Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
21,838 Commits 26 Branches 382 Tags
Commit Graph

2040 Commits

Author SHA1 Message Date
Tim Graham
52b06546c0 [1.9.x] Fixed typo in docs/releases/1.8.12.txt. 
Backport of bc0410d98adcb70ad91f37fa9fee9a7ae71faa18 from master
 2016-03-05 10:02:58 -05:00
Tim Graham
51b7f10213 [1.9.x] Added stub release notes for 1.9.5/1.8.12. 
Backport of c960af4adb87f8ce87f5698902b68e8332e448cb from master
 2016-03-05 10:01:04 -05:00
Claude Paroz
9c195d45a6 [1.9.x] Added safety to URL decoding in is_safe_url() on Python 2 
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
Backport of 552f03869e from master.
 2016-03-04 23:38:32 +01:00
Claude Paroz
78f4830056 [1.9.x] Fixed #26308 -- Prevented crash with binary URLs in is_safe_url() 
This fixes a regression introduced by c5544d28923.
Thanks John Eskew for the reporti and Tim Graham for the review.
Backport of ada7a4aef from master.
 2016-03-04 21:15:44 +01:00
Tim Graham
067d8c3500 [1.9.x] Fixed typo in docs/releases/1.9.1.txt. 
Backport of cecbf1bdef04e00e6947f47d96198aa57c2a0dc3 from master
 2016-03-04 14:17:48 -05:00
Tim Graham
2a9ce36271 [1.9.x] Added stub release notes for 1.8.11. 
Backport of 2f0c785a4c2353a3035ba6022cec5e25fb9d569b from master
 2016-03-04 09:48:08 -05:00
Alasdair Nicol
c6d39c644d [1.9.x] Fixed #26309 -- Documented that login URL settings no longer support dotted paths. 
Backport of 2404d209a5e8c4573927e14587735562b79e13ed from master
 2016-03-03 07:48:28 -05:00
Dmitry Dygalo
fddd79dacd [1.9.x] Fixed typo in 1.9.3/1.8.10 release date. 
Backport of 5155c2b4587629c4bc77a11846e5b9d3ba5a43ef from master
 2016-03-02 07:09:48 -05:00
Tim Graham
e0ea4edca0 [1.9.x] Added stub release notes for 1.9.4. 
Backport of 2e895d2870860e9855b79fcda41693783671ed12 from master
 2016-03-01 12:39:22 -05:00
Tim Graham
a53ee2bbf4 [1.9.x] Added CVE-2016-2512/2513 to security release archive. 
Backport of 24fc9352183c449a8b11d1c7b442e70aa61a8800 from master
 2016-03-01 12:36:17 -05:00
Florian Apolloner
af7d09b0c5 [1.9.x] Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login. 
This is a security fix.
 2016-03-01 11:38:49 -05:00
Mark Striemer
fc6d147a63 [1.9.x] Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth. 
This is a security fix.
 2016-03-01 11:38:49 -05:00
Tim Graham
7e799217c5 [1.9.x] Added stub release notes for security issues. 2016-03-01 11:38:49 -05:00
Simon Charette
48cf751640 [1.9.x] Fixed #26186 -- Documented how app relative relationships of abstract models behave. 
This partially reverts commit bc7d201bdbaeac14a49f51a9ef292d6312b4c45e.

Thanks Tim for the review.

Refs #25858.

Backport of 0223e213dd690b6b6e0669f836a20efb10998c83 from master
 2016-02-29 22:13:54 -05:00
Simon Charette
ba6f83ec95 [1.9.x] Fixed #26286 -- Prevented content type managers from sharing their cache. 
This should prevent managers methods from returning content type instances
registered to foreign apps now that these managers are also attached to models
created during migration phases.

Thanks Tim for the review.

Refs #23822.

Backport of 3938b3ccaa85f1c366909a4839696007726a09da from master
 2016-02-26 16:22:17 -05:00
Ivan Tsouvarev
cd46947ddb [1.9.x] Fixed #26280 -- Fixed cached template loader crash when loading nonexistent template. 
Backport of 8890c533e0b53cb0021bd5faf15668430cd3075a from master
 2016-02-26 08:02:34 -05:00
Sjoerd Job Postmus
911a77fcca [1.9.x] Fixed #26231 -- Used .get_username in admin login template. 
Backport of bbe136e1a2f9cbf3fd10d49fbe8558a5b394752c from master
 2016-02-25 19:30:37 -05:00
Jon Dufresne
04780e8a25 [1.9.x] Fixed #26267 -- Fixed BoundField to reallow slices of subwidgets. 
Backport of b41268135995cef46d40e550f9301fab20cf330d from master
 2016-02-24 07:03:24 -05:00
Tim Graham
c6ab81db79 [1.9.x] Refs #26253 -- Amended release note as this issue doesn't affect 1.8. 2016-02-22 17:18:31 -05:00
Tim Graham
3fedfc452f [1.9.x] Fixed #26253 -- Fixed crashing deprecation shims in SimpleTemplateResponse. 
Thanks David Reitter for the report and initial patch.
 2016-02-22 17:07:07 -05:00
Tim Graham
07ffee6411 [1.9.x] Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator. 
Thanks Shai Berger for the review.

Backport of b1afebf882db5296cd9dcea26ee66d5250922e53 from master
 2016-02-18 19:51:29 -05:00
Akshesh
0d2b97ca18 [1.9.x] Fixed #26219 -- Fixed crash when filtering by Decimal in RawQuery. 
Backport of fdccc02576ae5a524338f65e629948604d80b4c8 from master
 2016-02-17 14:00:38 -05:00
Claude Paroz
205cafd01e [1.9.x] Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values 
Also added tests for HStoreField and JSONField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
Backport of 928c12eb1 from master.
 2016-02-16 21:09:16 +01:00
Alexey Kotlyarov
765e6c411c [1.9.x] Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable. 
Backport of b59f963ad2a49322725b20fac71661bd49643443 from master
 2016-02-15 11:45:44 -05:00
Anssi Kääriäinen
1d9ee181fe [1.9.x] Fixed #26196 -- Made sure __in lookups use to_field as default. 
Thanks Simon Charette for the test.

Backport of 46ecfb9b3a11a360724e3375ba78c33c46d6a992 from master
 2016-02-11 11:09:55 -05:00
Anssi Kääriäinen
25496f0f7b [1.9.x] Fixed #26153 -- Reallowed Q-objects in ForeignObject.get_extra_descriptor_filter(). 
Backport of 353aecbf8c1a8cc6f3985149e2895d49e53dfc1c from master
 2016-02-11 09:00:38 -05:00
Simon Charette
58723722e9 Fixed #26162 -- Checked query name clashes of hidden relationships. 
Although reverse accessor clashes should be skipped query name can't be hidden.

Thanks to Ian Foote and Tim Graham for the review.
 2016-02-08 10:31:01 -05:00
Tim Graham
6b689a505c [1.9.x] Fixed #26177 -- Fixed a PostgreSQL crash with TIME_ZONE=None and USE_TZ=False. 
Backport of 97eb3356b2a7488c8d0ca0e47ef3e538852d44a2 from master
 2016-02-08 07:41:56 -05:00
Tim Graham
530f0adcf3 [1.9.x] Added stub release notes for 1.8.10. 
Backport of d6337e65ed86ac0d2e55ebcbc710c42f87e0a3b6 from master
 2016-02-06 09:24:56 -05:00
Carl Meyer
239a1f74fd [1.9.x] Fix typos in 1.8 release notes. 
Backport of a0ce4c09ff516af52718885120c2231404515428 from master
 2016-02-03 15:27:35 -05:00
Tim Graham
194bf8ca62 [1.9.x] Refs #26089 -- Removed obsolete docs about custom user model testing. 
Backport of 1e9150443e5696d764ed81c97b53ef0365a5d854 from master
 2016-02-02 08:55:06 -05:00
Buddy Lindsey, Jr
3a063b0dcc [1.9.x] Fixed #26155 -- Skipped URL checks if no ROOTURL_CONF setting. 
Backport of 731bdfe68ae8dd332702b1838db44f0efe433e2e from master
 2016-02-01 14:00:08 -05:00
Tim Graham
34fae0a4f7 [1.9.x] Added CVE-2016-2048 to the security archive. 
Backport of ecd502cfdb57706dd0e84d9928934bcae6b1ef25 from master
 2016-02-01 12:43:02 -05:00
Tim Graham
cc36944935 [1.9.x] Added stub release notes for 1.9.3. 
Backport of 59654d5efe94ea7a01102f6208e33dcc259d65fb from master
 2016-02-01 12:39:50 -05:00
Tim Graham
715cc35467 [1.9.x] Added release dates for 1.9.2 and 1.8.9. 2016-02-01 12:05:08 -05:00
Myk Willis
adbca5e4db [1.9.x] Fixed incorrect permissions check for admin's "Save as new". 
This is a security fix.
 2016-02-01 12:05:08 -05:00
Tim Graham
d7a6086825 [1.9.x] Fixed #23868 -- Added support for non-unique django-admin-options in docs. 
Also documented missing short command line options to fix #24134. This bumps
the minimum sphinx version required to build the docs to 1.3.4.

Thanks Simon Charette for review.

Backport of e519aab43a419589e92fe284e4ce2f2e034aec6a from master
 2016-02-01 11:25:42 -05:00
Tim Graham
0495f44b8d [1.9.x] Unified some doc links to OneToOneField and ManyToManyField. 
Backport of 8ce8beb3f24042ed0c3da00ef3d23c25036021ed from master
 2016-02-01 11:02:53 -05:00
Tim Graham
01db3249e5 [1.9.x] Fixed #26129 -- Made invalid forms display initial values of disabled fields. 
Backport of 04564eb74d2d92eaf88b22ab8cec7ef45978111e from master
 2016-01-29 08:08:04 -05:00
Tim Graham
efd8554815 [1.9.x] Fixed #20415 -- Ensured srid isn't localized in OpenLayers JavaScript. 
Backport of 19d1cb14519186902d7e27813bf2643fe3f7cfa3 from master
 2016-01-28 18:02:10 -05:00
Claude Paroz
ca6ab72bb7 [1.9.x] Fixed #26138 -- Ensured geometry_field's geometry is always serialized 
Thanks Bernd Schlapsi for the report.
Backport of 54236a2c1c from master.
 2016-01-28 08:52:28 +01:00
Ben Kraft
dee5896b55 [1.9.x] Fixed #26122 -- Fixed copying a LazyObject 
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4.

Backport of 13023ba86746980aace2341ba32a9419e7567751 from master
 2016-01-26 06:57:27 -05:00
Preston Timmons
218cc71073 [1.9.x] Fixed #25848 -- Set template origin on each node. 
Prior to 55f12f8709, the template origin was available on each node via
`self.token.source[0]`. This behavior was removed when debug handling was
simplified, but 3rd-party debugging tools still depend on its presence.
This updates the Parser to set origin on individual nodes. This enables the
source template to be determined even when template extending or including is
used.

Backport of cfda1fa3f8d95f0f4a369da9021dbd770e5fa44a from master
 2016-01-26 06:23:51 -05:00
Simon Charette
abdbf00815 [1.9.x] Fixed #26135 -- Adjusted the migration questioner's handling of disabled apps. 
This was causing an issue when calling the `migrate` command in a test case with
the `available_apps` attribute pointing to an application with migrations
disabled using the `MIGRATION_MODULES` setting.

Thanks to Tim Graham for the review.

Refs #24919

Backport of 4dcaa5871b70859952c6f9c437dfe1b5f10509f2 from master
 2016-01-25 22:02:45 -05:00
Chris Lamb
3306106fb1 [1.9.x] Fixed #25968 -- Changed project/app templates to use a "py-tpl" suffix. 
Debian packages unconditionally byte-compile .py files on installation and
do not silence errors by design. Therefore, we need a way of shipping these
invalid .py files without a .py extension but ensuring that when we
template them, they end up as .py.

We don't special-case .py files so that the all the TemplateCommand
command-line options (eg. extra_files and extensions) still work entirely
as expected and it may even be useful for other formats too.

Backport of abc0777b63057e2ff97eee2ff184356051e14c47 from master
 2016-01-25 12:44:14 -05:00
Tim Graham
4aec49d015 [1.9.x] Refs #26034 -- Added another case fixed by this ticket to release notes. 
Thanks Shai Berger for the report.

Backport of 497b5d6feee5b7947231bd0ae6edf833773b6cce and
5e8685c1b14e94e3f540ac1d68b61e71dcc27517 from master
 2016-01-25 08:36:56 -05:00
Elif T. Kus
5dceb1f078 [1.9.x] Fixed #26020 -- Normalized header stylings in docs. 
Backport of bca9faae95db2a92e540fbd08505c134639916fe from master
 2016-01-22 12:18:24 -05:00
Alexander Gaevsky
be3169d6ed [1.9.x] Fixed #26060 -- Fixed crash with reverse OneToOneField in ModelAdmin.readonly_fields. 
Backport of 9a33d3d76497d9e198de942ee1236c452231262f from master
 2016-01-21 13:22:02 -05:00
Aymeric Augustin
cfe4ba6e90 [1.9.x] Fixed #26063 -- Crash when passing > 2000 params. 
If SQLITE_MAX_VARIABLE_NUMBER (default = 999) is changed at compile time
to be greater than SQLITE_MAX_COLUMN (default = 2000), which Debian does
by setting the former to 250000, Django raised an exception on queries
containing more than 2000 parameters when DEBUG = True.

Backport of f91b5a7e4b from master
 2016-01-21 10:48:47 +01:00
Anssi Kääriäinen
05e8fa83c3 [1.9.x] Fixed #26092 -- Fixed QuerySet.order_by() regression with an M2M through model. 
Backport of ee596888e1149864e7828f5cf63c0eda395744c3 from master
 2016-01-20 19:16:18 -05:00