Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
26,042 Commits 26 Branches 382 Tags
Commit Graph

10782 Commits

Author SHA1 Message Date
Tobias Bengfort
4fd6e09fdc [2.1.x] Clarified permission-related docs. 
Backport of 632d4861ddb99a2c9d11642fcfa4ad542b427d6b from master
 2019-02-28 15:29:32 +01:00
Tim Graham
0c295a7570 [2.1.x] Refs #29683 -- Updated multi-db docs for view permission. 
Backport of 50f09264ae8ab04824fcc6554e8c184378ad2f81 from master
 2019-02-25 14:57:27 -05:00
Mariusz Felisiak
7514a6cc95
[2.1.x] Fixed documentation of database representation for ManyToManyField. 
Backport of b0799f5d86b6c0ccb1dcba6e0d2eee336f7f5928 from master
 2019-02-25 20:10:22 +01:00
Mariusz Felisiak
8fe63dc4cd
[2.1.x] Fixed #30187 -- Moved "install Django" command to a console box. 
Backport of edec11ce86a1a0d9e4c5a2a0df6acaf655041c24 from master.
 2019-02-16 08:10:14 +01:00
Tim Graham
e1b55f2d3f [2.1.x] Added CVE-2019-6975 to the security release archive. 
Backport of d6e5aad5c7eba3d8061c09902de16cd2b22619af from master.
 2019-02-11 16:14:58 -05:00
Tim Graham
5c2b94af2a [2.1.x] Refs #30177 -- Forwardported 2.0.13 release notes. 
Backport of 1b8f552b08eb7642be598ba7512e7eaecefbdc6d from master.
 2019-02-11 15:55:12 -05:00
Carlton Gibson
168bfdd92b [2.1.x] Refs #30175 -- Added release notes for 2.1.7, 2.0.12, and 1.11.20 releases. 
Backport of b39bd0aa6d5667d6bbcf7d349a1035c676e3f972 from master
 2019-02-11 15:48:23 +01:00
Carlton Gibson
40cd190557 [2.1.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format(). 
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.

Backport of 402c0caa851e265410fbcaa55318f22d2bf22ee2 from master
 2019-02-11 11:11:55 +01:00
Mariusz Felisiak
657bbb139a
[2.1.x] Removed extra characters in docs header underlines. 
Backport of 25829197bb94585e94695360065ac614aa9e6a56 from master
 2019-02-08 21:41:10 +01:00
Carlton Gibson
5e5ecadaa3 [2.1.x] Added stub release notes for security releases. 
Backport of 5cc6f02f91e8860c867cc68cf42e66b5bb54c63d from master
 2019-02-07 15:49:51 +01:00
Daniel Hahler
893b80d95d [2.1.x] Fixed duplicate word in docs/releases/2.0.txt. 
Backport of fdc4518fe296c169cf54f23fdad2e0fc8785c059 from master.
 2019-02-04 18:30:48 -05:00
Tim Graham
f30467fe1d [2.1.x] Used extlinks for GitHub commits. 
Backport of c34c6d0a2fc6d9bc55fb2db94b9ed40141babb15 from master.
 2019-02-01 15:49:47 -05:00
Sergey Fedoseev
86f0779d09 [2.1.x] Corrected output of Prefetch.to_attr example. 
Backport of ba7a420012799b26ec9e969d0276d2ccee93c1f5 from master.
 2019-01-31 09:09:48 -05:00
MaximZemskov
3df13847d5 [2.1.x] Fixed #30097 -- Made 'obj' arg of InlineModelAdmin.has_add_permission() optional. 
Restored backwards compatibility after refs #27991.
Regression in be6ca89396c031619947921c81b8795d816e3285.

Backport of 3c01fe30f3dd4dc1c8bb4fec816bd277d1ae5fa6 from master.
 2019-01-11 18:03:23 -05:00
Tim Graham
7470595459 [2.1.x] Added stub 2.1.6 release notes. 
Backport of 36fceeec883c5082168714a0eb14a2fe40f9d79b from master.
 2019-01-08 08:57:48 -05:00
Tim Graham
ee1cad4908 [2.1.x] Added CVE-2019-3498 to the security release archive. 
Backport of 162ae9c9143aa85eb27ea69b446a28973eea4854 from master.
 2019-01-04 09:25:20 -05:00
Tom Hacohen
64d2396e83 [2.1.x] Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page. 
Co-Authored-By: Tim Graham <timograham@gmail.com>
Backport of 1ecc0a395be721e987e8e9fdfadde952b6dee1c7 from master.
 2019-01-03 21:22:14 -05:00
Jozef
fcb4d4dd9d [2.1.x] Fixed typo in docs/ref/migration-operations.txt. 
Backport of 5bbf31634faad13658dc7bcaeb8139d8625e4349 from master.
 2019-01-02 17:56:41 -05:00
Tim Graham
4e4b952123 [2.1.x] Fixed #30050 -- Fixed InlineModelAdmin.has_change_permission() called with non-None obj during add. 
Thanks andreage for the report and suggested fix.

Backport of 02c07be95c47efaab9da7422c33ee76142f11336 from master.
 2019-01-01 09:53:28 -05:00
Adam Johnson
65ccb1b7e4 [2.1.x] Added examples to HttpRequest.build_absolute_uri() docs. 
Backport of b71e3d635a5731ec02469822694d06d964007f9b from master.
 2018-12-29 19:45:01 -05:00
Vedran Karačić
400dac7b69 [2.1.x] Updated OWASP Top 10 link to the latest version. 
Backport of 293db9eb36e42e8ba976c2639800020d04b95deb from master.
 2018-12-27 10:04:41 -05:00
CHI Cheng
6f4130f358 [2.1.x] Fixed broken links to PyYAML page. 
Backport of b7dbd5ff68bb9d2235ca081c0bd0b8baa65f8c77 from master.
 2018-12-27 10:49:57 +01:00
Marten Kenbeek
a79789e232 [2.1.x] Added import locations to contrib.postgres aggregates and validators docs. 
Backport of 7a6dbbb655850bff56cd717a3bfa0975e200d15f from master.
 2018-12-24 16:36:14 -05:00
Konstantin Alekseev
08f78a4fc8 [2.1.x] Fixed #30015 -- Ensured request body is properly consumed for keep-alive connections. 
Backport of b514dc14f4e1c364341f5931b354e83ef15ee12d and
bbe28fa07658f00786dc1d91ee281b4daac22d07 from master.
 2018-12-20 22:17:21 -05:00
Simon Charette
7cf9d15cf8 [2.1.x] Fixed #30023 -- Prevented SQLite schema alterations while foreign key checks are enabled. 
Prior to this change foreign key constraint references could be left pointing
at tables dropped during operations simulating unsupported table alterations
because of an unexpected failure to disable foreign key constraint checks.

SQLite3 does not allow disabling such checks while in a transaction so they
must be disabled beforehand.

Thanks ezaquarii for the report and Carlton and Tim for the review.

Backport of 315357ad25a6590e7f4564ec2e56a22132b09001 from master.
 2018-12-17 10:01:35 -05:00
Carlton Gibson
8d741bd88f [2.1.x] Fixed #30036 -- Removed unused imports in pagination example. 
Backport of a394289b58b1773c4959ed768fdb325c91b2b589 from master
 2018-12-12 18:50:53 +01:00
Simon Charette
fc8c2284e9 [2.1.x] Fixed #29182 -- Fixed schema table alteration on SQLite 3.26+. 
SQLite 3.26 repoints foreign key constraints on table renames even when
foreign_keys pragma is off which breaks every operation that requires
a table rebuild to simulate unsupported ALTER TABLE statements.

The newly introduced legacy_alter_table pragma disables this behavior
and restores the previous schema editor assumptions.

Thanks Florian Apolloner, Christoph Trassl, Chris Lamb for the report and
troubleshooting assistance.

Backport of c8ffdbe514b55ff5c9a2b8cb8bbdf2d3978c188f from master.
 2018-12-07 14:22:27 -05:00
Rodrigo
4c506730b5 [2.1.x] Fixed #29895 -- Doc'd why MySQL's atomic DDL statements don't work for atomic migrations. 
Backport of ad191d9e011f37d79a7f2df3da881b06539aaaea from master.
 2018-12-06 16:45:39 -05:00
Tim Graham
1084906927 [2.1.x] Fixed #30013 -- Fixed DatabaseOperations.last_executed_query() with mysqlclient 1.3.14+. 
Backport of 284b3221a2c17af5bfe2edbf851ac0a9901f91a0 from master.
 2018-12-05 15:09:19 -05:00
Carlton Gibson
878744586b [2.1.x] Added stub release notes for 2.1.5 release. 
Backport of 196b420fcb0cbdd82970e2b9aea80251bde82056 from master
 2018-12-04 16:23:16 +01:00
Carlton Gibson
c74e53f1c9 [2.1.x] Added release date for 2.1.4. 
Backport of 346721a0389657e800ef917cfee063c1f49ae0b3 from master
 2018-12-03 17:34:59 +01:00
Carlton Gibson
27f5b0aff3 [2.1.x] Fixed #29930 -- Allowed editing in admin with view-only inlines. 
Co-authored-by: Tim Graham <timograham@gmail.com>
Backport of 8245c99ee6032c2748ba46583d8cab15b2f9438e from master
 2018-12-03 17:34:36 +01:00
Carlton Gibson
b623c49c39 [2.1.x] Added release date for 1.11.17. 
Backport of 950112548e61098f442d37a8ded4ef9f83ff8fda from master
 2018-12-03 15:21:57 +01:00
raratiru
8f8be2a8d7 [2.1.x] Fixed #29991 -- Doc'd logger propogation for the default logging config. 
Backport of 793a71b7be9970bee8cbac68985684628e99ad23 from master.
 2018-11-29 20:32:49 -05:00
Basil Dubyk
381bdd4898 [2.1.x] Fixed #29929 -- Fixed admin view-only change form crash when using ModelAdmin.prepopulated_fields. 
Backport of 7d1123e5ada60963ba3c708a8932e57342278706 from master.
 2018-11-28 15:50:30 -05:00
Tim Graham
a9d9680ea3 [2.1.x] Refs #28205 -- Corrected ModelAdmin.prepopulated_fields docs regarding when they're populated. 
Backport of 682cdf6cab8cb76ef1808df45631c39748052e13 from master.
 2018-11-28 15:12:31 -05:00
Tim Graham
7e9d5a0aca [2.1.x] Fixed #29317 -- Doc'd filter argument in contrib.postgres aggregates. 
Backport of 926fa7116fd633b69277c3ad9b3370ca45163231 from master.
 2018-11-27 16:26:18 -05:00
Simon Charette
5760e05375 [2.1.x] Corrected Aggregate docs to reflect that it accepts multiple expressions. 
Backport of 9a7d336c3866c5226ed11868be0234c7e2fa47fa from master.
 2018-11-27 09:28:49 -05:00
Damian Dimmich
0d4bbd3f33 [2.1.x] Updated docs for fast column creation with defaults in PostgreSQL 11. 
Backport of 133e79399a0aeecaca7379dd79cc1cc3f8b5e7ae from master.
 2018-11-26 10:13:29 -05:00
andreage
d18e14e1d9 [2.1.x] Fixed typo in docs/topics/i18n/translation.txt. 
Backport of 78fc64578a8715b9812075bbebc829c1251c07fa from master
 2018-11-23 10:13:17 +01:00
Florian Apolloner
e1721ece48 [2.1.x] Fixed #29849 -- Fixed keep-alive support in runserver. 
Ticket #25619 changed the default protocol to HTTP/1.1 but did not
properly implement keep-alive. As a "fix" keep-alive was disabled in
ticket #28440 to prevent clients from hanging (they expect the server to
send more data if the connection is not closed and there is no content
length set).

The combination of those two fixes resulted in yet another problem:
HTTP/1.1 by default allows a client to assume that keep-alive is
supported unless the server disables it via 'Connection: close' -- see
RFC2616 8.1.2.1 for details on persistent connection negotiation. Now if
the client receives a response from Django without 'Connection: close'
and immediately sends a new request (on the same tcp connection) before
our server closes the tcp connection, it will error out at some point
because the connection does get closed a few milli seconds later.

This patch fixes the mentioned issues by always sending 'Connection:
close' if we cannot determine a content length. The code is inefficient
in the sense that it does not allow for persistent connections when
chunked responses are used, but that should not really cause any
problems (Django does not generate those) and it only affects the
development server anyways.

Refs #25619, #28440.

Regression in ac756f16c5bbbe544ad82a8f3ab2eac6cccdb62e.
Backport of 934acf1126995f6e6ccba5947ec8f7561633c27f from master.
 2018-11-20 17:44:03 -05:00
Tim Graham
ab2b86c124 [2.1.x] Doc'd purpose of "Database backend API" backwards incompatible changes section. 
Backport of f436c82637dafa3a9abbd65a3be77bf7ad431213 from master.
 2018-11-17 16:04:59 -05:00
Tim Graham
b94279dd26 [2.1.x] Refs #28814 -- Doc'd Python 3.7 compatibility in Django 1.11.x. 
Backport of 2fd21a18584dc62cfad65cc112465ce68db5561a from master.
 2018-11-17 16:04:33 -05:00
Claude Paroz
0991940c88 [2.1.x] Fixed #29959 -- Cached GEOS version in WKBWriter class. 
Regression in f185d929fa1c0caad8c03fccde899b647d7248c6.

Backport of e7e55059027ae2f644c852e0ba60dc9307b425e1 from master.
 2018-11-16 15:12:19 -05:00
Tim Graham
c0c7bda525 [2.1.x] Removed release date for 2.0.10 and 1.11.17. 
Backport of 97cec6f75d9d9b86892829f784e5e9dabfd1242a from master.
 2018-11-16 09:34:39 -05:00
Prabakaran Kumaresshan
24a85f44c2 [2.1.x] Fixed #29864 -- Added link targets for low-level cache API. 
Backport of 8250538bfc9792c87cd42c27fa778f12e14350cb from master.
 2018-11-15 18:46:27 -05:00
Mathew Payne
2128c508a2 [2.1.x] Fixed #29952 -- Lowercased all passwords in contrib.auth's auth/common-passwords.txt.gz. 
Backport of 26bb2611a567d43bc258aa7806eef766b7adcfe5 from master.
 2018-11-15 14:11:24 -05:00
Daniel Musketa
793e26bc4f [2.1.x] Fixed typo in docs/ref/middleware.txt. 
Backport of ca2856fb6297378c40622521d21539097c28eb0b from master.
 2018-11-14 09:48:06 -05:00
Katie McLaughlin
353afec70d [2.1.x] Fixed #29940 -- Recommended using the ORM rather than raw SQL. 
Backport of 9886dffdf45873a5ce427eded9277f37d4a30ef1 from master.
 2018-11-13 18:15:35 -05:00
Tobias Bengfort
b2ede89337 [2.1.x] Doc'd PermissionsMixin's usage of User.is_active and is_superuser. 
Backport of b1243a55a5916ed08a726b011bc05d40f717ef40 from master.
 2018-11-12 10:44:43 -05:00