Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
7,017 Commits 26 Branches 382 Tags
Commit Graph

879 Commits

Author SHA1 Message Date
Jacob Kaplan-Moss
594a28a904 SECURITY ALERT: Corrected regular expressions for URL and email fields. 
Certain email addresses/URLs could trigger a catastrophic backtracking
situation, causing 100% CPU and server overload. If deliberately triggered, this
could be the basis of a denial-of-service attack.

This security vulnerability was disclosed in public, so we're skipping our
normal security release process to get the fix out as soon as possible.

This is a security related update. A full announcement will follow.



git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@11605 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-10-09 20:59:25 +00:00
Matt Boersma
372736b70f [1.0.X] Fixed #11049: introspection on Oracle now identifies IntegerFields correctly. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@11476 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-08-21 21:43:09 +00:00
Russell Keith-Magee
df7f917b7f [1.0.X] SECURITY ALERT: Corrected a problem with the Admin media handler that could lead to the exposure of system files. Thanks to Gary Wilson for the patch. 
This is a security-related backport of r11351. A full announcement, as well as a backport 0.96.X will be forthcoming.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@11353 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-07-29 02:55:26 +00:00
Russell Keith-Magee
128787d3b5 [1.0.X] Fixed #11546 -- Modified the mail regression test to avoid getting hung up on 32/64 bit differences. Thanks to Richard Davies for the report. 
Merge of r11328 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@11329 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-07-25 05:17:38 +00:00
Ian Kelly
77b269e875 Fixed #11487: pass long strings to Oracle as CLOB rather than NCLOB to prevent an encoding bug that occurs in some installations. Backport of [11285] from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@11286 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-07-21 21:25:48 +00:00
Russell Keith-Magee
79af110d37 [1.0.X] Fixed #11107 -- Corrected the generation of sequence reset SQL for m2m fields with an intermediate model. Thanks to J Clifford Dyer for the report and fix. 
Merge of r11215 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@11216 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-07-11 14:30:14 +00:00
Russell Keith-Magee
1153d4bf80 [1.0.X] Fixed #10834 -- Added bucket condition to ensure that URL resolvers won't ever return None. Thanks to Chris Cahoon for the patch. 
Merge of r11120 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@11122 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-06-29 14:23:28 +00:00
Russell Keith-Magee
c4e240fae3 [1.0.X] Fixed #11392 -- Enforced a predictable result order for a couple of test cases. Thanks to Nathan Auch for the report and patch. 
Merge of r11119 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@11121 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-06-29 14:10:53 +00:00
Russell Keith-Magee
c9771f0b4a [1.0.X] Fixed #11270 -- Modified cache template tag to prevent the creation of very long cache keys. Thanks to 235 for the report and patch. 
Merge of r11068 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@11070 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-06-18 15:14:04 +00:00
Russell Keith-Magee
bb0538d4d5 [1.0.X] Fixed #11270 -- Corrected naming conflict in templatetag test. Thanks to steveire for the report. 
Merge of r11067 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@11069 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-06-18 15:07:22 +00:00
Russell Keith-Magee
d0a3b92e4b [1.0.X] Fixed #9023 -- Corrected a problem where cached attribute values would cause a delete to cascade to a related object even when the relationship had been set to None. Thanks to TheShark for the report and test case, and to juriejan and Jacob for their work on the patch. 
Merge of r11009 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@11010 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-06-15 15:06:35 +00:00
Russell Keith-Magee
8656fffbe0 [1.0.X] Fixed #11311 -- Reverted [10952], Refs #10785. Changeset [10952] caused problems with m2m relations between models that had non-integer primary keys. Thanks to Ronny for the report and test case. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@11008 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-06-15 11:54:03 +00:00
Luke Plant
b9952794c3 [1.0.X] Fixed #9367 - EmailMultiAlternatives does not properly handle attachments. 
Thanks to Loek Engels for the bulk of the patch.

Backport of r10983 from trunk


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10984 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-06-12 14:09:36 +00:00
Russell Keith-Magee
056796b74d [1.0.X] Fixed #9479 -- Corrected an edge case in bulk queryset deletion that could cause an infinite loop when using MySQL InnoDB. 
Merge of 10913-10914 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10915 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-06-03 13:43:05 +00:00
Gary Wilson Jr
53b0436102 [1.0.X] Fixed a few Python 2.3 incompatibilities that were causing test failures. 
Backport of [10863] from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10864 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-29 05:28:40 +00:00
Russell Keith-Magee
e001738063 [1.0.X] Modified a test from r10787 so that the comparison order is reliable. Thanks to Alex Gaynor and Tom Tobin for the report via IRC. 
Merge of r10828 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10829 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-20 00:26:07 +00:00
Karen Tracey
02b6f16422 [1.0.X] Fixed #11066 -- Corrected 11 duplicate "the"s found in docs and code comments. Thanks kaikuehne. 
Merge of applicable parts of r10801 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10802 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-17 16:53:38 +00:00
Matt Boersma
985c939dd0 [1.0.X] Fixed import statement in admin_views test to work with Python 2.3. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10790 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-15 15:06:57 +00:00
Russell Keith-Magee
55f1c3e176 [1.0.X] Fixed #11120 -- Corrected handling of inlines attached to inherited classes, broken by r10756. Thanks to George Song and Michael Strickland for the simultaneous reports. 
Merge of r10787 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10788 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-15 13:06:57 +00:00
Jacob Kaplan-Moss
7f90dc1ba2 [1.0.X] Fixed #10348: ChangeList no longer overwrites a select_related provided by ModelAdmin.queryset(). Backport of [10782] from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10783 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-14 15:13:49 +00:00
Jacob Kaplan-Moss
c293450173 [1.0.X] Fixed #10992: fixed a bug saving inlines with custom primary key fields. Thanks, Zain. Backport of [10777] from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10779 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-14 02:30:25 +00:00
Jacob Kaplan-Moss
f4fce99bc1 [1.0.X] Fixed #10687: fixed request parsing when upload_handlers is empty. Thanks, Armin Ronacher. Backport of [10723] from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10765 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-13 18:45:16 +00:00
Jacob Kaplan-Moss
11d08bca2b [1.0.X] Fixed #10448: correcting errors on "save as new" now correctly create a new object instead of modifying the old one. Thanks, bastih. Backport of [10713] from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10764 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-13 18:41:39 +00:00
Russell Keith-Magee
c482859105 [1.0.X] Fixed #10243, #11043 -- Corrected handling of formsets over a ForeignKey that uses to_field, and by extension, fixed the admin for handling fields of that type. Thanks to apollo13 for the initial patch. 
Merge of r10756 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10758 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-13 14:32:18 +00:00
Russell Keith-Magee
17d214a982 [1.0.X] Fixed #10288 -- Corrected _has_changed handling of DateTimeInput when a custom date/time format is in use. Thanks to Koen Biermans for the report and patch. 
Merge of r10641 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10757 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-13 14:31:39 +00:00
Russell Keith-Magee
bc07a498fe [1.0.X] Fixed #10792 -- Ensured that ModelChoiceFields don't provide an empty option when the underlying field has blank=False and there is a default value available. Thanks to carljm for the report and patch. 
Merge of r10729 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10733 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-11 00:01:40 +00:00
Russell Keith-Magee
0d930ee0e6 [1.0.X] Fixed #11042 -- Corrected admin inlines for inherited models. Thanks to jsmullyan for the report, and mir for helpful triage work. Patch includes regression test for #8093, and a commented out test for #10992. 
Merge of r10725 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10726 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-09 11:52:15 +00:00
Matt Boersma
1fe7eb603d [1.0.X] Fixed test suite on Oracle that was broken by using keyword "date" as a field name. Refs #4140 and #10422. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10722 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-08 16:49:49 +00:00
Russell Keith-Magee
8397c1fdfa [1.0.X] Fixed #10899 -- Ensured that log messages for deletions in the admin contain useful descriptions. Thanks to Jeremy Dunck for the patch. 
Merge of r10686 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10720 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-08 16:12:51 +00:00
Russell Keith-Magee
41ba8e7ca6 [1.0.X] Fixed #10516 -- Corrected admin search when the search_fields definition contains multiple fields on the same base model. Thanks to Zain Memon 
Merge of r10684 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10719 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-08 16:08:55 +00:00
Jacob Kaplan-Moss
4f383e2939 Reverted r10709 which I applied to the wrong branch. Sorry for my git-svn fail! 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10710 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-08 11:13:17 +00:00
Jacob Kaplan-Moss
864b78135a Fixed #10188: prevent newlines in HTTP headers. Thanks, bthomas. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10709 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-08 11:10:23 +00:00
Jacob Kaplan-Moss
7935231ef0 [1.0.X] Fixed #8817: get_image_dimensions correctly closes the files it opens, and leaves open the ones it doesn't. Thanks, mitsuhiko. 
While I was at it, I converted the file_storage doctests to unit tests.

Backport of [10707] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10708 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-08 11:02:49 +00:00
Gary Wilson Jr
e93b3a7b02 [1.0.X]: Fixed #9610 -- Fixed duplicate uploaded file name mangling when directory contained a dot and file didn't. Based on patches from fadlytabrani and adurdin. 
Backport of r10701 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10702 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-08 05:52:44 +00:00
Jacob Kaplan-Moss
899d484afb [1.0.X] Make sure that all uses of max_length in the test suite use values smaller than 255. If we use max_length > 255 the test suite can't be run on MySQL 4. Backport of [10697] from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10698 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-07 18:11:43 +00:00
Jacob Kaplan-Moss
67f9ad2801 [1.0.X] Fixed #9659: fixed wsgi.file_wrapper in the builtin server. Thanks, mitsuhiko. Backport of [10690] from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-07 15:40:13 +00:00
Russell Keith-Magee
6541739765 [1.0.X] Fixed #10275 -- Corrected the edge case of rendering a LogEntry with a contenttype of None. Thanks to Jarek Zgoda for the report, and Peter Bengtsson for the patch 
Merge of r10675 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10676 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-05 12:46:50 +00:00
Russell Keith-Magee
0e5c80f86c [1.0.X] Fixed #9932 -- Added a validation error when an inline tries to exclude the foreign key that provides the link to the parent model. Thanks to david for the report and patch. 
Merge of r10668 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10672 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-03 13:48:27 +00:00
Russell Keith-Magee
f137a7391e [1.0.X] Fixed #9362 -- Prevented inline forms from overwriting the content_type_id attribute on objets being inlined. Thanks to carljm for the report and patch. 
Merge of r10667 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-03 13:47:36 +00:00
Russell Keith-Magee
6a21ada37e Fixed #9609 -- Modified the clean method of(Null)Boolean field to accept '1' and '0' as valid inputs. Thanks to psagers for the patch. 
This is required to support the use of non-default form widgets such as RadioSelect when the data comes from MySQL, which uses 1/0 to represent booleans.

Merge of r10660 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10662 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-02 14:56:35 +00:00
Russell Keith-Magee
d22290b2ce [1.0.X] Fixed #10349 -- Modified ManyToManyFields to allow initial form values to be callables. Thanks to fas for the report and patch. 
Merge of r10652 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10653 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-05-02 07:16:30 +00:00
Russell Keith-Magee
bf10bded7a [1.0.X] Fixed #10082 -- Modified BaseFormSet so that ordering checks work when the formset is empty. Thanks to Petr Marhoun for the report and test case, and bmathieu for the fix. 
Merge of r10643 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10644 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-04-28 14:22:39 +00:00
Jacob Kaplan-Moss
2ceee52303 [1.0.X] Fixed the tests from [9438] to work consistantly across databases. In particular, it was failing on newer versions of PostgreSQL after [10586]. Backport of [10626] from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10627 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-04-22 22:41:18 +00:00
Jacob Kaplan-Moss
421b22e8ee [1.0.X] Fixed #10208: ModelAdmin now respects the exclude and field atributes of custom ModelForms. Thanks, Alex Gaynor. Backport of r10619 from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10620 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-04-22 16:14:02 +00:00
Karen Tracey
7ff22ef258 [1.0.X] Fixed #9651: fixed save_as with inline forms. Thanks, kmike and Mnewman. 
Backport of r10353 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10612 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-04-21 18:58:32 +00:00
Karen Tracey
a486c1e9b6 [1.0.X] Added a test from Jamie Gennis to ensure #9848 doesn't reappear. 
The bug itself was fixed at some point in the past months (there have
been a few improvements to update() recently). Fixed #9848. 

(Merge of r10528 from trunk.  Per comment in #9848 the fix was in r9967,
which was backported in r9968, thus it seems right to backport the new
test as well.)


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10607 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-04-21 17:56:54 +00:00
Jacob Kaplan-Moss
283442a50e [1.0.X] Fixed #10002: inline file uploads now correctly display prior data. Thanks, dgouldin. Backport of r10588 from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10589 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-04-18 20:34:42 +00:00
Jacob Kaplan-Moss
01669a356a [1.0.X] Fixed #9122: generic inline formsets now respect exclude and max_num. Thanks, Alex Robbins. Backport of [10586] from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10587 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-04-18 20:17:17 +00:00
Jacob Kaplan-Moss
681a26ca90 [1.0.X] Fixed #9124: fixed SelectDateWidget with required=False. Thanks, Bernd Schlapsi. Backport of [10584] from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10585 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-04-18 17:36:45 +00:00
Jacob Kaplan-Moss
2ee33cf63b [1.0.X\ Fixed #10156: ModelMultipleChoiceField.clean now does a single query instead of O(N). Thanks, Alex Gaynor. Also, I ported a few more doctests to unittests. Backport of r10582 from trunk. 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10583 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-04-18 15:52:58 +00:00