mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-10 12:49:13 +00:00
Code Issues 32 Releases Wiki Activity
9,434 Commits 29 Branches 451 Tags
Commit Graph

2235 Commits

Author SHA1 Message Date
Russell Keith-Magee
7268f8af86 [1.2.X] Altered the behavior of URLField to avoid a potential DOS vector, and to avoid potential leakage of local filesystem data. A security announcement will be made shortly. 
Backport of r16760 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@16766 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-09-10 01:28:50 +00:00
Russell Keith-Magee
c613af4d64 [1.2.X] Added protection against spoofing of X_FORWARDED_HOST headers. A security announcement will be made shortly. 
Backport of r16758 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@16764 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-09-10 01:28:31 +00:00
Russell Keith-Magee
52e81079be [1.2.X] Fixed #13686 -- Ensure that memcache handling of unicode values in add() and set_many() is consistent with the handling provided by get() and set(). Thanks to nedbatchelder for the report, and to jbalogh, accuser and Jacob Burch for their work ont the patch. 
Backport of r15880 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15881 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-19 02:45:51 +00:00
Luke Plant
1d628d7ecf [1.2.X] Fixed #15617 - CSRF referer checking too strict 
Thanks to adam for the report.

Backport of [15840] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15844 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-15 22:24:26 +00:00
Luke Plant
2bb360c91c [1.2.X] Fixed #15559 - distinct queries introduced by [15607] cause errors with some custom model fields 
This patch just reverts [15607] until a more satisfying solution can be
found.

Refs #11707

Backport of [15791] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15792 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-10 01:21:59 +00:00
Ian Kelly
ec7dd583f2 [1.2.X] Fixed a bunch more tests that were failing in Oracle due to false assumptions about the primary keys of objects. 
Backport of r15789 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15790 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-10 00:04:43 +00:00
Ian Kelly
4c152afbb6 [1.2.X] Fixed a test that was failing in Oracle due to default ordering assumptions. 
Backport of r15783 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15784 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-09 19:22:27 +00:00
Ian Kelly
1c08ca568f [1.2.X] Fixed a number of tests that were failing in Oracle due to false assumptions about the primary keys of objects. 
Backport of r15779 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15780 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-09 00:43:36 +00:00
Ian Kelly
05b197dbb1 [1.2.X] Added a skip for a test that fails in Oracle. Unlike other backends, Oracle does not allow duplicate rows where there is a unique_together constraint for which some but not all of the columns are NULL. 
Backport of r15777 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15778 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-08 22:50:56 +00:00
Ian Kelly
e81e64cd63 [1.2.X] Fixed field names that were preventing the tests from running in Oracle. Backport of r15774 from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15775 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-08 19:38:54 +00:00
Russell Keith-Magee
64cf5d33ac [1.2.X] Refs #15550 -- Corrected another primary-key ordering problem in the modelforms tests. Thanks to bberes for the report. 
Backport of r15753 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15754 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-04 01:28:22 +00:00
Russell Keith-Magee
138c4aaa77 [1.2.X] Fixed #15550 -- Corrected an ordering dependency in the model_forms doctests. Thanks to bberes for the report. 
Backport of r15745 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15748 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-04 00:42:37 +00:00
Russell Keith-Magee
d9b9684eff [1.2.X] Fixed #15549 -- Removed dependency on specific primary keys. Thanks to bberes for the report. 
Backport of r15744 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15747 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-04 00:42:21 +00:00
Russell Keith-Magee
a1697e883a [1.2.X] Fixed #15548 -- Added an ordering clause to prevent test failures under Postgres. Thanks to bberes for the report. 
Backport of r15743 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15746 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-04 00:41:54 +00:00
Ramiro Morales
f88b9eee53 [1.2.X] Fixed #11206 -- Ensure that the floatformat template filter doesn't switch to scientific notation when asked to format a zero value with more than six decimal places. Thanks Tai Lee for the report and fix and Facundo Batista for his help when Decimal module expertise was needed. 
Backport of [15736] from trunk

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15738 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-03 21:17:48 +00:00
Russell Keith-Magee
113a8c1f1c [1.2.X] Fixed #12252 -- Ensure that queryset unions are commutative. Thanks to benreynwar for the report, and draft patch, and to Karen and Ramiro for the review eyeballs and patch updates. 
Backport of r15726 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15727 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-03 13:53:12 +00:00
Jannis Leidel
a97396948b [1.2.X] Fixed wrong import introduced in r15697. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15725 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-03 13:47:46 +00:00
Jannis Leidel
0516b99875 [1.2.X] Fixed #12475 -- Fixed an edge case with hidden fields in ModelAdmin changelists when used in conjunction with list_display_links or list_editable. Thanks, Simon Meers, Julien Phalip, Karen and master. 
Backport from trunk (r15722).

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15724 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-03 13:47:39 +00:00
Jannis Leidel
1985ca77ea [1.2.X] Fixed #13411 -- Made sure URL fragments are correctly handled by the next_redirect utility of the comments apps. Thanks, timesong, dpn and Julien Phalip. 
Backport from trunk (r15720).

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15721 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-03 13:04:51 +00:00
Russell Keith-Magee
ac87e4f8fa [1.2.X] Fixed #15502 -- Ensure that nested TemplateDoesNotExist errors are propegated with a meaningful error message when loaded using select_template. Thanks to jaylett for the report, and GDorn for the patch. 
Backport of r15717 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15718 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-03 00:42:56 +00:00
Jannis Leidel
84f398e77c Fixed typo in r15710. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15711 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-02 21:47:55 +00:00
Jannis Leidel
b34a08e070 [1.2.X] Fixed #15535 -- Stopped the blocktrans template tag from raising a KeyError if an included variable can't be found in the context. Thanks, melinath. 
Backport from trunk (r15709).

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15710 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-02 21:37:29 +00:00
Luke Plant
29fccc353c [1.2.X] Added file missing from [15696], sorry for breakage. 
Thanks to Ramiro for letting me know. Refs #717.

Backport of [15699] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15700 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-01 18:55:39 +00:00
Luke Plant
58bd249283 [1.2.X] Fixed #717 - If-Modified-Since handling should compare dates according to RFC 2616 
Thanks to Maniac for the report, julienb for the initial patch, and
especially to aaugustin for the final patch and tests.

Backport of [15696] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15697 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-03-01 14:34:03 +00:00
Ramiro Morales
f5c0328fd3 [1.2.X] Fixed #13433 -- Changed default behavior of Django email message wrappers to not mangle lines starting with 'From '. Thanks Leo for the report and patch. 
Backport of [15669] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15670 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-28 02:56:02 +00:00
Luke Plant
e233917832 [1.2.X] Fixed #15368 - test failures due to regression with RequestContext 
Thanks to cyberdelia for the reports on this.

Backport of [15660] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-27 00:28:53 +00:00
Russell Keith-Magee
120d01c20b [1.2.X] Fixed #10918 -- Ensure that the search widget on a raw_id_admin uses the right field name when the ForeignKey has a to_field definition. Thanks to David Cramer for the report, Collin Anderson for the fix, and Julien Phalip for the test. 
Backport of r15657 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15659 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-26 12:49:15 +00:00
Russell Keith-Magee
3a31023783 [1.2.X] Fixed #11447 -- Ensured that ForeignKey widgets in a list-editable admin changelist won't wrap split the widget. Thanks to patrick@vonautomatisch.at for the report, and Julien Phalip for the patch. 
Backport of r15656 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15658 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-26 12:49:00 +00:00
Ramiro Morales
049b3ff8a2 [1.2.X] Fixed #15424 -- Corrected lookup of callables listed in admin inlines' readonly_fields by passing the right ModelAdmin (sub)class instance when instantiating inline forms admin wrappers. Also, added early validation of its elements. Thanks kmike for the report and Karen for the patch fixing the issue. 
Backport of [15650] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15651 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-26 02:00:18 +00:00
Jacob Kaplan-Moss
062cbfb1ec [1.2.X] Prevented non-admin users from accessing the admin redirect shortcut. 
If the admin shortcut view (e.g. /admin/r/<content-type>/<pk>/) is
publically-accessible, and if a public users can guess a content-type ID
(which isn't hard given that they're sequential), then the redirect view could
possibly leak data by redirecting to pages a user shouldn't "know about." So
the redirect view needs the same protection as the rest of the admin site.

Thanks to Jason Royes for pointing this out.

Backport of [15639] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15640 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-24 13:38:32 +00:00
Ramiro Morales
fa1a74ff3c [1.2.X] Fixed #14012 (again) -- Admin app: Don't show the full user edition view after adding a user in a FK popup. Thanks dburke for reporting this regression introduced in r14628. 
Backport of [15637] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15638 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-24 01:09:23 +00:00
Ramiro Morales
dc9d639c0a [1.2.X] Fixed #13510 -- Corrected colspan of non-field-specific error messages in admin app tabular inlines so it isn't greater than the actual number of field cells. Thanks KyleMac for the report and Julien Phalip for the patch fixing the issue. 
Backport of [15626] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15627 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-22 03:25:55 +00:00
Luke Plant
31d0f2fa29 [1.2.X] Fixed #11058 - list_display_links doesn't allow callables not defined in the model 
Thanks to dvine for the report and julien for the patch.

Backport of [15619] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15621 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-21 21:20:41 +00:00
Luke Plant
e63db6597c [1.2.X] Fixed #15349 - Bound FormSet produces bound empty_form 
Thanks to hidde-jan for the report and patch.

Backport of [15614] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15615 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-21 16:14:04 +00:00
Luke Plant
c326ec48d8 [1.2.X] Fixed #14099 - BaseModelFormSet should use _should_delete_form 
Thanks to kenth for the report and patch.

Backport of [15612] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15613 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-21 14:32:12 +00:00
Luke Plant
4df0e5ff84 [1.2.X] Fixed #11707 - limit_choices_to on a ForeignKey can render duplicate options in formfield 
Thanks to Chris Wesseling for the report and patch.

Backport of [15607] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15610 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-21 14:08:06 +00:00
Russell Keith-Magee
fee8a49866 [1.2.X] Fixed #15359 -- Ensure that the -h option is always honored by django-admin.py. Thanks to teubank for the report. 
Backport of r15605 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-21 14:06:28 +00:00
Russell Keith-Magee
bf4507f255 [1.2.X] Fixed #15364 -- Ensure files are closed correctly during file tests. Thanks to Mila for the report and patch. 
Backport of r15604 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15608 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-21 14:06:12 +00:00
Karen Tracey
e636db1066 [1.2.X] Fixed #15362: Added explicit deletion of file to test, needed now since files are no longer auto-deleted when a referencing object is deleted. Thanks mila. 
r15602 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15603 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-21 12:40:55 +00:00
Ramiro Morales
1d1f3632c6 [1.2.X] Fixed #14529 -- Fixed representation of model names in admin messages after model object changes when the ModelAdmin queryset() uses defer() or only(). Thanks rlaager for report and initial patch, to rasca an julien for help in tracking the problem. 
Backport of [15596] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15597 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-20 23:19:21 +00:00
Chris Beaven
2377f109bc [1.2.X] Ensure render_to_string leaves the context instance stack in the state it was originally passed in. 
Backport of r15591 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15592 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-20 05:56:45 +00:00
Russell Keith-Magee
69a3bb5d47 [1.2.X] Fixed #9161 -- Ensure that ModelMultipleChoiceField respects to_field_name in validation. Thanks to Honza for the report, and Gregor Müllegger for the patch. 
Backport of r15587 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15588 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-19 14:47:33 +00:00
Russell Keith-Magee
626ad2c9ab [1.2.X] Fixed #11513 -- Ensure that the redirect at the end of an object change won't redirect to a page for which the user doesn't have permission. Thanks to rlaager for the report and draft patch, and to Julien Phalip for the final patch. 
Backport of r15584 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15586 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-19 14:30:23 +00:00
Russell Keith-Magee
909ee62563 [1.2.X] Fixed #14355 -- Ensure that help_text is displayed for readonly fields in the admin. Thanks to jester for the report, and to alexbmeng, subsume, wamberg and Julien Phalip for ther work on the patch. 
Backport of r15582 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15583 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-19 12:56:25 +00:00
Russell Keith-Magee
da4dea5834 [1.2.X] Fixed #13126 -- Ensured that individual form errors are displayed when errors occur on a list-editable changelist. Thanks to slafs for the report, and to Julien Phalip for the patch. 
Backport of r15580 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15581 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-19 11:52:33 +00:00
Russell Keith-Magee
c9949103df [1.2.X] Fixed #12893 -- Added tests to validate that the right queryset is always used in model admins. Thanks to mk and Julien Phalip for their work on the patch. 
Backport of r15578 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15579 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-19 08:38:53 +00:00
Russell Keith-Magee
efc4c62691 [1.2.X] Fixed #15291 -- Corrected alignment issue when actions are disabled in a ModelAdmin. Thanks to Julien Phalip for the report and patch. 
Backport of r15573 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15577 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-19 08:15:20 +00:00
Carl Meyer
aae16079ef [1.2.X] Fixed #15260 -- Ensured that CACHE_MIDDLEWARE_ANONYMOUS_ONLY is effective with the cache_page decorator, not only the middleware. Thanks to brodie for report and draft patch. 
Backport of r15559 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15560 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-17 05:01:42 +00:00
Carl Meyer
9ec9d2efd1 [1.2.X] Improved CACHE_MIDDLEWARE_ANONYMOUS_ONLY test. 
Backport of r15557 from trunk. (Backported in order to simplify backport of upcoming test addition).

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15558 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-17 04:15:14 +00:00
Jannis Leidel
551da285db [1.2.X] Moved the test added in r15511 to a different test where it doesn't actually verify the existence of the URL by calling urlopen but only validates it. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15542 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-02-15 20:42:57 +00:00