diff options
Diffstat (limited to 'docs')
76 files changed, 727 insertions, 476 deletions
diff --git a/docs/howto/custom-model-fields.txt b/docs/howto/custom-model-fields.txt index af652de78c..6493c18f99 100644 --- a/docs/howto/custom-model-fields.txt +++ b/docs/howto/custom-model-fields.txt @@ -295,9 +295,9 @@ validation process will break. Therefore, you must ensure that the form field used to represent your custom field performs whatever input validation and data cleaning is necessary to convert user-provided form input into a -`to_python()`-compatible model field value. This may require writing a +``to_python()``-compatible model field value. This may require writing a custom form field, and/or implementing the :meth:`.formfield` method on -your field to return a form field class whose `to_python()` returns the +your field to return a form field class whose ``to_python()`` returns the correct datatype. Documenting your custom field diff --git a/docs/howto/deployment/index.txt b/docs/howto/deployment/index.txt index 8b0368ac67..688bae2397 100644 --- a/docs/howto/deployment/index.txt +++ b/docs/howto/deployment/index.txt @@ -28,6 +28,7 @@ the easiest, fastest, and most stable deployment choice. * `Chapter 12 of the Django Book (second edition)`_ discusses deployment and especially scaling in more detail. However, note that this edition was written against Django version 1.1 and has not been updated since - `mod_python` was first deprecated, then completely removed in Django 1.5. + ``mod_python`` was first deprecated, then completely removed in + Django 1.5. .. _chapter 12 of the django book (second edition): http://djangobook.com/en/2.0/chapter12/ diff --git a/docs/howto/deployment/wsgi/apache-auth.txt b/docs/howto/deployment/wsgi/apache-auth.txt index d06e89cd0e..80219ffdf4 100644 --- a/docs/howto/deployment/wsgi/apache-auth.txt +++ b/docs/howto/deployment/wsgi/apache-auth.txt @@ -16,7 +16,7 @@ version >= 2.2 and mod_wsgi >= 2.0. For example, you could: .. note:: If you have installed a :ref:`custom User model <auth-custom-user>` and - want to use this default auth handler, it must support an `is_active` + want to use this default auth handler, it must support an ``is_active`` attribute. If you want to use group based authorization, your custom user must have a relation named 'groups', referring to a related object that has a 'name' field. You can also specify your own custom mod_wsgi diff --git a/docs/howto/deployment/wsgi/modwsgi.txt b/docs/howto/deployment/wsgi/modwsgi.txt index 2cbcd8ce7e..1d11e94685 100644 --- a/docs/howto/deployment/wsgi/modwsgi.txt +++ b/docs/howto/deployment/wsgi/modwsgi.txt @@ -193,7 +193,7 @@ other approaches: configuration). 2. Use an ``Alias`` directive, as demonstrated above, to alias the appropriate - URL (probably :setting:`STATIC_URL` + `admin/`) to the actual location of + URL (probably :setting:`STATIC_URL` + ``admin/``) to the actual location of the admin files. 3. Copy the admin static files so that they live within your Apache diff --git a/docs/internals/contributing/writing-code/working-with-git.txt b/docs/internals/contributing/writing-code/working-with-git.txt index dcfdd9e85b..32fc459e70 100644 --- a/docs/internals/contributing/writing-code/working-with-git.txt +++ b/docs/internals/contributing/writing-code/working-with-git.txt @@ -157,7 +157,7 @@ using interactive rebase:: The HEAD~2 above is shorthand for two latest commits. The above command will open an editor showing the two commits, prefixed with the word "pick". -Change the second line to "squash" instead. This will keep the +Change "pick" on the second line to "squash" instead. This will keep the first commit, and squash the second commit into the first one. Save and quit the editor. A second editor window should open, so you can reword the commit message for the commit now that it includes both your steps. diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt index f0ac66bce8..7b8298597d 100644 --- a/docs/internals/deprecation.txt +++ b/docs/internals/deprecation.txt @@ -370,8 +370,11 @@ these changes. * Remove the backward compatible shims introduced to rename the attributes ``ChangeList.root_query_set`` and ``ChangeList.query_set``. -* ``django.conf.urls.shortcut`` and ``django.views.defaults.shortcut`` will be - removed. +* ``django.views.defaults.shortcut`` will be removed, as part of the + goal of removing all ``django.contrib`` references from the core + Django codebase. Instead use + ``django.contrib.contenttypes.views.shortcut``. ``django.conf.urls.shortcut`` + will also be removed. * Support for the Python Imaging Library (PIL) module will be removed, as it no longer appears to be actively maintained & does not work on Python 3. @@ -442,11 +445,5 @@ these changes. 2.0 --- -* ``django.views.defaults.shortcut()``. This function has been moved - to ``django.contrib.contenttypes.views.shortcut()`` as part of the - goal of removing all ``django.contrib`` references from the core - Django codebase. The old shortcut will be removed in the 2.0 - release. - * ``ssi`` and ``url`` template tags will be removed from the ``future`` template tag library (used during the 1.3/1.4 deprecation period). diff --git a/docs/internals/howto-release-django.txt b/docs/internals/howto-release-django.txt index 5bda2e8add..a926de27ab 100644 --- a/docs/internals/howto-release-django.txt +++ b/docs/internals/howto-release-django.txt @@ -83,10 +83,11 @@ A few items need to be taken care of before even beginning the release process. This stuff starts about a week before the release; most of it can be done any time leading up to the actual release: -#. If this is a security release, send out pre-notification **one week** - before the release. We maintain a list of who gets these pre-notification - emails at *FIXME WHERE?*. This email should be signed by the key you'll use - for the release, and should include patches for each issue being fixed. +#. If this is a security release, send out pre-notification **one week** before + the release. We maintain a list of who gets these pre-notification emails in + the private ``django-core`` repository. This email should be signed by the + key you'll use for the release, and should include patches for each issue + being fixed. #. As the release approaches, watch Trac to make sure no release blockers are left for the upcoming release. diff --git a/docs/internals/security.txt b/docs/internals/security.txt index 486b2c9968..327a6a5f60 100644 --- a/docs/internals/security.txt +++ b/docs/internals/security.txt @@ -108,8 +108,12 @@ On the day of disclosure, we will take the following steps: relevant patches and new releases, and crediting the reporter of the issue (if the reporter wishes to be publicly identified). +4. Post a notice to the `django-announce`_ mailing list that links to the blog + post. + .. _the Python Package Index: http://pypi.python.org/pypi .. _the official Django development blog: https://www.djangoproject.com/weblog/ +.. _django-announce: http://groups.google.com/group/django-announce If a reported issue is believed to be particularly time-sensitive -- due to a known exploit in the wild, for example -- the time between @@ -214,4 +218,4 @@ If you are added to the notification list, security-related emails will be sent to you by Django's release manager, and all notification emails will be signed with the same key used to sign Django releases; that key has the ID ``0x3684C0C08C8B2AE1``, and is available from most -commonly-used keyservers.
\ No newline at end of file +commonly-used keyservers. diff --git a/docs/intro/tutorial01.txt b/docs/intro/tutorial01.txt index f2b01758aa..b99d3be3e2 100644 --- a/docs/intro/tutorial01.txt +++ b/docs/intro/tutorial01.txt @@ -600,7 +600,7 @@ for your own sanity when dealing with the interactive prompt, but also because objects' representations are used throughout Django's automatically-generated admin. -.. admonition:: `__unicode__` or `__str__`? +.. admonition:: ``__unicode__`` or ``__str__``? On Python 3, things are simpler, just use :meth:`~django.db.models.Model.__str__` and forget about diff --git a/docs/intro/tutorial02.txt b/docs/intro/tutorial02.txt index c5c5f8f288..3ffe475e1b 100644 --- a/docs/intro/tutorial02.txt +++ b/docs/intro/tutorial02.txt @@ -385,15 +385,6 @@ search terms, Django will search the ``question`` field. You can use as many fields as you'd like -- although because it uses a ``LIKE`` query behind the scenes, keep it reasonable, to keep your database happy. -Finally, because ``Poll`` objects have dates, it'd be convenient to be able to -drill down by date. Add this line:: - - date_hierarchy = 'pub_date' - -That adds hierarchical navigation, by date, to the top of the change list page. -At top level, it displays all available years. Then it drills down to months -and, ultimately, days. - Now's also a good time to note that change lists give you free pagination. The default is to display 100 items per page. Change-list pagination, search boxes, filters, date-hierarchies and column-header-ordering all work together like you diff --git a/docs/ref/class-based-views/base.txt b/docs/ref/class-based-views/base.txt index 24058311a4..0db1e15ea9 100644 --- a/docs/ref/class-based-views/base.txt +++ b/docs/ref/class-based-views/base.txt @@ -104,12 +104,6 @@ TemplateView Renders a given template, with the context containing parameters captured in the URL. - .. versionchanged:: 1.5 - - The context used to be populated with a ``{{ params }}`` dictionary of - the parameters captured in the URL. Now those parameters are first-level - context variables. - **Ancestors (MRO)** This view inherits methods and attributes from the following views: diff --git a/docs/ref/class-based-views/generic-date-based.txt b/docs/ref/class-based-views/generic-date-based.txt index 205d556463..427d8f6ceb 100644 --- a/docs/ref/class-based-views/generic-date-based.txt +++ b/docs/ref/class-based-views/generic-date-based.txt @@ -138,24 +138,16 @@ YearArchiveView * ``year``: A :class:`~datetime.date` object representing the given year. - .. versionchanged:: 1.5 - - Previously, this returned a string. - * ``next_year``: A :class:`~datetime.date` object representing the first day of the next year, according to :attr:`~BaseDateListView.allow_empty` and :attr:`~DateMixin.allow_future`. - .. versionadded:: 1.5 - * ``previous_year``: A :class:`~datetime.date` object representing the first day of the previous year, according to :attr:`~BaseDateListView.allow_empty` and :attr:`~DateMixin.allow_future`. - .. versionadded:: 1.5 - **Notes** * Uses a default ``template_name_suffix`` of ``_archive_year``. diff --git a/docs/ref/class-based-views/mixins-date-based.txt b/docs/ref/class-based-views/mixins-date-based.txt index 1162b2a194..48faf28a44 100644 --- a/docs/ref/class-based-views/mixins-date-based.txt +++ b/docs/ref/class-based-views/mixins-date-based.txt @@ -328,8 +328,3 @@ BaseDateListView :meth:`~BaseDateListView.get_date_list_period` is used. ``date_type`` and ``ordering`` are simply passed to :meth:`QuerySet.dates()<django.db.models.query.QuerySet.dates>`. - - .. versionchanged:: 1.5 - - The ``ordering`` parameter was added, and the default order was - changed to ascending. diff --git a/docs/ref/class-based-views/mixins-multiple-object.txt b/docs/ref/class-based-views/mixins-multiple-object.txt index 67ca5429fa..5a2ae85751 100644 --- a/docs/ref/class-based-views/mixins-multiple-object.txt +++ b/docs/ref/class-based-views/mixins-multiple-object.txt @@ -90,8 +90,6 @@ MultipleObjectMixin .. attribute:: page_kwarg - .. versionadded:: 1.5 - A string specifying the name to use for the page parameter. The view will expect this prameter to be available either as a query string parameter (via ``request.GET``) or as a kwarg variable specified diff --git a/docs/ref/class-based-views/mixins-simple.txt b/docs/ref/class-based-views/mixins-simple.txt index 377c85cc3b..3b12ee7689 100644 --- a/docs/ref/class-based-views/mixins-simple.txt +++ b/docs/ref/class-based-views/mixins-simple.txt @@ -7,8 +7,6 @@ ContextMixin .. class:: django.views.generic.base.ContextMixin - .. versionadded:: 1.5 - **Methods** .. method:: get_context_data(**kwargs) @@ -77,8 +75,6 @@ TemplateResponseMixin .. attribute:: content_type - .. versionadded:: 1.5 - The content type to use for the response. ``content_type`` is passed as a keyword argument to ``response_class``. Default is ``None`` -- meaning that Django uses :setting:`DEFAULT_CONTENT_TYPE`. diff --git a/docs/ref/contrib/admin/actions.txt b/docs/ref/contrib/admin/actions.txt index 58d8244525..b982aa64f7 100644 --- a/docs/ref/contrib/admin/actions.txt +++ b/docs/ref/contrib/admin/actions.txt @@ -269,8 +269,8 @@ Making actions available site-wide admin.site.add_action(export_selected_objects) - This makes the `export_selected_objects` action globally available as an - action named `"export_selected_objects"`. You can explicitly give the action + This makes the ``export_selected_objects`` action globally available as an + action named "export_selected_objects". You can explicitly give the action a name -- good if you later want to programmatically :ref:`remove the action <disabling-admin-actions>` -- by passing a second argument to :meth:`AdminSite.add_action()`:: diff --git a/docs/ref/contrib/admin/admindocs.txt b/docs/ref/contrib/admin/admindocs.txt index 6deb7bdbf8..8809502288 100644 --- a/docs/ref/contrib/admin/admindocs.txt +++ b/docs/ref/contrib/admin/admindocs.txt @@ -156,6 +156,6 @@ Edit this object Using these bookmarklets requires that you are either logged into the :mod:`Django admin <django.contrib.admin>` as a :class:`~django.contrib.auth.models.User` with -:attr:`~django.contrib.auth.models.User.is_staff` set to `True`, or that the +:attr:`~django.contrib.auth.models.User.is_staff` set to ``True``, or that the ``XViewMiddleware`` is installed and you are accessing the site from an IP address listed in :setting:`INTERNAL_IPS`. diff --git a/docs/ref/contrib/admin/index.txt b/docs/ref/contrib/admin/index.txt index 8feb574efd..ba5fa3bff6 100644 --- a/docs/ref/contrib/admin/index.txt +++ b/docs/ref/contrib/admin/index.txt @@ -1235,8 +1235,6 @@ templates used by the :class:`ModelAdmin` views: .. method:: ModelAdmin.get_list_filter(self, request) - .. versionadded:: 1.5 - The ``get_list_filter`` method is given the ``HttpRequest`` and is expected to return the same kind of sequence type as for the :attr:`~ModelAdmin.list_filter` attribute. @@ -1251,8 +1249,6 @@ templates used by the :class:`ModelAdmin` views: .. method:: ModelAdmin.get_inline_instances(self, request, obj=None) - .. versionadded:: 1.5 - The ``get_inline_instances`` method is given the ``HttpRequest`` and the ``obj`` being edited (or ``None`` on an add form) and is expected to return a ``list`` or ``tuple`` of :class:`~django.contrib.admin.InlineModelAdmin` @@ -1506,10 +1502,6 @@ templates used by the :class:`ModelAdmin` views: Sends a message to the user using the :mod:`django.contrib.messages` backend. See the :ref:`custom ModelAdmin example <custom-admin-action>`. - .. versionchanged:: 1.5 - - Keyword arguments were added in Django 1.5. - Keyword arguments allow you to change the message level, add extra CSS tags, or fail silently if the ``contrib.messages`` framework is not installed. These keyword arguments match those for diff --git a/docs/ref/contrib/auth.txt b/docs/ref/contrib/auth.txt index 4fe87e9872..799d3277ab 100644 --- a/docs/ref/contrib/auth.txt +++ b/docs/ref/contrib/auth.txt @@ -215,11 +215,16 @@ Methods (the Django app label). If the user is inactive, this method will always return ``False``. - .. method:: email_user(subject, message, from_email=None) + .. method:: email_user(subject, message, from_email=None, **kwargs) Sends an email to the user. If ``from_email`` is ``None``, Django uses the :setting:`DEFAULT_FROM_EMAIL`. + .. versionchanged:: 1.7 + + Any ``**kwargs`` are passed to the underlying + :meth:`~django.core.mail.send_mail()` call. + Manager methods --------------- @@ -384,8 +389,6 @@ can be used for notification when a user logs in or out. .. function:: user_login_failed - .. versionadded:: 1.5 - Sent when the user failed to login successfully ``sender`` diff --git a/docs/ref/contrib/contenttypes.txt b/docs/ref/contrib/contenttypes.txt index 89c4a88e00..21e65f168b 100644 --- a/docs/ref/contrib/contenttypes.txt +++ b/docs/ref/contrib/contenttypes.txt @@ -199,14 +199,18 @@ The ``ContentTypeManager`` Takes either a model class or an instance of a model, and returns the :class:`~django.contrib.contenttypes.models.ContentType` instance - representing that model. + representing that model. ``for_concrete_model=False`` allows fetching + the :class:`~django.contrib.contenttypes.models.ContentType` of a proxy + model. .. method:: get_for_models(*models[, for_concrete_models=True]) Takes a variadic number of model classes, and returns a dictionary mapping the model classes to the :class:`~django.contrib.contenttypes.models.ContentType` instances - representing them. + representing them. ``for_concrete_models=False`` allows fetching the + :class:`~django.contrib.contenttypes.models.ContentType` of proxy + models. .. method:: get_by_natural_key(app_label, model) @@ -232,21 +236,6 @@ lookup:: .. _generic-relations: -.. versionadded:: 1.5 - - Prior to Django 1.5, - :meth:`~django.contrib.contenttypes.models.ContentTypeManager.get_for_model` and - :meth:`~django.contrib.contenttypes.models.ContentTypeManager.get_for_models` - always returned the :class:`~django.contrib.contenttypes.models.ContentType` - associated with the concrete model of the specified one(s). That means there - was no way to retrieve the - :class:`~django.contrib.contenttypes.models.ContentType` of a proxy model - using those methods. As of Django 1.5 you can now pass a boolean flag – - ``for_concrete_model`` and ``for_concrete_models`` respectively – to specify - wether or not you want to retrieve the - :class:`~django.contrib.contenttypes.models.ContentType` for the concrete or - direct model. - Generic relations ================= diff --git a/docs/ref/contrib/gis/geoquerysets.txt b/docs/ref/contrib/gis/geoquerysets.txt index 5e51e4cbf3..66afc3d377 100644 --- a/docs/ref/contrib/gis/geoquerysets.txt +++ b/docs/ref/contrib/gis/geoquerysets.txt @@ -949,10 +949,6 @@ __ http://geohash.org/ *Availability*: PostGIS, SpatiaLite -.. versionchanged:: 1.5 - - ``geojson`` support for Spatialite > 3.0 has been added. - Attaches a ``geojson`` attribute to every model in the queryset that contains the `GeoJSON`__ representation of the geometry. diff --git a/docs/ref/contrib/gis/geos.txt b/docs/ref/contrib/gis/geos.txt index 12e4e55165..a9c947407f 100644 --- a/docs/ref/contrib/gis/geos.txt +++ b/docs/ref/contrib/gis/geos.txt @@ -276,10 +276,6 @@ that the SRID value is not included in this representation because it is not a part of the OGC specification (use the :attr:`GEOSGeometry.hexewkb` property instead). -.. versionchanged:: 1.5 - - Prior to Django 1.5, the Z value of the geometry was dropped. - .. attribute:: GEOSGeometry.hexewkb Returns the EWKB of this Geometry in hexadecimal form. This is an @@ -325,10 +321,6 @@ Returns the WKB (Well-Known Binary) representation of this Geometry as a Python buffer. SRID value is not included, use the :attr:`GEOSGeometry.ewkb` property instead. -.. versionchanged:: 1.5 - - Prior to Django 1.5, the Z value of the geometry was dropped. - .. _ewkb: .. attribute:: GEOSGeometry.ewkb @@ -426,8 +418,6 @@ geometry that do not make up other. .. method:: GEOSGeometry.interpolate(distance) .. method:: GEOSGeometry.interpolate_normalized(distance) -.. versionadded:: 1.5 - Given a distance (float), returns the point (or closest point) within the geometry (:class:`LineString` or :class:`MultiLineString`) at that distance. The normalized version takes the distance as a float between 0 (origin) and 1 @@ -443,8 +433,6 @@ geometry and other. .. method:: GEOSGeometry.project(point) .. method:: GEOSGeometry.project_normalized(point) -.. versionadded:: 1.5 - Returns the distance (float) from the origin of the geometry (:class:`LineString` or :class:`MultiLineString`) to the point projected on the geometry (that is to a point of the line the closest to the given point). diff --git a/docs/ref/contrib/messages.txt b/docs/ref/contrib/messages.txt index 608c37bb7f..2014c7c183 100644 --- a/docs/ref/contrib/messages.txt +++ b/docs/ref/contrib/messages.txt @@ -54,20 +54,21 @@ Storage backends The messages framework can use different backends to store temporary messages. -Django provides three built-in storage classes: +Django provides three built-in storage classes in +:mod:`django.contrib.messages`: -.. class:: django.contrib.messages.storage.session.SessionStorage +.. class:: storage.session.SessionStorage This class stores all messages inside of the request's session. Therefore it requires Django's ``contrib.sessions`` application. -.. class:: django.contrib.messages.storage.cookie.CookieStorage +.. class:: storage.cookie.CookieStorage This class stores the message data in a cookie (signed with a secret hash to prevent manipulation) to persist notifications across requests. Old messages are dropped if the cookie data size would exceed 2048 bytes. -.. class:: django.contrib.messages.storage.fallback.FallbackStorage +.. class:: storage.fallback.FallbackStorage This class first uses ``CookieStorage``, and falls back to using ``SessionStorage`` for the messages that could not fit in a single cookie. @@ -83,6 +84,8 @@ path, for example:: MESSAGE_STORAGE = 'django.contrib.messages.storage.cookie.CookieStorage' +.. class:: storage.base.BaseStorage + To write your own storage class, subclass the ``BaseStorage`` class in ``django.contrib.messages.storage.base`` and implement the ``_get`` and ``_store`` methods. diff --git a/docs/ref/contrib/sites.txt b/docs/ref/contrib/sites.txt index f6480cae3a..fd2e917c1d 100644 --- a/docs/ref/contrib/sites.txt +++ b/docs/ref/contrib/sites.txt @@ -417,9 +417,10 @@ Here's how Django uses the sites framework: :class:`~django.contrib.sites.models.Site` name to the template as ``{{ site_name }}``. -* The shortcut view (``django.views.defaults.shortcut``) uses the domain - of the current :class:`~django.contrib.sites.models.Site` object when - calculating an object's URL. +* The shortcut view (``django.contrib.contenttypes.views.shortcut``) + uses the domain of the current + :class:`~django.contrib.sites.models.Site` object when calculating + an object's URL. * In the admin framework, the "view on site" link uses the current :class:`~django.contrib.sites.models.Site` to work out the domain for the diff --git a/docs/ref/contrib/staticfiles.txt b/docs/ref/contrib/staticfiles.txt index f96c2e8a1b..b9963414f4 100644 --- a/docs/ref/contrib/staticfiles.txt +++ b/docs/ref/contrib/staticfiles.txt @@ -255,8 +255,6 @@ CachedStaticFilesStorage .. method:: file_hash(name, content=None) - .. versionadded:: 1.5 - The method that is used when creating the hashed name of a file. Needs to return a hash for the given file name and content. By default it calculates a MD5 hash from the content's chunks as @@ -290,8 +288,6 @@ The previous example is equal to calling the ``url`` method of an instance of useful when using a non-local storage backend to deploy files as documented in :ref:`staticfiles-from-cdn`. -.. versionadded:: 1.5 - If you'd like to retrieve a static URL without displaying it, you can use a slightly different call: diff --git a/docs/ref/databases.txt b/docs/ref/databases.txt index 60153eb735..707184c3ac 100644 --- a/docs/ref/databases.txt +++ b/docs/ref/databases.txt @@ -191,10 +191,6 @@ Django supports MySQL 5.0.3 and higher. `MySQL 5.0`_ adds the ``information_schema`` database, which contains detailed data on all database schema. Django's ``inspectdb`` feature uses it. -.. versionchanged:: 1.5 - - The minimum version requirement of MySQL 5.0.3 was set in Django 1.5. - Django expects the database to support Unicode (UTF-8 encoding) and delegates to it the task of enforcing transactions and referential integrity. It is important to be aware of the fact that the two latter ones aren't actually enforced by diff --git a/docs/ref/django-admin.txt b/docs/ref/django-admin.txt index 27b68e4f1c..1385648d5d 100644 --- a/docs/ref/django-admin.txt +++ b/docs/ref/django-admin.txt @@ -254,8 +254,6 @@ to flush. ``--no-initial-data`` ~~~~~~~~~~~~~~~~~~~~~ -.. versionadded:: 1.5 - Use ``--no-initial-data`` to avoid loading the initial_data fixture. @@ -332,8 +330,6 @@ onto which the data will be loaded. .. django-admin-option:: --ignorenonexistent -.. versionadded:: 1.5 - The :djadminopt:`--ignorenonexistent` option can be used to ignore fields that may have been removed from models since the fixture was originally generated. @@ -903,10 +899,6 @@ behavior you can use the ``--no-startup`` option. e.g.:: django-admin.py shell --plain --no-startup -.. versionadded:: 1.5 - - The ``--interface`` option was added in Django 1.5. - .. versionadded:: 1.6 The ``--no-startup`` option was added in Django 1.6. @@ -1337,8 +1329,6 @@ clearsessions .. django-admin:: clearsessions -.. versionadded:: 1.5 - Can be run as a cron job or directly to clean out expired sessions. ``django.contrib.sitemaps`` diff --git a/docs/ref/files/file.txt b/docs/ref/files/file.txt index 7562f9b6bf..6ca7ec121a 100644 --- a/docs/ref/files/file.txt +++ b/docs/ref/files/file.txt @@ -100,10 +100,6 @@ The ``ContentFile`` Class f1 = ContentFile("esta sentencia está en español") f2 = ContentFile(b"these are bytes") - .. versionchanged:: 1.5 - - ContentFile also accepts Unicode strings. - .. currentmodule:: django.core.files.images The ``ImageFile`` Class diff --git a/docs/ref/forms/api.txt b/docs/ref/forms/api.txt index 780cb5d4f7..f084273cd9 100644 --- a/docs/ref/forms/api.txt +++ b/docs/ref/forms/api.txt @@ -211,11 +211,6 @@ only the valid fields:: >>> f.cleaned_data {'cc_myself': True, 'message': u'Hi there'} -.. versionchanged:: 1.5 - -Until Django 1.5, the ``cleaned_data`` attribute wasn't defined at all when -the ``Form`` didn't validate. - ``cleaned_data`` will always *only* contain a key for fields defined in the ``Form``, even if you pass extra data when you define the ``Form``. In this example, we pass a bunch of extra fields to the ``ContactForm`` constructor, diff --git a/docs/ref/forms/fields.txt b/docs/ref/forms/fields.txt index e7c6612a72..0e4d352132 100644 --- a/docs/ref/forms/fields.txt +++ b/docs/ref/forms/fields.txt @@ -573,16 +573,12 @@ For each field, we describe the default widget used if you don't specify .. attribute:: allow_files - .. versionadded:: 1.5 - Optional. Either ``True`` or ``False``. Default is ``True``. Specifies whether files in the specified location should be included. Either this or :attr:`allow_folders` must be ``True``. .. attribute:: allow_folders - .. versionadded:: 1.5 - Optional. Either ``True`` or ``False``. Default is ``False``. Specifies whether folders in the specified location should be included. Either this or :attr:`allow_files` must be ``True``. @@ -1065,11 +1061,6 @@ objects (in the case of ``ModelMultipleChoiceField``) into the * Error message keys: ``required``, ``list``, ``invalid_choice``, ``invalid_pk_value`` - .. versionchanged:: 1.5 - - The empty and normalized values were changed to be consistently - ``QuerySets`` instead of ``[]`` and ``QuerySet`` respectively. - .. versionchanged:: 1.6 The ``invalid_choice`` message may contain ``%(value)s`` and the diff --git a/docs/ref/forms/validation.txt b/docs/ref/forms/validation.txt index 255b665c42..94e9308c9a 100644 --- a/docs/ref/forms/validation.txt +++ b/docs/ref/forms/validation.txt @@ -450,11 +450,5 @@ entries in ``_errors``. Secondly, once we have decided that the combined data in the two fields we are considering aren't valid, we must remember to remove them from the -``cleaned_data``. - -.. versionchanged:: 1.5 - - Django used to remove the ``cleaned_data`` attribute entirely if there were - any errors in the form. Since version 1.5, ``cleaned_data`` is present even if - the form doesn't validate, but it contains only field values that did - validate. +``cleaned_data``. `cleaned_data`` is present even if the form doesn't +validate, but it contains only field values that did validate. diff --git a/docs/ref/forms/widgets.txt b/docs/ref/forms/widgets.txt index 080d1fea86..47e14043fc 100644 --- a/docs/ref/forms/widgets.txt +++ b/docs/ref/forms/widgets.txt @@ -525,11 +525,6 @@ Selector and checkbox widgets A callable that takes the value of the CheckBoxInput and returns ``True`` if the checkbox should be checked for that value. - .. versionchanged:: 1.5 - - Exceptions from ``check_test`` used to be silenced by its caller, - this is no longer the case, they will propagate upwards. - ``Select`` ~~~~~~~~~~ @@ -590,25 +585,26 @@ Selector and checkbox widgets .. code-block:: html <div class="myradio"> - <label><input type="radio" name="beatles" value="john" /> John</label> + <label for="id_beatles_0"><input id="id_beatles_0" name="beatles" type="radio" value="john" /> John</label> </div> <div class="myradio"> - <label><input type="radio" name="beatles" value="paul" /> Paul</label> + <label for="id_beatles_1"><input id="id_beatles_1" name="beatles" type="radio" value="paul" /> Paul</label> </div> <div class="myradio"> - <label><input type="radio" name="beatles" value="george" /> George</label> + <label for="id_beatles_2"><input id="id_beatles_2" name="beatles" type="radio" value="george" /> George</label> </div> <div class="myradio"> - <label><input type="radio" name="beatles" value="ringo" /> Ringo</label> + <label for="id_beatles_3"><input id="id_beatles_3" name="beatles" type="radio" value="ringo" /> Ringo</label> </div> That included the ``<label>`` tags. To get more granular, you can use each - radio button's ``tag`` and ``choice_label`` attributes. For example, this template... + radio button's ``tag``, ``choice_label`` and ``id_for_label`` attributes. + For example, this template... .. code-block:: html+django {% for radio in myform.beatles %} - <label> + <label for="{{ radio.id_for_label }}"> {{ radio.choice_label }} <span class="radio">{{ radio.tag }}</span> </label> @@ -618,31 +614,41 @@ Selector and checkbox widgets .. code-block:: html - <label> - John - <span class="radio"><input type="radio" name="beatles" value="john" /></span> - </label> - <label> - Paul - <span class="radio"><input type="radio" name="beatles" value="paul" /></span> - </label> - <label> - George - <span class="radio"><input type="radio" name="beatles" value="george" /></span> - </label> - <label> - Ringo - <span class="radio"><input type="radio" name="beatles" value="ringo" /></span> - </label> + <label for="id_beatles_0"> + John + <span class="radio"><input id="id_beatles_0" name="beatles" type="radio" value="john" /></span> + </label> + + <label for="id_beatles_1"> + Paul + <span class="radio"><input id="id_beatles_1" name="beatles" type="radio" value="paul" /></span> + </label> - If you decide not to loop over the radio buttons -- e.g., if your template simply includes - ``{{ myform.beatles }}`` -- they'll be output in a ``<ul>`` with ``<li>`` tags, as above. + <label for="id_beatles_2"> + George + <span class="radio"><input id="id_beatles_2" name="beatles" type="radio" value="george" /></span> + </label> + + <label for="id_beatles_3"> + Ringo + <span class="radio"><input id="id_beatles_3" name="beatles" type="radio" value="ringo" /></span> + </label> + + If you decide not to loop over the radio buttons -- e.g., if your template + simply includes ``{{ myform.beatles }}`` -- they'll be output in a ``<ul>`` + with ``<li>`` tags, as above. .. versionchanged:: 1.6 The outer ``<ul>`` container will now receive the ``id`` attribute defined on the widget. +.. versionchanged:: 1.7 + + When looping over the radio buttons, the ``label`` and ``input`` tags include + ``for`` and ``id`` attributes, respectively. Each radio button has an + ``id_for_label`` attribute to output the element's ID. + ``CheckboxSelectMultiple`` ~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -666,6 +672,12 @@ the widget. Like :class:`RadioSelect`, you can now loop over the individual checkboxes making up the lists. See the documentation of :class:`RadioSelect` for more details. +.. versionchanged:: 1.7 + + When looping over the checkboxes, the ``label`` and ``input`` tags include + ``for`` and ``id`` attributes, respectively. Each checkbox has an + ``id_for_label`` attribute to output the element's ID. + .. _file-upload-widgets: File upload widgets diff --git a/docs/ref/models/fields.txt b/docs/ref/models/fields.txt index 01215884c4..a9673ce3d2 100644 --- a/docs/ref/models/fields.txt +++ b/docs/ref/models/fields.txt @@ -757,21 +757,16 @@ directory on the filesystem. Has three special arguments, of which the first is .. attribute:: FilePathField.allow_files - .. versionadded:: 1.5 - Optional. Either ``True`` or ``False``. Default is ``True``. Specifies whether files in the specified location should be included. Either this or :attr:`~FilePathField.allow_folders` must be ``True``. .. attribute:: FilePathField.allow_folders - .. versionadded:: 1.5 - Optional. Either ``True`` or ``False``. Default is ``False``. Specifies whether folders in the specified location should be included. Either this or :attr:`~FilePathField.allow_files` must be ``True``. - Of course, these arguments can be used together. The one potential gotcha is that :attr:`~FilePathField.match` applies to the @@ -980,12 +975,6 @@ Like all :class:`CharField` subclasses, :class:`URLField` takes the optional :attr:`~CharField.max_length` argument. If you don't specify :attr:`~CharField.max_length`, a default of 200 is used. -.. versionadded:: 1.5 - - The current value of the field will be displayed as a clickable link above the - input widget. - - Relationship fields =================== diff --git a/docs/ref/models/instances.txt b/docs/ref/models/instances.txt index cb8570afdc..015393a408 100644 --- a/docs/ref/models/instances.txt +++ b/docs/ref/models/instances.txt @@ -388,8 +388,6 @@ For more details, see the documentation on :ref:`F() expressions Specifying which fields to save ------------------------------- -.. versionadded:: 1.5 - If ``save()`` is passed a list of field names in keyword argument ``update_fields``, only the fields named in that list will be updated. This may be desirable if you want to update just one or a few fields on @@ -494,6 +492,40 @@ using ``__str__()`` like this:: # first_name and last_name will be unicode strings. return force_bytes('%s %s' % (self.first_name, self.last_name)) +``__eq__`` +---------- + +.. method:: Model.__eq__() + +The equality method is defined such that instances with the same primary +key value and the same concrete class are considered equal. For proxy +models, concrete class is defined as the model's first non-proxy parent; +for all other models it is simply the model's class. + +For example:: + + form django.db import models + + class MyModel(models.Model): + id = models.AutoField(primary_key=True) + + class MyProxyModel(MyModel): + class Meta: + proxy = True + + class MultitableInherited(MyModel): + pass + + MyModel(id=1) == MyModel(id=1) + MyModel(id=1) == MyProxyModel(id=1) + MyModel(id=1) != MultitableInherited(id=1) + MyModel(id=1) != MyModel(id=2) + +.. versionchanged:: 1.7 + + In previous versions only instances of the exact same class and same + primary key value were considered equal. + ``get_absolute_url`` -------------------- diff --git a/docs/ref/models/options.txt b/docs/ref/models/options.txt index f49ba7a5c0..baa24f63cb 100644 --- a/docs/ref/models/options.txt +++ b/docs/ref/models/options.txt @@ -286,8 +286,6 @@ Django quotes column and table names behind the scenes. .. attribute:: Options.index_together - .. versionadded:: 1.5 - Sets of field names that, taken together, are indexed:: index_together = [ diff --git a/docs/ref/models/querysets.txt b/docs/ref/models/querysets.txt index 0f08022179..910f7d94d5 100644 --- a/docs/ref/models/querysets.txt +++ b/docs/ref/models/querysets.txt @@ -913,7 +913,7 @@ needed by ``select_related``), it is able to detect that the ``best_pizza`` objects have already been fetched, and it will skip fetching them again. Chaining ``prefetch_related`` calls will accumulate the lookups that are -prefetched. To clear any ``prefetch_related`` behavior, pass `None` as a +prefetched. To clear any ``prefetch_related`` behavior, pass ``None`` as a parameter:: >>> non_prefetched = qs.prefetch_related(None) @@ -1149,13 +1149,11 @@ to ``defer()``:: # Load all fields immediately. my_queryset.defer(None) -.. versionchanged:: 1.5 - - Some fields in a model won't be deferred, even if you ask for them. You can - never defer the loading of the primary key. If you are using - :meth:`select_related()` to retrieve related models, you shouldn't defer the - loading of the field that connects from the primary model to the related - one, doing so will result in an error. +Some fields in a model won't be deferred, even if you ask for them. You can +never defer the loading of the primary key. If you are using +:meth:`select_related()` to retrieve related models, you shouldn't defer the +loading of the field that connects from the primary model to the related +one, doing so will result in an error. .. note:: @@ -1178,8 +1176,6 @@ to ``defer()``:: reader, is slightly faster and consumes a little less memory in the Python process. -.. versionchanged:: 1.5 - .. note:: When calling :meth:`~django.db.models.Model.save()` for instances with @@ -1227,16 +1223,14 @@ All of the cautions in the note for the :meth:`defer` documentation apply to ``only()`` as well. Use it cautiously and only after exhausting your other options. -.. versionchanged:: 1.5 - - Using :meth:`only` and omitting a field requested using - :meth:`select_related` is an error as well. +Using :meth:`only` and omitting a field requested using :meth:`select_related` +is an error as well. - .. note:: +.. note:: - When calling :meth:`~django.db.models.Model.save()` for instances with - deferred fields, only the loaded fields will be saved. See - :meth:`~django.db.models.Model.save()` for more details. + When calling :meth:`~django.db.models.Model.save()` for instances with + deferred fields, only the loaded fields will be saved. See + :meth:`~django.db.models.Model.save()` for more details. using ~~~~~ @@ -1567,10 +1561,6 @@ The ``batch_size`` parameter controls how many objects are created in single query. The default is to create all objects in one batch, except for SQLite where the default is such that at maximum 999 variables per query is used. -.. versionadded:: 1.5 - - The ``batch_size`` parameter was added in version 1.5. - count ~~~~~ @@ -1900,10 +1890,6 @@ methods on your models. It does, however, emit the :data:`~django.db.models.signals.post_delete` signals for all deleted objects (including cascaded deletions). -.. versionadded:: 1.5 - - Allow fast-path deletion of objects. - Django needs to fetch objects into memory to send signals and handle cascades. However, if there are no cascades and no signals, then Django may take a fast-path and delete objects without fetching into memory. For large @@ -1911,7 +1897,7 @@ deletes this can result in significantly reduced memory usage. The amount of executed queries can be reduced, too. ForeignKeys which are set to :attr:`~django.db.models.ForeignKey.on_delete` -DO_NOTHING do not prevent taking the fast-path in deletion. +``DO_NOTHING`` do not prevent taking the fast-path in deletion. Note that the queries generated in object deletion is an implementation detail subject to change. diff --git a/docs/ref/request-response.txt b/docs/ref/request-response.txt index c57a1470d6..a4ed6a2645 100644 --- a/docs/ref/request-response.txt +++ b/docs/ref/request-response.txt @@ -93,10 +93,6 @@ All attributes should be considered read-only, unless stated otherwise below. non-form data posted in the request, access this through the :attr:`HttpRequest.body` attribute instead. - .. versionchanged:: 1.5 - - Before Django 1.5, HttpRequest.POST contained non-form data. - It's possible that a request can come in via POST with an empty ``POST`` dictionary -- if, say, a form is requested via the POST HTTP method but does not include form data. Therefore, you shouldn't use ``if request.POST`` @@ -196,8 +192,6 @@ All attributes should be considered read-only, unless stated otherwise below. .. attribute:: HttpRequest.resolver_match - .. versionadded:: 1.5 - An instance of :class:`~django.core.urlresolvers.ResolverMatch` representing the resolved url. This attribute is only set after url resolving took place, which means it's available in all views but not in middleware methods which @@ -824,8 +818,6 @@ types of HTTP responses. Like ``HttpResponse``, these subclasses live in StreamingHttpResponse objects ============================= -.. versionadded:: 1.5 - .. class:: StreamingHttpResponse The :class:`StreamingHttpResponse` class is used to stream a response from diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 38d7275aed..424f7d5795 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -1108,6 +1108,19 @@ Default: ``2621440`` (i.e. 2.5 MB). The maximum size (in bytes) that an upload will be before it gets streamed to the file system. See :doc:`/topics/files` for details. +.. setting:: FILE_UPLOAD_DIRECTORY_PERMISSIONS + +FILE_UPLOAD_DIRECTORY_PERMISSIONS +--------------------------------- + +.. versionadded:: 1.7 + +Default: ``None`` + +The numeric mode to apply to directories created in the process of +uploading files. This value mirrors the functionality and caveats of +the :setting:`FILE_UPLOAD_PERMISSIONS` setting. + .. setting:: FILE_UPLOAD_PERMISSIONS FILE_UPLOAD_PERMISSIONS @@ -1529,6 +1542,8 @@ unpredictable value. :djadmin:`django-admin.py startproject <startproject>` automatically adds a randomly-generated ``SECRET_KEY`` to each new project. +Django will refuse to start if :setting:`SECRET_KEY` is not set. + .. warning:: **Keep this value secret.** @@ -1537,10 +1552,6 @@ randomly-generated ``SECRET_KEY`` to each new project. security protections, and can lead to privilege escalation and remote code execution vulnerabilities. -.. versionchanged:: 1.5 - - Django will now refuse to start if :setting:`SECRET_KEY` is not set. - .. setting:: SECURE_PROXY_SSL_HEADER SECURE_PROXY_SSL_HEADER @@ -2095,13 +2106,9 @@ The URL where requests are redirected after login when the This is used by the :func:`~django.contrib.auth.decorators.login_required` decorator, for example. -.. versionchanged:: 1.5 - - This setting now also accepts view function names and - :ref:`named URL patterns <naming-url-patterns>` which can be used to reduce - configuration duplication since you no longer have to define the URL in two - places (``settings`` and URLconf). - For backward compatibility reasons the default remains unchanged. +This setting also accepts view function names and :ref:`named URL patterns +<naming-url-patterns>` which can be used to reduce configuration duplication +since you don't have to define the URL in two places (``settings`` and URLconf). .. setting:: LOGIN_URL @@ -2113,13 +2120,9 @@ Default: ``'/accounts/login/'`` The URL where requests are redirected for login, especially when using the :func:`~django.contrib.auth.decorators.login_required` decorator. -.. versionchanged:: 1.5 - - This setting now also accepts view function names and - :ref:`named URL patterns <naming-url-patterns>` which can be used to reduce - configuration duplication since you no longer have to define the URL in two - places (``settings`` and URLconf). - For backward compatibility reasons the default remains unchanged. +This setting also accepts view function names and :ref:`named URL patterns +<naming-url-patterns>` which can be used to reduce configuration duplication +since you don't have to define the URL in two places (``settings`` and URLconf). .. setting:: LOGOUT_URL @@ -2249,7 +2252,9 @@ Controls where Django stores message data. Valid values are: See :ref:`message storage backends <message-storage-backends>` for more details. -The backends that use cookies -- ``CookieStorage`` and ``FallbackStorage`` -- +The backends that use cookies -- +:class:`~django.contrib.messages.storage.cookie.CookieStorage` and +:class:`~django.contrib.messages.storage.fallback.FallbackStorage` -- use the value of :setting:`SESSION_COOKIE_DOMAIN` when setting their cookies. .. setting:: MESSAGE_TAGS diff --git a/docs/ref/signals.txt b/docs/ref/signals.txt index ca1668000c..8381a49a09 100644 --- a/docs/ref/signals.txt +++ b/docs/ref/signals.txt @@ -118,8 +118,6 @@ Arguments sent with this signal: ``using`` The database alias being used. -.. versionadded:: 1.5 - ``update_fields`` The set of fields to update explicitly specified in the ``save()`` method. ``None`` if this argument was not used in the ``save()`` call. @@ -153,8 +151,6 @@ Arguments sent with this signal: ``using`` The database alias being used. -.. versionadded:: 1.5 - ``update_fields`` The set of fields to update explicitly specified in the ``save()`` method. ``None`` if this argument was not used in the ``save()`` call. @@ -522,14 +518,7 @@ request_finished .. data:: django.core.signals.request_finished :module: -Sent when Django finishes processing an HTTP request. - -.. versionchanged:: 1.5 - - Before Django 1.5, this signal was sent before delivering content to the - client. In order to accommodate :ref:`streaming responses - <httpresponse-streaming>`, it is now sent after the response has been fully - delivered to the client. +Sent when Django finishes delvering an HTTP response to the client. .. note:: diff --git a/docs/ref/template-response.txt b/docs/ref/template-response.txt index a8fb8dfee6..47c012e12a 100644 --- a/docs/ref/template-response.txt +++ b/docs/ref/template-response.txt @@ -75,16 +75,10 @@ Methods The HTTP Status code for the response. ``content_type`` - - .. versionchanged:: 1.5 - - Historically, this parameter was only called ``mimetype`` (now - deprecated), but since this is actually the value included in the HTTP - ``Content-Type`` header, it can also include the character set - encoding, which makes it more than just a MIME type specification. If - ``content_type`` is specified, then its value is used. Otherwise, - :setting:`DEFAULT_CONTENT_TYPE` is used. - + The value included in the HTTP ``Content-Type`` header, including the + MIME type specification and the character set encoding. If + ``content_type`` is specified, then its value is used. Otherwise, + :setting:`DEFAULT_CONTENT_TYPE` is used. .. method:: SimpleTemplateResponse.resolve_context(context) @@ -167,13 +161,8 @@ Methods The HTTP Status code for the response. ``content_type`` - - .. versionchanged:: 1.5 - - Historically, this parameter was only called ``mimetype`` (now - deprecated), but since this is actually the value included in the HTTP - ``Content-Type`` header, it can also include the character set - encoding, which makes it more than just a MIME type specification. If + The value included in the HTTP ``Content-Type`` header, including the + MIME type specification and the character set encoding. If ``content_type`` is specified, then its value is used. Otherwise, :setting:`DEFAULT_CONTENT_TYPE` is used. diff --git a/docs/ref/templates/api.txt b/docs/ref/templates/api.txt index 87822fe7f8..05f8c249c5 100644 --- a/docs/ref/templates/api.txt +++ b/docs/ref/templates/api.txt @@ -274,11 +274,6 @@ Builtin variables Every context contains ``True``, ``False`` and ``None``. As you would expect, these variables resolve to the corresponding Python objects. -.. versionadded:: 1.5 - - Before Django 1.5, these variables weren't a special case, and they - resolved to ``None`` unless you defined them in the context. - Playing with Context objects ---------------------------- diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt index afb6e4b123..5b02ab22d1 100644 --- a/docs/ref/templates/builtins.txt +++ b/docs/ref/templates/builtins.txt @@ -1059,22 +1059,14 @@ by the context as to the current application. .. warning:: - Don't forget to put quotes around the function path or pattern name! - - .. versionchanged:: 1.5 - - The first parameter used not to be quoted, which was inconsistent with - other template tags. Since Django 1.5, it is evaluated according to - the usual rules: it can be a quoted string or a variable that will be - looked up in the context. + Don't forget to put quotes around the function path or pattern name, + otherwise the value will be interpreted as a context variable! .. templatetag:: verbatim verbatim ^^^^^^^^ -.. versionadded:: 1.5 - Stops the template engine from rendering the contents of this block tag. A common use is to allow a Javascript template layer that collides with @@ -1108,6 +1100,14 @@ If ``this_value`` is 175, ``max_value`` is 200, and ``max_width`` is 100, the image in the above example will be 88 pixels wide (because 175/200 = .875; .875 * 100 = 87.5 which is rounded up to 88). +.. versionchanged:: 1.7 + +In some cases you might want to capture the result of ``widthratio`` in a +variable. It can be useful, for instance, in a :ttag:`blocktrans` like this:: + + {% widthratio this_value max_value max_width as width %} + {% blocktrans %}The width is: {{ width }}{% endblocktrans %} + .. templatetag:: with with @@ -2403,8 +2403,6 @@ It is also able to consume standard context variables, e.g. assuming a If you'd like to retrieve a static URL without displaying it, you can use a slightly different call: -.. versionadded:: 1.5 - .. code-block:: html+django {% load static %} diff --git a/docs/ref/unicode.txt b/docs/ref/unicode.txt index c9534c12c9..306a2dfb48 100644 --- a/docs/ref/unicode.txt +++ b/docs/ref/unicode.txt @@ -45,28 +45,26 @@ rendering or anywhere else -- you have two choices for encoding those strings. You can use Unicode strings, or you can use normal strings (sometimes called "bytestrings") that are encoded using UTF-8. -.. versionchanged:: 1.5 +In Python 3, the logic is reversed, that is normal strings are Unicode, and +when you want to specifically create a bytestring, you have to prefix the +string with a 'b'. As we are doing in Django code from version 1.5, +we recommend that you import ``unicode_literals`` from the __future__ library +in your code. Then, when you specifically want to create a bytestring literal, +prefix the string with 'b'. - In Python 3, the logic is reversed, that is normal strings are Unicode, and - when you want to specifically create a bytestring, you have to prefix the - string with a 'b'. As we are doing in Django code from version 1.5, - we recommend that you import ``unicode_literals`` from the __future__ library - in your code. Then, when you specifically want to create a bytestring literal, - prefix the string with 'b'. +Python 2 legacy:: - Python 2 legacy:: + my_string = "This is a bytestring" + my_unicode = u"This is an Unicode string" - my_string = "This is a bytestring" - my_unicode = u"This is an Unicode string" +Python 2 with unicode literals or Python 3:: - Python 2 with unicode literals or Python 3:: - - from __future__ import unicode_literals + from __future__ import unicode_literals - my_string = b"This is a bytestring" - my_unicode = "This is an Unicode string" + my_string = b"This is a bytestring" + my_unicode = "This is an Unicode string" - See also :doc:`Python 3 compatibility </topics/python3>`. +See also :doc:`Python 3 compatibility </topics/python3>`. .. warning:: diff --git a/docs/ref/utils.txt b/docs/ref/utils.txt index d31de35006..a093de18b7 100644 --- a/docs/ref/utils.txt +++ b/docs/ref/utils.txt @@ -204,8 +204,6 @@ The functions defined in this module share the following properties: .. function:: smart_text(s, encoding='utf-8', strings_only=False, errors='strict') - .. versionadded:: 1.5 - Returns a text object representing ``s`` -- ``unicode`` on Python 2 and ``str`` on Python 3. Treats bytestrings using the ``encoding`` codec. @@ -225,8 +223,6 @@ The functions defined in this module share the following properties: .. function:: force_text(s, encoding='utf-8', strings_only=False, errors='strict') - .. versionadded:: 1.5 - Similar to ``smart_text``, except that lazy instances are resolved to strings, rather than kept as lazy objects. @@ -239,8 +235,6 @@ The functions defined in this module share the following properties: .. function:: smart_bytes(s, encoding='utf-8', strings_only=False, errors='strict') - .. versionadded:: 1.5 - Returns a bytestring version of ``s``, encoded as specified in ``encoding``. @@ -249,8 +243,6 @@ The functions defined in this module share the following properties: .. function:: force_bytes(s, encoding='utf-8', strings_only=False, errors='strict') - .. versionadded:: 1.5 - Similar to ``smart_bytes``, except that lazy instances are resolved to bytestrings, rather than kept as lazy objects. @@ -745,8 +737,6 @@ appropriate entities. .. class:: SafeBytes - .. versionadded:: 1.5 - A ``bytes`` subclass that has been specifically marked as "safe" (requires no further escaping) for HTML output purposes. @@ -758,8 +748,6 @@ appropriate entities. .. class:: SafeText - .. versionadded:: 1.5 - A ``str`` (in Python 3) or ``unicode`` (in Python 2) subclass that has been specifically marked as "safe" for HTML output purposes. @@ -977,8 +965,6 @@ For a complete discussion on the usage of the following see the ``None``, the :ref:`current time zone <default-current-time-zone>` is unset on entry with :func:`deactivate()` instead. -.. versionadded:: 1.5 - .. function:: localtime(value, timezone=None) Converts an aware :class:`~datetime.datetime` to a different time zone, diff --git a/docs/releases/1.3.3.txt b/docs/releases/1.3.3.txt new file mode 100644 index 0000000000..437cbfb412 --- /dev/null +++ b/docs/releases/1.3.3.txt @@ -0,0 +1,11 @@ +========================== +Django 1.3.3 release notes +========================== + +*August 1, 2012* + +Following Monday's security release of :doc:`Django 1.3.2 </releases/1.3.2>`, +we began receiving reports that one of the fixes applied was breaking Python +2.4 compatibility for Django 1.3. Since Python 2.4 is a supported Python +version for that release series, this release fixes compatibility with +Python 2.4. diff --git a/docs/releases/1.3.4.txt b/docs/releases/1.3.4.txt new file mode 100644 index 0000000000..3a174b3d44 --- /dev/null +++ b/docs/releases/1.3.4.txt @@ -0,0 +1,37 @@ +========================== +Django 1.3.4 release notes +========================== + +*October 17, 2012* + +This is the fourth release in the Django 1.3 series. + +Host header poisoning +--------------------- + +Some parts of Django -- independent of end-user-written applications -- make +use of full URLs, including domain name, which are generated from the HTTP Host +header. Some attacks against this are beyond Django's ability to control, and +require the web server to be properly configured; Django's documentation has +for some time contained notes advising users on such configuration. + +Django's own built-in parsing of the Host header is, however, still vulnerable, +as was reported to us recently. The Host header parsing in Django 1.3.3 and +Django 1.4.1 -- specifically, ``django.http.HttpRequest.get_host()`` -- was +incorrectly handling username/password information in the header. Thus, for +example, the following Host header would be accepted by Django when running on +"validsite.com":: + + Host: validsite.com:random@evilsite.com + +Using this, an attacker can cause parts of Django -- particularly the +password-reset mechanism -- to generate and display arbitrary URLs to users. + +To remedy this, the parsing in ``HttpRequest.get_host()`` is being modified; +Host headers which contain potentially dangerous content (such as +username/password pairs) now raise the exception +:exc:`django.core.exceptions.SuspiciousOperation`. + +Details of this issue were initially posted online as a `security advisory`_. + +.. _security advisory: https://www.djangoproject.com/weblog/2012/oct/17/security/ diff --git a/docs/releases/1.3.5.txt b/docs/releases/1.3.5.txt new file mode 100644 index 0000000000..65c403209d --- /dev/null +++ b/docs/releases/1.3.5.txt @@ -0,0 +1,60 @@ +========================== +Django 1.3.5 release notes +========================== + +*December 10, 2012* + +Django 1.3.5 addresses two security issues present in previous Django releases +in the 1.3 series. + +Please be aware that this security release is slightly different from previous +ones. Both issues addressed here have been dealt with in prior security updates +to Django. In one case, we have received ongoing reports of problems, and in +the other we've chosen to take further steps to tighten up Django's code in +response to independent discovery of potential problems from multiple sources. + +Host header poisoning +--------------------- + +Several earlier Django security releases focused on the issue of poisoning the +HTTP Host header, causing Django to generate URLs pointing to arbitrary, +potentially-malicious domains. + +In response to further input received and reports of continuing issues +following the previous release, we're taking additional steps to tighten Host +header validation. Rather than attempt to accommodate all features HTTP +supports here, Django's Host header validation attempts to support a smaller, +but far more common, subset: + +* Hostnames must consist of characters [A-Za-z0-9] plus hyphen ('-') or dot + ('.'). +* IP addresses -- both IPv4 and IPv6 -- are permitted. +* Port, if specified, is numeric. + +Any deviation from this will now be rejected, raising the exception +:exc:`django.core.exceptions.SuspiciousOperation`. + +Redirect poisoning +------------------ + +Also following up on a previous issue: in July of this year, we made changes to +Django's HTTP redirect classes, performing additional validation of the scheme +of the URL to redirect to (since, both within Django's own supplied +applications and many third-party applications, accepting a user-supplied +redirect target is a common pattern). + +Since then, two independent audits of the code turned up further potential +problems. So, similar to the Host-header issue, we are taking steps to provide +tighter validation in response to reported problems (primarily with third-party +applications, but to a certain extent also within Django itself). This comes in +two parts: + +1. A new utility function, ``django.utils.http.is_safe_url``, is added; this +function takes a URL and a hostname, and checks that the URL is either +relative, or if absolute matches the supplied hostname. This function is +intended for use whenever user-supplied redirect targets are accepted, to +ensure that such redirects cannot lead to arbitrary third-party sites. + +2. All of Django's own built-in views -- primarily in the authentication system +-- which allow user-supplied redirect targets now use ``is_safe_url`` to +validate the supplied URL. diff --git a/docs/releases/1.3.6.txt b/docs/releases/1.3.6.txt new file mode 100644 index 0000000000..d55199a882 --- /dev/null +++ b/docs/releases/1.3.6.txt @@ -0,0 +1,78 @@ +========================== +Django 1.3.6 release notes +========================== + +*February 19, 2013* + +Django 1.3.6 fixes four security issues present in previous Django releases in +the 1.3 series. + +This is the sixth bugfix/security release in the Django 1.3 series. + + +Host header poisoning +--------------------- + +Some parts of Django -- independent of end-user-written applications -- make +use of full URLs, including domain name, which are generated from the HTTP Host +header. Django's documentation has for some time contained notes advising users +on how to configure webservers to ensure that only valid Host headers can reach +the Django application. However, it has been reported to us that even with the +recommended webserver configurations there are still techniques available for +tricking many common webservers into supplying the application with an +incorrect and possibly malicious Host header. + +For this reason, Django 1.3.6 adds a new setting, ``ALLOWED_HOSTS``, which +should contain an explicit list of valid host/domain names for this site. A +request with a Host header not matching an entry in this list will raise +``SuspiciousOperation`` if ``request.get_host()`` is called. For full details +see the documentation for the :setting:`ALLOWED_HOSTS` setting. + +The default value for this setting in Django 1.3.6 is ``['*']`` (matching any +host), for backwards-compatibility, but we strongly encourage all sites to set +a more restrictive value. + +This host validation is disabled when ``DEBUG`` is ``True`` or when running tests. + + +XML deserialization +------------------- + +The XML parser in the Python standard library is vulnerable to a number of +attacks via external entities and entity expansion. Django uses this parser for +deserializing XML-formatted database fixtures. The fixture deserializer is not +intended for use with untrusted data, but in order to err on the side of safety +in Django 1.3.6 the XML deserializer refuses to parse an XML document with a +DTD (DOCTYPE definition), which closes off these attack avenues. + +These issues in the Python standard library are CVE-2013-1664 and +CVE-2013-1665. More information available `from the Python security team`_. + +Django's XML serializer does not create documents with a DTD, so this should +not cause any issues with the typical round-trip from ``dumpdata`` to +``loaddata``, but if you feed your own XML documents to the ``loaddata`` +management command, you will need to ensure they do not contain a DTD. + +.. _from the Python security team: http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html + + +Formset memory exhaustion +------------------------- + +Previous versions of Django did not validate or limit the form-count data +provided by the client in a formset's management form, making it possible to +exhaust a server's available memory by forcing it to create very large numbers +of forms. + +In Django 1.3.6, all formsets have a strictly-enforced maximum number of forms +(1000 by default, though it can be set higher via the ``max_num`` formset +factory argument). + + +Admin history view information leakage +-------------------------------------- + +In previous versions of Django, an admin user without change permission on a +model could still view the unicode representation of instances via their admin +history log. Django 1.3.6 now limits the admin history log view for an object +to users with change permission for that model. diff --git a/docs/releases/1.3.7.txt b/docs/releases/1.3.7.txt new file mode 100644 index 0000000000..3cccfcfb1c --- /dev/null +++ b/docs/releases/1.3.7.txt @@ -0,0 +1,13 @@ +========================== +Django 1.3.7 release notes +========================== + +*February 20, 2013* + +Django 1.3.7 corrects a packaging problem with yesterday's :doc:`1.3.6 release +</releases/1.3.6>`. + +The release contained stray ``.pyc`` files that caused "bad magic number" +errors when running with some versions of Python. This releases corrects this, +and also fixes a bad documentation link in the project template ``settings.py`` +file generated by ``manage.py startproject``. diff --git a/docs/releases/1.4.2.txt b/docs/releases/1.4.2.txt index 07eec39764..a6150f56c3 100644 --- a/docs/releases/1.4.2.txt +++ b/docs/releases/1.4.2.txt @@ -17,7 +17,7 @@ for some time contained notes advising users on such configuration. Django's own built-in parsing of the Host header is, however, still vulnerable, as was reported to us recently. The Host header parsing in Django 1.3.3 and -Django 1.4.1 -- specifically, django.http.HttpRequest.get_host() -- was +Django 1.4.1 -- specifically, ``django.http.HttpRequest.get_host()`` -- was incorrectly handling username/password information in the header. Thus, for example, the following Host header would be accepted by Django when running on "validsite.com":: @@ -27,9 +27,10 @@ example, the following Host header would be accepted by Django when running on Using this, an attacker can cause parts of Django -- particularly the password-reset mechanism -- to generate and display arbitrary URLs to users. -To remedy this, the parsing in HttpRequest.get_host() is being modified; Host -headers which contain potentially dangerous content (such as username/password -pairs) now raise the exception django.core.exceptions.SuspiciousOperation +To remedy this, the parsing in ``HttpRequest.get_host()`` is being modified; +Host headers which contain potentially dangerous content (such as +username/password pairs) now raise the exception +:exc:`django.core.exceptions.SuspiciousOperation`. Details of this issue were initially posted online as a `security advisory`_. diff --git a/docs/releases/1.4.3.txt b/docs/releases/1.4.3.txt new file mode 100644 index 0000000000..aadf623c3c --- /dev/null +++ b/docs/releases/1.4.3.txt @@ -0,0 +1,60 @@ +========================== +Django 1.4.3 release notes +========================== + +*December 10, 2012* + +Django 1.4.3 addresses two security issues present in previous Django releases +in the 1.4 series. + +Please be aware that this security release is slightly different from previous +ones. Both issues addressed here have been dealt with in prior security updates +to Django. In one case, we have received ongoing reports of problems, and in +the other we've chosen to take further steps to tighten up Django's code in +response to independent discovery of potential problems from multiple sources. + +Host header poisoning +--------------------- + +Several earlier Django security releases focused on the issue of poisoning the +HTTP Host header, causing Django to generate URLs pointing to arbitrary, +potentially-malicious domains. + +In response to further input received and reports of continuing issues +following the previous release, we're taking additional steps to tighten Host +header validation. Rather than attempt to accommodate all features HTTP +supports here, Django's Host header validation attempts to support a smaller, +but far more common, subset: + +* Hostnames must consist of characters [A-Za-z0-9] plus hyphen ('-') or dot + ('.'). +* IP addresses -- both IPv4 and IPv6 -- are permitted. +* Port, if specified, is numeric. + +Any deviation from this will now be rejected, raising the exception +:exc:`django.core.exceptions.SuspiciousOperation`. + +Redirect poisoning +------------------ + +Also following up on a previous issue: in July of this year, we made changes to +Django's HTTP redirect classes, performing additional validation of the scheme +of the URL to redirect to (since, both within Django's own supplied +applications and many third-party applications, accepting a user-supplied +redirect target is a common pattern). + +Since then, two independent audits of the code turned up further potential +problems. So, similar to the Host-header issue, we are taking steps to provide +tighter validation in response to reported problems (primarily with third-party +applications, but to a certain extent also within Django itself). This comes in +two parts: + +1. A new utility function, ``django.utils.http.is_safe_url``, is added; this +function takes a URL and a hostname, and checks that the URL is either +relative, or if absolute matches the supplied hostname. This function is +intended for use whenever user-supplied redirect targets are accepted, to +ensure that such redirects cannot lead to arbitrary third-party sites. + +2. All of Django's own built-in views -- primarily in the authentication system +-- which allow user-supplied redirect targets now use ``is_safe_url`` to +validate the supplied URL. diff --git a/docs/releases/1.4.4.txt b/docs/releases/1.4.4.txt new file mode 100644 index 0000000000..c5fcbc3e39 --- /dev/null +++ b/docs/releases/1.4.4.txt @@ -0,0 +1,88 @@ +========================== +Django 1.4.4 release notes +========================== + +*February 19, 2013* + +Django 1.4.4 fixes four security issues present in previous Django releases in +the 1.4 series, as well as several other bugs and numerous documentation +improvements. + +This is the fourth bugfix/security release in the Django 1.4 series. + + +Host header poisoning +--------------------- + +Some parts of Django -- independent of end-user-written applications -- make +use of full URLs, including domain name, which are generated from the HTTP Host +header. Django's documentation has for some time contained notes advising users +on how to configure webservers to ensure that only valid Host headers can reach +the Django application. However, it has been reported to us that even with the +recommended webserver configurations there are still techniques available for +tricking many common webservers into supplying the application with an +incorrect and possibly malicious Host header. + +For this reason, Django 1.4.4 adds a new setting, ``ALLOWED_HOSTS``, containing +an explicit list of valid host/domain names for this site. A request with a +Host header not matching an entry in this list will raise +``SuspiciousOperation`` if ``request.get_host()`` is called. For full details +see the documentation for the :setting:`ALLOWED_HOSTS` setting. + +The default value for this setting in Django 1.4.4 is ``['*']`` (matching any +host), for backwards-compatibility, but we strongly encourage all sites to set +a more restrictive value. + +This host validation is disabled when ``DEBUG`` is ``True`` or when running tests. + + +XML deserialization +------------------- + +The XML parser in the Python standard library is vulnerable to a number of +attacks via external entities and entity expansion. Django uses this parser for +deserializing XML-formatted database fixtures. This deserializer is not +intended for use with untrusted data, but in order to err on the side of safety +in Django 1.4.4 the XML deserializer refuses to parse an XML document with a +DTD (DOCTYPE definition), which closes off these attack avenues. + +These issues in the Python standard library are CVE-2013-1664 and +CVE-2013-1665. More information available `from the Python security team`_. + +Django's XML serializer does not create documents with a DTD, so this should +not cause any issues with the typical round-trip from ``dumpdata`` to +``loaddata``, but if you feed your own XML documents to the ``loaddata`` +management command, you will need to ensure they do not contain a DTD. + +.. _from the Python security team: http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html + + +Formset memory exhaustion +------------------------- + +Previous versions of Django did not validate or limit the form-count data +provided by the client in a formset's management form, making it possible to +exhaust a server's available memory by forcing it to create very large numbers +of forms. + +In Django 1.4.4, all formsets have a strictly-enforced maximum number of forms +(1000 by default, though it can be set higher via the ``max_num`` formset +factory argument). + + +Admin history view information leakage +-------------------------------------- + +In previous versions of Django, an admin user without change permission on a +model could still view the unicode representation of instances via their admin +history log. Django 1.4.4 now limits the admin history log view for an object +to users with change permission for that model. + + +Other bugfixes and changes +========================== + +* Prevented transaction state from leaking from one request to the next (#19707). +* Changed a SQL command syntax to be MySQL 4 compatible (#19702). +* Added backwards-compatibility with old unsalted MD5 passwords (#18144). +* Numerous documentation improvements and fixes. diff --git a/docs/releases/1.4.5.txt b/docs/releases/1.4.5.txt new file mode 100644 index 0000000000..9ba5235f79 --- /dev/null +++ b/docs/releases/1.4.5.txt @@ -0,0 +1,13 @@ +========================== +Django 1.4.5 release notes +========================== + +*February 20, 2013* + +Django 1.4.5 corrects a packaging problem with yesterday's :doc:`1.4.4 release +</releases/1.4.4>`. + +The release contained stray ``.pyc`` files that caused "bad magic number" +errors when running with some versions of Python. This releases corrects this, +and also fixes a bad documentation link in the project template ``settings.py`` +file generated by ``manage.py startproject``. diff --git a/docs/releases/1.4.6.txt b/docs/releases/1.4.6.txt new file mode 100644 index 0000000000..575e9fa75a --- /dev/null +++ b/docs/releases/1.4.6.txt @@ -0,0 +1,31 @@ +========================== +Django 1.4.6 release notes +========================== + +*August 13, 2013* + +Django 1.4.6 fixes one security issue present in previous Django releases in +the 1.4 series, as well as one other bug. + +This is the sixth bugfix/security release in the Django 1.4 series. + +Mitigated possible XSS attack via user-supplied redirect URLs +------------------------------------------------------------- + +Django relies on user input in some cases (e.g. +:func:`django.contrib.auth.views.login`, :mod:`django.contrib.comments`, and +:doc:`i18n </topics/i18n/index>`) to redirect the user to an "on success" URL. +The security checks for these redirects (namely +``django.util.http.is_safe_url()``) didn't check if the scheme is ``http(s)`` +and as such allowed ``javascript:...`` URLs to be entered. If a developer +relied on ``is_safe_url()`` to provide safe redirect targets and put such a +URL into a link, he could suffer from a XSS attack. This bug doesn't affect +Django currently, since we only put this URL into the ``Location`` response +header and browsers seem to ignore JavaScript there. + +Bugfixes +======== + +* Fixed an obscure bug with the :func:`~django.test.utils.override_settings` + decorator. If you hit an ``AttributeError: 'Settings' object has no attribute + '_original_allowed_hosts'`` exception, it's probably fixed (#20636). diff --git a/docs/releases/1.5.2.txt b/docs/releases/1.5.2.txt new file mode 100644 index 0000000000..710f16555c --- /dev/null +++ b/docs/releases/1.5.2.txt @@ -0,0 +1,62 @@ +========================== +Django 1.5.2 release notes +========================== + +*August 13, 2013* + +This is Django 1.5.2, a bugfix and security release for Django 1.5. + +Mitigated possible XSS attack via user-supplied redirect URLs +------------------------------------------------------------- + +Django relies on user input in some cases (e.g. +:func:`django.contrib.auth.views.login`, :mod:`django.contrib.comments`, and +:doc:`i18n </topics/i18n/index>`) to redirect the user to an "on success" URL. +The security checks for these redirects (namely +``django.util.http.is_safe_url()``) didn't check if the scheme is ``http(s)`` +and as such allowed ``javascript:...`` URLs to be entered. If a developer +relied on ``is_safe_url()`` to provide safe redirect targets and put such a +URL into a link, he could suffer from a XSS attack. This bug doesn't affect +Django currently, since we only put this URL into the ``Location`` response +header and browsers seem to ignore JavaScript there. + +XSS vulnerability in :mod:`django.contrib.admin` +------------------------------------------------ + +If a :class:`~django.db.models.URLField` is used in Django 1.5, it displays the +current value of the field and a link to the target on the admin change page. +The display routine of this widget was flawed and allowed for XSS. + +Bugfixes +======== + +* Fixed a crash with :meth:`~django.db.models.query.QuerySet.prefetch_related` + (#19607) as well as some ``pickle`` regressions with ``prefetch_related`` + (#20157 and #20257). +* Fixed a regression in :mod:`django.contrib.gis` in the Google Map output on + Python 3 (#20773). +* Made ``DjangoTestSuiteRunner.setup_databases`` properly handle aliases for + the default database (#19940) and prevented ``teardown_databases`` from + attempting to tear down aliases (#20681). +* Fixed the ``django.core.cache.backends.memcached.MemcachedCache`` backend's + ``get_many()`` method on Python 3 (#20722). +* Fixed :mod:`django.contrib.humanize` translation syntax errors. Affected + languages: Mexican Spanish, Mongolian, Romanian, Turkish (#20695). +* Added support for wheel packages (#19252). +* The CSRF token now rotates when a user logs in. +* Some Python 3 compatibility fixes including #20212 and #20025. +* Fixed some rare cases where :meth:`~django.db.models.query.QuerySet.get` + exceptions recursed infinitely (#20278). +* :djadmin:`makemessages` no longer crashes with ``UnicodeDecodeError`` + (#20354). +* Fixed ``geojson`` detection with Spatialite. +* :meth:`~django.test.SimpleTestCase.assertContains` once again works with + binary content (#20237). +* Fixed :class:`~django.db.models.ManyToManyField` if it has a unicode ``name`` + parameter (#20207). +* Ensured that the WSGI request's path is correctly based on the + ``SCRIPT_NAME`` environment variable or the :setting:`FORCE_SCRIPT_NAME` + setting, regardless of whether or not either has a trailing slash (#20169). +* Fixed an obscure bug with the :func:`~django.test.utils.override_settings` + decorator. If you hit an ``AttributeError: 'Settings' object has no attribute + '_original_allowed_hosts'`` exception, it's probably fixed (#20636). diff --git a/docs/releases/1.5.txt b/docs/releases/1.5.txt index a4b03bc197..16d45de45f 100644 --- a/docs/releases/1.5.txt +++ b/docs/releases/1.5.txt @@ -2,6 +2,8 @@ Django 1.5 release notes ======================== +*February 26, 2013* + Welcome to Django 1.5! These release notes cover the `new features`_, as well diff --git a/docs/releases/1.7.txt b/docs/releases/1.7.txt index 3b1fe0c40e..a7b26c07fc 100644 --- a/docs/releases/1.7.txt +++ b/docs/releases/1.7.txt @@ -130,7 +130,7 @@ Minor features context level. * The :class:`~django.utils.feedgenerator.Atom1Feed` syndication feed's - ``updated`` element now utilizes `updateddate` instead of ``pubdate``, + ``updated`` element now utilizes ``updateddate`` instead of ``pubdate``, allowing the ``published`` element to be included in the feed (which relies on ``pubdate``). @@ -190,6 +190,30 @@ Minor features ``Meta`` option allows you to customize (or disable) creation of the default add, change, and delete permissions. +* The :func:`~django.contrib.auth.decorators.permission_required` decorator can + take a list of permissions as well as a single permission. + +* The new :setting:`FILE_UPLOAD_DIRECTORY_PERMISSIONS` setting controls + the file system permissions of directories created during file upload, like + :setting:`FILE_UPLOAD_PERMISSIONS` does for the files themselves. + +* Explicit :class:`~django.db.models.OneToOneField` for + :ref:`multi-table-inheritance` are now discovered in abstract classes. + +* The ``<label>`` and ``<input>`` tags rendered by + :class:`~django.forms.RadioSelect` and + :class:`~django.forms.CheckboxSelectMultiple` when looping over the radio + buttons or checkboxes now include ``for`` and ``id`` attributes, respectively. + Each radio button or checkbox includes an ``id_for_label`` attribute to + output the element's ID. + +* Any ``**kwargs`` passed to + :meth:`~django.contrib.auth.models.User.email_user()` are passed to the + underlying :meth:`~django.core.mail.send_mail()` call. + +* The :ttag:`widthratio` template tag now accepts an "as" parameter to capture + the result in a variable. + Backwards incompatible changes in 1.7 ===================================== @@ -237,6 +261,11 @@ Miscellaneous removes the ability for visitors to generate spurious HTTP 500 errors by requesting static files that don't exist or haven't been collected yet. +* The :meth:`django.db.models.Model.__eq__` method is now defined in a + way where instances of a proxy model and its base model are considered + equal when primary keys match. Previously only instances of exact same + class were considered equal on primary key match. + Features deprecated in 1.7 ========================== diff --git a/docs/releases/index.txt b/docs/releases/index.txt index 39439ff9aa..c3ba5cf478 100644 --- a/docs/releases/index.txt +++ b/docs/releases/index.txt @@ -36,6 +36,7 @@ Final releases .. toctree:: :maxdepth: 1 + 1.5.2 1.5.1 1.5 @@ -44,6 +45,10 @@ Final releases .. toctree:: :maxdepth: 1 + 1.4.6 + 1.4.5 + 1.4.4 + 1.4.3 1.4.2 1.4.1 1.4 @@ -53,6 +58,11 @@ Final releases .. toctree:: :maxdepth: 1 + 1.3.7 + 1.3.6 + 1.3.5 + 1.3.4 + 1.3.3 1.3.2 1.3.1 1.3 diff --git a/docs/topics/auth/customizing.txt b/docs/topics/auth/customizing.txt index e92e775bda..746e92e637 100644 --- a/docs/topics/auth/customizing.txt +++ b/docs/topics/auth/customizing.txt @@ -359,8 +359,6 @@ the extra database load. Substituting a custom User model ================================ -.. versionadded:: 1.5 - Some kinds of projects may have authentication requirements for which Django's built-in :class:`~django.contrib.auth.models.User` model is not always appropriate. For instance, on some sites it makes more sense to use an email @@ -684,13 +682,13 @@ auth views. * :class:`~django.contrib.auth.forms.AuthenticationForm` Works with any subclass of :class:`~django.contrib.auth.models.AbstractBaseUser`, - and will adapt to use the field defined in `USERNAME_FIELD`. + and will adapt to use the field defined in ``USERNAME_FIELD``. * :class:`~django.contrib.auth.forms.PasswordResetForm` Assumes that the user model has an integer primary key, has a field named ``email`` that can be used to identify the user, and a boolean field - named `is_active` to prevent password resets for inactive users. + named ``is_active`` to prevent password resets for inactive users. * :class:`~django.contrib.auth.forms.SetPasswordForm` diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt index 902adc9e32..4d86a7330e 100644 --- a/docs/topics/auth/default.txt +++ b/docs/topics/auth/default.txt @@ -434,12 +434,10 @@ The login_required decorator (r'^accounts/login/$', 'django.contrib.auth.views.login'), - .. versionchanged:: 1.5 - - The :setting:`settings.LOGIN_URL <LOGIN_URL>` also accepts - view function names and :ref:`named URL patterns <naming-url-patterns>`. - This allows you to freely remap your login view within your URLconf - without having to update the setting. + The :setting:`settings.LOGIN_URL <LOGIN_URL>` also accepts view function + names and :ref:`named URL patterns <naming-url-patterns>`. This allows you + to freely remap your login view within your URLconf without having to + update the setting. .. note:: @@ -528,6 +526,11 @@ The permission_required decorator (HTTP Forbidden) view<http_forbidden_view>` instead of redirecting to the login page. + .. versionchanged:: 1.7 + + The :func:`~django.contrib.auth.decorators.permission_required` + decorator can take a list of permissions as well as a single permission. + Applying permissions to generic views ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -1182,10 +1185,6 @@ Thus, you can check permissions in template ``{% if %}`` statements: <p>You don't have permission to do anything in the foo app.</p> {% endif %} -.. versionadded:: 1.5 - - Permission lookup by "if in". - It is possible to also look permissions up by ``{% if in %}`` statements. For example: diff --git a/docs/topics/class-based-views/intro.txt b/docs/topics/class-based-views/intro.txt index a65b887921..5986ff2ea7 100644 --- a/docs/topics/class-based-views/intro.txt +++ b/docs/topics/class-based-views/intro.txt @@ -198,6 +198,7 @@ A similar class-based view might look like:: from django.http import HttpResponseRedirect from django.shortcuts import render + from django.views.generic.base import View from .forms import MyForm diff --git a/docs/topics/class-based-views/mixins.txt b/docs/topics/class-based-views/mixins.txt index fdd5d42c5d..fb0b388b57 100644 --- a/docs/topics/class-based-views/mixins.txt +++ b/docs/topics/class-based-views/mixins.txt @@ -55,8 +55,6 @@ interface to working with templates in class-based views. override this to provide more flexible defaults when dealing with actual objects. -.. versionadded:: 1.5 - :class:`~django.views.generic.base.ContextMixin` Every built in view which needs context data, such as for rendering a template (including ``TemplateResponseMixin`` above), should call diff --git a/docs/topics/db/managers.txt b/docs/topics/db/managers.txt index 2d3f35db8b..c97149cfd1 100644 --- a/docs/topics/db/managers.txt +++ b/docs/topics/db/managers.txt @@ -265,8 +265,8 @@ Methods are copied according to the following rules: - Public methods are copied by default. - Private methods (starting with an underscore) are not copied by default. -- Methods with a `queryset_only` attribute set to `False` are always copied. -- Methods with a `queryset_only` attribute set to `True` are never copied. +- Methods with a ``queryset_only`` attribute set to ``False`` are always copied. +- Methods with a ``queryset_only`` attribute set to ``True`` are never copied. For example:: diff --git a/docs/topics/db/multi-db.txt b/docs/topics/db/multi-db.txt index 6e19844b5c..c098aa33e3 100644 --- a/docs/topics/db/multi-db.txt +++ b/docs/topics/db/multi-db.txt @@ -689,11 +689,6 @@ In addition, some objects are automatically created just after - three ``Permission`` for each model (including those not stored in that database). -.. versionchanged:: 1.5 - - Previously, ``ContentType`` and ``Permission`` instances were created only - in the default database. - For common setups with multiple databases, it isn't useful to have these objects in more than one database. Common setups include master / slave and connecting to external databases. Therefore, it's recommended: diff --git a/docs/topics/db/queries.txt b/docs/topics/db/queries.txt index 9a0d0ce6b9..30335f266d 100644 --- a/docs/topics/db/queries.txt +++ b/docs/topics/db/queries.txt @@ -639,20 +639,11 @@ that were modified more than 3 days after they were published:: >>> from datetime import timedelta >>> Entry.objects.filter(mod_date__gt=F('pub_date') + timedelta(days=3)) -.. versionadded:: 1.5 - - ``.bitand()`` and ``.bitor()`` - -The ``F()`` objects now support bitwise operations by ``.bitand()`` and +The ``F()`` objects support bitwise operations by ``.bitand()`` and ``.bitor()``, for example:: >>> F('somefield').bitand(16) -.. versionchanged:: 1.5 - - The previously undocumented operators ``&`` and ``|`` no longer produce - bitwise operations, use ``.bitand()`` and ``.bitor()`` instead. - The pk lookup shortcut ---------------------- diff --git a/docs/topics/http/file-uploads.txt b/docs/topics/http/file-uploads.txt index 2cdab9ea9b..d88524ee20 100644 --- a/docs/topics/http/file-uploads.txt +++ b/docs/topics/http/file-uploads.txt @@ -132,7 +132,7 @@ upload behavior. Changing upload handler behavior -------------------------------- -Three settings control Django's file upload behavior: +There are a few settings which control Django's file upload behavior: :setting:`FILE_UPLOAD_MAX_MEMORY_SIZE` The maximum size, in bytes, for files that will be uploaded into memory. @@ -167,6 +167,11 @@ Three settings control Django's file upload behavior: **Always prefix the mode with a 0.** +:setting:`FILE_UPLOAD_DIRECTORY_PERMISSIONS` + The numeric mode to apply to directories created in the process of + uploading files. This value mirrors the functionality and caveats of + the :setting:`FILE_UPLOAD_PERMISSIONS` setting. + :setting:`FILE_UPLOAD_HANDLERS` The actual handlers for uploaded files. Changing this setting allows complete customization -- even replacement -- of Django's upload diff --git a/docs/topics/http/middleware.txt b/docs/topics/http/middleware.txt index 6bb7ccb8f8..da3f7ce4c1 100644 --- a/docs/topics/http/middleware.txt +++ b/docs/topics/http/middleware.txt @@ -204,11 +204,6 @@ reverse order, from the bottom up. This means classes defined at the end of Dealing with streaming responses ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.. versionchanged:: 1.5 - - ``response`` may also be an :class:`~django.http.StreamingHttpResponse` - object. - Unlike :class:`~django.http.HttpResponse`, :class:`~django.http.StreamingHttpResponse` does not have a ``content`` attribute. As a result, middleware can no longer assume that all responses diff --git a/docs/topics/http/sessions.txt b/docs/topics/http/sessions.txt index 3ee7af9539..6ac17ccbd8 100644 --- a/docs/topics/http/sessions.txt +++ b/docs/topics/http/sessions.txt @@ -70,10 +70,6 @@ If you have multiple caches defined in :setting:`CACHES`, Django will use the default cache. To use another cache, set :setting:`SESSION_CACHE_ALIAS` to the name of that cache. -.. versionchanged:: 1.5 - - The :setting:`SESSION_CACHE_ALIAS` setting was added. - Once your cache is configured, you've got two choices for how to store data in the cache: @@ -302,8 +298,6 @@ You can edit it multiple times. .. method:: SessionBase.clear_expired - .. versionadded:: 1.5 - Removes expired sessions from the session store. This class method is called by :djadmin:`clearsessions`. @@ -469,9 +463,7 @@ cookie will be sent on every request. Similarly, the ``expires`` part of a session cookie is updated each time the session cookie is sent. -.. versionchanged:: 1.5 - - The session is not saved if the response's status code is 500. +The session is not saved if the response's status code is 500. .. _browser-length-vs-persistent-sessions: diff --git a/docs/topics/http/shortcuts.txt b/docs/topics/http/shortcuts.txt index 5c8725172a..8a80affb2a 100644 --- a/docs/topics/http/shortcuts.txt +++ b/docs/topics/http/shortcuts.txt @@ -21,7 +21,7 @@ introduce controlled coupling for convenience's sake. :class:`~django.http.HttpResponse` object with that rendered text. :func:`render()` is the same as a call to - :func:`render_to_response()` with a `context_instance` argument that + :func:`render_to_response()` with a ``context_instance`` argument that forces the use of a :class:`~django.template.RequestContext`. Required arguments @@ -50,10 +50,6 @@ Optional arguments The MIME type to use for the resulting document. Defaults to the value of the :setting:`DEFAULT_CONTENT_TYPE` setting. - .. versionchanged:: 1.5 - - This parameter used to be called ``mimetype``. - ``status`` The status code for the response. Defaults to ``200``. @@ -129,11 +125,6 @@ Optional arguments The MIME type to use for the resulting document. Defaults to the value of the :setting:`DEFAULT_CONTENT_TYPE` setting. - .. versionchanged:: 1.5 - - This parameter used to be called ``mimetype``. - - Example ------- @@ -169,7 +160,8 @@ This example is equivalent to:: The arguments could be: - * A model: the model's `get_absolute_url()` function will be called. + * A model: the model's `:meth:`~django.db.models.Model.get_absolute_url()` + function will be called. * A view name, possibly with arguments: :func:`urlresolvers.reverse <django.core.urlresolvers.reverse>` will be used to reverse-resolve the diff --git a/docs/topics/i18n/translation.txt b/docs/topics/i18n/translation.txt index e724837ce1..6436e7dcf9 100644 --- a/docs/topics/i18n/translation.txt +++ b/docs/topics/i18n/translation.txt @@ -1031,8 +1031,6 @@ in django-statici18n_. Internationalization: in URL patterns ===================================== -.. versionadded:: 1.4 - .. module:: django.conf.urls.i18n Django provides two mechanisms to internationalize URL patterns: diff --git a/docs/topics/logging.txt b/docs/topics/logging.txt index 66c517d615..21eac6e120 100644 --- a/docs/topics/logging.txt +++ b/docs/topics/logging.txt @@ -581,8 +581,6 @@ logging module. .. class:: RequireDebugTrue() - .. versionadded:: 1.5 - This filter is similar to :class:`RequireDebugFalse`, except that records are passed only when :setting:`DEBUG` is ``True``. @@ -599,10 +597,5 @@ All messages reaching the ``django`` catch-all logger when :setting:`DEBUG` is ``True`` are sent to the console. They are simply discarded (sent to ``NullHandler``) when :setting:`DEBUG` is ``False``. -.. versionchanged:: 1.5 - - Before Django 1.5, all messages reaching the ``django`` logger were - discarded, regardless of :setting:`DEBUG`. - See also :ref:`Configuring logging <configuring-logging>` to learn how you can complement or replace this default logging configuration. diff --git a/docs/topics/pagination.txt b/docs/topics/pagination.txt index 9da71563c3..f3c8e35c25 100644 --- a/docs/topics/pagination.txt +++ b/docs/topics/pagination.txt @@ -248,19 +248,13 @@ Methods .. method:: Page.next_page_number() - Returns the next page number. - - .. versionchanged:: 1.5 - - Raises :exc:`InvalidPage` if next page doesn't exist. + Returns the next page number. Raises :exc:`InvalidPage` if next page + doesn't exist. .. method:: Page.previous_page_number() - Returns the previous page number. - - .. versionchanged:: 1.5 - - Raises :exc:`InvalidPage` if previous page doesn't exist. + Returns the previous page number. Raises :exc:`InvalidPage` if previous + page doesn't exist. .. method:: Page.start_index() diff --git a/docs/topics/serialization.txt b/docs/topics/serialization.txt index d3fda16479..0f24715599 100644 --- a/docs/topics/serialization.txt +++ b/docs/topics/serialization.txt @@ -141,14 +141,11 @@ sure that they are "appropriate" for saving before doing so. Of course, if you trust your data source you could just save the object and move on. The Django object itself can be inspected as ``deserialized_object.object``. +If fields in the serialized data do not exist on a model, a +``DeserializationError`` will be raised unless the ``ignorenonexistent`` +argument is passed in as ``True``:: -.. versionadded:: 1.5 - - If fields in the serialized data do not exist on a model, - a ``DeserializationError`` will be raised unless the ``ignorenonexistent`` - argument is passed in as True:: - - serializers.deserialize("xml", data, ignorenonexistent=True) + serializers.deserialize("xml", data, ignorenonexistent=True) .. _serialization-formats: diff --git a/docs/topics/signals.txt b/docs/topics/signals.txt index a97fb2f14f..587590096c 100644 --- a/docs/topics/signals.txt +++ b/docs/topics/signals.txt @@ -132,10 +132,6 @@ Now, our ``my_callback`` function will be called each time a request finishes. Note that ``receiver`` can also take a list of signals to connect a function to. -.. versionchanged:: 1.5 - - The ability to pass a list of signals was added. - .. admonition:: Where should this code live? You can put signal handling and registration code anywhere you like. diff --git a/docs/topics/testing/advanced.txt b/docs/topics/testing/advanced.txt index 99af951866..d8d59c6872 100644 --- a/docs/topics/testing/advanced.txt +++ b/docs/topics/testing/advanced.txt @@ -217,8 +217,6 @@ Advanced features of ``TransactionTestCase`` .. attribute:: TransactionTestCase.reset_sequences - .. versionadded:: 1.5 - Setting ``reset_sequences = True`` on a ``TransactionTestCase`` will make sure sequences are always reset before the test run:: diff --git a/docs/topics/testing/overview.txt b/docs/topics/testing/overview.txt index 457d10eec0..dc12244d72 100644 --- a/docs/topics/testing/overview.txt +++ b/docs/topics/testing/overview.txt @@ -219,12 +219,6 @@ the Django test runner reorders tests in the following way: * Then any other tests (e.g. doctests) that may alter the database without restoring it to its original state are run. -.. versionchanged:: 1.5 - - Before Django 1.5, the only guarantee was that - :class:`~django.test.TestCase` tests were always ran first, before any other - tests. - .. note:: The new ordering of tests may reveal unexpected dependencies on test case @@ -587,11 +581,6 @@ Use the ``django.test.client.Client`` class to make requests. When ``data`` is provided, it is used as the request body, and a ``Content-Type`` header is set to ``content_type``. - .. versionchanged:: 1.5 - - :meth:`Client.options` used to process ``data`` like - :meth:`Client.get`. - The ``follow`` and ``extra`` arguments act the same as for :meth:`Client.get`. @@ -603,11 +592,6 @@ Use the ``django.test.client.Client`` class to make requests. When ``data`` is provided, it is used as the request body, and a ``Content-Type`` header is set to ``content_type``. - .. versionchanged:: 1.5 - - :meth:`Client.put` used to process ``data`` like - :meth:`Client.post`. - The ``follow`` and ``extra`` arguments act the same as for :meth:`Client.get`. @@ -627,15 +611,9 @@ Use the ``django.test.client.Client`` class to make requests. When ``data`` is provided, it is used as the request body, and a ``Content-Type`` header is set to ``content_type``. - .. versionchanged:: 1.5 - - :meth:`Client.delete` used to process ``data`` like - :meth:`Client.get`. - The ``follow`` and ``extra`` arguments act the same as for :meth:`Client.get`. - .. method:: Client.login(**credentials) If your site uses Django's :doc:`authentication system</topics/auth/index>` @@ -931,25 +909,6 @@ to test the effects of commit and rollback: database. This can cause your tests to pass or fail unexpectedly. Always use ``TransactionTestCase`` when testing transactional behavior. -.. versionchanged:: 1.5 - - Prior to 1.5, :class:`~django.test.TransactionTestCase` flushed the - database tables *before* each test. In Django 1.5, this is instead done - *after* the test has been run. - - When the flush took place before the test, it was guaranteed that primary - key values started at one in :class:`~django.test.TransactionTestCase` - tests. - - Tests should not depend on this behavior, but for legacy tests that do, - the :attr:`~TransactionTestCase.reset_sequences` attribute can be used - until the test has been properly updated. - -.. versionchanged:: 1.5 - - The order in which tests are run has changed. See `Order in which tests are - executed`_. - ``TransactionTestCase`` inherits from :class:`~django.test.SimpleTestCase`. TestCase @@ -975,11 +934,6 @@ additions, including: * Django-specific assertions for testing for things like redirection and form errors. -.. versionchanged:: 1.5 - - The order in which tests are run has changed. See `Order in which tests are - executed`_. - ``TestCase`` inherits from :class:`~django.test.TransactionTestCase`. .. _live-test-server: @@ -1636,8 +1590,6 @@ your test suite. .. method:: SimpleTestCase.assertXMLEqual(xml1, xml2, msg=None) - .. versionadded:: 1.5 - Asserts that the strings ``xml1`` and ``xml2`` are equal. The comparison is based on XML semantics. Similarly to :meth:`~SimpleTestCase.assertHTMLEqual`, the comparison is @@ -1649,8 +1601,6 @@ your test suite. .. method:: SimpleTestCase.assertXMLNotEqual(xml1, xml2, msg=None) - .. versionadded:: 1.5 - Asserts that the strings ``xml1`` and ``xml2`` are *not* equal. The comparison is based on XML semantics. See :meth:`~SimpleTestCase.assertXMLEqual` for details. @@ -1659,8 +1609,6 @@ your test suite. .. method:: SimpleTestCase.assertInHTML(needle, haystack, count=None, msg_prefix='') - .. versionadded:: 1.5 - Asserts that the HTML fragment ``needle`` is contained in the ``haystack`` one. If the ``count`` integer argument is specified, then additionally the number @@ -1671,8 +1619,6 @@ your test suite. .. method:: SimpleTestCase.assertJSONEqual(raw, expected_data, msg=None) - .. versionadded:: 1.5 - Asserts that the JSON fragments ``raw`` and ``expected_data`` are equal. Usual JSON non-significant whitespace rules apply as the heavyweight is delegated to the :mod:`json` library. |
