summaryrefslogtreecommitdiff
path: root/django
AgeCommit message (Collapse)Author
2013-02-19[1.5.x] Bump version numbers for security release.1.5c2James Bennett
2013-02-19[1.5.x] Added a default limit to the maximum number of forms in a formset.Aymeric Augustin
This is a security fix. Disclosure and advisory coming shortly.
2013-02-19[1.5.x] Checked object permissions on admin history view.Carl Meyer
This is a security fix. Disclosure and advisory coming shortly. Patch by Russell Keith-Magee.
2013-02-19[1.5.x] Restricted the XML deserializer to prevent DoS attacks.Carl Meyer
This is a security fix. Disclosure and advisory coming shortly.
2013-02-19[1.5.x] Added a new required ALLOWED_HOSTS setting for HTTP host header ↵Carl Meyer
validation. This is a security fix; disclosure and advisory coming shortly.
2013-02-16[1.5.x] Fixed #19833 -- Fixed import parameter encoding in get_runnerClaude Paroz
Thanks Danilo Bargen for the report. Backport of 63236161 from master.
2013-02-15[1.5.x] Fixed geos test to prevent random failureClaude Paroz
Points in the test fixtures have 20 as max coordinate. Backport of 87854b0bdf3 from master.
2013-02-15[1.5.x] Avoided unneeded assertion on Python 3Claude Paroz
Fixes failure introduced in 02e5909f7a.
2013-02-15[1.5.x] Fixed #19807 -- Sanitized getpass input in createsuperuserClaude Paroz
Python 2 getpass on Windows doesn't accept unicode, even when containing only ascii chars. Thanks Semmel for the report and tests. Backport of 02e5909f7a from master.
2013-02-15[1.5.x] Fixed #19829 -- Fixed index lookups for NumPy arrays in templates.Julien Phalip
Backport of 7d5e35cdb46124e2471
2013-02-15[1.5.x] Fixed #19822 -- Added validation for uniqueness on USERNAME_FIELD on ↵Russell Keith-Magee
custom User models. Thanks to Claude Peroz for the draft patch. (cherry picked from commit f5e4a699ca0f58818acbdf9081164060cee910fa)
2013-02-14[1.5.x] Fixed #19729 -- Removed leftover refactoring helper variables.Ramiro Morales
Thanks chrismedrela for the report. Refs #6262, 44b9076 and 4d94c0c. 826d9de00e74a53d7cc65fcb2aaa5ccdf33674ab from master.
2013-02-12[1.5.x] Fix admindocs on Python 3, where None cannot be sorted with strings.Carl Meyer
This fixes two tests in admin_views which were failing on Python 3, but only if the tests were run with docutils installed.
2013-02-13[1.5.x] Removed try-except in django.db.close_connection()Anssi Kääriäinen
The reason was that the except clause needed to remove a connection from the django.db.connections dict, but other parts of Django do not expect this to happen. In addition the except clause was silently swallowing the exception messages. Refs #19707, special thanks to Carl Meyer for pointing out that this approach should be taken.
2013-02-10[1.5.x] Made custom m2m fields without through easier to useAnssi Kääriäinen
The change in f105fbe52b21da206bfbaedf0e92326667d7b2d4 made through=None m2m fields fail in cases where they worked before. It isn't possible to create such fields using public APIs. The fix is trivial, so it seems worth adding it. This is not a backport from master. Master has gotten enough other changes to related fields internal API that this fix alone isn't enough to do any good.
2013-02-10[1.5.x] Fixed #19720 -- Oracle ordering related delete regressionAnssi Kääriäinen
When a query had a complex where condition (a condition targeting more than the base table) a subquery was used for deletion. However, the query had default ordering from the model's meta and Oracle doesn't work with ordered subqueries. The regression was caused by fast-path deletion code introduced in 1cd6e04cd4f768bcd4385b75de433d497d938f82 for fixing #18676. Thanks to Dylan Klomparens for the report. Backpatch of 8ef3235034a1a7616714a5d61486dc68536f74ee
2013-02-10[1.5.x] Fixed #19638 -- Skipped tx support testing for some DBsAnssi Kääriäinen
PostgreSQL and Oracle always support transactions, so the create table and rollback test is non-necessary on those DBs. Thanks to shai for report. Backpatch of 0478780b8efdfcbc0d2c17f1459cac45701e1d86
2013-02-10[1.5.x] Fixed #19707 -- Reset transaction state after requestsAnssi Kääriäinen
Backpatch of a4e97cf315142e61bb4bc3ed8259b95d8586d09c
2013-02-09[1.5.x] Made modwsgi groups_for_user consistent with check_passwordPreston Holmes
2b5f848207b1dab35afd6f63d0107629c76d4d9a based its changes on #19061 that made the is_active attribute mandatory for user models. The try/except was not removed for the groups_for_user function. refs #19780
2013-02-08[1.5.x] Fixed #19779 -- Checked contrib.sites presence in ↵Claude Paroz
RedirectFallbackMiddleware Thanks Aymeric Augustin for the report and directions for the patch. Backport of 2ed90eac from master.
2013-02-08[1.5.x] Fixed #19776 -- Added missing import for backportPreston Holmes
line was present on master from 1520748dac95a7f114e4bb2feeee04d46c720494
2013-02-07[1.5.x] Fixed #19662 -- alter auth modelbackend to accept custom username fieldsPreston Holmes
Thanks to Aymeric and Carl for the review.
2013-02-07[1.5.x] Fixed #19772 -- Handled APPEND_SLASH correctly in the redirects app.Aymeric Augustin
Backport of 64623a2.
2013-02-06Partially revert 9efe1a721, strip_tags improvementsClaude Paroz
The new regex seems not stable enough for being released. Stripping with regex might need reevaluation for the next release. Refs #19237.
2013-02-06[1.5.x] Fixed #19745 -- Forced resolution of verbose names in createsupersuserClaude Paroz
Thanks Baptiste Mispelon for the report and Preston Holmes for the review. Backport of 2390fe3f4 from master.
2013-02-04[1.5.x] Updated translations (bn/es/eu/lb/mn)Claude Paroz
2013-02-04[1.5.x] Fixed #19725 -- Made createsuperuser handle non-ascii promptsClaude Paroz
Thanks Michisu for the report. Backport of 55c585f1c from master.
2013-02-02[1.5.x] Fixed #19333 -- Moved compress.py outside of the admin static ↵Julien Phalip
folder. Thanks to camilonova, Russell Keith-Magee, Aymeric Augustin and Ramiro Morales for the feedback. Backport of c9c40bc6bc64e6
2013-02-02[1.5.x] Fixed #19445 -- Skip admin fieldsets validation when the ↵Nick Sandford
ModelAdmin.get_form() method is overridden. Backport of 0694d2196f0fad
2013-02-02[1.5.x] Lowered field ordering requirement in ogrinspect testClaude Paroz
This test was randomly failing depending on the library environment. Backport of a1c470a6f from master.
2013-02-02[1.5.x] Added missing parentheses in if clauseClaude Paroz
Backport of 1f8e7bb07 from master.
2013-02-02[1.5.x] Fixed #18144 -- Added backwards compatibility with old unsalted MD5 ↵Claude Paroz
passwords Thanks apreobrazhensky at gmail.com for the report. Backport of 63d6a50dd from master.
2013-01-31[1.5.x] Fixed #19708 -- Exception in timezone.override(None).Aymeric Augustin
Thanks rafales. Backport of 9a4a1ce.
2013-01-31[1.5.x] Fixed #19692 -- Completed deprecation of mimetype in favor of ↵Aymeric Augustin
content_type. Thanks Tim for the report and initial patch. Backport of 89cb771 from master.
2013-01-30[1.5.x] Fixed #19076 -- Added content_type attribute to TemplateView.Aymeric Augustin
Thanks Gavin Wahl. Backport of 23e319d.
2013-01-29[1.5.x] Fixed typos in docs and commentsTim Graham
Backport of ee26797cff from master
2013-01-25[1.5.x] Fixed #19665 -- Ensured proper stderr output for Command.run_from_argvClaude Paroz
Thanks Stefan Koegl for the report and Simon Charette for the review. Backport of b9c8bbf37 from master.
2013-01-25[1.5.x] Fixed #19577 - Added HTML escaping to admin examples.Tim Graham
Thanks foo@ for the report and Florian Apolloner for the review. Backport of eafc036476 from master
2013-01-24[1.5.x] Avoided a possible regression in 5097d3c5.Aymeric Augustin
QuerySet.none() returns an instance of EmptyQuerySet, which may have undesirable side effects in the presence of custom query set classes. The implementation of .none() was refactored in master to have the same effect as .filter(pk__in=[]). Refs #19652. Thanks Simon Charrette for the report.
2013-01-23[1.5.x] Fixed #19652 -- Fixed .none() regression in related fieldsAnssi Kääriäinen
The regression was caused by using .none() when querying for related models, and the origin field's value was None. This resulted in missing custom related manager subclass as .none() returns plain QuerySet. This isn't backport from master, in master .none() correctly preserves the queryset's class. Patch provided by Simon Charette, with some minor polish by committer.
2013-01-22[1.5.x] Fixed #19477 - Documented generic_inlineformset_factoryTim Graham
Thanks epicserve for the suggestion. Backport of 214fb700b9 from master
2013-01-22[1.5.X] Fixed #19596 -- Use `_default_manager` instead of `objects` in the ↵Florian Apolloner
auth app. This is needed to support custom user models which don't define a manager named `objects`. Backport of cc4de61a2b36abf418d6f4c720d9e62c405e0612 from master.
2013-01-19[1.5.x] Fixed #19606 -- Adjusted cx_Oracle unicode detection.Jani Tiainen
Backpatch of d194f290571f7e9dda7d2fd7a6f2b171120f2f14
2013-01-15Updated contrib apps translationsClaude Paroz
2013-01-15Updated localflavor translationsClaude Paroz
2013-01-15Updated core translationsClaude Paroz
2013-01-15[1.5.x] Fixed #19092 -- Completed Lithuanian date/time formatsClaude Paroz
Thanks Tadas Dailyda for the report and the patch. Backport of 2f8ab2f1b0 from master.
2013-01-12[1.5.x] Fixed #18026 -- Don't return an anonymous dict if extra_data in ↵Stephan Jaekel
storage is empty. Backport of 97121cb9 from master.
2013-01-11[1.5.x] Fixed #19488 -- Made i18n_patterns redirect work with ↵Claude Paroz
non-slash-ending paths Thanks Daniel Gerzo for the report and the initial patch. Backport of bcdb4898c from master.
2013-01-11[1.5.x] Fixed #19585 -- Fixed loading cookie value as a dictClaude Paroz
This regression was introduced by the 'unicode_literals' patch. Backport of f08e739bc2 from master.