Switching explorer from position absolute to position fixed.
I did it in a pure CSS way but it would be good to be able to modify jquery.dlmenu.js line 213 to avoid it adding automatically a CSS property top on the element.
Make collection field on document chooser upload respect user permissions
failing test for #2511 for image uploader
Make collection field on image chooser upload respect user permissions
The "icon-" prefix is automatically added in SettingMenuItem.
Using "icon-placeholder" as suggested would thus result in
the CSS class "icon-icon-placeholder".
Making developers opt out of extra security is better than making them
opt in, especially when they may not be aware of the security they are
missing out on.
Fixes #2369
The static() function was being called during app load which caused a crash when the user is using STATICFILES_STORAGE=ManifestStaticFilesStorage, DEBUG=False and haven't yet collected static files.
I've moved it into a property and it's now only called when a view is being rendered. This also is more consistent because we usually set media using properties (and so does Django admin).
In Django 1.9+ if you do not add: 'builtins': ['overextends.templatetags.overextends_tags'], to your TEMPLATES section you will receive a TemplateSyntaxError when the overextends template files are rendered: "Invalid block tag on line". Including 'builtins': ['overextends.templatetags.overextends_tags'], per the overextends docs (and experience) resolves this error.
https://github.com/stephenmcd/django-overextends
Indexed.search_fields used to be a tuple. This is incorrect, and it
should have been a list. Changing it to be a list now would be a
backwards incompatible change, as people do
search_fields = Page.search_fields + (
SearchField('body')
)
Adding a tuple to the end of a list causes an error, so this would
cause all old code that used tuples to throw an error. This is not
great.
A new ThisShouldBeAList class, which subclasses list, has been added.
It additionally allows tuples to be added to it, as in the above
behaviour, but will raise a deprecation warning if someone does this.
Old code that uses tuples will continue to work, but raise a deprecation
warning.
See #2310
This is accomplished by using PasswordChangeForm instead of SetPasswordForm.
This adds extra security, as without this commit, an attacker that has access to
a user's session at one point in time will be able to change the user's password
and gain permanent access.