1
0
mirror of https://github.com/django/django.git synced 2025-10-24 22:26:08 +00:00
Commit Graph

684 Commits

Author SHA1 Message Date
Luke Plant
aef2a0ec59 Fixed #25018 -- Changed simple_tag to apply conditional_escape() to its output.
This is a security hardening fix to help prevent XSS (and incorrect HTML)
for the common use case of simple_tag.

Thanks to Tim Graham for the review.
2015-06-29 08:16:19 -04:00
Tim Graham
b34d16b78d Added ALLOWED_HOSTS and SERVER_EMAIL details to deployment checklist. 2015-06-11 13:41:24 -04:00
Mark Henwood
dee1bcd08a Fixed #24882 -- Documented Migration.run_before 2015-06-06 09:00:04 -04:00
Yamila Moreno
f954c51720 Fixed #24926 -- Removed outdated information from deployment 2015-06-05 12:03:29 +02:00
Preston Timmons
655f524915 Fixed #17085, #24783 -- Refactored template library registration.
* Converted the ``libraries`` and ``builtins`` globals of
  ``django.template.base`` into properties of the Engine class.
* Added a public API for explicit registration of libraries and builtins.
2015-05-21 09:12:06 -05:00
Tim Graham
307acc745a Fixed #24630 -- Clarified docs about RunPython transactions.
Thanks Markus Holtermann for review.
2015-05-17 18:50:18 -04:00
Abhaya Agarwal
9de9c24017 Fixed #24105 -- Called Storage.get_valid_name() when upload_to is callable 2015-05-12 20:08:22 -04:00
Afriza N. Arief
b295fcd19c Fixed typo in docs/howto/deployment/wsgi/apache-auth.txt 2015-04-13 07:50:23 -04:00
Tim Graham
6d7784a7b9 Fixed #24602 -- Removed obsolete reference to __metaclass__ in custom model fields docs.
Thanks schinckel for the report.
2015-04-08 08:35:35 -04:00
Tim Graham
d9a30ed190 Updated location of database backend data_types attribute in docs. 2015-03-17 20:03:07 -04:00
Ian Lee
56cd87a5af Added link to section in docs/howto/custom-template-tags.txt. 2015-03-13 08:24:44 -04:00
Ian Lee
7614efa2f9 Fixed typo in docs/howto/custom-template-tags.txt. 2015-03-13 08:13:49 -04:00
Ian Lee
7f8588d22e Documented how to use a non-root subdirectory with mod_wsgi. 2015-03-12 20:08:37 -04:00
Erik Romijn
fa350e2f30 Fixed #24464 -- Made built-in HTML template filter functions escape their input by default.
This may cause some backwards compatibility issues, but may also
resolve security issues in third party projects that fail to heed warnings
in our documentation.

Thanks Markus Holtermann for help with tests and docs.
2015-03-09 09:29:58 -04:00
Tim Graham
63f2dd4ad7 Fixed typo in docs/howto/custom-template-tags.txt 2015-03-09 07:06:09 -04:00
Ross Brunton
6b28e957df Fixed #24379 -- Documented that remote user example disables ModelBackend. 2015-03-02 19:53:11 -05:00
Ian Lee
fde4857fb8 Added syntax highlighting for apache code blocks 2015-03-02 12:33:58 -05:00
Ian Lee
00fbd8fd52 Broke long lines in code examples.
The website only renders code blocks at 96 chars, and therefore
long code lines get wrapped. Manually breaking the lines prevents
the wrapping from occurring.
2015-02-23 07:45:37 -05:00
Sean Wang
eba6dff581 Fixed #24358 -- Corrected code-block directives for console sessions. 2015-02-22 09:35:39 -05:00
Loic Bistuer
bed504d70b Fixed #24351, #24346 -- Changed the signature of allow_migrate().
The new signature enables better support for routing RunPython and
RunSQL operations, especially w.r.t. reusable and third-party apps.

This commit also takes advantage of the deprecation cycle for the old
signature to remove the backward incompatibility introduced in #22583;
RunPython and RunSQL won't call allow_migrate() when when the router
has the old signature.

Thanks Aymeric Augustin and Tim Graham for helping shape up the patch.

Refs 22583.
2015-02-20 21:34:09 +07:00
Marc Tamlyn
32d4db66b9 Update converters to take a consistent set of parameters.
As suggested by Anssi. This has the slightly strange side effect of
passing the expression to Expression.convert_value has the expression
passed back to it, but it allows more complex patterns of expressions.
2015-02-20 11:35:52 +00:00
Aymeric Augustin
1bfcc950ab Set context.template instead of context.engine while rendering.
This opens more possibilities, like accessing context.template.origin.

It also follows the chain of objects instead of following a shortcut.
2015-02-19 22:08:11 +01:00
Aymeric Augustin
15b711b5ee Deprecated TEMPLATE_DEBUG setting. 2015-02-15 20:47:04 +01:00
Andrei Kulakov
1f9e44030e Fixed #23932 -- Added how-to on migrating unique fields. 2015-02-05 16:26:45 -05:00
darkryder
9ec8aa5e5d Fixed #24149 -- Normalized tuple settings to lists. 2015-02-03 14:59:45 -05:00
Tim Graham
570912a97d Added a "Writing migrations" how-to. 2015-02-03 13:09:54 -05:00
Preston Timmons
cd4282816d Fixed #18651 -- Enabled optional assignments for simple_tag(). 2015-02-03 10:44:33 -05:00
Tim Graham
c79faae761 Removed versionadded/changed notes for 1.7. 2015-02-01 21:02:40 -05:00
Tim Graham
0f169098ef Removed BaseCommand.validate() per deprecation timeline; refs #16905. 2015-01-18 14:49:51 -05:00
Tim Graham
4b8d3bbab5 Standardized indentation in docs/howto/custom-management-commands.txt. 2015-01-17 13:38:01 -05:00
Tim Graham
4a03d348c7 Removed BaseCommand.requires_model_validation per deprecation timeline. 2015-01-17 12:59:07 -05:00
Tim Graham
18192b9fa4 Replaced deprecated requires_model_validation in docs. 2015-01-17 12:51:50 -05:00
Tim Graham
00a11994a5 Removed support for AppCommand.handle_app() per deprecation timeline. 2015-01-17 12:34:34 -05:00
Tim Graham
4aa089a9a9 Removed support for custom SQL per deprecation timeline. 2015-01-17 10:16:06 -05:00
Tim Graham
67235fd4ef Removed support for initial_data fixtures per deprecation timeline. 2015-01-17 09:59:25 -05:00
Tim Graham
41f0d3d3bc Removed FastCGI support per deprecation timeline; refs #20766. 2015-01-17 08:32:31 -05:00
Carl Meyer
316b8d4974 Stripped headers containing underscores to prevent spoofing in WSGI environ.
This is a security fix. Disclosure following shortly.

Thanks to Jedediah Smith for the report.
2015-01-13 13:03:05 -05:00
Pavel Shpilev
a7c256cb54 Fixed #9893 -- Allowed using a field's max_length in the Storage. 2015-01-12 09:09:18 -05:00
Aymeric Augustin
4797af2bb8 Updated custom template tags how-to.
Accounted for multiple template engines and made a few small fixes.
2015-01-10 20:17:22 +01:00
Aymeric Augustin
ee8d5b91e9 Wrote main documentation for templates. 2015-01-10 20:16:19 +01:00
Anssi Kääriäinen
0c7633178f Fixed #24020 -- Refactored SQL compiler to use expressions
Refactored compiler SELECT, GROUP BY and ORDER BY generation.
While there, also refactored select_related() implementation
(get_cached_row() and get_klass_info() are now gone!).

Made get_db_converters() method work on expressions instead of
internal_type. This allows the backend converters to target
specific expressions if need be.

Added query.context, this can be used to set per-query state.

Also changed the signature of database converters. They now accept
context as an argument.
2015-01-08 14:07:54 -05:00
Claude Paroz
f7c287fca9 Fixed #24073 -- Deactivated translations when leave_locale_alone is False
Thanks Tim Graham and Markus Holtermann for the reviews.
2015-01-07 20:11:24 +01:00
Daniel Pyrathon
fb48eb0581 Fixed #12663 -- Formalized the Model._meta API for retrieving fields.
Thanks to Russell Keith-Magee for mentoring this Google Summer of
Code 2014 project and everyone else who helped with the patch!
2015-01-06 19:25:12 -05:00
Tim Graham
d7fc6eb8ca Revert "Updated some docs for the delayed deprecation of legacy table creation; refs #22340."
This reverts commit a2e3c96948.

The deprecation was moved back to 1.9 in
61da5f3f02.
2014-12-30 11:50:50 -05:00
Aymeric Augustin
cf0fd65ed4 Deprecated TEMPLATE_LOADERS. 2014-12-28 17:02:30 +01:00
Aymeric Augustin
3dc01aaaaf Deprecated ALLOWED_INCLUDE_ROOTS. 2014-12-28 17:02:30 +01:00
Christopher Grebs
508be27dbf Fixed #24057 -- Fixed typo in docs/howto/custom-lookups.txt. 2014-12-27 19:38:24 -05:00
Claude Paroz
337cd09836 Updated some other external links in the docs 2014-12-19 18:07:52 +01:00
Claude Paroz
0a4b04fc23 Used https for most *.python.org links 2014-12-19 18:07:52 +01:00
Quentin Pradet
6bc343d874 Fixed typo in docs/howto/custom-lookups.txt. 2014-12-08 07:18:54 -05:00