summaryrefslogtreecommitdiff
path: root/django
AgeCommit message (Collapse)Author
2013-11-06[1.6.x] Bump version numbers for 1.6 release.James Bennett
2013-11-05[1.6.x] Pulled Transifex translations for contrib appsClaude Paroz
2013-11-05[1.6.x] Pulled Transifex translations for Django coreClaude Paroz
2013-11-01[1.6.x] Fixed spelling ("dependant" -> "dependent")Tim Graham
Dependent means reliant on. A dependant is a person like a child or spouse. Thanks Andrew Wilcox for the report. Backport of 090315f5df from master
2013-10-30[1.6.x] Fixed #21347 -- Added missing JS variable declaration.Tim Graham
Thanks szymon.barglowski at gmail.com for the report. Backport of 0b1d425a41 from master
2013-10-26[1.6.x] Removed relative usage of import_moduleClaude Paroz
Python 3 version of importlib doesn't support this syntax. Partial backport of fdd7a355bf. Refs #21335.
2013-10-26[1.6.x] Fixed #21335 -- Use importlib from python3 when using python3Andrey Antukh
Backport of 3351e94ffa from master.
2013-10-22[1.6.x] Bump version number for 1.6 release candidate.1.6c1James Bennett
2013-10-22[1.6.x] Fixed #21307 -- Moved TransRealMixin to django.test.utils.Ramiro Morales
51d2e1fb23 from master.
2013-10-22[1.6.x] Decode from UTF-8 explicitly when reading a text file in makemessages.Ramiro Morales
This shows itself with Python 3 under Windows where UTF-8 usually isn't the default file I/O encoding and caused one failure and three errors in our test suite under that platform setup. b5f52647fe from master.
2013-10-21[1.6.x] Fixed #21249 -- variable name typo in compiler.get_grouping()Anssi Kääriäinen
The typo could have consequences in exceptional cases, but I didn't figure out a way to actually produce such a case, so not tests. Report & patch by Michael Manfre. Backport of 86c248aa64 from master
2013-10-21[1.6.x] Force update of the password on iteration count changes.Florian Apolloner
Backport of 7d0d0dbf26a3c0d16e9c2b930fd6d7b89f215946 from master.
2013-10-21[1.6.x] Fixed #21253 -- PBKDF2 with cached HMAC keyFlorian Apolloner
This gives a 2x speed increase compared to the existing implementation. Thanks to Steve Thomas for the initial patch and Tim Graham for finishing it. Backport of 1e4f53a6eb8d1816e51eb8bd8f95e704f6b89ead from master.
2013-10-19[1.6.x] Fixed #21291 -- Ensured inactive users cannot reset their passwordsClaude Paroz
Thanks kz26 for the report and the suggested fix. Refs #19758. Backport of 5f5259036 from master.
2013-10-19[1.6.x] Cleaned formatting/comments in PasswordResetFormTestClaude Paroz
Backport of 59a880863 from master.
2013-10-18[1.6.x] Fixed bug causing CSRF token not to rotate on login.Tim Graham
Thanks Gavin McQuillan for the report. Backport of ac4fec5ca2 from master
2013-10-18[1.6.x] Fixed #21284 -- Prevented KeyError swallowing in fetch_commandClaude Paroz
Thanks wildfire for the report. Backport of 3514bcb251 from master.
2013-10-17[1.6.x] Fixed #21282 -- Made HttpResponse.serialize_headers accept latin-1Claude Paroz
Thanks Raphaël Barrois for the report and the initial patch and Aymeric Augustin for the review. Backport of a14f087233 from master.
2013-10-14[1.6.x] Fixed #21269 -- Don't crash when CommandError contains non-asciiClaude Paroz
Thanks kontakt@eikefoken.de for the report. Backport of 42a67ec1cd from master.
2013-10-14[1.6.x] Imported custom user classes in tests depending on itClaude Paroz
Without those imports, affected test files cannot be run independently. Refs #21164. Backport of ef22d512b5 from master.
2013-10-13[1.6.x] Fixed #21256 -- Error in datetime_safe.datetime.combine.Aymeric Augustin
Backport of d9b6fb8 from master
2013-10-13Fixed #21198 -- Prevented invalid use of @python_2_unicode_compatible.Aymeric Augustin
Thanks jpic for the report and chmodas for working on a patch. Reverts 2ea80b94. Refs #19362. Conflicts: tests/utils_tests/test_encoding.py
2013-10-13[1.6.x] Fixed #19560 -- Identified field in warning for naive datetime.Aymeric Augustin
Thanks gcc for the report and vajrasky for the patch. Backport of 570d9c2678d6cc564f9c70138554af8f7ce9ec49 from master.
2013-10-09[1.6.x] Updated auth translation templateClaude Paroz
2013-10-08[1.6.x] Fixed #21164 -- Added documentation for issue with test users.Russell Keith-Magee
The package renaming restores the older package names (which were also the documented package names). This doesn't affect test discovery because the module in question doesn't contain any tests. Thanks to Carl for the design discussion. Backport of ddb5385 from master.
2013-10-08[1.6.x] Refs #21197 -- Clarified upgrade check message.Russell Keith-Magee
Thanks to Carl and Shai for the discussion. Backport of 8ff4303 from master.
2013-10-07[1.6.x] Fixed #21235 -- Disabled savepoints for old versions of SQLite.Aymeric Augustin
Thanks Ramiro for the report. Backport of 91547772 from master.
2013-10-02[1.6.x] Fixed #21129 -- Prevented admin filter params modifications from ↵tschilling
throwing an exception. Thanks Tuttle for the report. Backport of 5381317fe3 from master
2013-10-01[1.6.x] Fixed #21209 -- .po file path comments on Windows.Ramiro Morales
Literals from source files with Django template language syntax don't have a '.py' suffix anymore. Also, the '.\' prefix is preserved to respect GNU gettext behavior on that platform. Refs #16903. 4b715fc05a from master.
2013-10-01[1.6.x] Fixed #21203 -- resolve_columns fields misalignmentAnssi Kääriäinen
In queries using .defer() together with .select_related() the values and fields arguments didn't align properly for resolve_columns(). Backpatch of bf13c75c0d94d606b8a077ff73bbd0440f05b396 from master.
2013-10-01[1.6.x] Factorized requires_tz_support decorator in test utilsClaude Paroz
Thanks Aymeric Augustin for the suggestion. Refs #21165. Backport of c1c44b2506 from master.
2013-09-30Fixed #21134 -- Prevented queries in broken transactions.Aymeric Augustin
Backport of 728548e4 from master. Squashed commit of the following: commit 63ddb271a44df389b2c302e421fc17b7f0529755 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sun Sep 29 22:51:00 2013 +0200 Clarified interactions between atomic and exceptions. commit 2899ec299228217c876ba3aa4024e523a41c8504 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sun Sep 22 22:45:32 2013 +0200 Fixed TransactionManagementError in tests. Previous commit introduced an additional check to prevent running queries in transactions that will be rolled back, which triggered a few failures in the tests. In practice using transaction.atomic instead of the low-level savepoint APIs was enough to fix the problems. commit 4a639b059ea80aeb78f7f160a7d4b9f609b9c238 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Tue Sep 24 22:24:17 2013 +0200 Allowed nesting constraint_checks_disabled inside atomic. Since MySQL handles transactions loosely, this isn't a problem. commit 2a4ab1cb6e83391ff7e25d08479e230ca564bfef Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sat Sep 21 18:43:12 2013 +0200 Prevented running queries in transactions that will be rolled back. This avoids a counter-intuitive behavior in an edge case on databases with non-atomic transaction semantics. It prevents using savepoint_rollback() inside an atomic block without calling set_rollback(False) first, which is backwards-incompatible in tests. Refs #21134. commit 8e3db393853c7ac64a445b66e57f3620a3fde7b0 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sun Sep 22 22:14:17 2013 +0200 Replaced manual savepoints by atomic blocks. This ensures the rollback flag is handled consistently in internal APIs.
2013-09-28[1.6.x] Fixed #21186: Fixed regression when using date fields in the admin's ↵Baptiste Mispelon
list_filter. Thanks to onlygoldi2201 for the report and to ramiro and apollo13 for the reviews. Backport of 8f51ba669aba94eea684ea3f3429fd8e39e70679 from master.
2013-09-27[1.6.x] Fix #21185: Added tests for unescape_entities.Baptiste Mispelon
Also fixed a py3 incompatibility. Thanks to brutasse for the report. Backport of 3754f4ad410640382f9fe25073da03009cdc2ea3 from master.
2013-09-27[1.6.x] Fixed an ImportError in `django.core.cache.backends.db`Javed Khan
It was introduced by a979a2fea5.
2013-09-26[1.6.x] Fixed #21146 - DatabaseCache converts expires to python valueMichael Manfre
DatabaseCache uses raw cursors to bypass the ORM. This prevents it from being used by database backends that require special handling of datetime values. There is no easy way to test this, so no tests added. Backport of d5606b5763 from master
2013-09-25[1.6.x] Fixed #21126 -- QuerySet value conversion failureAnssi Kääriäinen
A .annotate().select_related() query resulted in misaligned rows vs columns for compiler.resolve_columns() method. Report & patch by Michael Manfre. Backpatch of 83554b018ef283827c0e7459ab934d447b3419d5 from master.
2013-09-24[1.6.x] Fixed #21138 -- Increased the performance of our PBKDF2 implementation.Florian Apolloner
Thanks go to Michael Gebetsroither for pointing out this issue and help on the patch. Backport of 68540fe4df44492571bc610a0a043d3d02b3d320 from master.
2013-09-24Revert "[1.6.x] Ensure that passwords are never long enough for a DoS."Florian Apolloner
This reverts commit 5ecc0f828ebe270cfc92a0a2bfb4268800907904. This fix is no longer necessary, our pbkdf2 (see next commit) implementation no longer rehashes the password every iteration.
2013-09-24[1.6.x] Fixed #21150 -- Improved Query.add_fields() join promotion logicAnssi Kääriäinen
Thanks to Eivind Fonn for the report and test case.
2013-09-24[1.6.x] Marked PermissionsMixin.user_permissions help_text for translationMichał Lech
Backport of 53c7d66869 from master
2013-09-22[1.6.x] Fixed "Address already in use" from liveserver.Florian Apolloner
Our WSGIServer rewrapped the socket errors from server_bind into WSGIServerExceptions, which is used later on to provide nicer error messages in runserver and used by the liveserver to see if the port is already in use. But wrapping server_bind isn't enough since it only binds to the socket, socket.listen (which is called from server_activate) could also raise "Address already in use". Instead of overriding server_activate too I chose to just catch socket errors, which seems to make more sense anyways and should be more robust against changes in wsgiref. Backport of 2ca00faa913754cd5860f6e1f23c8da2529c691a from master.
2013-09-21[1.6.x] Ensured that BoundField.as_widget always returns properly localized ↵Florian Apolloner
fields. This is a follow-up to #18777 which improperly converted to strings in prepare_value and as such caused regressions like #21074. Refs #18777, #21074 Backport of 56743cf9e337826e4c615909570bb057142a6a7b from master.
2013-09-19[1.6.x] Increased default PBKDF2 iterationsPaul McMillan
Increases the default PBKDF2 iterations, since computers have gotten faster since 2011. In the future, we plan to increment by 10% per major version. Backport of a075e2ad0d from master
2013-09-18[1.6.x] Fixed #21098 -- Applied sensitive_post_parameters to MultiValueDictTim Graham
Thanks simonpercivall for the report and bmispelon for the review. Backport of 2daada800f from master
2013-09-18[1.6.x] Fixed #15625 -- Made message in MultiValueDictKeyError less verbose.Tim Graham
Thanks margieroginski for the suggestion. Backport of 893198509e from master
2013-09-17[1.6.x] Final attempt to solve sporadic test failures.Florian Apolloner
tearDownClass is not called if setUpClass throws an exception, in our case this means that LiveServerTestCase leaks LiveServerThread sockets if the test happens to be skipped later on, and AdminSeleniumWebDriverTestCase doesn't close it's already open browser window. To prevent this leakage we catch errors where needed and manually call _tearDownClassInternal. _tearDownClassInternal should be written as defensively as possible since it is not allowed to make any assumptions on how far setUpClass got. This patch should fix the sporadic "Address already in use"-errors on jenkins and also the "This code isn't under transaction management"-error for sqlite (also just on jenkins). After discussion with koniiiik, jezdez, kmtracey, tos9, lifeless, nedbat and voidspace it was decided that this is the safest approach (thanks to everyone for their comments and help). Manually calling tearDownClass was shut down cause we don't know how our users override our classes. This is a private and very specialized API on purpose and should not be used without a strong reason! This patch partially reverts the earlier attempts to fix those issues, namely: 2fa0dd73b18f55d0fdd1c1d54b1d18031bfcf1ed and 3c5775d36f7e431d9691829a78580873111cb714 Final note: If this patch breaks in a later version of Django, please be very careful on how you fix it, you might not see test failures locally. That said, this patch hopefully doesn't produce even more failures. Backport of 73a610d2a81bc3bf2d3834786b2458bc85953ed0 from master.
2013-09-17[1.6.x] Fixed #21109 -- made db cursor error wrapping fasterAnssi Kääriäinen
Backpatch of 94001421321bd8808c4027a72aa32a1eef005764 from master.
2013-09-15[1.6.x] Add release notes and bump version number for security release.1.6b4James Bennett
2013-09-15[1.6.x] Ensure that passwords are never long enough for a DoS.Russell Keith-Magee
* Limit the password length to 4096 bytes * Password hashers will raise a ValueError * django.contrib.auth forms will fail validation * Document in release notes that this is a backwards incompatible change Thanks to Josh Wright for the report, and Donald Stufft for the patch. This is a security fix; disclosure to follow shortly. Backport of aae5a96d5754ad34e48b7f673ef2411a3bbc1015 from master.