All other model attribute settings in Wagtail use lists now. This commit changes the api_fields docs to use a list as well.
Both list and tuple work, but list is now the recommended option
When decorate_urlpatterns apply a decorator to a view function it lost spec names, docs, and the module where it was imported, making it uneasy to inspect when debugging (Like getting the name view and docs when using django-debug-toolbar)
Using functools.update_wrapper it updates the resulting function to look like the original wrapped view function.
Without the use of this decorator factory, the name of the wrapped view function would have been 'decorated_view'.
If the developer had overridden MESSAGE_TAGS in their site, Wagtail
messages used these classes in the admin. This caused the messages to
lose their styles.
Wagtail now ignores the MESSAGE_TAGS setting, using the default classes
defined in `django.contrib.messages.constants.LEVEL_TAGS`.
Fixes #2551
Concatinating with settings.STATIC_URL is no longer reccomended for creating
URLs to static resources, because it doesn't take the configured storage engine
into account. For example, a site using S3 to store its static files will need
static URLs that link out to S3, rather than relative URLs within the same
domain.
I replaced it with django.contrib.staticfiles.templatetags.staticfiles.static()
in python example code, and the {% static %} tag in template examples.
Most of the samples were already 4-space indented, but a few were using 2-space,
which is both inconsistent and, when it happened with Python code samples,
incompatible with PEP8.
You get a lexer error from the document builder if you use "code-block:: json",
and the json-style highlighting ends up not being applied. So I switched it to
"code-block:: text".
Switching explorer from position absolute to position fixed.
I did it in a pure CSS way but it would be good to be able to modify jquery.dlmenu.js line 213 to avoid it adding automatically a CSS property top on the element.
Make collection field on document chooser upload respect user permissions
failing test for #2511 for image uploader
Make collection field on image chooser upload respect user permissions
The "icon-" prefix is automatically added in SettingMenuItem.
Using "icon-placeholder" as suggested would thus result in
the CSS class "icon-icon-placeholder".
Making developers opt out of extra security is better than making them
opt in, especially when they may not be aware of the security they are
missing out on.
Fixes #2369
The static() function was being called during app load which caused a crash when the user is using STATICFILES_STORAGE=ManifestStaticFilesStorage, DEBUG=False and haven't yet collected static files.
I've moved it into a property and it's now only called when a view is being rendered. This also is more consistent because we usually set media using properties (and so does Django admin).
In Django 1.9+ if you do not add: 'builtins': ['overextends.templatetags.overextends_tags'], to your TEMPLATES section you will receive a TemplateSyntaxError when the overextends template files are rendered: "Invalid block tag on line". Including 'builtins': ['overextends.templatetags.overextends_tags'], per the overextends docs (and experience) resolves this error.
https://github.com/stephenmcd/django-overextends
Indexed.search_fields used to be a tuple. This is incorrect, and it
should have been a list. Changing it to be a list now would be a
backwards incompatible change, as people do
search_fields = Page.search_fields + (
SearchField('body')
)
Adding a tuple to the end of a list causes an error, so this would
cause all old code that used tuples to throw an error. This is not
great.
A new ThisShouldBeAList class, which subclasses list, has been added.
It additionally allows tuples to be added to it, as in the above
behaviour, but will raise a deprecation warning if someone does this.
Old code that uses tuples will continue to work, but raise a deprecation
warning.
See #2310
This is accomplished by using PasswordChangeForm instead of SetPasswordForm.
This adds extra security, as without this commit, an attacker that has access to
a user's session at one point in time will be able to change the user's password
and gain permanent access.