summaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)Author
2013-02-19[1.4.x] Added a default limit to the maximum number of forms in a formset.Aymeric Augustin
This is a security fix. Disclosure and advisory coming shortly.
2013-02-19[1.4.x] Checked object permissions on admin history view.Carl Meyer
This is a security fix. Disclosure and advisory coming shortly. Patch by Russell Keith-Magee.
2013-02-19[1.4.x] Restrict the XML deserializer to prevent network and ↵Carl Meyer
entity-expansion DoS attacks. This is a security fix. Disclosure and advisory coming shortly.
2013-02-19[1.4.x] Added ALLOWED_HOSTS setting for HTTP host header validation.Carl Meyer
This is a security fix; disclosure and advisory coming shortly.
2013-02-13[1.4.x] Removed try-except in django.db.close_connection()Anssi Kääriäinen
The reason was that the except clause needed to remove a connection from the django.db.connections dict, but other parts of Django do not expect this to happen. In addition the except clause was silently swallowing the exception messages. Refs #19707, special thanks to Carl Meyer for pointing out that this approach should be taken.
2013-02-10[1.4.x] Fixed #19707 -- Reset transaction state after requestsAnssi Kääriäinen
Backpatch of a4e97cf315142e61bb4bc3ed8259b95d8586d09c.
2013-02-10[1.4.x] Fixed #19645 -- Added tests for TransactionMiddlewareAnssi Kääriäinen
Backpatch of f556df90be995a83b979cf875705d98521ab4dc7. Backpatching these tests so that it will be easier to backpatch the fix for #19707.
2012-12-10[1.4.X] Fixed a test failure in the comment tests.Florian Apolloner
Backport of 1eb0da1c5ba3096f218d1df13d02a2b8e1ac7a36 from master.
2012-12-10[1.4.X] Fixed a security issue in get_host.Florian Apolloner
Full disclosure and new release forthcoming.
2012-12-10[1.4.X] Fixed #18856 -- Ensured that redirects can't be poisoned by ↵Florian Apolloner
malicious users.
2012-12-04[1.4.x] Fixed the admin_filters tests for Postgres.Julien Phalip
Backport of c196e01100b2
2012-12-03[1.4.x] Fixed #19318 -- Ensured that the admin's SimpleListFilter options ↵Sebastián Magrí
can be displayed as selected even if the lookup's first element is not a string. Backport of 88e17156393b
2012-11-24[1.4.x] Fixed ordering-related failure in m2m_through_regress testsAnssi Kääriäinen
Backpatch of dc569c880143db07e01b3293d698ad8fe4a0136f
2012-11-24[1.4.x] Restored Python 2.5 compatibility in m2m_through_regress tests.Aymeric Augustin
Refs #18823.
2012-11-24[1.4.x] Fixed SQLite's collapsing of same-valued instances in bulk_createAnssi Kääriäinen
SQLite used INSERT INTO tbl SELECT %s UNION SELECT %s, the problem was that there should have been UNION ALL instead of UNION. Refs #19351 Backpatch of a27582484cf814554907d2d1ad077852de36963f
2012-10-28[1.4.x] Fixed #18823 -- Ensured m2m.clear() works when using through+to_fieldAnssi Kääriäinen
There was a potential data-loss issue involved -- when clearing instance's m2m assignments it was possible some other instance's m2m data was deleted instead. This commit also improved None handling for to_field cases. Backpatch of 611c4d6f1c24763e5e6e331a5dcf9b610288aaa8
2012-10-18Added missed poisoned host header test changesPreston Holmes
2012-10-13[1.4.x] Fixed #18881 -- Made the context option in {% trans %} and {% ↵Julien Phalip
blocktrans %} accept literals wrapped in single quotes. Thanks to lanyjie for the report.
2012-10-11[1.4.X] Fixed #16817 - Added a guide of code coverage to contributing docs.Tim Graham
Thanks Pedro Lima for the draft patch. Backport of 06f5da3d78 from master
2012-09-15[1.4.X] Fixed #18530 -- Fixed a small regression in the admin filters where ↵Julien Phalip
wrongly formatted dates passed as url parameters caused an unhandled ValidationError. Thanks to david for the report.
2012-09-02[1.4.x] Fixed #17788 -- Added batch_size argument to qs.bulk_create()Anssi Kääriäinen
The qs.bulk_create() method did not work with large batches together with SQLite3. This commit adds a way to split the bulk into smaller batches. The default batch size is unlimited except for SQLite3 where the batch size is limited to 999 SQL parameters per batch. Thanks to everybody who participated in the discussions at Trac. Backpatch of 29132ebdef0e0b9c09e456b05f0e6a22f1106a4f from master (with documentation changes removed).
2012-09-01[1.4.x] Fixed #18212 -- Standardized arguments of GenericIPAddressFieldClaude Paroz
Unlike other model fields, the newly introduced (1.4) GenericIPAddressField did not accept verbose_name and name as the first positional arguments. This commit fixes it. Thanks Dan McGee for the report and the patch. Backport of 306d34873cff2 from master.
2012-07-30[1.4.x] Fixed a security issue in http redirects. Disclosure and new release ↵Florian Apolloner
forthcoming. Backport of 4129201c3e0fa057c198bdefcb34686a23b4a93c from master.
2012-06-04[1.4.x] readd imports deleted in 4d2fddFlorian Apolloner
2012-06-03[1.4.X] Fixed #18379 -- Made the sensitive_variables decorator work with ↵Julien Phalip
object methods.
2012-05-27[1.4.x] Fixed #18135 -- Close connection used for db version checkingMichael Newman
On MySQL when checking the server version, a new connection could be created but never closed. This could result in open connections on server startup. Backport of 4423757c0c50afbe2470434778c8d5e5b4a70925.
2012-05-08[1.4.x] Fixed #17976 -- Made forms.BooleanField pickleable.Aymeric Augustin
Backport of 9350d1d59c1a4e6a9ac246a808f55da35de0df69 from master. This was a regression in Django 1.4. Thanks bronger for the report and claudep for the patch.
2012-04-11[1.4.X] Fixed #18027 -- Removed an HTMLParser test that doesn't raise any ↵Claude Paroz
more in recent Python versions. Thanks Arfever and Anssi Kaariainen for the report and the patch. Backport of r17900 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17901 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-10[1.4.X] Fixed #18090 -- Applied filters when running prefetch_related ↵Aymeric Augustin
backwards through a one-to-one relation. Backport of r17888 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17889 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-09[1.4.X] Fixed #18086 -- Restored '-pk' as the default order in the admin ↵Julien Phalip
changelist. This rectifies a slight change in behavior introduced in Django 1.4 and r17635. Backport of r17881 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17882 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-31[1.4.X] Fixed #17972 -- Ensured that admin filters on a foreign key respect ↵Julien Phalip
the to_field attribute. This fixes a regression introduced in [14674] and Django 1.3. Thanks to graveyboat and Karen Tracey for the report. Backport of r17854 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17858 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-22Reverted parts of r16963 to fix a regression on the creation of permissions ↵Aymeric Augustin
on proxy models. Refs #17904. Thanks koenb for the report and claudep for the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17776 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-22Fixed #17937 -- Avoided an error in the timeuntil filter when it receives a ↵Aymeric Augustin
date object. Thanks Dmitry Guyvoronsky for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17774 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-21Fixed #17920 -- Actually pass the full path of a newly created project or ↵Jannis Leidel
app in the template context as mentioned in the startproject docs. Many thanks to Preston Holmes for the initial patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17773 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-19Fixed #17932 -- Tweaked the admin_changelist tests because Oracle doesn't ↵Aymeric Augustin
like columns named 'number'. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17767 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-18Fixed #17931 -- Accepted aware datetimes to set cookies expiry dates. Thanks ↵Aymeric Augustin
jaddison for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17766 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-17Fixed #16138 -- Made FormMixin get_initial return a copy of the 'initial' ↵Claude Paroz
class variable. Thanks hanson2010, wilfred@potatolondon.com and agriffis for their work on the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17765 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-17Fixed #17828 -- Ensured that when a list filter's `queryset()` method fails, ↵Julien Phalip
it does so loudly instead of getting swallowed by a `IncorrectLookupParameters` exception. This also properly fixes #16705, which hadn't been addressed correctly in [16705]. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17763 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-17Do not unconditionally add extra_tests when testing geodjango.Claude Paroz
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17761 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-17Fixed #17909 - ensure GeoDjango tests have the templates they need. Thanks ↵Carl Meyer
Nate Bragg for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17757 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-17Fixed #17918 - Handle proxy models correctly when sorting deletions for ↵Carl Meyer
databases without deferred constraints. Thanks Nate Bragg for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17756 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-16Reorganized proxy-delete tests for easier addition of new tests. Refs #16128.Carl Meyer
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17755 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-16Ensured that some staticfiles tests get properly cleaned up on teardown. ↵Julien Phalip
Thanks to Claude Paroz for the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17747 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-15Added a `with_statement` import to a test for Python 2.5 compatibility.Julien Phalip
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17746 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-15Fixed #17838 - prefetch_related fails for GenericForeignKeys when related ↵Luke Plant
object id is not a CharField/TextField Thanks to mkai for the report and debugging, and tmitchell and Przemek Lewandowski for their work on the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17744 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-15Reverted r16386 because it replaced a brittle method with another not lessRamiro Morales
arbitrary method when the test client checks for the presence of the bundled session backends+session middleware combination. We will revisit the issue soon, probably to make these checks even less strict. Refs #7836, #16605 git-svn-id: http://code.djangoproject.com/svn/django/trunk@17739 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-14Tweaked tests from r17702 to run only when using sqlite3 DB(s).Ramiro Morales
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17733 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-14Added cleanup code to the proxy_model_inheritance tests. Refs #12286, #16329.Aymeric Augustin
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17712 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-13Fixed #17895 -- Made override_settings send the setting_changed signal both ↵Aymeric Augustin
when a setting is overridden and when it's restored. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17708 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-13Fixed #16329 -- Fixed detection of transaction-handling capabilities when ↵Ramiro Morales
all test databases are sqlite3, in-memory. Thanks canassa for the report and agriffis (#17762) and lrekucki (in #17758) for their contribution to the fix. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17702 bcc190cf-cafb-0310-a4f2-bffc1f526a37