mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity
32,349 Commits 30 Branches 460 Tags
f00239cbf6e37b698562ca0f02cfcc0a367609c0
Commit Graph

971 Commits

Author SHA1 Message Date
Natalia
e8d4a20059 [5.0.x] Fixed CVE-2024-56374 -- Mitigated potential DoS in IPv6 validation. 
Thanks Saravana Kumar for the report, and Sarah Boyce and Mariusz
Felisiak for the reviews.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
 2025-01-14 09:00:34 -03:00
Mariusz Felisiak
0379e7532f [5.0.x] Applied Black's 2024 stable style. 
https://github.com/psf/black/releases/tag/24.1.0

Backport of 305757aec1 from main
 2024-01-26 12:55:56 +01:00
Mariusz Felisiak
92af3d4d23 [5.0.x] Refs #34380 -- Added FORMS_URLFIELD_ASSUME_HTTPS transitional setting. 
This allows early adoption of the new default "https".

Backport of a4931cd75a from main.
 2023-11-28 20:08:10 +01:00
David Smith
7f0275d8cb [5.0.x] Refs #32819 -- Used auto_id instead of id_for_label as unique identifier for the field. 
`id_for_label` is blank for widgets with multiple inputs such as radios
and multiple checkboxes. Therefore , `help_text` for fields using these
widgets cannot currently be associated using `aria-describedby`.
`id_for_label` is being used as a guard to avoid incorrectly adding
`aria-describedby` to those widgets.

This change uses `auto_id` as the unique identified for the fields
`help_text`. A guard is added to avoid incorrectly adding
`aria-describedby` to inputs by checking the widget's `use_fieldset`
attribute. Fields rendered in a `<fieldset>` should have
`aria-describedby` added to the `<fieldset>` and not every `<input>`.

Backport of 292f1ea90f from main
 2023-11-16 13:27:18 +01:00
Nick Pope
8c8cbe66fa Refs #31262 -- Renamed ChoiceIterator to BaseChoiceIterator. 
Some third-party applications, e.g. `django-filter`, already define
their own `ChoiceIterator`, so renaming this `BaseChoiceIterator` will
be a better fit and avoid any potential confusion.

See https://github.com/carltongibson/django-filter/pull/1607.
 2023-09-04 13:56:50 +02:00
Nick Pope
500e01073a Fixed #31262 -- Added support for mappings on model fields and ChoiceField's choices. 2023-08-30 22:57:40 -03:00
Gregor Jerše
10725a3187 Fixed #32820 -- Added aria-invalid="true" to fields with errors. 
Co-authored-by: Demetris Stavrou <demestav@gmail.com>
Co-authored-by: David Smith <smithdc@gmail.com>
 2023-08-01 06:08:04 +02:00
Christopher Cave-Ayland
95e4d6b813 Fixed #34532 -- Made formset_factory() respect Form's default_renderer. 
Co-authored-by: David Smith <smithdc@gmail.com>
 2023-07-24 09:09:53 +02:00
Sage Abdullah
3f73df44f2 Fixed #34705 -- Reallowed BoundField.as_widget()'s attrs argument to set aria-describedby. 
Regression in 966ecdd482.
 2023-07-12 05:43:41 +02:00
Neeraj Kumar
eed096574f Fixed #32210 -- Fixed model inlines with to_field that has a default. 2023-07-07 09:11:46 +02:00
Gregor Jerše
966ecdd482 Fixed #32819 -- Established relationship between form fields and their help text. 
Thanks Nimra for the initial patch.

Thanks Natalia Bidart, Thibaud Colas, David Smith, and Mariusz Felisiak
for reviews.
 2023-07-06 08:03:19 +02:00
Mariusz Felisiak
ad0410ec4f Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator. 
Thanks Seokchan Yoon for reports.
 2023-07-03 08:16:55 +02:00
Jacob Rief
1fe0b167af Fixed #34473 -- Fixed step validation for form fields with non-zero minimum value. 2023-06-16 08:38:28 +02:00
Carlton Gibson
4a5753fb0a Refs #32339 -- Fixed super() call in deprecated renderers. 
Missing function call `()` leads to:

TypeError: descriptor '__init__' of 'super' object needs an argument

Regression in b209518089.
 2023-05-17 11:11:43 -03:00
Mariusz Felisiak
fb4c55d9ec Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of validation when uploading multiple files using one form field. 
Thanks Moataz Al-Sharida and nawaik for reports.

Co-authored-by: Shai Berger <shai@platonix.com>
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
 2023-05-03 13:42:00 +02:00
Coen van der Kamp
7bbbadc693 Fixed #34380 -- Allowed specifying a default URL scheme in forms.URLField. 
This also deprecates "http" as the default scheme.
 2023-04-28 06:58:10 +02:00
Mariusz Felisiak
720abed343 Avoided creating default form fields in fields_for_model() when declared on form. 2023-04-27 15:26:23 +02:00
Marcelo Galigniana
8a6c0203c4 Fixed #34488 -- Made ClearableFileInput preserve "Clear" checked attribute when form is invalid. 2023-04-21 07:48:27 +02:00
David Smith
cad376f844 Fixed #34077 -- Added form field rendering. 2023-03-24 10:16:30 +01:00
Jure Slak
d22209cb42 Fixed #34424 -- Fixed SelectDateWidget crash for inputs raising OverflowError. 2023-03-22 07:59:39 +01:00
T. Franzel
a2eaea8f22 Fixed #34388 -- Allowed using choice enumeration types directly on model and form fields. 2023-03-21 19:44:41 +01:00
Laurens Verhoeven
6cbc403b8e Fixed #34349 -- Fixed FormSet.empty_form crash when deleting extra forms is disabled. 2023-02-20 09:04:29 +01:00
Bakdolot
5f3c7b7e1d Fixed #34317 -- Renamed "instance" argument of BaseModelFormSet.save_existing() method. 2023-02-07 14:18:58 +01:00
David Smith
097e3a70c1 Refs #33476 -- Applied Black's 2023 stable style. 
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.

https://github.com/psf/black/releases/tag/23.1.0
 2023-02-01 11:04:38 +01:00
Nick Pope
1e62a64202 Refs #32528 -- Simplified Media.merge(). 
This avoids building up a second datastructure for the duplicate files
warning case and simply flatten and strip duplicates if that case ever
arises.
 2023-01-19 06:33:39 +01:00
Nick Pope
1282b5e420 Fixed #32528 -- Replaced django.utils.topological_sort with graphlib.TopologicalSort(). 
graphlib.TopologicalSort() is available since Python 3.9.
 2023-01-19 06:31:40 +01:00
Mariusz Felisiak
b209518089 Refs #32339 -- Deprecated transitional form renderers. 2023-01-18 11:08:39 +01:00
Mariusz Felisiak
98756c685e Refs #32339 -- Changed default form and formset rendering style to div-based. 
Per deprecation timeline.

This also removes "django/forms/default.html" and
"django/forms/formsets/default.html" templates.
 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
31878b4d73 Refs #31026 -- Removed ability to return string when rendering ErrorDict/ErrorList. 
Per deprecation timeline.
 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
182d25eb7a Refs #31026 -- Removed BaseForm._html_output() per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
e6f82438d4 Refs #32365 -- Removed support for pytz timezones per deprecation timeline. 2023-01-17 11:49:15 +01:00
David Sanders
25904db915 Fixed #34119 -- Prevented callable default hidden widget value from being overridden. 
Thanks to Benjamin Rigaud for the report.
 2022-11-18 13:12:15 +01:00
Francesco Panico
51faf4bd17 Fixed #34148 -- Reverted "Fixed #32901 -- Optimized BaseForm.__getitem__()." 
This reverts commit edde2a0699.

Thanks Jan Pieter Waagmeester for the report.
 2022-11-18 08:06:13 +01:00
LightDiscord
e20c9eb60a Fixed #27654 -- Propagated alters_data attribute to callables overridden in subclasses. 
Thanks Shai Berger and Adam Johnson for reviews and the implementation
idea.
 2022-11-04 11:08:58 +01:00
Nick Pope
d3cb91db87 Used more augmented assignment statements. 
Identified using the following command:

$ git grep -I '\(\<[_a-zA-Z0-9]\+\>\) *= *\1 *[-+/*^%&|<>@]'
 2022-10-31 12:30:13 +01:00
Marcelo Galigniana
c0fc1b5302 Fixed #19215 -- Fixed rendering ClearableFileInput when editing with invalid files. 
Thanks Michael Cardillo for the initial patch.
 2022-10-25 16:53:52 +02:00
DevilsAutumn
f3cd252cfc Fixed #33995 -- Fixed FormSet.empty_form crash when empty_permitted is passed to form_kwargs. 2022-09-09 13:51:47 +02:00
Neeraj Kumar
9942f3fb49 Fixed #33830 -- Fixed VariableDoesNotExist when rendering ClearableFileInput. 2022-08-25 07:52:36 +02:00
Kamil Turek
e03cdf76e7 Fixed #31721 -- Allowed ModelForm meta to specify form fields. 2022-08-08 09:46:05 +02:00
Carlton Gibson
89e695a69b Fixed #33876, Refs #32229 -- Made management forms render with div.html template. 
Thanks to Claude Paroz for the report.
 2022-08-02 10:30:09 +02:00
Shawn Dong
18c5ba07cc Fixed #33822 -- Fixed save() crash on model formsets when not created by modelformset_factory(). 
Thanks Claude Paroz for the report.

Regression in e87f57fdb8.
 2022-07-05 07:19:18 +02:00
Swann
d0863429a3 Fixed documentation of Widget.id_for_label() empty return value. 2022-06-03 12:19:47 +02:00
David Smith
d126eba363 Refs #32339 -- Deprecated default.html form template. 
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
 2022-05-17 11:16:54 +02:00
Kapil Bansal
3a82b5f655 Fixed #32559 -- Added 'step_size’ to numeric form fields. 
Co-authored-by: Jacob Rief <jacob.rief@uibk.ac.at>
 2022-05-12 14:16:52 +02:00
Marc Seguí Coll
262fde94de Fixed #33622 -- Allowed customizing error messages for invalid number of forms. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2022-05-10 13:42:31 +02:00
Gagaro
667105877e Fixed #30581 -- Added support for Meta.constraints validation. 
Thanks Simon Charette, Keryn Knight, and Mariusz Felisiak for reviews.
 2022-05-10 11:22:23 +02:00
David Smith
ec5659382a Fixed #32339 -- Added div.html form template. 2022-05-05 14:32:43 +02:00
Carlton Gibson
476d4d5087 Refs #32339 -- Allowed renderer to specify default form and formset templates. 
Co-authored-by: David Smith <smithdc@gmail.com>
 2022-04-27 10:21:04 +02:00
L
37602e4948 Fixed #33656 -- Fixed MultiWidget crash when compressed value is a tuple. 2022-04-26 07:06:26 +02:00
David
c8459708a7 Refs #32339 -- Added use_fieldset to Widget. 2022-03-30 16:28:14 +02:00