| Age | Commit message (Collapse) | Author |
|
|
|
This is a security fix. Disclosure following shortly.
Thanks Keryn Knight for the report and initial patch.
|
|
This is a security fix. Disclosure following shortly.
|
|
This is a security fix. Disclosure following shortly.
|
|
environ.
This is a security fix. Disclosure following shortly.
Thanks to Jedediah Smith for the report.
|
|
|
|
Backport of e7771ec380a116dbef481001fb1ce664f5c7311e from master
|
|
states
Backport of fdc2cc948725866212a9bcc97b9b7cf21bb49b90 and be158e36251df0b07556657da47cdaf10913c57a from master
|
|
Backport of 74f02557e0183812d6d60e2548985c5c40b3d27b from master
|
|
Thanks Peter Schmidt for the report and the initial patch.
Thanks to Oktay Sancak for writing the original failing test and
Alvin Savoy for supporting contributing back to the community.
Backport of d7bc37d61 from master.
|
|
Thanks ajenhl Trac user for the report.
Backport of e0080cf57 from master.
|
|
Thanks codeitloadit for the report, living180 for investigations
and Tim Graham for the review.
Backport of 27dd7e7271 from master.
|
|
Backport of ce17b045bf5629aac66f872c3f548205906e04db from master
|
|
|
|
Backport of 439f15beabe2e4d21232798f805ba69367611276 from master
|
|
Thanks Markus Holtermann for review and feedback.
Backport of db3f7c15cbf4c9025e83065d1302d0e61d570331 from master
|
|
Backport of b738178825ec9378198d77ac69699513774f0884 from master
|
|
Backport of 15cd71ed24945ff7be5716580603fd65c0d45ef7 from master
|
|
Backport of 52f0b2b62262743d5f935ddae29428e661b5d8ea from master
|
|
Initial SQL data will be removed in Django 1.9 so changes to it
aren't relevant.
Backport of 1729a5250b052832540cd696df3ff0a0a77baddf from master
|
|
This limitation was lifted in refs #14881.
Backport of a7aaabfaf1fa4c20065ab1133d49f40d4de6b409 from master
|
|
Backport of b4bdd5262b18644456d12a00d475adf9897a9255 from master
|
|
Backport of 7a878ca5cb50ad65fc465cb263a44cc93629f75c from master
|
|
Refactored bump_prefix() to avoid infinite loop and allow more than
than 5 subquires by extending the alphabet to use multi-letters.
Backport of 41fc1c0b5eac156e200a10233c7c9210a1c0fed8 from master
|
|
table creation; refs #22340."
The deprecation was moved back to 1.9 in
61da5f3f02f34810aaa6fcddac3808318a5b95c4.
Backport of d7fc6eb8ca67a6a628e8c7ce669731cf563606e7 from master
|
|
Thanks john_scott for the report and Markus Holtermann for review.
Backport of ab4f709da4516672b0bd811f2b4d0c4ba9f5b636 from master
|
|
fields and vice versa"
This reverts commit 1702bc52cc20ed0729893177fc8f4391b4b3183c.
This doesn't work on stable/1.7.x because #23844 wasn't backported and we're
not willing to do so because it's a large change.
|
|
and vice versa
Thanks to Michael D. Hoyle for the report and Tim Graham for the review.
Backport of 623ccdd598625591d1a12fc1564cf3ef9a87581f from master
|
|
Backport of 3d0c3a0482496fc1914a40ec3c3eb70e67f0d643 from master
|
|
Refs #7261 -- Made strings escaped by Django usable in third-party libs.
The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.
Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.
Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.
Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.
Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:
if isinstance(text, SafeData):
return text
else:
return escape(text)
render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.
This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.
Thanks mitsuhiko for the report.
Backport of 6d52f6f from master.
|
|
mark_safe and mark_for_escaping should have been kept similar.
On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
Backport of 5c5eb5fe from master.
|
|
multiple database setup.
Backport of 89e2c60f4396241c667b7a1de37765b7c96d702f from master
|
|
Partial backport of 30cbd5d36. Thanks Douglas J. Reynolds for the
report and initial patch.
|
|
Backport of 0821b3d53ccd575de92ed679d173d779e1ad5acd from master
|
|
Backport of c2e419c26781b88f2b34b445f450b735267155b0 from master
|
|
primary key.
Backport of 4ccdf6e57f49d7e981dcd88c1db65229b8b92487 from master
|
|
KEY_PREFIX
Backport of 446b50b90e9e60760618b236d8b0ea75a3b19d5a from master
|
|
Meta.managed.
The migrations autodetector now issues AlterModelOptions operations for
Meta.managed changes instead of DeleteModel + CreateModel.
Thanks iambibhas for the report and Simon and Markus for review.
Backport of 061caa5b386681dc7bdef16918873043224a299c from master
|
|
Thanks welbornprod for report and initial patch.
Backport of 01ab84c61330ffa5ac87c637249611c5e5343e57 from master
|
|
Backport of cf2390be164bcb3c5670f73b0a7062d6141f8664 from master
|
|
Backport of 27f68f8659a648cc9ed3e71f690959ed8a130c5a from master
|
|
Backport of 54085b0f9ba7d9f705f9b9c90d3433b0ef6aa042 from master
|
|
methods.
Backport of a3d96bee36040975ded8e3bf02e33e48d06f1f16 from master
|
|
Backport of 6403e07c5093e0244497293f31f5f73cebe85b66 from master
|
|
Backport of 6072f17d0 from master, with one test reinforced.
Thanks Tim Graham for the review.
|
|
Backport of 0c06f06131c613dc4173c83ea17c68c31835fc71 from master
|
|
|
|
This prevents AppRegistryNotReady errors when unpickling Django
models from an external script.
Backport of 108b8bf85 from master.
|
|
Backport of b7219c7ba5fdfbf9349948b5a91af50e32822ee6 from master
|
|
Thanks Brian Jacobel for the report. refs django/djangoproject.com#197
Backport of c7786550c4ed396b8580db58f7da60e850894d19 from master
|