| Age | Commit message (Collapse) | Author |
|
|
|
django.utils.encoding.uri_to_iri().
Thanks to Guido Vranken for initial report.
|
|
index lookups against SQL injection.
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
|
|
strip_tags() when handling incomplete HTML entities.
Thanks to Guido Vranken for initial report.
|
|
when truncating HTML.
Thanks to Guido Vranken for initial report.
|
|
|
|
|
|
SECURE_PROXY_SSL_HEADER if set.
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master
|
|
Backport of ad7b438002f1ab2a0ccb321012182991737ea84e from master.
|
|
|
|
|
|
Backport of 34ec52269ade54af31a021b12969913129571a3f from master.
|
|
rendering clickable link.
Backport of deeba6d92006999fee9adfbd8be79bf0a59e8008 from master.
|
|
|
|
|
|
implicit through model from being editable if the user only has the view permission.
Backport of 8335d59200e4c64dfe3348ea93989d95e0107439 from master.
|
|
This reverts commit 463fe11bc8b2d068e447c5df677e7a31c2af7e03 due to
restore of relative paths sorting from isort < 4.3.5 in isort 4.3.10.
Backport of b435f82939edf70674856e0e1cd63973c2e0a1d1 from master
|
|
Backport of 463fe11bc8b2d068e447c5df677e7a31c2af7e03 from master
|
|
|
|
|
|
|
|
utils.numberformat.format().
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.
Backport of 402c0caa851e265410fbcaa55318f22d2bf22ee2 from master
|
|
Backport of 5a5c77d55dc85c7e6cf910243257e408887f412a from master
|
|
deprecation comments.
Backport of ee9bd8c31024ec424157798b2a60a7f52f9353ee from stable/2.2.x.
|
|
InlineModelAdmin.has_add_permission() optional.
Restored backwards compatibility after refs #27991.
Regression in be6ca89396c031619947921c81b8795d816e3285.
Backport of 3c01fe30f3dd4dc1c8bb4fec816bd277d1ae5fa6 from master.
|
|
|
|
|
|
the default 404 page.
Co-Authored-By: Tim Graham <timograham@gmail.com>
Backport of 1ecc0a395be721e987e8e9fdfadde952b6dee1c7 from master.
|
|
called with non-None obj during add.
Thanks andreage for the report and suggested fix.
Backport of 02c07be95c47efaab9da7422c33ee76142f11336 from master.
|
|
keep-alive connections.
Backport of b514dc14f4e1c364341f5931b354e83ef15ee12d and
bbe28fa07658f00786dc1d91ee281b4daac22d07 from master.
|
|
key checks are enabled.
Prior to this change foreign key constraint references could be left pointing
at tables dropped during operations simulating unsupported table alterations
because of an unexpected failure to disable foreign key constraint checks.
SQLite3 does not allow disabling such checks while in a transaction so they
must be disabled beforehand.
Thanks ezaquarii for the report and Carlton and Tim for the review.
Backport of 315357ad25a6590e7f4564ec2e56a22132b09001 from master.
|
|
SQLite 3.26 repoints foreign key constraints on table renames even when
foreign_keys pragma is off which breaks every operation that requires
a table rebuild to simulate unsupported ALTER TABLE statements.
The newly introduced legacy_alter_table pragma disables this behavior
and restores the previous schema editor assumptions.
Thanks Florian Apolloner, Christoph Trassl, Chris Lamb for the report and
troubleshooting assistance.
Backport of c8ffdbe514b55ff5c9a2b8cb8bbdf2d3978c188f from master.
|
|
mysqlclient 1.3.14+.
Backport of 284b3221a2c17af5bfe2edbf851ac0a9901f91a0 from master.
|
|
|
|
|
|
Co-authored-by: Tim Graham <timograham@gmail.com>
Backport of 8245c99ee6032c2748ba46583d8cab15b2f9438e from master
|
|
ModelAdmin.prepopulated_fields.
Backport of 7d1123e5ada60963ba3c708a8932e57342278706 from master.
|
|
Backport of 6275b50ac26ea6c026aa7b2aae9192f5792e8a94 from master
|
|
Ticket #25619 changed the default protocol to HTTP/1.1 but did not
properly implement keep-alive. As a "fix" keep-alive was disabled in
ticket #28440 to prevent clients from hanging (they expect the server to
send more data if the connection is not closed and there is no content
length set).
The combination of those two fixes resulted in yet another problem:
HTTP/1.1 by default allows a client to assume that keep-alive is
supported unless the server disables it via 'Connection: close' -- see
RFC2616 8.1.2.1 for details on persistent connection negotiation. Now if
the client receives a response from Django without 'Connection: close'
and immediately sends a new request (on the same tcp connection) before
our server closes the tcp connection, it will error out at some point
because the connection does get closed a few milli seconds later.
This patch fixes the mentioned issues by always sending 'Connection:
close' if we cannot determine a content length. The code is inefficient
in the sense that it does not allow for persistent connections when
chunked responses are used, but that should not really cause any
problems (Django does not generate those) and it only affects the
development server anyways.
Refs #25619, #28440.
Regression in ac756f16c5bbbe544ad82a8f3ab2eac6cccdb62e.
Backport of 934acf1126995f6e6ccba5947ec8f7561633c27f from master.
|
|
Regression in f185d929fa1c0caad8c03fccde899b647d7248c6.
Backport of e7e55059027ae2f644c852e0ba60dc9307b425e1 from master.
|
|
auth/common-passwords.txt.gz.
Backport of 26bb2611a567d43bc258aa7806eef766b7adcfe5 from master.
|
|
Backport of 545dae24fd01a9165d869a13aad04f5b88d626c1 from master
|
|
|
|
|
|
try to create the same directory.
Regression in 632c4ffd9cb1da273303bcd8005fff216506c795.
Backport of 98ef3829e96ebc73d4d446f92465e671ff520d2b from master.
|
|
for foreign keys that use to_field.
Regression in ee49306176a2d2f1751cb890bd607d42c7c09196.
Backport of f77fc56c9671a2e2498e3920d79e247e6de18c16 from master.
|
|
Regression in e1253bc26facfa1d0fca161f43925e99c2591ced.
Backport of 9a88c6dd6aa84a1b35e585faa0058a0996cc7ed7 from master.
|
|
Backport of 641742528a8babbede92890bc0bef50a255c1bbb from master.
|
|
sys.stdin.read() blocks waiting for EOF in shell.py which will
likely never come if the user provides input on stdin via the
keyboard before the shell starts. Added check for a tty to
skip reading stdin if it's not present.
This still allows piping of code into the shell (which should
have no TTY and should have an EOF) but also doesn't cause it
to hang if multi-line input is provided.
Backport of 4e78e389b16fbceb23d5236ee1650b213e71c968 from master.
|
|
lookups and lists.
Regression in fc6528b25ab1834be1a478b405bf8f7ec5cf860c.
Backport of 834c4ec8e4cfc43acf0525e0a4d8c914534f6afd,
217f82d7139fd32f07adbfa92c5fb383d0ade577, and
dc5e75d419893bde33b7e439b59bdf271fc1a3f2 from master.
|