Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
12,101 Commits 26 Branches 382 Tags
Commit Graph

12101 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Emmanuelle Delescolle
f58392d8d8 [1.4.x] Fixed #23604 -- Allowed related m2m fields to be references in the admin. 
Thanks Simon Charette for review.

Backport of a24cf21722 from master
 2014-10-06 09:08:45 -04:00
Tim Graham
df657a7682 [1.4.x] Required numpy < 1.9 for tests; refs #23489. 
Backport of 4743a94429 from stable/1.7.x
 2014-09-29 19:47:33 -04:00
Joseph Dougherty
3132edae41 [1.4.x] Fixed #23499 -- Error in built-in template tag "now" documentation 
Backport of ab8248361e0a7b4fc7684eaaa5891e16b8562683 from master.
 2014-09-17 09:26:45 +02:00
Claude Paroz
ba2be27613 [1.4.x] Fixed #20036 -- Improved GEOS version string parsing 
Thanks chikiro.spam at gmail.com for the report.
 2014-09-11 20:54:33 +02:00
Simon Charette
065caafa70 [1.4.x] Fixed #23431 -- Allowed inline and hidden references to admin fields. 
This fixes a regression introduced by the 53ff096982 security fix.

Thanks to @a1tus for the report and Tim for the review.

refs #23329.

Backport of 342ccbd from master
 2014-09-08 14:22:29 -04:00
Tim Graham
78085844a7 [1.4.x] Added dates to release notes. 
Backport of 0fd23545db from master
 2014-09-02 21:36:44 -04:00
Tim Graham
89157fe11f [1.4.x] Post release version bump. 2014-09-02 21:07:29 -04:00
James Bennett
0517f498cd [1.4.x] Bump version numbers for bugfix release. 1.4.15 2014-09-02 15:43:24 -05:00
Simon Charette
4685026840 [1.4.x] Fixed #23329 -- Allowed inherited and m2m fields to be referenced in the admin. 
Thanks to Trac alias Markush2010 and ross for the detailed reports.

Backport of 3cbb759 from master
 2014-08-27 22:12:37 -04:00
Tim Graham
8adc56ca78 [1.4.x] Fixed spelling mistake in file docs. 
Backport of a3e88e64a4 from master
 2014-08-26 09:45:06 -04:00
Tim Graham
27c682ffa0 [1.4.x] Bumped version number post-release. 2014-08-20 16:36:42 -04:00
Tim Graham
e484df76b6 [1.4.x] Added dates to release notes. 2014-08-20 16:33:50 -04:00
James Bennett
4fce0193d2 [1.4.x] Bump version numbers for security release. 1.4.14 2014-08-20 15:00:40 -05:00
Simon Charette
027bd34864 [1.4.x] Prevented data leakage in contrib.admin via query string manipulation. 
This is a security fix. Disclosure following shortly.
 2014-08-11 16:01:41 -04:00
Preston Holmes
c9e3b9949c [1.4.x] Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USE change. 
This is a security fix. Disclosure following shortly.
 2014-08-11 12:15:06 -04:00
Tim Graham
30042d475b [1.4.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file names. 
This is a security fix. Disclosure following shortly.
 2014-08-11 10:14:06 -04:00
Florian Apolloner
c2fe73133b [1.4.x] Prevented reverse() from generating URLs pointing to other hosts. 
This is a security fix. Disclosure following shortly.
 2014-08-11 09:04:23 -04:00
Tim Graham
4d5e972a2c [1.4.x] Added release note stub for 1.4.14. 2014-08-11 08:47:06 -04:00
Tim Graham
88cb7aa6aa [1.4.x] Added a warning that remove_tags() output shouldn't be considered safe. 
Backport of 7efce77de2 from master
 2014-08-11 07:11:30 -04:00
Tim Graham
399052d224 [1.4.x] Noted that django-jython requires Django 1.7. 
Backport of 72e98d5c16 from stable/1.6.x
 2014-08-08 12:47:31 -04:00
Tim Graham
d23d19c15e [1.4.x] Fixed #23239 -- Clarified a phrase in the contrib.markup docs. 
Backport of e0fb48c254 from stable/1.5.x
 2014-08-06 08:30:49 -04:00
Erik Romijn
bc03817b42 [1.4.x] Fixed #23149 -- Clarified note on HTTPOnly in cookie-based session docs 
Backport of e26366da44bb343e7a95d01ff0dd18b8026c2802 from master.
 2014-08-02 19:01:23 +02:00
Tim Graham
778a555342 [1.4.x] Added tests/requirements/py2.txt. 
This follows the convention used in other branches so we don't
need a special case in the build script for 1.4.
 2014-07-25 09:46:15 -04:00
Ramiro Morales
aa9c45c2e4 [1.4.x] Revert "Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet." 
This reverts commit b44519072e8a0ef56a0ae9e6e4a1fb04273eb0eb.

stable/1.4.x branch is in security-fixes-only mode.
 2014-07-14 21:09:38 -03:00
Tim Graham
b44519072e [1.4.x] Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet. 
Thanks sebastien at clarisys.fr for the report and gautier
for the patch.

Backport of 5e2c4a4bd1 from master
 2014-07-14 12:38:00 -03:00
Tim Graham
d29f3b9e87 [1.4.x] Fixed #22859 -- Improved crossDomain technique in CSRF example. 
Thanks flisky for the report.

Backport of 0be4d64487 from master
 2014-06-18 14:38:30 -04:00
Tim Graham
d39fcff11a [1.4.x] Minor edits to latest release notes. 
Backport of 860d31ac7a3bdd4b27db8b34b110b3d801ddaf8a from master
 2014-05-15 07:17:54 -04:00
Jacob Kaplan-Moss
37d6821d35 Bumped version numbers post-release. 2014-05-14 18:24:08 +02:00
Jacob Kaplan-Moss
53b98b5a7c Bumped version numbers for release. 1.4.13 2014-05-14 18:09:51 +02:00
Jacob Kaplan-Moss
fe5b3e36a2 Added release notes for 1.4.13. 2014-05-14 18:07:32 +02:00
Tim Graham
7feb54bbae [1.4.x] Added additional checks in is_safe_url to account for flexible parsing. 
This is a security fix. Disclosure following shortly.
 2014-05-12 09:46:40 -04:00
Aymeric Augustin
28e23306aa [1.4.x] Dropped fix_IE_for_vary/attach. 
This is a security fix. Disclosure following shortly.
 2014-05-12 09:46:22 -04:00
Tim Graham
e1812617cf [1.4.x] Added dates to release notes of today's release. 
Backport of 68d264059abb21b96c4fe68bf4d99520268a451c from master
 2014-04-28 19:07:51 -04:00
Tim Graham
48a4729cd7 [1.4.x] Post release version bump. 2014-04-28 19:03:36 -04:00
James Bennett
b1b680c8fe [1.4.x] Bump version numbers for 1.4.12 bugfix release. 1.4.12 2014-04-28 15:28:15 -05:00
Tim Graham
b91c385e32 [1.4.x] Fixed #22486 -- Restored the ability to reverse views created using functools.partial. 
Regression in 8b93b31.

Thanks rcoup for the report.

Backport of 3c06b2f2a3 from master
 2014-04-23 09:22:02 -04:00
Tim Graham
1edb163592 [1.4.x] Post release version bump. 2014-04-22 11:50:20 -04:00
James Bennett
194159ba44 [1.4.x] Bump version numbers for 1.4.11 security release. 1.4.11 2014-04-21 17:38:26 -05:00
Erik Romijn
8010908313 [1.4.x] Added information on resolved security issues to release notes. 
Backport of c07f3e60c2d455e36ba4ac339d4283d32bbc3814 from master
 2014-04-21 18:31:44 -04:00
Erik Romijn
aa80f498de [1.4.x] Fixed queries that may return unexpected results on MySQL due to typecasting. 
This is a security fix. Disclosure will follow shortly.

Backport of 75c0d4ea3ae48970f788c482ee0bd6b29a7f1307 from master
 2014-04-21 18:31:44 -04:00
Aymeric Augustin
1170f285dd [1.4.x] Prevented leaking the CSRF token through caching. 
This is a security fix. Disclosure will follow shortly.

Backport of c083e3815aec23b99833da710eea574e6f2e8566 from master
 2014-04-21 18:31:44 -04:00
Tim Graham
c1a8c420fe [1.4.x] Fixed a remote code execution vulnerabilty in URL reversing. 
Thanks Benjamin Bach for the report and initial patch.

This is a security fix; disclosure to follow shortly.

Backport of 8b93b31487d6d3b0fcbbd0498991ea0db9088054 from master
 2014-04-21 18:31:44 -04:00
Matt Lauber
ca3927dfb9 [1.4.x] Corrected the section identifier for MySQL unicode reference. 
Backport of b2514c02e1 from master
 2014-04-21 13:21:14 -04:00
Tim Graham
83420e70ef [1.4.x] Fixed random aggregation_regress test_more_more_more() failure 
The cause was assuming that an unordered queryset returns the values
always in the same order.

Backport of 33dd8f544205be923e2a06106909ebcd3583526b
 2014-04-19 13:01:52 -04:00
Tim Graham
f2a9f71565 [1.4.x] Updated six to 1.6.1. 
Backport of 2ec82c7387db071278201796208808de84c90dbf from master
 2014-03-24 07:35:13 -04:00
Claude Paroz
f108b1f7d7 [1.4.x] Clarified striptags documentation 
The fact that striptags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/

Partial backport (doc-only) of 6ca6c36f82 from master.
 2014-03-22 11:19:58 +01:00
Tim Graham
b8713ee69a [1.4.x] Fixed #21195 -- Clarifed usage of template_name in tutorial part 4. 
Backport of b66a51ad545ac726ef98966cbc35ee7aefdff8cd from master.
 2014-03-05 22:35:37 +01:00
Tim Graham
74181c0a2c [1.4.x] Added release note stub for 1.4.11. 
Backport of dfa28981ce from master.
 2014-01-26 17:50:12 -05:00
Tim Graham
257f8528b7 [1.4.x] Fixed #21823 -- Upgraded six to 1.5.2 
Backport of 780ae7e9f8 from master.
 2014-01-26 15:52:39 -05:00
Tim Graham
85057522bc [1.4.x] Fixed #21869 -- Fixed docs building with Sphinx 1.2.1. 
Thanks tragiclifestories for the report.

Backport of e1d18b9d2e from master
 2014-01-24 09:05:59 -05:00