Image operations sometimes calculate a target width or height of zero, which
make Willow raise a ValueError.
If an user uploads one such image it's possible to break the whole Wagtail
image manager/picker/uploader for all users.
The fix is to use a minimum of 1 pixel for either the target height or the
width. The image might lose some aspect ratio, but it's better than an
exception.
* Implement MultipleChoiceBlock (squashed commits from #5592)
* Omit widget from frozen kwargs
* Rename get_callable_choices to indicate it is an internal method
* Add release notes for MultipleChoiceBlock
Currently it is possible to pass the target attribute to a button
created using ModelAdmin's ButtonHelper framework. This allows you to
generate button links like <a ... target="_blank">.
For example, if adding a new button and modeling it after the existing
edit_button code [0], you can add {'target': "_blank"} to the returned
dict and it'll get passed to the template when the button is rendered.
To be consistent with PR 4844, and to be consistent with what seems to
be the best practice ([1], [2]), we should also support passing the rel
attribute, which would allow for creation of button links like <a ...
target="_blank" rel="noopener noreferrer">.
[0] 5e2f50403b/wagtail/contrib/modeladmin/helpers/button.py (L61-L73)
[1] https://developers.google.com/web/tools/lighthouse/audits/noopener
[2] https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/
The order of nested InlinePanels (recently formally added in 5566)
doesn't get saved properly due to some now-invalid assumptions in the JS
selector code.
Currently, Wagtail users can use the editor up/down arrows to order
InlinePanel elements that contain child InlinePanels, but these may not
be properly saved.
Before InlinePanel nesting was supported, it was a safer bet that a
child panel would only contain one hidden input named "-ORDER". With
nesting, however, a parent panel will also contain hidden inputs named
like this for its child panels. This breaks the logic used in the
ordering code.
This change modifies the logic to use the jQuery `.children()` selector
instead of `.next()`, ensuring that we reference the correct adjacent
panel item.
An easy way to test this against current master is to use the Wagtail
testapp test models that exercise this behavior:
1. `wagtail start testwagtail` to create a new project.
2. `cd testwagtail`
3. Edit testwagtail/settings/base.py to add the Wagtail test
application `'wagtail.tests.testapp'` to the list of `INSTALLED_APPS`.
For the admin to work properly with this app, you also need to add
`'wagtail.contrib.settings'` to that list and copy the definition of
`WAGTAILADMIN_RICH_TEXT_EDITORS` from wagtail/tests/settings.py.
4. `./manage.py migrate` to create your local database.
5. `./manage.py createsuperuser` to create an admin user.
6. Create a new Event Page
(http://localhost:8000/admin/pages/add/tests/eventpage/3/).
7. Fill in all required items, and then add multiple speakers under
"Speaker Lineup". For each speaker, add at least one Award. Save the
page.
8. Try using the up/down arrows to reorder the speakers (the parent
InlinePanel), and save the page.
9. Note that when the page reloads, the ordering hasn't been saved. If
you debug using the developer tools, you'll notice that this is because
the code being modified here selects the child panel items instead of
the adjacent parent panel item.
The `wagtail_urls` patterns is a catch-all list of urlpatterns, and will
prevent any patterns later in the list from being matched. The default
case when Django is in debug mode for local development is to use
`django-admin.py runserver`, and in this case the static patterns in the
example [are redundant][1]. However for anyone using a different server
for local development, this makes them work again.
[1]: https://docs.djangoproject.com/en/3.0/howto/static-files/#serving-static-files-during-development
Trying to compare revisions of a page that includes changes to a foreign key
field of a related model that declared a custom primary key failed with an
uncaught exception.
The root cause was ForeignObjectComparison filtering by the id field, which is
not present in models that declare a custom primary key.
The solution is simply to filter by pk instead of id, which always maps to the
primary key of the corresponding model.
Include a regression unit test.
- items longer then the page height are no longer broken by the submenu footer
- long lists of submenu items are no longer blocked by the footer (version number)
Other changes
- documents listing template - clean up white space
Documentation changes (editors manual)
- update images
- remove popular tags mention as this is no longer applicable
- add references to 'collection'
Resolves #2827
* note Python 3.8 support as provisional
* Remove mentions of minor doc fixes (there are many more fixes beyond the ones mentioned here, and including them all in the release notes would add too much noise...)
Fixes #5539. Transifex and Django's makemessages command have validation to catch invalid placeholder variables within translated strings - for example, where the translator has translated the variable name - but these only recognise old-style `%` formatting, not the `format` method, and so it's better for us to standardise on % formatting.
To reduce the burden on translators having to re-translate these strings, only the ones using named placeholders (`"Edited page {title}"`) rather than numeric ones (`"Edited page {0}"`) have been changed - hopefully the latter give less room for error.
Also fixed some incorrect use of plurals (verbose_name vs verbose_name_plural) in snippet confirmation messages.
- Typo in readme (verb did not agree with the subject)
- Grammatical error in topics/pages
- #5364 - Update URL config code block in getting-started/integrating-into-django
Work on compatibility is ongoing while Django 3.0 is still in development; we don't want this to be misinterpreted as a statement of formal Django 3.0 support (which we can't promise until the final release)
As per https://twitter.com/SaraSoueidan/status/1177622630763028480, certain browsers apply heuristics to decide whether `<table>` elements exist for layout or data purposes, and adjust the behaviour of their accessibility features accordingly. Given that TableBlock intentionally doesn't allow markup within cells, we can be reasonably sure that any tables created with it are genuine data tables, and should therefore indicate that using `role="table"`.
Fixes #5442. Building a User object for david@torchbox.com may cause problems if a custom user model is in use, and is redundant anyhow because there's no longer a registered gravatar for that email - we should just hard-code the default blank avatar instead.
The current block id generation only sets the id as the block is serialized for storage in the database, which means that the id is unavailable in the block until it is pulled back from the database. In my debugging this caused the id to be set to new values up to 3 times when saving a brand new page (each time with a new id).
This updated logic applies the new id to the actual block which makes it available right away and prevents the id from being regenerated.
This commit adds WAGTAIL_EMAIL_MANAGEMENT_ENABLED setting that defaults
to True, but when disabled, hides the 'Change email' button in account
management view, and disables the associated route. This is useful when
using external authentication method like LDAP or OpenID Connect where
email management is handled elsewhere.
Wagtail already includes WAGTAIL_PASSWORD_MANAGEMENT_ENABLED setting.
This is almost exact copy of that implementation.
50ms is the equivalent of about 200 words per minute, so typing slower than that
meant that the javascript would send an AJAX request between every single
keystroke. This change makes the javascript wait for 200ms between keystrokes,
which lets you finish typing the word you're looking for before it sends an AJAX
request.
django-taggit 1.x drops Python 2.x support and thus the dependency on django.utils.six; this is a prerequisite for supporting Django 3.0.
The signature of TaggableManager.value_from_object has changed to return a list of Tags (previously it was a QuerySet of TaggedItems) and so search indexing and comparison need to be updated accordingly. There is a corresponding fix to ClusterTaggableManager in django-modelcluster 5.0.
Fix doc and test on ES6 python client compat
This commit changes the statement that version < 6.3.1 of the
elasticsearch python client should be used to instead state
that 6.4.0 is fine.
It also update the tests to reflect the statement.
Initially the `update_all_types` argument has been used to work
around an issue described in:
https://github.com/wagtail/wagtail/issues/2968
This argument was removed in elasticsearch-py 6.3.1 and making
use of it was raising an error.
With 6.4.0 nothing is raising anymore.
* Add tests for custom image on multiple image uploader
* Output form media on image add/edit views
* Output form media for 'add image' form within image chooser modal
Note: this won't work reliably if the media is hosted on a CDN, because script tags inserted as part of a jQuery DOM insertion (as modals are) are loaded asynchronously and not guaranteed to complete loading before inline scripts are run. It's better than not having the includes there at all though...
Currently any user with any page permission can view any page revision.
This commit fixes that, and ensures that the user has publish or edit
permission on the page before showing a page revision. If not, the user
is presented with a 403.
This maintains the current behavior if the user has no page permissions,
which is to redirect to the admin home page.
New tests have been added to cover these changes.
Fixes issue 5426.
When editing a rich text field and entering a link to a page whose Page
type overrides get_admin_display_title, the custom admin display title
is used both when browsing to select the page to link to and also when
viewing the rich text editor.
The first behavior is consistent with how custom admin display titles
are used throughout the admin, but the second behavior is not. The
Wagtail user should be able to use the rich text field as a reasonable
preview of what the rendered content will look like for the end user. To
do this, the "real" page title should be used, not the admin one.
This commit alters the data that gets passed to the rich text editor so
that its title is the real page title and not the admin one.
Fixes issue 5131.
Modeladmin handles notification to the user if a model instance has protected ForeignKey
relationships. However, if the protected relation is a OneToOneField it raises an exception:
File ".../wagtail/wagtail/contrib/modeladmin/views.py", line 742, in post
for obj in qs.all():
AttributeError: 'MyRelatedModel' object has no attribute 'all'
because qs in this case is the related instance rather than a queryset of related instances
(as is the case for a ForeignKey).
This commit handles the OneToOneField case as well.
User interaction with the form within the 10s delay also won’t trigger the confirmation message. There will still be race condition issues if form widgets like rich text take 10+ seconds to initialise – but that doesn’t seem likely.
This hook mimics the functiolity provided by `construct_page_action_menu`
in that it constructs the final list of buttons to be shown in the wagtail
admin interface. This means that within this function button's can be
removed, added or re-ordered.
See #4925
Testing the queryset in the if clause was causing the whole queryset
to be retrieved and populated from DB, all to check whether it was empty
or not.
The optimization is to rely on the strict behavior of
first_common_ancestor, which raises an exception if the queryset is
empty.
The USERNAME_FIELD exists to allow customisation. Therefore we should make an assumption that `.username` exists on the model. Instead, we need to pull the required value from the USERNAME_FIELD and add in a fallback default.
