mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-20 09:39:13 +00:00
Code Issues 32 Releases Wiki Activity
20,727 Commits 29 Branches 451 Tags
Commit Graph

1747 Commits

Author SHA1 Message Date
Claude Paroz
beb392b85e [1.8.x] Added safety to URL decoding in is_safe_url() on Python 2 
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
Backport of 552f03869e from master.
 2016-03-04 23:39:46 +01:00
Claude Paroz
28bed24f55 [1.8.x] Fixed #26308 -- Prevented crash with binary URLs in is_safe_url() 
This fixes a regression introduced by c5544d28923.
Thanks John Eskew for the reporti and Tim Graham for the review.
Backport of ada7a4aef from master.
 2016-03-04 21:16:51 +01:00
Tim Graham
f294b3833b [1.8.x] Added stub release notes for 1.8.11. 
Backport of 2f0c785a4c2353a3035ba6022cec5e25fb9d569b from master
 2016-03-04 09:48:11 -05:00
Alasdair Nicol
e4be3c80a1 [1.8.x] Fixed #26309 -- Documented that login URL settings no longer support dotted paths. 
Backport of 2404d209a5e8c4573927e14587735562b79e13ed from master
 2016-03-03 07:49:06 -05:00
Dmitry Dygalo
6a9bb1447c [1.8.x] Fixed typo in 1.8.10 release date. 
Backport of 5155c2b4587629c4bc77a11846e5b9d3ba5a43ef from master
 2016-03-02 07:10:21 -05:00
Tim Graham
640c99e8b3 [1.8.x] Added CVE-2016-2512/2513 to security release archive. 
Backport of 24fc9352183c449a8b11d1c7b442e70aa61a8800 from master
 2016-03-01 12:36:20 -05:00
Florian Apolloner
f4e6e02f77 [1.8.x] Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login. 
This is a security fix.
 2016-02-29 08:07:17 -05:00
Mark Striemer
382ab13731 [1.8.x] Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth. 
This is a security fix.
 2016-02-29 08:07:17 -05:00
Tim Graham
922f228695 [1.8.x] Added stub release notes for security issues. 2016-02-29 08:07:17 -05:00
Simon Charette
4701c81df3 [1.8.x] Fixed #26286 -- Prevented content type managers from sharing their cache. 
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.

Thanks Tim for the review.

Refs #23822.

Backport of 3938b3ccaa85f1c366909a4839696007726a09da from master
 2016-02-26 16:24:28 -05:00
Jon Dufresne
6c48edae76 [1.8.x] Fixed #26267 -- Fixed BoundField to reallow slices of subwidgets. 
Backport of b41268135995cef46d40e550f9301fab20cf330d from master
 2016-02-24 07:09:08 -05:00
Tim Graham
0f667a580a [1.8.x] Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator. 
Thanks Shai Berger for the review.

Backport of b1afebf882db5296cd9dcea26ee66d5250922e53 from master
 2016-02-18 19:56:36 -05:00
Claude Paroz
5bce665974 [1.8.x] Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values 
Also added tests for HStoreField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
Backport of 928c12eb1 from master.
 2016-02-16 21:14:24 +01:00
Tim Graham
180d4cbfe6 [1.8.x] Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable. 
Backport of b59f963ad2a49322725b20fac71661bd49643443 from master
 2016-02-15 11:52:14 -05:00
Simon Charette
edff550392 [1.8.x] Fixed #26162 -- Checked query name clashes of hidden relationships. 
Although reverse accessor clashes should be skipped query name can't be hidden.

Thanks to Ian Foote and Tim Graham for the review.

Backport of a325fb1f9b14b46288d0e1342407be4a6db2bdb1 from master
 2016-02-08 10:42:31 -05:00
Tim Graham
2f0de9b0a1 [1.8.x] Fixed #26177 -- Fixed a PostgreSQL crash with TIME_ZONE=None and USE_TZ=False. 
Backport of 97eb3356b2a7488c8d0ca0e47ef3e538852d44a2 from master
 2016-02-08 07:45:10 -05:00
Tim Graham
b650623882 [1.8.x] Added stub release notes for 1.8.10. 
Backport of d6337e65ed86ac0d2e55ebcbc710c42f87e0a3b6 from master
 2016-02-06 09:25:02 -05:00
Carl Meyer
c247753083 [1.8.x] Fix typos in 1.8 release notes. 
Backport of a0ce4c09ff516af52718885120c2231404515428 from master
 2016-02-03 15:27:40 -05:00
Tim Graham
ea2d9f0d4a [1.8.x] Refs #26089 -- Removed obsolete docs about custom user model testing. 
Backport of 1e9150443e5696d764ed81c97b53ef0365a5d854 from master
 2016-02-02 08:55:37 -05:00
Tim Graham
97f0e0ac24 [1.8.x] Added CVE-2016-2048 to the security archive. 
Backport of ecd502cfdb57706dd0e84d9928934bcae6b1ef25 from master
 2016-02-01 12:43:21 -05:00
Tim Graham
3a7c5f59ab [1.8.x] Added release date for 1.8.9. 2016-02-01 12:13:54 -05:00
Tim Graham
229666289d [1.8.x] Fixed #20415 -- Ensured srid isn't localized in OpenLayers JavaScript. 
Backport of 19d1cb14519186902d7e27813bf2643fe3f7cfa3 from master
 2016-01-28 18:02:36 -05:00
Ben Kraft
79c3950562 [1.8.x] Fixed #26122 -- Fixed copying a LazyObject 
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4.
 2016-01-26 06:57:47 -05:00
Tim Graham
7b6ab2885e [1.8.x] Refs #26034 -- Added another case fixed by this ticket to release notes. 
Thanks Shai Berger for the report.

Backport of 497b5d6feee5b7947231bd0ae6edf833773b6cce from master
 2016-01-25 08:37:36 -05:00
Alexander Gaevsky
8502e9f049 [1.8.x] Fixed #26060 -- Fixed crash with reverse OneToOneField in ModelAdmin.readonly_fields. 
Backport of 9a33d3d76497d9e198de942ee1236c452231262f from master
 2016-01-21 13:55:14 -05:00
Alberto Avila
5b3c66d8b6 [1.8.x] Fixed #26071 -- Fixed crash with __in lookup in a Case expression. 
Partial backport of afe0bb7b13bb8dc4370f32225238012c873b0ee3 from master.
 2016-01-13 08:38:07 -05:00
Tim Graham
f8c3d38c2d [1.8.x] Fixed #26034 -- Fixed incorrect index handling on PostgreSQL on Char/TextField with unique=True and db_index=True. 
Thanks Simon Charette for review.

Backport of 56aaae58a746eb39d5e92ba60f59f4c750a8e1a8 from master
 2016-01-08 14:47:05 -05:00
Alexander Gaevsky
40601e5797 [1.8.x] Fixed #24980 -- Fixed day determination in admin calendar widget. 
Backport of 44930cc4667268c20493d7e97387db2a97d61a26 from master
 2016-01-07 19:15:57 +03:00
Claude Paroz
61437dd0a0 [1.8.x] Fixed #26046 -- Fixed a crash with translations and Django-unknown language code 
Thanks Jens Lundstrom for the report and Tim Graham for the review.
Backport of 632a9f21bc from master.
 2016-01-06 20:34:45 +01:00
Scott Pashley
7688089e0f [1.8.x] Fixed #26035 -- Prevented user-tools from appearing on admin logout page. 
Backport of 7cc2efc2d6916c05a0a5cb0c0e67f5405d8f6a03 from master
 2016-01-06 14:00:52 -05:00
Tim Graham
5c1de942ac [1.8.x] Added stub release notes for 1.8.9. 
Backport of 1e57dccb31b1302c7292dfa7eac8d8aeeb76a7d0 from master
 2016-01-05 13:19:50 -05:00
Tim Graham
4fd5f06d1e [1.8.x] Added release date for 1.8.8 release. 
Backport of 24c1713e2ec29214838be61cc6bf13b6bf380f4f from master
 2016-01-02 08:37:08 -05:00
varunnaganathan
f6b4893a9f [1.8.x] Fixed #25316 -- Fixed a crash with order_by() and values() after annotate(). 
Backport of 3eba9638ee69138c73efb1d1c1d1b806ddafc6cf from master
 2016-01-02 08:20:07 -05:00
Anssi Kääriäinen
1261c49690 [1.8.x] Fixed #23372 -- Made loaddata faster if it doesn't find any fixtures. 
Django's test suite often tries to load fixture files from apps that have
no fixtures at all. This creates a lot of unnecessary disabling and
enabling of constraints which can be expensive on some database.

To speed this up, loaddata now first checks if any fixture file matches.
If no fixture file is matched, then the command exits before disabling
and enabling of constraints is done.

The main benefit of this change is seen on MSSQL, where tests on
Django 1.8 run hours faster.

Backport of ee9f4686b19e2b4a68f5cb4f9d61dc045c1d4c63 from master
 2015-12-31 09:20:00 -05:00
Alexander Gaevsky
83174866ac [1.8.x] Fixed #25465 -- Restored line breaks conversion in admin readonly fields. 
Backport of 69208a5a1c55d42ca0eaffa900be643d9f801089 from master
 2015-12-29 19:56:23 -05:00
Markus Bertheau
b51086d573 [1.8.x] Fixed #13008 -- Added more Cache-Control headers to never_cache() decorator. 
Backport of 4a438e400b7ce0ab9d0b6876196cbe8d620a4171 from master
 2015-12-24 11:25:50 -05:00
Tim Graham
d156ae0612 [1.8.x] Fixed #25963 -- Clarified render_to_response() context_instance deprecation. 
Backport of 36d0aa43036090685cebe6c9f757631cdadb1400 from stable/1.9.x
 2015-12-22 13:11:43 -05:00
Claude Paroz
67a62703cc [1.8.x] Fixed #25915 -- Allowed language not in Django's default LANGUAGES 
This fixes a regression introduced by a5f6cbce07.
Thanks Gavin Wahl for the report and Tim Graham for the review.
Backport of cd3c042b0 from master.
 2015-12-18 17:53:16 +01:00
Simon Charette
4b02b433b7 [1.8.x] Fixed #25852 -- Made sure AlterModelManager forces a reload of its model state. 
Thanks to Geoffrey Sechter and the Django NYC group for the report and Markus
for the review.

Backport of c4e372aaf467ae41315cfe56a718a80469fc5318 from master
 2015-12-15 14:55:05 -05:00
Federico Frenguelli
905e94a07e [1.8.x] Fixed #25412 -- Fixed missing PostgreSQL index on Char/TextField when using AlterField. 
Thanks to Emanuele Palazzetti for the help.

Backport of 3a36c8079544c83dcdea4e52181efcd2d1e86b9c from master
 2015-12-10 16:29:00 -05:00
Amos Onn
0772bffd4a [1.8.x] Fixed #25896 -- Fixed state bug in SeparateDatabaseAndState.database_backwards(). 
Backport of 542b7f6c50df18f2aa201cf1de81577c1bee643c from master
 2015-12-09 11:08:17 -05:00
Tim Graham
975a451153 [1.8.x] Refs #25886 -- Improved language in Python compatibility section of the release notes. 
Backport of 26c26e83081d68035d6411b1acc17ba033e1876d from master
 2015-12-08 13:05:51 -05:00
Tim Graham
14e1e53a90 [1.8.x] Fixed #25881 -- Marked Python 3.2 in Django 1.8 as unsupported at the end of 2016. 
Backport of e6bd688ef3b58ee522794dce77f64a81b53b3b9e from master
 2015-12-08 12:48:07 -05:00
Gagaro
9582ba51bd [1.8.x] Fixed #25812 -- Restored the ability to use custom formats with the date template filter. 
Backport of 34d88944f46d3e2734488fd0ca3c2c24c15a0264 from master
 2015-11-28 08:44:51 -05:00
Attila Tovt
3ec4e739dd [1.8.x] Fixed #25772 -- Corrected __len lookup on ArrayField for empty arrays. 
Backport of 88fc9e2826044110b7b22577a227f122fe9c1fb5 from master
 2015-11-25 16:53:27 -05:00
Jacek Bzdak
834ad41472 [1.8.x] Fixed #25274 --- Made inspectdb handle renamed fields in unique_together. 
Backport of 2cb50f935aa70e91dd6c2f253becd636a2eb6fb7 from master
 2015-11-25 13:17:24 -05:00
Tim Graham
108038f2b4 [1.8.x] Added stub release notes for 1.8.8. 
Backport of ec202eff84dc56b408f43187e357077521641362 from master
 2015-11-25 10:20:13 -05:00
Tim Graham
2be1bdcfd0 [1.8.x] Backported the latest version of the security issue archive. 2015-11-24 14:05:09 -05:00
Tim Graham
33de26c6ed [1.8.x] Added release dates for 1.8.7/1.7.11 releases. 2015-11-24 11:31:10 -05:00
Florian Apolloner
9f83fc2f66 [1.8.x] Fixed a settings leak possibility in the date template filter. 
This is a security fix.
 2015-11-24 11:31:10 -05:00