mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-04-24 17:24:37 +00:00
Code Issues 32 Releases Wiki Activity
15,801 Commits 29 Branches 441 Tags
Commit Graph

9449 Commits

Author SHA1 Message Date
Tim Graham
808c0dc705 [1.6.x] Bumped version number post-release. 2014-08-20 16:38:01 -04:00
James Bennett
8b19a4e275 [1.6.x] Update version number for security release. 2014-08-20 15:14:55 -05:00
Simon Charette
f7c494f250 [1.6.x] Prevented data leakage in contrib.admin via query string manipulation. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:43:43 -04:00
Preston Holmes
0268b855f9 [1.6.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USE change. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:43:43 -04:00
Tim Graham
dd0c3f4ee1 [1.6.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file names. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:43:43 -04:00
Florian Apolloner
da051da8df [1.6.x] Prevented reverse() from generating URLs pointing to other hosts. 
This is a security fix. Disclosure following shortly.
 2014-08-20 11:43:43 -04:00
Claude Paroz
9f9fdc4b0a [1.6.x] Fixed #22996 -- Prevented crash with unencoded query string 
Thanks Jorge Carleitao for the report and Aymeric Augustin, Tim Graham
for the reviews.
Backport of fa02120d36 from master.
 2014-08-19 22:55:35 +02:00
Claude Paroz
f5e8376288 [1.6.x] Fixed multi geometries editing in OpenLayers widget 
Backport of 457c16d0d from master.
 2014-08-15 10:10:35 +02:00
Claude Paroz
99b5567796 [1.6.x] Fixed #23265 -- Used system-specific encoding in runserver 
Thanks SpaceFox for the report.
Backport of 055d95fce066 from master.
 2014-08-14 12:11:42 +02:00
Tim Graham
e4b2bea743 [1.6.x] Fixed #19107 -- Restored bug fix for sending unicode email with Python 2.6.5 and below. 2014-07-30 09:29:08 -04:00
Shai Berger
838b7f8220 [1.6.x] Fixed #20292: Pass datetime objects (not formatted dates) as params to Oracle 
This seems worthwhile in its own right, but also works around an Oracle
bug (in versions 10 -- 11.1) where the use of Unicode would reset the
date/time formats, causing ORA-01843 errors.

Thanks Trac users CarstenF for the report, jtiai for the initial patch,
and everyone who contributed to the discussion on the ticket.

Backport of 6983201 from master.
 2014-07-29 07:00:26 -04:00
Aymeric Augustin
83098dccdf [1.6.x] Fixed #23089 -- Fixed transaction handling in two management commands. 
Previously, when createcachetable and flush operated on non-default
databases, they weren't atomic.

Also avoided transactional DDL and transactional truncates on databases
that don't support them (refs #22308).

Backport of 753a22a635, 0757e0f30d, and 6877a9d415 from master
 2014-07-24 19:27:15 -04:00
Iain Dawson
205090bc71 [1.6.x] Replaced instances of 'his/her' with 'their'. 
Backport of 8fbf13a6c8 from master
 2014-07-21 19:55:28 +00:00
Gavin Wahl
227a0f27a6 [1.6.x] Fixed #22998 -- Updated the fast_delete logic for GFKs 
Backport of 6e2b82fdf6 from master
 2014-07-16 12:53:48 +03:00
Tim Graham
685582940b [1.6.x] Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet. 
Thanks sebastien at clarisys.fr for the report and gautier
for the patch.

Backport of 5e2c4a4bd1 from master
 2014-07-14 12:39:19 -03:00
Daniel Hahler
b6bfdacdae [1.6.x] Fixed various minor doc typos / references. 
Backport of 67f9f385aa from master
 2014-07-05 20:27:03 -04:00
Claude Paroz
90b4d20566 [1.6.x] Fixed a French translation in contrib.auth 
Refs #22929.
 2014-06-30 20:09:57 +02:00
Duncan Parkes
20a1c07ea1 [1.6.x] Improved documentation for QueryDict. 
Backport of 7f4e2ef1e9 from master
 2014-06-24 21:42:36 -04:00
Vlastimil Zíma
ef3ae3d1c9 [1.6.x] Fixed #22514 -- Prevented indexes on virtual fields [postgres]. 
Backport of 78c32f1caa from master
 2014-06-20 19:01:49 -04:00
Egor Semiguzov
734e9ad232 [1.6.x] Removed erroneous trailing comma in OLMapWidget.js. 
Backport of c5226eb72a from master
 2014-06-03 07:44:45 -04:00
Claude Paroz
3a736c1836 [1.6.x] Made an aggregate test pass with spatialite backend 
backends.tests.SqliteAggregationTests was failing with spatialite.

Backport of 550b6195ed from master
 2014-05-31 22:08:38 -04:00
Alasdair Nicol
c9a4c1d80b [1.6.X] Added missing commas to list of strings 2014-05-28 09:15:56 +01:00
Erik Romijn
50a289d05f [1.6.x] Fixed #22579 -- Corrected validation for email to reject trailing slash 
Backport of 424fe76349a2e34eafef13c2450a7a1f4d3115a6 from master.
 2014-05-16 15:40:52 +02:00
mbacho
4b49cbfae4 [1.6.x] Fixed typo in multipartparser.py 
Backport of 8a9d54aa69 from master
 2014-05-16 05:35:43 -04:00
Jacob Kaplan-Moss
9dc7f69a4b Updated version numbers post-release. 2014-05-14 18:42:26 +02:00
Jacob Kaplan-Moss
b5bacdea00 Updated version numbers for release. 2014-05-14 18:37:33 +02:00
Erik Romijn
6011075245 [1.6.x] Added additional checks in is_safe_url to account for flexible parsing. 
This is a security fix. Disclosure following shortly.
 2014-05-14 10:15:06 +02:00
Aymeric Augustin
1abcf3a808 [1.6.x] Dropped fix_IE_for_vary/attach. 
This is a security fix. Disclosure following shortly.
 2014-05-14 10:15:06 +02:00
Aymeric Augustin
b6d3212190 [1.6.x] Fixed #22508 -- Avoided overwriting select_related. 
Previously, known related objects overwrote related objects loaded
though select_related. This could cancel the effect of select_related
when it was used over more than one level.

Thanks boxm for the bug report and timo for bisecting the regression.

Conflicts:
	tests/select_related_regress/tests.py

Backport of f574220f from master
 2014-05-10 17:05:09 +02:00
Anssi Kääriäinen
0e37049636 [1.6.x] Fixed #22429 -- Incorrect SQL when using ~Q and F 
Backpatch of 5e1f4656b98816c96a1cc051224c1b699db480e0 from master.

Conflicts:
	django/db/models/sql/query.py
	tests/queries/models.py
	tests/queries/tests.py
 2014-05-05 13:27:54 +03:00
Claude Paroz
034866204b [1.6.x] Fixed #22565 -- Prevented pgettext_lazy crash with bytestring input 
Thanks ygbo for the report.
Backport of 142c27218 from master.
 2014-05-02 19:38:46 +02:00
Claude Paroz
120a981207 [1.6.x] Fixed #22551 -- Made oracle backend method Python 3 compatible 
Thanks fatal10110 at gmail.com for the report. The fix is 1.6-only
because that code has been refactored in 1.7 (6983201cfb).
 2014-05-01 18:15:00 +02:00
Tim Graham
6265885c1e [1.6.x] Post release version bump. 2014-04-28 18:59:49 -04:00
James Bennett
4a6b911fcf [1.6.x] Bump version for 1.6.4 bugfix release. 2014-04-28 15:39:08 -05:00
Tim Graham
d16948bd19 [1.6.x] Fixed #22515 -- Fixed the object_id of the LogEntry that's created after a user password change in the admin. 
Thanks ross at servercode.co.uk for the report.

Backport of 9e7f86b890 from master
 2014-04-25 08:36:28 -04:00
Tim Graham
274bedb928 Removed bad import in last commit. 2014-04-23 09:14:52 -04:00
Tim Graham
6915220ff9 [1.6.x] Fixed #22486 -- Restored the ability to reverse views created using functools.partial. 
Regression in 8b93b31487d6d3b0fcbbd0498991ea0db9088054.

Thanks rcoup for the report.

Backport of 3c06b2f2a3 from master
 2014-04-23 08:56:13 -04:00
Tim Graham
a937687633 [1.6.x] Post release version bump. 2014-04-22 11:49:21 -04:00
Florian Apolloner
6ec346ba7b [1.6.x] Fixed #22426 -- Added support old-style d.c.messages format. 
Forward ported code from 1.5 that adds backwards compatibility with legacy message length.
See commit 9e7183073f64e541587e8dcfd8bb3ddeb47f8162 for details.

Thanks to Ofir Ovadia for the initial patch.

Backport of f286721f7fdc2202f77a5f4d650d9d0779b86811 from master
 2014-04-22 10:48:11 +02:00
James Bennett
3f1abbfc40 [1.6.x] Update for 1.6.3 security release. 2014-04-21 18:10:57 -05:00
Erik Romijn
5f0829a27e [1.6.x] Fixed queries that may return unexpected results on MySQL due to typecasting. 
This is a security fix. Disclosure will follow shortly.

Backport of 75c0d4ea3ae48970f788c482ee0bd6b29a7f1307 from master
 2014-04-21 18:30:27 -04:00
Aymeric Augustin
d63e20942f [1.6.x] Prevented leaking the CSRF token through caching. 
This is a security fix. Disclosure will follow shortly.

Backport of c083e3815aec23b99833da710eea574e6f2e8566 from master
 2014-04-21 18:30:27 -04:00
Tim Graham
4352a50871 [1.6.x] Fixed a remote code execution vulnerabilty in URL reversing. 
Thanks Benjamin Bach for the report and initial patch.

This is a security fix; disclosure to follow shortly.

Backport of 8b93b31487d6d3b0fcbbd0498991ea0db9088054 from master
 2014-04-21 18:30:27 -04:00
Tim Graham
fa60ac76c0 [1.6.x] Fixed #22454 - Changed compatibility warning hint for test runner. 
Backport of 214d1e1b0f from master
 2014-04-17 20:47:54 -04:00
valtron
1252b77824 [1.6.x] Fixed #21760 -- prefetch_related used an inefficient query for reverse FK. 
Regression introduced by commit 9777442. Refs #21410.

Conflicts:
	tests/prefetch_related/tests.py

Backport of d3b71b976d from master
 2014-04-13 01:06:03 +07:00
Aymeric Augustin
a357079892 Improved a comment. Thanks intgr for the report. 2014-04-11 23:03:54 +02:00
Aymeric Augustin
80f6cbbadb [1.6.x] Increased robustness of 58161e4e. Refs #22291. 
Backport of ee837b9a from master
 2014-04-10 23:22:13 +02:00
Aymeric Augustin
1d3d2b9a24 [1.6.x] Fixed #21202 -- Maintained atomicity when the server disconnects. 
Thanks intgr for the report.

This commit doesn't include a test because I don't know how to emulate a
database disconnection in a cross-database compatible way.

Also simplified a 'backends' test that was constrained by this problem.

Backport of 81761508 from master
 2014-04-10 23:22:13 +02:00
Aymeric Augustin
4ea02bdb0d [1.6.x] Fixed #21239 -- Maintained atomicity when closing the connection. 
Refs #15802 -- Reverted #7c657b24 as BaseDatabaseWrapper.close() now
has a proper "finally" clause that may need to preserve self.connection.

Backport of 25860096 from master.
 2014-04-10 23:22:13 +02:00
Aymeric Augustin
746cded010 [1.6.x] Fixed #22321 -- Wrapped exceptions in _set_autocommit. 
Refs #21202.

Backport of 3becac84 from master
 2014-04-10 23:21:55 +02:00