mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-20 09:39:13 +00:00
Code Issues 32 Releases Wiki Activity
20,791 Commits 29 Branches 451 Tags
Commit Graph

6721 Commits

Author SHA1 Message Date
Collin Anderson
6118ab7d06 [1.8.x] Fixed CVE-2016-7401 -- Fixed CSRF protection bypass on a site with Google Analytics. 
This is a security fix.

Backport of "refs #26158 -- rewrote http.parse_cookie() to better match
browsers." 93a135d111c2569d88d65a3f4ad9e6d9ad291452 from master
 2016-09-14 13:42:24 -04:00
Tim Graham
fdd1d247c4 [1.8.x] Fixed a GeoIP test failure with the latest data. 
Backport of 4a696bbe13383b14b2762cc5accd45849e9dcfba from master
 2016-08-03 11:19:21 -04:00
Tim Graham
33939f0183 [1.8.x] Fixed a typo in tests/middleware/test_security.py 
Backport of 0850236a8c3647bc3c239bd34afae0488abe5c60 from master
 2016-07-28 22:01:22 -04:00
Raphaël Hertzog
6cf35c666c [1.8.x] Fixed #26923 -- Fixed template_tests with numpy < 1.9.0. 
Backport of 8e5cbc884f77c85b0edbc6206810643abaf589c9 from master
 2016-07-21 13:01:50 -04:00
Tim Graham
9f8ef7724d [1.8.x] Fixed a GeoIP test failure with the latest data. 
Backport of 081fdaf110386db940d834ba51d93e23aa293fcd from master
 2016-07-19 09:28:53 -04:00
Tim Graham
f68e5a9916 [1.8.x] Fixed XSS in admin's add/change related popup. 
This is a security fix.
 2016-07-18 13:45:11 -04:00
Jon Dufresne
8edfdddbc8 [1.8.x] Fixed #26889 -- Fixed missing PostgreSQL index in SchemaEditor.add_field(). 
Backport of 2e4cfcd2b9a0984ad6c4087a5deebbf33413835c from master
 2016-07-13 22:15:43 -04:00
Baptiste Mispelon
3e562cf7a2 [1.8.x] Fixed numpy deprecation warning silencing in template_tests. 
Backport of 418658f453bed7fe7949dda26651aab370003e6a from master
 2016-07-09 10:24:35 -04:00
Tim Graham
4da3684f24 [1.8.x] Fixed flake8 2.6 warnings. 
Backport of ea34426ae789d31b036f58c8fd59ce299649e91e from master
 2016-06-16 10:37:33 -04:00
Tim Graham
c95487e23d [1.8.x] Refs #26687 -- Made an i18n test not use a hardcoded path separator. 
This reverts commit c0a1e1984e0028022c5ac0722ff4933317bcdbc2 as it doesn't
work on the stable/1.8.x branch and instead uses os.path.join() to fix the
original failure on Windows.
 2016-06-01 10:39:27 -04:00
Ramiro Morales
c0a1e1984e [1.8.x] Fixed #26687 -- Made an i18n test not use a hardcoded path separator. 
Fixed a failure on Windows.

Backport of e3877c53edb33271b0f31d20e60a924848692026 from master
 2016-05-31 12:01:05 -04:00
Tim Graham
72da26af41 [1.8.x] Updated GeoIP test for latest database. 
Backport of a0a1c4fbde4fb652b151a409db46c8ac3829ed2b from master
 2016-05-23 20:49:33 -04:00
Alasdair Nicol
0eb6617869 [1.8.x] Added tests for if tag's != operator. 
Backport of 246020efc59de1a64b52fdda6a460904151dae36 from master
 2016-04-29 12:33:32 -04:00
Joshua Phillips
052e1f17ca [1.8.x] Fixed #26557 -- Converted empty strings to None when saving GenericIPAddressField. 
Backport of 4681d65048ca2553895e10c2c492997b0a78ffba from master
 2016-04-29 10:17:00 -04:00
Lukasz Wiecek
0a411b2224 [1.8.x] Fixed #26498 -- Fixed TimeField microseconds round-tripping on MySQL and SQLite. 
Thanks adamchainz for the report and review.

Backport of d3c87a2425b30400c3e6ea76585a9a537b6d0386 from master
 2016-04-18 09:49:31 -04:00
Tim Graham
100f28ed28 [1.8.x] Sorted single letter imports per the latest version of isort. 
Backport of 1c8c0837c61a9e9eb2129df29f75be92e47e926c from master
 2016-03-28 11:59:36 -04:00
Tim Graham
0496838e61 [1.8.x] Fixed #26387 -- Restored the functionality of the admin's raw_id_fields in list_editable. 
Backport of acfaec3db5ba39de52f6e607e74343dccf72fba1 from master
 2016-03-25 14:57:12 -04:00
Adam Alton
5bd01773be [1.8.x] Removed unnecessary filter kwarg from .get() in a test. 
Backport of 38086c83aca881aa72bc2eba1e6eadaa76529ed0 from master
 2016-03-14 18:57:59 -04:00
Tim Graham
c7764ca3a0 [1.8.x] Fixed #26324 -- Fixed DurationField with fractional seconds on SQLite. 
Backport of 4f0cd0fd162122da96978b357ac9fc9534529410 from master
 2016-03-10 19:16:31 -05:00
John-Mark Bell
a5e9ae9ad5 [1.8.x] Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an empty string. 
Backport of 4b129ac81f4fa38004950d0b307f81d1e9b44af8 from master
 2016-03-07 13:22:38 -05:00
George Marshall
567658f193 [1.8.x] Fixed #26331 -- Fixed test function names with typos 
Backport of 75614f6d4c1a3fe779a75eb3e787452cccd1d814 from master
 2016-03-07 06:56:52 -05:00
Claude Paroz
beb392b85e [1.8.x] Added safety to URL decoding in is_safe_url() on Python 2 
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
Backport of 552f03869e from master.
 2016-03-04 23:39:46 +01:00
Claude Paroz
28bed24f55 [1.8.x] Fixed #26308 -- Prevented crash with binary URLs in is_safe_url() 
This fixes a regression introduced by c5544d28923.
Thanks John Eskew for the reporti and Tim Graham for the review.
Backport of ada7a4aef from master.
 2016-03-04 21:16:51 +01:00
Florian Apolloner
f4e6e02f77 [1.8.x] Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login. 
This is a security fix.
 2016-02-29 08:07:17 -05:00
Mark Striemer
382ab13731 [1.8.x] Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth. 
This is a security fix.
 2016-02-29 08:07:17 -05:00
Simon Charette
4701c81df3 [1.8.x] Fixed #26286 -- Prevented content type managers from sharing their cache. 
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.

Thanks Tim for the review.

Refs #23822.

Backport of 3938b3ccaa85f1c366909a4839696007726a09da from master
 2016-02-26 16:24:28 -05:00
Jon Dufresne
6c48edae76 [1.8.x] Fixed #26267 -- Fixed BoundField to reallow slices of subwidgets. 
Backport of b41268135995cef46d40e550f9301fab20cf330d from master
 2016-02-24 07:09:08 -05:00
Josh Soref
751e5fcaf7 [1.8.x] Fixed many spelling mistakes in code, comments, and docs. 
Partial backport of 93452a70e8a62c7408eeded444f5088d4a26212d from master
 2016-02-23 10:27:15 -05:00
Tim Graham
061a7ff366 [1.8.x] Refs #26253 -- Added tests for deprecation shims in SimpleTemplateResponse. 
Backport of 3fedfc452fa94f8a6c9a64289d00202313ceb564 from stable/1.9.x
 2016-02-22 17:12:37 -05:00
Tim Graham
0f667a580a [1.8.x] Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator. 
Thanks Shai Berger for the review.

Backport of b1afebf882db5296cd9dcea26ee66d5250922e53 from master
 2016-02-18 19:56:36 -05:00
Claude Paroz
5bce665974 [1.8.x] Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values 
Also added tests for HStoreField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
Backport of 928c12eb1 from master.
 2016-02-16 21:14:24 +01:00
Tim Graham
180d4cbfe6 [1.8.x] Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable. 
Backport of b59f963ad2a49322725b20fac71661bd49643443 from master
 2016-02-15 11:52:14 -05:00
Berker Peksag
927f43ea3a [1.8.x] Fixed #26126 -- Fixed transient failure of test_max_age_expiration 
Backport of b17a9150a0c3a132e82b53755ede62a45f897875 from master
 2016-02-15 09:27:03 -05:00
Simon Charette
edff550392 [1.8.x] Fixed #26162 -- Checked query name clashes of hidden relationships. 
Although reverse accessor clashes should be skipped query name can't be hidden.

Thanks to Ian Foote and Tim Graham for the review.

Backport of a325fb1f9b14b46288d0e1342407be4a6db2bdb1 from master
 2016-02-08 10:42:31 -05:00
Tim Graham
2f0de9b0a1 [1.8.x] Fixed #26177 -- Fixed a PostgreSQL crash with TIME_ZONE=None and USE_TZ=False. 
Backport of 97eb3356b2a7488c8d0ca0e47ef3e538852d44a2 from master
 2016-02-08 07:45:10 -05:00
Tim Graham
229666289d [1.8.x] Fixed #20415 -- Ensured srid isn't localized in OpenLayers JavaScript. 
Backport of 19d1cb14519186902d7e27813bf2643fe3f7cfa3 from master
 2016-01-28 18:02:36 -05:00
Tim Graham
15a80c3dfd [1.8.x] Fixed an admin_scripts test on Ubuntu 16.04/spatialite. 2016-01-28 18:00:38 -05:00
Tim Graham
99cd139a30 [1.8.x] Fixed #26147 -- Relaxed expected values in GIS tests to account for database/library differences. 
Backport of 5aa53286758fbb1fb864a5efda38718a2ca96759 from master
 2016-01-28 17:45:34 -05:00
Yoong Kang Lim
a0e0b37dae [1.8.x] Added a missing test method in tests/migrations/test_writer.py. 
Backport of 5453aa66cfdf228f40dc1997d811ca986de405a3 from master
 2016-01-28 10:39:03 -05:00
Ben Kraft
79c3950562 [1.8.x] Fixed #26122 -- Fixed copying a LazyObject 
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4.
 2016-01-26 06:57:47 -05:00
Tim Graham
6919586bcd [1.8.x] Fixed #26116 -- Corrected schema's test_alter_implicit_id_to_explicit. 
AUTOINCREMENT is dropped converting an AutoField to IntegerField
which isn't the point of this test. MySQL would warn or error about
this.

Backport of b49cc8664306f8b44e9e12ebb9e43791d508ec74 from master
 2016-01-22 13:08:50 -05:00
Luke Plant
a034ced2ef [1.8.x] Changed action="." to action="" in tests and docs. 
`action="."` strips query parameters from the URL which is not usually what
you want. Copy-paste coding of these examples could lead to difficult to
track down bugs or even data loss if the query parameter was meant to alter
the scope of a form's POST request.

Backport of 77974a684a2e874bccd8bd9e0939ddcb367a8ed2 from master
 2016-01-21 14:00:23 -05:00
Alexander Gaevsky
8502e9f049 [1.8.x] Fixed #26060 -- Fixed crash with reverse OneToOneField in ModelAdmin.readonly_fields. 
Backport of 9a33d3d76497d9e198de942ee1236c452231262f from master
 2016-01-21 13:55:14 -05:00
Alberto Avila
5b3c66d8b6 [1.8.x] Fixed #26071 -- Fixed crash with __in lookup in a Case expression. 
Partial backport of afe0bb7b13bb8dc4370f32225238012c873b0ee3 from master.
 2016-01-13 08:38:07 -05:00
Tim Graham
f8c3d38c2d [1.8.x] Fixed #26034 -- Fixed incorrect index handling on PostgreSQL on Char/TextField with unique=True and db_index=True. 
Thanks Simon Charette for review.

Backport of 56aaae58a746eb39d5e92ba60f59f4c750a8e1a8 from master
 2016-01-08 14:47:05 -05:00
Tim Graham
fe5d37f991 [1.8.x] Added a helper function in schema tests. 
Backport of 54d3ba84066301b9cdbbd657620c0f1e5c2422c0 from master
 2016-01-08 14:42:32 -05:00
Claude Paroz
61437dd0a0 [1.8.x] Fixed #26046 -- Fixed a crash with translations and Django-unknown language code 
Thanks Jens Lundstrom for the report and Tim Graham for the review.
Backport of 632a9f21bc from master.
 2016-01-06 20:34:45 +01:00
Scott Pashley
7688089e0f [1.8.x] Fixed #26035 -- Prevented user-tools from appearing on admin logout page. 
Backport of 7cc2efc2d6916c05a0a5cb0c0e67f5405d8f6a03 from master
 2016-01-06 14:00:52 -05:00
Tim Graham
df4fea644f [1.8.x] Skipped a dateformat test on Windows as needed. 
Refs 1014ba026e879e56e0f265a8d9f54e6f39843348

Backport of 2765adc8dcbaa41662af9000c4de2820418bf0a2 from master
 2016-01-05 13:12:27 -05:00
varunnaganathan
f6b4893a9f [1.8.x] Fixed #25316 -- Fixed a crash with order_by() and values() after annotate(). 
Backport of 3eba9638ee69138c73efb1d1c1d1b806ddafc6cf from master
 2016-01-02 08:20:07 -05:00