0
0
mirror of https://github.com/django/django.git synced 2024-11-29 14:46:18 +01:00
Commit Graph

13855 Commits

Author SHA1 Message Date
Aymeric Augustin
35c991aa06 Added a default limit to the maximum number of forms in a formset.
This is a security fix. Disclosure and advisory coming shortly.
2013-02-19 11:23:30 -07:00
Carl Meyer
1f39eafd60 Checked object permissions on admin history view.
This is a security fix. Disclosure and advisory coming shortly.

Patch by Russell Keith-Magee.
2013-02-19 11:23:30 -07:00
Carl Meyer
c6d69c12ea Restrict the XML deserializer to prevent network and entity-expansion DoS attacks.
This is a security fix. Disclosure and advisory coming shortly.
2013-02-19 11:23:30 -07:00
Carl Meyer
d51fb74360 Added a new required ALLOWED_HOSTS setting for HTTP host header validation.
This is a security fix; disclosure and advisory coming shortly.
2013-02-19 11:23:29 -07:00
Tim Graham
1add79bc40 Fixed #19852 - Updated admin fieldset example for consistency.
Thanks chris.freeman.pdx@ for the suggestion.
2013-02-19 12:44:19 -05:00
Tim Graham
00031b73bd Updated a couple admonitions to use the warning directive. 2013-02-19 11:31:41 -05:00
Tim Graham
efa300088f Fixed #18789 - Fixed some text wrap issues with methods in the docs.
Thanks neixetis@ for the report.
2013-02-19 10:25:26 -05:00
Aymeric Augustin
ebabd77291 Ensured a connection is established when checking the database version.
Fixed a test broken by 21765c0a. Refs #18135.
2013-02-19 10:51:24 +01:00
Aymeric Augustin
9a3988ca5a Implemented Oracle version as a cached property. 2013-02-19 10:50:22 +01:00
Anssi Kääriäinen
4b9fa49bc0 Avoided related_name conflicts in tests 2013-02-19 03:13:13 +02:00
Anssi Kääriäinen
607772b942 Removed accidentally committed file 2013-02-19 01:55:40 +02:00
Florian Hahn
3e71368423 Fixed #10870 -- Added aggreation + generic reverse relation test 2013-02-19 01:42:02 +02:00
Anssi Kääriäinen
b4492a8ca4 Fixed #19837 -- Refactored split_exclude() join generation
The refactoring mainly concentrates on making sure the inner and outer
query agree about the split position. The split position is where the
multijoin happens, and thus the split position also determines the
columns used in the "WHERE col1 IN (SELECT col2 from ...)" condition.

This commit fixes a regression caused by #10790 and commit
69597e5bcc. The regression was caused
by wrong cols in the split position.
2013-02-19 01:10:49 +02:00
Aymeric Augustin
ffcfb19f47 Added required methods in BaseDatabaseWrapper.
I should have included this in 29628e0b6e.
2013-02-18 22:51:56 +01:00
Aymeric Augustin
21765c0a6c Implemented PostgreSQL version as a cached property. 2013-02-18 22:49:59 +01:00
Aymeric Augustin
7b8529d206 Removed duplicate caching of mysql_version.
The manual caching in self.server_version and the cached_property
decorator are redundant.
2013-02-18 22:13:05 +01:00
Aymeric Augustin
282b2f40cd Fixed #15119 -- Stopped pinging the MySQL server. 2013-02-18 22:12:19 +01:00
Aymeric Augustin
aea98e8c53 Simplified MySQL version checking.
Django used to check the version of MySQL before handling the first
request, which required:
- opening a connection
- closing it, to avoid holding it idle until the first request.

This code isn't necessary any longer since Django dropped support for
some versions of MySQL, and other database backends don't implement a
similar dance. For consistency and maintenability, remove it.

Reverts 4423757c0c.

Closes #18135.
2013-02-18 21:46:26 +01:00
Aymeric Augustin
29628e0b6e Factored out common code in database backends. 2013-02-18 17:19:09 +01:00
Tim Graham
64d0f89ab1 Fixed #19717 - Removed mentions of "root QuerySet" in docs.
Thanks julien.aubert.mail@ for the report and James Pic for the patch.
2013-02-18 09:35:22 -05:00
Aymeric Augustin
92837ae569 Avoided firing the request_finished signal in tests.
* Avoided calling BaseHttpResponse.close(). The test client take care of
  that since acc5396e.
* Disconnected the request_finished signal when this method must be
  called. The test client has a similar implementation since bacb097a.
2013-02-18 14:32:45 +01:00
Aymeric Augustin
09ca010768 Removed an unecessary function.
It was introduced by the refactoring in 5a4e63e6 and made redundant by
the refactoring in 18934677.
2013-02-18 11:38:21 +01:00
Claude Paroz
5ec0405a09 Fixed #19839 -- Isolated auth tests from customized TEMPLATE_LOADERS
Thanks limscoder for the report.
2013-02-18 09:22:25 +01:00
Simon Meers
9c2066d567 Corrected INSTALLED_APPS syntax in 1.5 release notes. 2013-02-18 00:33:29 +11:00
Tim Graham
218bbef0c4 Fixed #19824 - Corrected the class described for Field.primary_key from IntegerField to AutoField.
Thanks Keryn Knight.
2013-02-16 18:31:54 -05:00
Tim Graham
7a80904b00 Fixed #19812 - Removed a duplicate phrase in the widget docs.
Thanks diegueus9 for the report and itsallvoodoo for the draft patch.
2013-02-16 18:23:39 -05:00
Tim Graham
a7358586e9 Merge pull request #730 from phantummm/ticket_19719
Fixed #19719 - Removed misleading example from ModelForm documentation
2013-02-16 15:05:04 -08:00
Alex Hunley
976dc07baf Removed a misleading examples from documentations ala ticket #19719 2013-02-16 14:30:55 -05:00
Claude Paroz
632361611c Fixed #19833 -- Fixed import parameter encoding in get_runner
Thanks Danilo Bargen for the report.
2013-02-16 13:31:13 +01:00
Aymeric Augustin
e74e207cce Fixed #17260 -- Added time zone aware aggregation and lookups.
Thanks Carl Meyer for the review.

Squashed commit of the following:

commit 4f290bdb60
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Wed Feb 13 21:21:30 2013 +0100

    Used '0:00' instead of 'UTC' which doesn't always exist in Oracle.

    Thanks Ian Kelly for the suggestion.

commit 01b6366f3c
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Wed Feb 13 13:38:43 2013 +0100

    Made tzname a parameter of datetime_extract/trunc_sql.

    This is required to work around a bug in Oracle.

commit 924a144ef8
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Wed Feb 13 14:47:44 2013 +0100

    Added support for parameters in SELECT clauses.

commit b4351d2890
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Mon Feb 11 22:30:22 2013 +0100

    Documented backwards incompatibilities in the two previous commits.

commit 91ef84713c
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Mon Feb 11 09:42:31 2013 +0100

    Used QuerySet.datetimes for the admin's date_hierarchy.

commit 0d0de288a5
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Mon Feb 11 09:29:38 2013 +0100

    Used QuerySet.datetimes in date-based generic views.

commit 9c0859ff7c
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 21:43:25 2013 +0100

    Implemented QuerySet.datetimes on Oracle.

commit 68ab511a4f
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 21:43:14 2013 +0100

    Implemented QuerySet.datetimes on MySQL.

commit 22d52681d3
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 21:42:29 2013 +0100

    Implemented QuerySet.datetimes on SQLite.

commit f6800fd04c
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 21:43:03 2013 +0100

    Implemented QuerySet.datetimes on PostgreSQL.

commit 0c829c23f4
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 21:41:08 2013 +0100

    Added datetime-handling infrastructure in the ORM layers.

commit 104d82a777
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Mon Feb 11 10:05:55 2013 +0100

    Updated null_queries tests to avoid clashing with the __second lookup.

commit c01bbb3235
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 23:07:41 2013 +0100

    Updated tests of .dates().

    Replaced .dates() by .datetimes() for DateTimeFields.
    Replaced dates with datetimes in the expected output for DateFields.

commit 50fb7a5246
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 21:40:09 2013 +0100

    Updated and added tests for QuerySet.datetimes.

commit a8451a5004
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 22:34:46 2013 +0100

    Documented the new time lookups and updated the date lookups.

commit 29413eab2b
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Feb 10 16:15:49 2013 +0100

    Documented QuerySet.datetimes and updated QuerySet.dates.
2013-02-16 09:19:04 +01:00
Russell Keith-Magee
91c26eadc9 Refs #14881 -- Document that User models need to have an integer primary key.
Thanks to Kaloian Minkov for the reminder about this undocumented requirement.
2013-02-16 10:21:05 +08:00
Claude Paroz
87854b0bdf Fixed geos test to prevent random failure
Points in the test fixtures have 20 as max coordinate.
2013-02-15 20:13:36 +01:00
Claude Paroz
35185495e3 Fixed #17066 -- Prevented TypeError in GeoIP.__del__
When garbaging GeoIP instances, it happens that GeoIP_delete is
already None.
Thanks mitar for the report and stefanw for tests.
2013-02-15 17:12:14 +01:00
Claude Paroz
b19d83fc12 Improved input sanitizing with thousand separators
For languages with non-breaking space as thousand separator,
standard space input should also be allowed, as few people know
how to enter non-breaking space on keyboards. Refs #17217.
Thanks Alexey Boriskin for the report and initial patch.
2013-02-15 16:37:52 +01:00
Claude Paroz
a8d1421dd9 Avoided unneeded assertion on Python 3
Fixes failure introduced in 02e5909f7a.
2013-02-15 16:09:31 +01:00
Claude Paroz
02e5909f7a Fixed #19807 -- Sanitized getpass input in createsuperuser
Python 2 getpass on Windows doesn't accept unicode, even when
containing only ascii chars.
Thanks Semmel for the report and tests.
2013-02-15 15:44:27 +01:00
Claude Paroz
dcf8cd30ae Updated FormattingTests test case to use settings contexts 2013-02-15 09:37:12 +01:00
Julien Phalip
400fba9ca8 Merge pull request #728 from jphalip/ticket-19829
Fixed #19829 -- Fixed index lookups for NumPy arrays in templates.
2013-02-15 00:12:45 -08:00
Alexey Boriskin
b8061397ea Put unicode_literals into all formats.py 2013-02-15 09:02:44 +01:00
Julien Phalip
7d5e35cdb4 Fixed #19829 -- Fixed index lookups for NumPy arrays in templates. 2013-02-14 23:29:15 -08:00
Russell Keith-Magee
f5e4a699ca Fixed #19822 -- Added validation for uniqueness on USERNAME_FIELD on custom User models.
Thanks to Claude Peroz for the draft patch.
2013-02-15 09:00:55 +08:00
Ramiro Morales
f179a5198e Fix filtering during collection of paths in setup.py
Thanks Marek Brzóska for the report.
2013-02-14 20:29:21 -03:00
Claude Paroz
668d0b8d49 Fixed #19823 -- Fixed memcached code example in cache docs 2013-02-14 11:23:52 +01:00
Michael van Tellingen
138de533ff Fixed #19819 - Improved template filter errors handling.
Wrap the Parser.compile_filter method call with a try/except and call the
newly added Parser.compile_filter_error(). Overwrite this method in the
DebugParser to throw the correct error.

Since this error was otherwise catched by the compile_function try/except
block the debugger highlighted the wrong line.
2013-02-14 10:22:59 +01:00
Claude Paroz
f1029b308f Fixed a misnamed variable introduced in commit 142ec8b283
Refs #8404.
2013-02-14 08:33:10 +01:00
Claude Paroz
142ec8b283 Fixed #8404 -- Isolated auth password-related tests from custom templates 2013-02-13 23:11:49 +01:00
Claude Paroz
ac4faa6dc3 Fixed #19693 -- Made truncatewords_html handle self-closing tags
Thanks sneawo for the report and Jonathan Loy for the patch.
2013-02-13 18:24:49 +01:00
Hiroki Kiyohara
e94f405d94 Fixed #18558 -- Added url property to HttpResponseRedirect*
Thanks coolRR for the report.
2013-02-13 10:29:32 +01:00
Carl Meyer
3a002db6f1 Fix admindocs on Python 3, where None cannot be sorted with strings.
This fixes two tests in admin_views which were failing on Python 3, but only if
the tests were run with docutils installed.
2013-02-12 17:10:36 -07:00
Anssi Kääriäinen
fafee74306 Removed try-except in django.db.close_connection()
The reason was that the except clause needed to remove a connection
from the django.db.connections dict, but other parts of Django do not
expect this to happen. In addition the except clause was silently
swallowing the exception messages.

Refs #19707, special thanks to Carl Meyer for pointing out that this
approach should be taken.
2013-02-13 00:25:09 +02:00