Claude Paroz
4e7ed8d0d3
Fixed #24624 -- Replaced obsoleted rel.opts in admindocs view
...
Thanks Scott Sanders for the report, and Markus Holtermann and
Tim Graham for the reviews. Refs #24381 .
2015-04-11 15:29:02 +02:00
Adam Chainz
5564d0f2ee
Fixed #24560 -- Added a --dry-run mode to the createcachetable command.
2015-04-09 12:15:50 -04:00
Tim Graham
a10b4c010a
Fixed #24578 -- Fixed crash with QuerySet.update() on FK to O2O fields.
...
Thanks Anssi Kääriäinen for review.
2015-04-09 06:50:21 -04:00
Tim Graham
1273a7a0e8
Revert "Fixed #24474 -- Allowed configuring the admin's empty change list value."
...
This reverts commit 72f769f494
.
There are several test failures that need to be fixed.
2015-04-08 20:39:59 -04:00
Loek van Gent
72f769f494
Fixed #24474 -- Allowed configuring the admin's empty change list value.
2015-04-08 20:27:01 -04:00
Christopher Luc
e37d52bd5e
Fixed #22993 -- Deprecated skipIfCustomUser decorator
2015-04-07 09:45:32 -04:00
Patryk Zawadzki
0385dad073
Fixed #24513 -- Made sure a model is only rendered once during reloads
...
This also prevents state modifications from corrupting previous states.
Previously, when a model defining a relation was unregistered first,
clearing the cache would cause its related models' _meta to be cleared
and would result in the old models losing track of their relations.
2015-04-07 14:49:47 +02:00
Jon Dufresne
2cf58e80d1
Fixed #24584 -- Fixed microsecond handling with older MySQLdb
2015-04-06 22:43:51 +02:00
Marten Kenbeek
e8e4f978dd
Fixed #24278 -- Fixed serialization of migration operations.
...
Fixed MigrationWriter.serialize() to correctly handle migration
operations by utilizing OperationWriter.
Thanks Piotr Maliński for the report.
2015-04-05 20:26:21 +02:00
Claude Paroz
7a0d9b5cda
Fixed #24569 -- Made some translation functions accept None value
...
get_language() can return None when translations are deactivated.
Thanks Nicola Peduzzi for the reporti and Tim Graham for the review.
2015-04-04 10:54:16 +02:00
Claude Paroz
426b63ba04
Fixed #24571 -- Restored testserver positional arguments parsing
...
Thanks Domas Lapinskas for the report and Tim Graham for the
review.
2015-04-04 10:46:29 +02:00
Ian Lee
90c4c300a8
Fixed minor typo in Cryptography section of 1.8 release notes
2015-04-03 00:12:27 -07:00
Simon Charette
5bc3123479
Fixed #24558 -- Made dumpdata mapping ordering deterministic.
...
Thanks to gfairchild for the report and Claude for the review.
2015-04-02 15:21:43 -04:00
Baptiste Mispelon
30a3c2f74c
Fixed #24566 -- Added support for serializing timedelta
...
Thanks to knbk for the report.
2015-04-02 17:21:20 +02:00
Krzysztof Gogolewski
2350b78dab
Fixed typo in 1.9 release notes.
2015-04-01 19:00:50 -04:00
Tim Graham
1b605838bf
Added stub release notes for 1.8.1.
2015-04-01 16:08:15 -04:00
Tim Graham
61d6c5d02e
Added release date for Django 1.8.
2015-04-01 15:30:32 -04:00
Tim Graham
56286542db
Documented jinja2 install requirement.
2015-03-30 20:56:50 -04:00
Tim Graham
b86abbceb9
Fixed #24115 -- Allowed bcrypt hashers to upgrade passwords on rounds change.
...
Thanks Florian Apolloner for the review.
2015-03-30 18:52:59 -04:00
Andriy Sokolovskiy
e4cf8c8420
Fixed #24301 -- Added PostgreSQL-specific aggregate functions
2015-03-30 10:44:37 -04:00
Markus Holtermann
c5cc332bf2
Fixed #24550 -- Added migration operation description to sqlmigrate output
...
Thanks Tim Graham for the review.
2015-03-30 16:31:20 +02:00
Caroline Simpson
dc5b01ad05
Fixed #18773 -- Added logging for template variable resolving
...
Added a django.template logger without a default handler. Added
logging if there is an exception while resolving variables in a
template.
2015-03-27 19:19:48 -04:00
Tim Graham
0c91a419f8
Dropped support for PostgreSQL 9.0.
2015-03-27 12:10:55 -04:00
Bertrand Bordage
3e64f3d0fc
Fixed #24531 -- Improved CommaSeparatedIntegerField validation.
...
`','`, `'1,,1'`, `',1'` etc. are no longer considered as valid
comma-separated integer lists.
2015-03-25 18:49:59 -04:00
Alex Hill
720ff740e7
Fixed #24215 -- Refactored lazy model operations
...
This adds a new method, Apps.lazy_model_operation(), and a helper function,
lazy_related_operation(), which together supersede add_lazy_relation() and
make lazy model operations the responsibility of the App registry. This
system no longer uses the class_prepared signal.
2015-03-25 16:48:17 -04:00
Fabio Natali
cb506aed2a
Fixed #23814 -- Documented apps refactored out of Django.
2015-03-25 08:46:23 -04:00
Anssi Kääriäinen
8f30556329
Renamed Field.rel attribute to remote_field
...
Field.rel is now deprecated. Rel objects have now also remote_field
attribute. This means that self == self.remote_field.remote_field.
In addition, made the Rel objects a bit more like Field objects. Still,
marked ManyToManyFields as null=True.
2015-03-25 08:16:12 -04:00
Bas Peschier
b4382b7055
Fixed #16362 -- Allowed lookaround assertions in URL patterns.
2015-03-23 09:00:07 -04:00
Jon Dufresne
966a29c2b8
Fixed #24479 -- Added system check to prevent both ordering and order_wrt.
2015-03-21 08:16:28 -04:00
Moritz Sichert
6bb2175ed6
Fixed #22106 -- Allowed using more than one instance of javascript_catalog per project.
2015-03-20 17:27:41 -04:00
Loek van Gent
d898ba1bec
Fixed #24419 -- Added sendtestemail management command
2015-03-20 12:03:50 -04:00
Loek van Gent
35b3158d52
Fixed #24417 -- Added ModelAdmin.get_list_select_related()
2015-03-19 08:52:28 -04:00
Tim Graham
e40581870a
Added today's security issues to archive.
2015-03-18 20:36:50 -04:00
Tim Graham
011a54315e
Made is_safe_url() reject URLs that start with control characters.
...
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Tim Graham
1c83fc88d6
Fixed an infinite loop possibility in strip_tags().
...
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Tim Graham
9ddfe9b301
Added stub release notes for security releases.
2015-03-18 19:20:07 -04:00
Karl Hobley
81e1a35c36
Fixed #24495 -- Allowed unsaved model instance assignment check to be bypassed.
2015-03-18 19:00:09 -04:00
Claude Paroz
a0c2eb46dd
Fixed #23960 -- Removed http.fix_location_header
...
Thanks Carl Meyer for the report and Tim Graham for the review.
2015-03-18 18:22:50 +01:00
Tim Graham
c5c8751147
Refs #24487 -- Added upgrade tips about removal of SortedDict.
...
Thanks Pascal Chambon for the initial patch.
2015-03-17 13:41:11 -04:00
Andriy Sokolovskiy
81c2d9f60b
Fixed #15579 -- Added ability to delete only child models in multi-table inheritance.
2015-03-17 08:33:16 -04:00
Daniel Wiesmann
f269c1d6f6
Added write support for GDALRaster
...
- Instantiation of GDALRaster instances from dict or json data.
- Retrieve and write pixel values in GDALBand objects.
- Support for the GDALFlushCache in gdal C prototypes
- Added private flush method to GDALRaster to make sure all
data is written to files when file-based rasters are changed.
- Replaced ``ptr`` with ``_ptr`` for internal ptr variable
Refs #23804 . Thanks Claude Paroz and Tim Graham for the reviews.
2015-03-16 19:37:43 +01:00
John Giannelos
8758a63ddb
Fixed #24427 -- Stopped writing migration files in dry run mode when merging.
...
Also added display of migration to stdout when verbosity=3.
2015-03-16 14:04:37 -04:00
Preston Timmons
388e79e9fc
Fixed #24493 -- Added BaseContext.setdefault()
2015-03-16 13:13:02 -04:00
Thomas Tanner
28986da4ca
Fixed #5986 -- Added ability to customize order of Form fields
2015-03-16 09:12:57 -04:00
Steven Das
4f494ed0c6
Added comma to improve readability in 1.7 release notes.
2015-03-16 08:15:17 -04:00
Tomáš Ehrlich
8414fcf16b
Fixes #23643 -- Added chained exception details to debug view.
2015-03-14 16:08:23 -04:00
Matthew Wilkes
ae87ad005f
Refs #24354 -- Prevented repointing of relations on superclasses when migrating a subclass's name change
...
Forwardport of test and release note from stable/1.7.x
2015-03-14 15:37:40 -04:00
Berker Peksag
34fb909180
Fixed #12982 -- Added a get_or_set() method to the BaseCache backend.
2015-03-14 20:07:16 +02:00
Claude Paroz
aa5ab114e3
Fixed #24122 -- Redirected to translated url after setting language
...
Thanks gbdlin for the initial patch and Tim Graham for the review.
2015-03-13 16:46:40 +01:00
Jon Dufresne
d861f95c44
Fixed #24139 -- Changed HttpResponse.reason_phrase to evaluate based on status_code.
2015-03-12 20:18:06 -04:00
Tim Graham
e4a578e70e
Fixed #24226 -- Changed admin EMPTY_CHANGELIST_VALUE from (None) to -
2015-03-12 09:40:56 -04:00
Tim Graham
0cb6a85f5e
Added yesterday's security issue to archive.
2015-03-10 11:01:18 -04:00
Tim Graham
ea9157f681
Added stub release notes for 1.7.7.
2015-03-09 13:09:39 -04:00
Baptiste Mispelon
82c9169077
Refs #24461 -- Added test/release notes for XSS issue in ModelAdmin.readonly_fields
...
This issue was fixed by refs #24464 .
2015-03-09 10:12:21 -04:00
Tim Graham
300fdbbebb
Clarified an item in 1.7.6 release notes.
2015-03-09 10:06:18 -04:00
Erik Romijn
fa350e2f30
Fixed #24464 -- Made built-in HTML template filter functions escape their input by default.
...
This may cause some backwards compatibility issues, but may also
resolve security issues in third party projects that fail to heed warnings
in our documentation.
Thanks Markus Holtermann for help with tests and docs.
2015-03-09 09:29:58 -04:00
Tim Graham
9eab328444
Forwardported 1.7.6 release note.
2015-03-07 08:12:44 -05:00
Jean-Louis Fuchs
f4f0060fea
Fixed #24447 -- Made migrations add FK constraints for existing columns
...
When altering from e.g. an IntegerField to a ForeignKey, Django didn't
add a constraint.
2015-03-07 14:09:56 +01:00
Tim Graham
c36b60836b
Fixed #24451 -- Deprecated comma-separated {% cycle %} syntax.
2015-03-07 07:42:39 -05:00
Grzegorz Slusarek
668d53cd12
Fixed #21495 -- Added settings.CSRF_HEADER_NAME
2015-03-05 15:03:40 -05:00
Tim Graham
d61ebc8fed
Fixed #19538 -- Removed window.__admin_media_prefix__ from admin templates.
2015-03-05 06:44:16 -05:00
Preston Timmons
70123cf084
Fixed #24399 -- Made filesystem loaders use more specific exceptions.
2015-03-03 21:20:46 +01:00
Tim Graham
71820721a1
Added stub release notes for 1.7.6.
2015-02-25 09:11:19 -05:00
Tim Graham
aca73737da
Added release date for 1.7.5 release.
2015-02-25 08:47:11 -05:00
Tim Graham
d298b1ba50
Reverted "Fixed #24325 -- Documented change in ModelForm.save() foreign key access."
...
This reverts commit 0af3822dc3
.
It's obsoleted by refs #24395 .
2015-02-24 11:50:21 -05:00
Kenneth Kam
e83aba0e2c
Fixed #23762 -- clarified CACHE_MIDDLEWARE_ANONYMOUS_ONLY deprecation in docs
2015-02-23 09:23:07 -05:00
Emin Mastizada
dda2a3cf4c
Added formats for the Azerbaijani locale.
2015-02-23 07:37:13 -05:00
Michael Manfre
7fa7dd48c4
Fixed signature of BaseDatabaseOperations.date_interval_sql() and document the change.
2015-02-22 23:23:16 -05:00
Sean Wang
eba6dff581
Fixed #24358 -- Corrected code-block directives for console sessions.
2015-02-22 09:35:39 -05:00
Loic Bistuer
bed504d70b
Fixed #24351 , #24346 -- Changed the signature of allow_migrate().
...
The new signature enables better support for routing RunPython and
RunSQL operations, especially w.r.t. reusable and third-party apps.
This commit also takes advantage of the deprecation cycle for the old
signature to remove the backward incompatibility introduced in #22583 ;
RunPython and RunSQL won't call allow_migrate() when when the router
has the old signature.
Thanks Aymeric Augustin and Tim Graham for helping shape up the patch.
Refs 22583.
2015-02-20 21:34:09 +07:00
Tim Graham
dd0b487872
Fixed typo in path to is_safe_url()
2015-02-20 09:21:39 -05:00
Tim Graham
3adc5f1ee6
Fixed #24335 -- Bumped required psycopg2 version to 2.4.5 (2.5 for contrib.postgres).
2015-02-16 18:07:27 -05:00
Aymeric Augustin
15b711b5ee
Deprecated TEMPLATE_DEBUG setting.
2015-02-15 20:47:04 +01:00
Aymeric Augustin
76356d963c
Fixed #24318 -- Set the transaction isolation level with psycopg >= 2.4.2.
2015-02-14 18:51:11 +01:00
Tim Graham
0af3822dc3
Fixed #24325 -- Documented change in ModelForm.save() foreign key access.
2015-02-14 08:08:05 -05:00
Claude Paroz
1791a7e75a
Fixed #15779 -- Allowed 'add' primary key in admin edition
...
Thanks Marwan Alsabbagh for the report, and Simon Charette and
Tim Graham for the reviews.
2015-02-14 11:19:55 +01:00
Markus Holtermann
f287bec583
Fixed #24184 -- Prevented automatic soft-apply of migrations
...
Previously Django only checked for the table name in CreateModel
operations in initial migrations and faked the migration automatically.
This led to various errors and unexpected behavior. The newly introduced
--fake-initial flag to the migrate command must be passed to get the
same behavior again. With this change Django will bail out in with a
"duplicate relation / table" error instead.
Thanks Carl Meyer and Tim Graham for the documentation update, report
and review.
2015-02-13 14:29:59 +01:00
Loic Bistuer
00a889167f
Fixed #24295 -- Allowed ModelForm meta to specify form field classes.
...
Thanks Carl Meyer and Markus Holtermann for the reviews.
2015-02-13 19:13:05 +07:00
Tim Graham
e8cf4f8abe
Fixed #24332 -- Fixed contrib.sites create_default_site() when 'default' DATABASES is empty.
2015-02-13 07:01:28 -05:00
Tim Graham
a93c5fb2bf
Forwardported item in 1.7.5 release notes.
2015-02-12 14:05:52 -05:00
Josh Smeaton
1fbe8a2de3
Fixed #24200 -- Made introspection bypass statement cache
2015-02-10 23:24:34 +02:00
Markus Holtermann
2832a9b028
Revert "Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth"
...
This reverts commit 737d24923a
.
2015-02-07 20:14:49 +01:00
Loic Bistuer
71ada3a8e6
Fixed #6707 -- Added RelatedManager.set() and made descriptors' __set__ use it.
...
Thanks Anssi Kääriäinen, Carl Meyer, Collin Anderson, and Tim Graham for the reviews.
2015-02-05 12:45:08 +07:00
Preston Timmons
5bc5ddd8b5
Fixed #24235 -- Removed is_usable attribute from template loaders.
2015-02-04 07:47:28 -05:00
darkryder
9ec8aa5e5d
Fixed #24149 -- Normalized tuple settings to lists.
2015-02-03 14:59:45 -05:00
Preston Timmons
cd4282816d
Fixed #18651 -- Enabled optional assignments for simple_tag().
2015-02-03 10:44:33 -05:00
Anssi Kääriäinen
8adc59038c
Fixed #23617 -- Added get_pk_value_on_save()
...
The method is mainly intended for use with UUIDField. For UUIDField we
want to call the field's default even when primary key value is
explicitly set to None to match the behavior of AutoField.
Thanks to Marc Tamlyn and Tim Graham for review.
2015-02-03 09:23:44 -05:00
Tim Graham
75303b01a9
Fixed #24245 -- Added introspection for database defaults.
...
Needed for tests for migrations handling of database defaults.
2015-01-31 12:33:11 -05:00
Tim Graham
888054bff7
Fixed #24208 -- Documented changes in private model relations.
2015-01-31 11:01:55 -05:00
Claude Paroz
a0b5f15ea5
Fixed #14483 -- Allowed using subqueries with GIS lookups
2015-01-30 20:27:18 +01:00
Loic Bistuer
4c3bfe9053
Fixed #24211 -- Removed ValuesQuerySet() and ValuesListQuerySet().
...
Thanks Anssi Kääriäinen, Marc Tamlyn, and Tim Graham for the reviews.
2015-01-30 22:02:58 +07:00
Tim Graham
29c0073335
Fixed #24164 -- Fixed Oracle GIS limited aggregation test failure.
2015-01-30 06:28:47 -05:00
Jon Dufresne
24b2bc635e
Fixed #24137 -- Switched to HTTP reason phrases from Python stdlib.
2015-01-28 06:59:40 -05:00
Tim Graham
ac6033d883
Added stub 1.7.5 release notes.
2015-01-28 06:38:31 -05:00
Loic Bistuer
332139d23d
Fixed typo in docs. Thanks Berker.
2015-01-28 01:50:05 +07:00
Markus Holtermann
335df82a3f
Corrected naming of method and attribute
2015-01-27 19:45:52 +01:00
Tim Graham
6f8418089c
Added 1.4.19 release notes.
2015-01-27 11:48:04 -05:00
Loic Bistuer
728b6fd9ca
Fixed #24219 -- Moved SelectDateWidget together with the other widgets
...
and deprecated django.forms.extras.
Thanks Berker Peksag and Tim Graham for the reviews.
2015-01-27 22:40:02 +07:00
Markus Holtermann
da224d6be0
Refs #24104 -- Added missing release notes
...
Forwardport of 3d4a826174
from stable/1.7.x
2015-01-27 15:35:34 +01:00
seanwestfall
7a90b53d60
Fixed #24053 -- Removed admin CSS & images for IE6 & 7.
2015-01-27 07:48:11 -05:00
Josh Smeaton
e77c1bc181
Refs #24154 -- Added deprecation release notes
2015-01-27 15:30:59 +11:00
Florian Apolloner
16ee52d21d
Fixed #24205 -- Deprecated Signal.disconnect weak parameter.
2015-01-23 14:37:12 -05:00
Claude Paroz
f8e4e4a935
Fixed warning leak in static.serve() test
...
Partial forward port of b1bf8d64fb
from 1.7.x. Refs #24193 .
2015-01-23 09:09:48 +01:00
Fabio C. Barrionuevo da Luz
bd691f4586
Fixed #24177 -- Added documentation about database view support in inspectdb
2015-01-20 01:07:34 +01:00
Tim Graham
33457cd3b0
Removed IPAddressField per deprecation timeline; refs #20439 .
2015-01-19 11:12:57 -05:00
Markus Holtermann
5792e6a88c
Fixed #24163 -- Removed unique constraint after index on MySQL
...
Thanks Łukasz Harasimowicz for the report.
2015-01-19 16:52:26 +01:00
Tim Graham
8e435a5640
Added deprecation docs for legacy lookup support; refs #16187 .
2015-01-19 09:42:26 -05:00
Tim Graham
840f2bfae6
Copied additional items from deprecation timeline to 1.9 release notes.
2015-01-18 21:57:38 -05:00
Tim Graham
ecf109f215
Added missing items to deprecation timeline/1.7 release notes.
2015-01-18 21:23:06 -05:00
Tim Graham
89e9f81601
Clarified deprecation of forms.forms.get_declared_fields(); refs #19617 .
2015-01-18 16:06:56 -05:00
Tim Graham
7e8cf74dc7
Removed support for syncing apps without migrations per deprecation timeline.
...
Kept support for creating models without migrations when running tests
(especially for Django's test suite).
2015-01-18 15:58:06 -05:00
Tim Graham
7468c948b6
Clarified deprecation of test.utils.TestTemplateLoader.
2015-01-18 14:18:53 -05:00
Tim Graham
ba27f89587
Clarified a contrib.sites deprecation and added to 1.7 release notes.
2015-01-18 13:33:19 -05:00
Tim Graham
d029fafea1
Removed utils.module_loading.import_by_path() per deprecation timeline; refs #21674 .
2015-01-18 12:51:15 -05:00
Tim Graham
20e4e8fc79
Added removal of check management command to deprecation timeline.
2015-01-17 19:14:44 -05:00
Tim Graham
0622bca5d1
Removed the validate management command per deprecation timeline.
2015-01-17 19:12:03 -05:00
Tim Graham
4aa089a9a9
Removed support for custom SQL per deprecation timeline.
2015-01-17 10:16:06 -05:00
Collin Anderson
a420f83e7d
Fixed #24055 -- Keep reference to view class for resolve()
2015-01-17 22:09:10 +07:00
Tim Graham
d038c547b5
Removed django.core.cache.get_cache() per deprecation timeline; refs #21012 .
2015-01-17 09:55:18 -05:00
Tim Graham
f6463bb380
Removed the syncdb command per deprecation timeline.
2015-01-17 09:20:12 -05:00
Tim Graham
f4f24d30e0
Removed pre_syncdb and post_syncdb signals per deprecation timeline.
2015-01-17 09:07:00 -05:00
Tim Graham
c820892eed
Removed django.utils.datastructures.SortedDict per deprecation timeline.
2015-01-17 08:40:23 -05:00
Tim Graham
41f0d3d3bc
Removed FastCGI support per deprecation timeline; refs #20766 .
2015-01-17 08:32:31 -05:00
Tim Graham
c51258882b
Increased the default PBKDF2 iterations.
2015-01-16 19:27:10 -05:00
Tim Graham
3fe3bddc28
Added stub release notes for Django 1.9.
2015-01-16 18:00:45 -05:00
Jannis Leidel
a17724b791
Fixed the length of a headline in the 1.8 release notes.
...
This broke the website design in the sidebar because the line could not be wrapped.
2015-01-16 21:29:28 +01:00
Tim Graham
8e8daf7c9b
Removed empty sections in 1.8 minor features.
2015-01-16 14:41:05 -05:00
Claude Paroz
b4ac232907
Fixed #24099 -- Removed contenttype.name deprecated field
...
This finsishes the work started on #16803 .
Thanks Simon Charette, Tim Graham and Collin Anderson for the
reviews.
2015-01-16 20:21:34 +01:00
Claude Paroz
a79e6b6717
Fixed #24152 -- Deprecated GeoQuerySet aggregate methods
...
Thanks Josh Smeaton and Tim Graham for the reviews.
2015-01-16 19:53:02 +01:00
Tim Graham
28db4af80a
Fixed #24135 -- Made RenameModel rename many-to-many tables.
...
Thanks Simon and Markus for reviews.
2015-01-15 20:34:33 -05:00
Tim Graham
28308078f3
Fixed #22603 -- Reorganized classes in django.db.backends.
2015-01-14 14:16:20 -05:00
Markus Holtermann
737d24923a
Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth
...
Thanks Florian Apolloner for the report and Claude Paroz and Tim Graham for the review and help on the patch.
2015-01-14 19:59:39 +01:00
Tim Graham
ec7ef5afbb
Added stub release notes for 1.7.4.
2015-01-14 09:47:29 -05:00
Tim Graham
1913c1ac21
Added today's security issues to the archive.
2015-01-13 14:44:08 -05:00
Tim Graham
7ecd654497
Removed blank lines from docs/releases/security.txt
2015-01-13 14:37:30 -05:00
Tim Graham
cbbe6a6abb
Added dates to release notes.
2015-01-13 13:08:57 -05:00
Tim Graham
baf2542c4f
Fixed DoS possibility in ModelMultipleChoiceField.
...
This is a security fix. Disclosure following shortly.
Thanks Keryn Knight for the report and initial patch.
2015-01-13 13:03:06 -05:00
Tim Graham
a3bebfdc34
Ensured views.static.serve() doesn't use large memory on large files.
...
This issue was fixed in master by refs #24072 .
2015-01-13 13:03:06 -05:00
Tim Graham
69b5e66738
Fixed is_safe_url() to handle leading whitespace.
...
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Carl Meyer
316b8d4974
Stripped headers containing underscores to prevent spoofing in WSGI environ.
...
This is a security fix. Disclosure following shortly.
Thanks to Jedediah Smith for the report.
2015-01-13 13:03:05 -05:00
Tim Graham
958aeda4b5
Added stub release notes for security releases.
2015-01-13 13:03:05 -05:00
Michał Modzelewski
65246de7b1
Fixed #24031 -- Added CASE expressions to the ORM.
2015-01-12 18:15:34 -05:00
Tim Graham
5d7217dce3
Fixed typo in docs/release/1.8.txt & added word for spelling check.
2015-01-12 17:53:32 -05:00
Josh Smeaton
21b858cb67
Fixed #24060 -- Added OrderBy Expressions
2015-01-13 09:39:55 +11:00
Claude Paroz
f48e2258a9
Fixed #24133 -- Replaced formatting syntax in success_url placeholders
...
Thanks Laurent Payot for the report, and Markus Holtermann, Tim Graham
for the reviews.
2015-01-12 22:51:22 +01:00
Aymeric Augustin
79deb6a071
Accounted for multiple template engines in template responses.
2015-01-12 21:01:34 +01:00
Aymeric Augustin
a3e783fe11
Deprecated passing a Context to a generic Template.render.
...
A deprecation path is required because the return type of
django.template.loader.get_template changed during the
multiple template engines refactor.
test_csrf_token_in_404 was incorrect: it tested the case when the
hardcoded template was rendered, and that template doesn't depend on the
CSRF token. This commit makes it test the case when a custom template is
rendered.
2015-01-12 21:01:34 +01:00
Pavel Shpilev
a7c256cb54
Fixed #9893 -- Allowed using a field's max_length in the Storage.
2015-01-12 09:09:18 -05:00
Marc Tamlyn
b5c1a85b50
Fixed #24118 -- Added --debug-sql option for tests.
...
Added a --debug-sql option for tests and runtests.py which outputs the
SQL logger for failing tests. When combined with --verbosity=2, it also
outputs the SQL for passing tests.
Thanks to Berker, Tim, Markus, Shai, Josh and Anssi for review and
discussion.
2015-01-12 08:16:08 +00:00
Ola Sitarska
d563e3be68
Fixed #23913 -- Deprecated the =
comparison in if
template tag.
2015-01-11 15:21:01 -05:00