1ae64e96c1 from master
 2013-08-16 17:55:08 -04:00
Anssi Kääriäinen
bf611f14ec [1.4.x] Fixed #20905 -- Fixed an Oracle-specific test case failure 
Made a test checking ORM-generated query string case-insensitive.

Backport of ee0a7c741e from master
 2013-08-16 12:23:05 -04:00
Florian Apolloner
08e5fcb3e6 Fixed regression in validation tests since example.com is available via https now. 2013-08-13 22:34:52 +02:00
Jacob Kaplan-Moss
0d4ef66f7c Bump version post-release. 2013-08-13 12:16:41 -05:00
Tim Graham
d77ce64fe8 [1.4.x] Removed 1.5.2 release notes 2013-08-13 13:15:54 -04:00
Jacob Kaplan-Moss
506913cdd8 Stole the Makefile for building packages from master. 2013-08-13 11:24:46 -05:00
Tim Graham
e61e20e497 Added 1.4.6/1.5.2 release notes. 1.4.6 2013-08-13 11:18:07 -05:00
Jacob Kaplan-Moss
30e17be1f6 Bumped version numbers for 1.4.6. 2013-08-13 11:09:05 -05:00
Jacob Kaplan-Moss
ec67af0bd6 Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S. 
This is a security fix; disclosure to follow shortly.
 2013-08-13 11:00:13 -05:00
Tim Graham
b50be6857c [1.4.x] Added missing release notes for older versions of Django 
Backport of 3f6cc33cff from master
 2013-08-12 14:11:10 -04:00
Tim Graham
8af0b1afd2 [1.4.x] Added a bugfix in docutils 0.11 -- docs will now build properly. 
Backport of a3a59a3197 from master
 2013-07-31 10:14:38 -04:00
SusanTan
ed6ec47ff7 [1.4.x] Fixed #20779 -- Documented AdminSite.app_index_template; refs #8498. 
Thanks CollinAnderson for the report.

Backport of 7de35a9ef3 from master
 2013-07-31 07:09:52 -04:00
mark hellewell
f3a961f009 [1.4.x] Fixed #18315 -- Documented QueryDict.popitem and QueryDict.pop 
Thanks gcbirzan for the report.

Backport of 8c9240222f from master
 2013-07-25 11:09:25 -04:00
Brenton Cleeland
eda39fe704 [1.4.x] Fixed #20792 -- Corrected DISALLOWED_USER_AGENTS docs. 
Thanks simonb for the report.

Backport of dab52d99fc from master
 2013-07-25 07:39:53 -04:00
Matt Deacalion Stevens
dfe36f10df [1.4.x] Atom specification URL updated 
Changed to the URL of the official RFC for Atom, since Atomenabled.org
is just a holding page.

Backport of beefc97171 from master
 2013-07-18 08:48:11 -04:00
Tim Graham
6b4b18e7e2 [1.4.x] Fixed #20756 -- Typo in uWSGI docs. 
Backport of a3242dc9fe from master
 2013-07-17 06:51:48 -04:00
Tim Graham
288d70fccc [1.4.x] Fixed #20730 -- Fixed "Programmatically creating permissions" error. 
Thanks glarrain for the report.

Backport of 684a606a4e from master
 2013-07-11 11:10:26 -04:00
Tim Graham
e8971345b4 [1.4.x] Fixed #19196 -- Added test/requirements 
Backport of 4d92a0bd86 from master
 2013-07-10 12:12:15 -04:00
Tim Graham
7b7592cafa [1.4.x] Fixed #18944 -- Documented PasswordResetForm's from_email argument as a backwards incompatible change for 1.3 
Thanks DrMeers for the report.

Backport of dab921751d from master
 2013-07-08 15:06:45 -04:00
Baptiste Mispelon
165cc1dc2f [1.4.x] Fixed #20665 -- Missing backslash in sitemaps documentation 
Backport of 5005303ae7919eef26dab9f8ba279696966ebf1d from master.
 2013-06-27 09:45:58 +02:00
Aymeric Augustin
e2b86571bf [1.4.x] Fixed oversight in e3b6fed3. Refs #20636. 2013-06-24 21:00:28 +02:00
Aymeric Augustin
e3b6fed320 [1.4.x] Fixed #20636 -- Stopped stuffing values in the settings. 
In Django < 1.6, override_settings restores the settings module that was
active when the override_settings call was executed, not when it was
run. This can make a difference when override_settings is applied to a
class, since it's executed when the module is imported, not when the
test case is run.

In addition, if the settings module for tests is stored alongside the
tests themselves, importing the settings module can trigger an import
of the tests. Since the settings module isn't fully imported yet,
class-level override_settings statements may store a reference to an
incorrect settings module. Eventually this will result in a crash during
test teardown because the settings module restored by override_settings
won't the one that was active during test setup.

While Django should prevent this situation in the future by failing
loudly in such dubious import sequences, that change won't be backported
to 1.5 and 1.4. However, these versions received the "allowed hosts"
patch and they're prone to "AttributeError: 'Settings' object has no
attribute '_original_allowed_hosts'". To mitigate this regression, this
commits stuffs _original_allowed_hosts on a random module instead of the
settings module.

This problem shouldn't occur in Django 1.6, see #20290, but this patch
will be forward-ported for extra safety.

Also tweaked backup variable names for consistency.

Backport of 0261922 from stable/1.5.x.

Conflicts:
	django/test/utils.py
 2013-06-24 20:42:42 +02:00
Tim Graham
c97cc85b74 [1.4.x] Fixed #20326 - Corrected form wizard get_form() example. 
Thanks tris@ for the report.

Backport of 646a2216e9 from master
 2013-05-31 08:09:17 -04:00
Gavin Wahl
9b5fe02215 [1.4.x] Fixed regroup example. 
Chicago was missing.

Backport of e6ff238 from master.
 2013-05-29 21:52:25 -04:00
Tim Graham
227d7f63e4 [1.4.x] Fixed #20523 - Incorrect form field for FilePathField. 
Thanks sane4ka.sh@ for the report.

Backport of 1fdc3d256d from master
 2013-05-28 12:00:04 -04:00
Tim Graham
1deeda5785 [1.5.x] Fixed #20492 - Removed a broken link in GIS docs. 
Backport of fbab3209fc from master
 2013-05-24 12:36:25 -04:00
Alasdair Nicol
e149d8ebf0 [1.4.x] Updated link to jQuery Cookie plugin site 
Backport of 81f454a322 from master
 2013-05-24 12:26:23 -04:00
Wilfred Hughes
528345069d [1.4.x] Fixed a minor spelling mistake in the queryset documentation 
Backport of d258cce482 from master
 2013-05-14 10:32:38 -04:00
Alex Gaynor
6297673efd [1.5.X] Fixed #18883 -- added a missing self parameter in the docs 
Backport of 17d57275f9 from master
 2013-05-13 20:50:37 -04:00
Tim Graham
fbac080691 [1.4.X] Fixed #18277 - Clarified startproject documentation. 
Backport of 33503600b5 from master
 2013-03-30 08:38:42 -04:00
Nimesh Ghelani
d2b8834839 [1.4.x] Fixed #20150 -- Fixed an error in manager doc example 
Backport of 485c024567 from master
 2013-03-29 15:55:52 -04:00
Carl Meyer
4c6fb23dd4 [1.4.x] Bump version to no longer claim to be 1.4.5 final. 2013-03-28 15:11:17 -06:00
Donald Stufft
41af26dd53 Merge pull request #962 from dstufft/document-bcrypt-truncation-1.4.x 
Document password truncation with BCryptPasswordHasher
 2013-03-26 10:32:19 -07:00
Donald Stufft
843034a8d6 Document password truncation with BCryptPasswordHasher 2013-03-26 13:28:55 -04:00