| Age | Commit message (Collapse) | Author |
|
|
|
This reverts docs changes from commit f970a98e464320c09dde8d45009eadfb4d038a57.
|
|
|
|
|
|
|
|
delete_confirmation_max_display.
|
|
Follow-up to 6e15ac8066312328de279e3e072667416c205bfc.
|
|
transitional setting to False.
|
|
Extract()/Trunc().
|
|
Made signed cookies derive their signer namespace from an injective
encoding of `(name, salt)` while preserving compatibility with legacy
`name + salt` cookies behind SIGNED_COOKIE_LEGACY_SALT_FALLBACK.
Thanks Peng Zhou for the report, and Shai Berger, Markus Holterman,
Jake Howard, and Paul McMillan for reviews.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
Thanks JaeHyuck Sa, Jacob Walls, and Tim McCurrach for reviews.
Co-authored-by: Ülgen Sarıkavak <ulgensrkvk@gmail.com>
|
|
|
|
Thanks Mike Edmunds for flagging these issues and for the review.
|
|
Peer frameworks have long since dropped their analogous checks for this
vulnerability that was fixed in ES5.
|
|
This follows the contributing guidelines that state:
[...] Avoid referring to a specific version of Django outside a
``deprecated`` block. Even inside a block, it's often redundant to do so
as these annotations render as "Deprecated since version A.B".
|
|
Also expended a bit on details for the setting so readers know what is
it about.
|
|
|
|
|
|
Thanks David Smith for reviews.
|
|
* Fixed typos related to automated EMAIL_PROVIDERS -> MAILERS renaming.
* Clarified wording in some recently added/updated sections.
* Removed deprecated, extraneous `fail_silently=False` from examples.
* Moved EmailBackend API documentation out of "Email backends" intro
into a dedicated section in email.txt.
* Sorted MAILERS alphabetically in settings.txt.
|
|
|
|
See DEP 0018.
Added:
* MAILERS setting.
* django.core.mail.mailers dict-like EmailBackend factory.
* `using` argument to mail sending APIs.
* `sent_using` attribute to mail.outbox messages in locmem backend.
* MAILERS in startproject settings template, set to console backend.
* AdminLogHandler.using argument.
* BrokenLinkEmailsMiddleware.send_mail() method.
Updated:
* BaseEmailBackend to track the MAILERS alias used to construct it, and
to report errors for unknown kwargs (OPTIONS).
* EmailBackend implementations to initialize from kwargs (OPTIONS) only
when MAILERS is being used.
* smtp.EmailBackend to require `host` option and to default `port`
option based on SSL/TLS options.
* SimpleTestCase setup to substitute the locmem backend for all defined
MAILERS configurations.
* Django's tests that send mail to define MAILERS.
Deprecated:
* EMAIL_BACKEND and other backend-related EMAIL_* settings.
* mail.get_connection().
* The `connection`, `fail_silently`, `auth_user`, and `auth_password`
arguments to mail functions.
* The EmailMessage.connection attribute.
* BaseEmailBackend support for `fail_silently`. Backends that support
fail_silently (SMTP, console, file) now implement it directly.
* AdminEmailHandler.email_backend argument.
Removed undocumented features without deprecation:
* EmailMessage.get_connection() method. (send() now raises an error if a
subclass has attempted to override it.)
* EmailMessage.send() no longer sets self.connection to the connection
used for sending. (It still _uses_ a pre-existing self.connection.)
* AdminEmailHandler.connection() method. (Init now raises an error if a
subclass has attempted to override it.)
Thanks to Natalia Bidart for shepherding DEP 0018 and for extensive
reviews and suggestions on the implementation.
Thanks to Jacob Rief for the initial implementation and multiple
iterations while refining the design.
Co-authored-by: Jacob Rief <jacob.rief@gmail.com>
|
|
Thank you to Benjamin Balder Bach and Jacob Walls for reviews.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
|
|
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
Now that calling `QuerySet.select_related()` without arguments is deprecated,
this commit deprecates the corresponding admin features.
|
|
This commit deprecates the "fetch all relations" form of
`QuerySet.select_related()` due to its poor performance characteristics, and
updates several tests relying on that feature to ignore the new warning.
|
|
|
|
|
|
New default tag `{% csp_nonce_attr %}` was added for explicit CSP nonce
inclusion into `<script>` and `<link>` elements.
`{% csp_nonce_attr %}` renders `nonce="<value>"` when `csp_nonce` is
present in the template context, and renders nothing otherwise.
`{% csp_nonce_attr media %}` renders a `Media` object's assets with the
nonce attr applied to each tag.
Thanks Jacob Walls for the accurate and spot on review comments.
Co-authored-by: Johannes Maron <johannes@maron.family>
|
|
HttpResponseRedirect.
|
|
|
|
|
|
|
|
Where the docs used `:pep:` links for established Python language
features, replaced them with direct references to the Python docs
(usually glossary terms).
|
|
|
|
The new ModelAdmin.delete_confirmation_max_display attribute allows
limiting the number of related objects shown on the delete confirmation
page. When the limit is reached, a "…and N more objects." message is shown.
The feature relies on a new truncated_unordered_list template filter
added to django.contrib.admin.templatetags.admin_filters.
Thanks Jacob Tyler Walls for the review and guidance, Tobias McNulty for the report,
and terminator14 for the solution suggested.
|
|
Added new constant django.db.models.fields.BLANK_CHOICE_LABEL for
an accessible and translatable blank choice label in forms.
Deprecated django.db.models.fields.BLANK_CHOICE_DASH constant.
Added the immediately deprecated transitional setting
USE_BLANK_CHOICE_DASH.
Co-Authored-By: Marijke Luttekes <mail@marijkeluttekes.dev>
|
|
|
|
|
|
DateInput widget.
|
|
For use in checking user permissions via has_perm().
Co-authored-by: 사재혁 <jaehyuck.sa.dev@gmail.com>
|
|
The decorator was updated to accept **kwargs and forward them to
task_class, allowing additional parameters to be passed to custom
Task subclasses.
|
|
request bodies.
Notably that the limit can be bypassed under ASGI.
|
|
RemoteUserMiddleware.
|
|
RemoteUserMiddleware under ASGI.
We have a flood of nuisance security reports describing ASGI deployments
using RemoteUserMiddleware without a fronting proxy, which is not
realistic.
|
|
|
|
|
|
spatialreference.org has been redesigned, possibly in 2023 [1], and no longer uses Django, see repo [2].
[1] https://spatialreference.org/about.html
[2] https://github.com/OSGeo/spatialreference.org
|
|
AddField/AlterField docs.
|
|
Thanks Mariusz Felisiak for the review.
Co-authored-by: Nathan Gaberel <nathan@gnab.fr>
|