summaryrefslogtreecommitdiff
path: root/django
AgeCommit message (Collapse)Author
2015-01-13[1.7.x] Bumped version for 1.7.3 release.1.7.3Tim Graham
2015-01-13[1.7.x] Fixed DoS possibility in ModelMultipleChoiceField.Tim Graham
This is a security fix. Disclosure following shortly. Thanks Keryn Knight for the report and initial patch.
2015-01-13[1.7.x] Prevented views.static.serve() from using large memory on large files.Tim Graham
This is a security fix. Disclosure following shortly.
2015-01-13[1.7.x] Fixed is_safe_url() to handle leading whitespace.Tim Graham
This is a security fix. Disclosure following shortly.
2015-01-13[1.7.x] Stripped headers containing underscores to prevent spoofing in WSGI ↵Carl Meyer
environ. This is a security fix. Disclosure following shortly. Thanks to Jedediah Smith for the report.
2015-01-11[1.7.x] Fixed #24110 -- Rewrote migration unapply to preserve intermediate ↵Markus Holtermann
states Backport of fdc2cc948725866212a9bcc97b9b7cf21bb49b90 and be158e36251df0b07556657da47cdaf10913c57a from master
2015-01-10[1.7.x] Fixed #23967 -- Added formats for GreekSerafeim Papastefanos
Backport of 74f02557e0183812d6d60e2548985c5c40b3d27b from master
2015-01-10[1.7.x] Fixed #24097 -- Prevented AttributeError in redirect_to_loginClaude Paroz
Thanks Peter Schmidt for the report and the initial patch. Thanks to Oktay Sancak for writing the original failing test and Alvin Savoy for supporting contributing back to the community. Backport of d7bc37d61 from master.
2015-01-06[1.7.x] Fixed #23815 -- Prevented UnicodeDecodeError in CSRF middlewareClaude Paroz
Thanks codeitloadit for the report, living180 for investigations and Tim Graham for the review. Backport of 27dd7e7271 from master.
2015-01-03[1.7.x] Increased the default PBKDF2 iterations.Tim Graham
2015-01-02[1.7.x] Post-release version bump.Tim Graham
2015-01-02[1.7.x] Bumped version for 1.7.2 release.1.7.2Tim Graham
2015-01-02[1.7.x] Updated six to 1.9.0.Tim Graham
Backport of 52f0b2b62262743d5f935ddae29428e661b5d8ea from master
2014-12-31[1.7.x] Fixed #23366 -- Fixed a crash with the migrate --list command.Tim Graham
Backport of b4bdd5262b18644456d12a00d475adf9897a9255 from master
2014-12-31[1.7.x] Fixed #24008 -- Fixed ValidationError crash with list of dicts.Andrey Maslov
Backport of 7a878ca5cb50ad65fc465cb263a44cc93629f75c from master
2014-12-31[1.7.x] Fixed #23758 -- Allowed more than 5 levels of subqueriesPiotr Pawlaczek
Refactored bump_prefix() to avoid infinite loop and allow more than than 5 subquires by extending the alphabet to use multi-letters. Backport of 41fc1c0b5eac156e200a10233c7c9210a1c0fed8 from master
2014-12-31[1.7.x] Renamed variables to avoid name collision with import of ↵Russell Keith-Magee
django.db.models. Backport of 013c2d8d02e679c969255d9b11214d020dd34418 from master
2014-12-30[1.7.x] Fixed #23581 -- Prevented extraneous DROP DEFAULT statements.Tim Graham
Thanks john_scott for the report and Markus Holtermann for review. Backport of ab4f709da4516672b0bd811f2b4d0c4ba9f5b636 from master
2014-12-29Revert "[1.7.x] Fixed #23938 -- Added migration support for m2m to concrete ↵Tim Graham
fields and vice versa" This reverts commit 1702bc52cc20ed0729893177fc8f4391b4b3183c. This doesn't work on stable/1.7.x because #23844 wasn't backported and we're not willing to do so because it's a large change.
2014-12-29[1.7.x] Fixed #23938 -- Added migration support for m2m to concrete fields ↵Markus Holtermann
and vice versa Thanks to Michael D. Hoyle for the report and Tim Graham for the review. Backport of 623ccdd598625591d1a12fc1564cf3ef9a87581f from master
2014-12-27[1.7.x] Fixed #23831 -- Supported strings escaped by third-party libs in Django.Aymeric Augustin
Refs #7261 -- Made strings escaped by Django usable in third-party libs. The changes in mark_safe and mark_for_escaping are straightforward. The more tricky part is to handle correctly objects that implement __html__. Historically escape() has escaped SafeData. Even if that doesn't seem a good behavior, changing it would create security concerns. Therefore support for __html__() was only added to conditional_escape() where this concern doesn't exist. Then using conditional_escape() instead of escape() in the Django template engine makes it understand data escaped by other libraries. Template filter |escape accounts for __html__() when it's available. |force_escape forces the use of Django's HTML escaping implementation. Here's why the change in render_value_in_context() is safe. Before Django 1.7 conditional_escape() was implemented as follows: if isinstance(text, SafeData): return text else: return escape(text) render_value_in_context() never called escape() on SafeData. Therefore replacing escape() with conditional_escape() doesn't change the autoescaping logic as it was originally intended. This change should be backported to Django 1.7 because it corrects a feature added in Django 1.7. Thanks mitsuhiko for the report. Backport of 6d52f6f from master.
2014-12-27[1.7.x] Fixed an inconsistency introduced in 547b1810.Aymeric Augustin
mark_safe and mark_for_escaping should have been kept similar. On Python 2 this change has no effect. On Python 3 it fixes the use case shown in the regression test for mark_for_escaping, which used to raise a TypeError. The regression test for mark_safe is just for completeness. Backport of 5c5eb5fe from master.
2014-12-27[1.7.x] Fixed #24000 -- Corrected contrib.sites default site creation in a ↵Tim Graham
multiple database setup. Backport of 89e2c60f4396241c667b7a1de37765b7c96d702f from master
2014-12-27[1.7.x] Fixed #23929 -- Added more tests for create_default_site.wrwrwr
Backport of 1f98ec2e53e4636863396ab54f671f4546f9ba4c from master
2014-12-27[1.7.x] Fixed #24051 -- Made schema infrastructure honor tablespacesClaude Paroz
Partial backport of 30cbd5d36. Thanks Douglas J. Reynolds for the report and initial patch.
2014-12-26[1.7.x] Fixed #24054 -- Enabled sqlsequencereset for apps with migrations.Tim Graham
Backport of c2e419c26781b88f2b34b445f450b735267155b0 from master
2014-12-23[1.7.x] Fixed #24037 -- Prevented data loss possibility when changing ↵Tim Graham
Meta.managed. The migrations autodetector now issues AlterModelOptions operations for Meta.managed changes instead of DeleteModel + CreateModel. Thanks iambibhas for the report and Simon and Markus for review. Backport of 061caa5b386681dc7bdef16918873043224a299c from master
2014-12-22[1.7.x] Fixed #23525 -- Fixed admindocs crash on apps installed as eggs.Tim Graham
Thanks welbornprod for report and initial patch. Backport of 01ab84c61330ffa5ac87c637249611c5e5343e57 from master
2014-12-22[1.7.x] Fixed #23998 -- Added datetime.time support to migrations questioner.Oscar Ramirez
Backport of 54085b0f9ba7d9f705f9b9c90d3433b0ef6aa042 from master
2014-12-18[1.7.x] Fixed #24015 -- Factorized create_index_sql expressionClaude Paroz
Backport of 6072f17d0 from master, with one test reinforced. Thanks Tim Graham for the review.
2014-12-17[1.7.x] Fixed #24007 -- Ensure apps registry's ready before unpickling modelsClaude Paroz
This prevents AppRegistryNotReady errors when unpickling Django models from an external script. Backport of 108b8bf85 from master.
2014-12-17[1.7x.] Fixed #23497 -- Made admin system checks run for custom AdminSites.Mosson, Andrew
Backport of b7219c7ba5fdfbf9349948b5a91af50e32822ee6 from master
2014-12-16[1.7.x] Fixed #23975 -- Restored pre_migrate signal if all apps have migrations.Tim Graham
Thanks kmmbvnr for the report. Backport of d2ff8a7241b621b8013c7ec1631e95ae4445f76d from master
2014-12-16[1.7.x] Fixed #23983 -- Fixed a crash in migrations when adding ↵Andriy Sokolovskiy
order_with_respect_to to non-empty table. Backport of 3dbbb8a89ca4beaabd5359fe82e32ed633b15140 from master
2014-12-15[1.7.x] Fixed #23405 -- Fixed makemigrations prompt when adding Text/CharField.Andriy Sokolovskiy
A default is no longer required. Backport of d8f3b86a7691c8aa0ec8f5a064ad4c3218250fed from master
2014-12-15[1.7.x] Fixed #23987 -- Made SQLite SchemaEditor always use effective_default().Andriy Sokolovskiy
Backport of 089047331d972c0ee58d13476fc54f2118bf1359 from master
2014-12-14[1.7.x] Fixed timesince translations for KoreanJuneHyeon Bae
Refs #23989.
2014-12-12[1.7.x] Fixed #23455 -- Accept either bytes or text for related_name, ↵Carl Meyer
convert to text. Backport of c72eb80d114fb5d90bd21b5549e8abd0bbd17f99 from master.
2014-12-12[1.7.x] Revert "Fixed #23455 -- Forced related_name to be a unicode string ↵Carl Meyer
during deconstruction." This reverts commit 45bd7b3bd9008941580c100b9fc7361e3ff3ff0d. This is a backport of 8aaf51f94c70e3cfcd2c75a0be1b6f55049d82d8 from master.
2014-12-12[1.7.x] Fixed #23857 -- Fixed admin crash with "save as new" and deleting ↵Tim Graham
inline. Thanks amarandon for the report. Backport of c7a19f42030c15ad3b3475ad9a4854e10733ff74 from master
2014-12-12[1.7.x] Fixed #23674 -- Fixed a crash when a MultiValueField has invalid data.Grzegorz Slusarek
Backport of 0dea81cd6d34b3e41cc4bbec99b5fdf06142b09e from master
2014-12-11[1.7.x] Fixed typo in admin deprecation message.Markus Amalthea Magnuson
Backport of d4e449d73029dd512acb5f156ee5b4e93189e7b9 from master
2014-12-11[1.7.x] Fixed #23956 -- Fixed migration creation for multiple table inheritanceMarkus Holtermann
Backport of 44927ba817a4ecf9834d429ff6c86bc5ac961305 from master
2014-12-07[1.7.x] Fixed #23969: Made Oracle default test-tablespace larger.Shai Berger
It seems our test suite has grown... Refs #21775
2014-12-04[1.7.x] Fixed #23954 -- Added special text/varchar PostgreSQL indexes in ↵Claude Paroz
migrations Thanks adityagupta104 for the report and Tim Graham for the review. Backport of 8d7a48027e from master.
2014-12-04[1.7.x] Fixed #23920 -- Fixed MySQL crash when adding blank=True to TextField.Tim Graham
Thanks wkornewald for the report and Markus Holtermann for review. Backport of 765fa36d57d08d0568438f6fd74521e7a56abb61 from master
2014-12-03[1.7.x] Fixed assertion from refs #23939 test.Tim Graham
The assertion is different on master due to 393c0e24223c701edeb8ce7dc9d0f852f0c081ad.
2014-12-03[1.7.x] Fixed #23939 -- Moved session verification out of ↵Tim Graham
SessionAuthenticationMiddleware. Thanks andrewbadr for the report and Carl Meyer for the review. Backport of b06dfad88fb12a927c86a1eb23064201c9560fb1 from master
2014-12-03[1.7.x] Fixed #23950 -- Prevented calling deconstruct on classes in ↵Gavin Wahl
MigrationWriter. Backport of dee4d23f7e703aec2d1244e4facbf7f4c88deed5 from master
2014-12-02[1.7.x] Tweaked fix for refs #23946; thanks Claude.Tim Graham
Backport of 5c773447c3239a297b22929f0df15d2971d72e77 from master