summaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)Author
2014-10-06[1.5.x] Fixed #23604 -- Allowed related m2m fields to be references in the ↵Emmanuelle Delescolle
admin. Thanks Simon Charette for review. Backport of a24cf21722 from master
2014-09-08[1.5.x] Fixed #23431 -- Allowed inline and hidden references to admin fields.Simon Charette
This fixes a regression introduced by the 53ff096982 security fix. Thanks to @a1tus for the report and Tim for the review. refs #23329. Backport of 342ccbd from master
2014-08-27Fixed #23329 -- Allowed inherited and m2m fields to be referenced in the admin.Simon Charette
Thanks to Trac alias Markush2010 and ross for the detailed reports. Backport of 3cbb759 from master
2014-08-20[1.5.x] Prevented data leakage in contrib.admin via query string manipulation.Simon Charette
This is a security fix. Disclosure following shortly.
2014-08-20[1.5.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file ↵Tim Graham
names. This is a security fix. Disclosure following shortly.
2014-08-20[1.5.x] Prevented reverse() from generating URLs pointing to other hosts.Florian Apolloner
This is a security fix. Disclosure following shortly.
2014-07-14[1.5.x] Revert "Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet."Ramiro Morales
This reverts commit 4ae68f677b3348765d8649d8b57beffa18fe8d3d. stable/1.5.x branch is in security-fixes-only mode.
2014-07-14[1.5.x] Fixed #13794 -- Fixed to_field usage in BaseInlineFormSet.Tim Graham
Thanks sebastien at clarisys.fr for the report and gautier for the patch. Backport of 5e2c4a4bd1 from master
2014-05-12[1.5.x] Added additional checks in is_safe_url to account for flexible parsing.Erik Romijn
This is a security fix. Disclosure following shortly.
2014-05-12[1.5.x] Dropped fix_IE_for_vary/attach.Aymeric Augustin
This is a security fix. Disclosure following shortly.
2014-04-23[1.5.x] Fixed #22486 -- Restored the ability to reverse views created using ↵Tim Graham
functools.partial. Regression in 8b93b31487d6d3b0fcbbd0498991ea0db9088054. Thanks rcoup for the report. Backport of 3c06b2f2a3 from master
2014-04-21[1.5.x] Fixed queries that may return unexpected results on MySQL due to ↵Erik Romijn
typecasting. This is a security fix. Disclosure will follow shortly. Backport of 75c0d4ea3ae48970f788c482ee0bd6b29a7f1307 from master
2014-04-21[1.5.x] Prevented leaking the CSRF token through caching.Aymeric Augustin
This is a security fix. Disclosure will follow shortly. Backport of c083e3815aec23b99833da710eea574e6f2e8566 from master
2014-04-21[1.5.x] Fixed a remote code execution vulnerabilty in URL reversing.Tim Graham
Thanks Benjamin Bach for the report and initial patch. This is a security fix; disclosure to follow shortly. Backport of 8b93b31487d6d3b0fcbbd0498991ea0db9088054 from master
2013-12-02[1.5.x] Fixed #21538 -- Added numpy to test/requirements/base.txtAlasdair Nicol
Thanks Tim Graham for the report Backport of c75dd664c from master
2013-10-21Oracle defer test failure; refs #16436.Tim Graham
Oracle doesn't like grouping by TextField, so use CharFields instead in models. Backport of 728d3fe1bac6b5f23dbd088e11860cfba51cf7b5 from master
2013-10-09[1.5.x] Fixed #16436 -- defer + annotate + select_related crashTai Lee
Correctly calculate the ``aggregate_start`` offset from loaded fields, if any are deferred, instead of ``self.query.select`` which includes all fields on the model. Backpatch of 69f7db153d8108dcef033207d49f4c80febf3d70 from master.
2013-10-01[1.5.x] Fixed #21203 -- resolve_columns fields misalignmentMichael Manfre
In queries using .defer() together with .select_related() the values and fields arguments didn't align properly for resolve_columns(). Backpatch of 8c27247397cf16b17d0153ae059593c5a468de01 from master.
2013-09-27[1.5.x] Fix #21185: Added tests for unescape_entities.Baptiste Mispelon
Also fixed a py3 incompatibility. Thanks to brutasse for the report. Backport of 3754f4ad410640382f9fe25073da03009cdc2ea3 from master.
2013-09-25[1.5.x] Fixed #21126 -- QuerySet value conversion failureAnssi Kääriäinen
A .annotate().select_related() query resulted in misaligned rows vs columns for compiler.resolve_columns() method. Report & patch by Michael Manfre. Backpatch of 83554b018ef283827c0e7459ab934d447b3419d5 from master.
2013-09-22[1.5.x] Stopped a test from executing queries at the module level.Florian Apolloner
Currently module level queries are executed against the real database (specified in NAME) instead of the test database; since it is to late to fix this for 1.6, we at least ensures stable builds. Refs #21443. Backport of 4fcc1e4ad8d153f41132b171c231b6d5d4086c28 from master.
2013-09-22[1.5.x] Fixed "Address already in use" from liveserver.Florian Apolloner
Our WSGIServer rewrapped the socket errors from server_bind into WSGIServerExceptions, which is used later on to provide nicer error messages in runserver and used by the liveserver to see if the port is already in use. But wrapping server_bind isn't enough since it only binds to the socket, socket.listen (which is called from server_activate) could also raise "Address already in use". Instead of overriding server_activate too I chose to just catch socket errors, which seems to make more sense anyways and should be more robust against changes in wsgiref. Backport of 2ca00faa913754cd5860f6e1f23c8da2529c691a from master
2013-09-18Revert "[1.5.x] Silenced last sporadic failure on 1.5."Florian Apolloner
This reverts commit 6a708cd654fe63278ea8a14b3e44da847c62ebf4. Reverted since it only moved the failures to some other tests and it apperently only worked by accident. Patched selenium for now to include: https://github.com/SeleniumHQ/selenium/pull/118 which seems to be the root cause for sporadic extra requests to the live server, which then cause all sorts of issues.
2013-09-18[1.5.x] Fixed #21118 -- Isolated a test that uses the database.Tim Graham
Thanks rmboggs for the report. Backport of 4f40b97d97 from master
2013-09-17[1.5.x] Silenced last sporadic failure on 1.5.Florian Apolloner
This commit is a last resort; technically the test is correct but our testsuite has some threading issues when LiveServer is used. Since this will never get fixed in 1.5 and apperently doesn't get triggered on 1.6 we just make sure the test doesn't error out. I am not 100% sure why this actually fixes the issue, but this is still better than having failing builds wheneever we do a security release for 1.5. (Tested on jenkins itself, should work (tm)).
2013-09-15[1.5.x] (Hopefully) fixed a failure in a selenium test.Florian Apolloner
No forward port to 1.6 since it has new transactionmanagement. The wait_page_loaded should ensure that the liveserver has time to tear down properly after the submit.
2013-09-14Fixed #21102 -- pickling a QuerySet with prefetches twiceMinjong Chung
Fixed the bug that a QuerySet that prefetches related objects cannot be pickled and unpickled more than once (The second pickling attempt raises an exception). Added a new test for the queryset pickling idempotency. The bug was introduced by bac187c0d8e829fb3ca2ca82965eabbcbcb6ddd5.
2013-09-10[1.5.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative ↵Tim Graham
paths. Thanks Rainer Koirikivi for the report and draft patch. This is a security fix; disclosure to follow shortly. Backport of 7fe5b656c9 from master
2013-08-22[1.5.x] Fixed #20922 -- Allowed customizing the serializer used by ↵Tim Graham
contrib.sessions Added settings.SESSION_SERIALIZER which is the import path of a serializer to use for sessions. Thanks apollo13, carljm, shaib, akaariai, charettes, and dstufft for reviews. Backport of b0ce6fe656 from master
2013-08-13Apply autoescaping to AdminURLFieldWidget.Jacob Kaplan-Moss
This is a security fix; disclosure to follow shortly.
2013-07-29[1.5.x] Fixed qs ordering related randomly failing testAnssi Kääriäinen
The failure wasn't present in 1.6+, so this is not a backpatch.
2013-07-28[1.5.x] Simplified smart_urlquote and added some basic tests.Florian Apolloner
Backport of b70c371fc1f18ea0c43b503122df3f311afc7105 from master.
2013-07-27[1.5.x] assertEquals -> assertEqualTim Graham
2013-07-27[1.5.x] Fixed #19607 - prefetch_related crashLuke Plant
Thanks to av@rdf.ru and flarno11@yahoo.de for the report. Backport of 4fd94969d8 from master
2013-07-13[1.5.x] Fixed #20681 -- Prevented teardown_databases from attempting to tear ↵Tim Graham
down aliases Thanks simonpercivall. Backport of d9c580306c from master
2013-07-10[1.5.x] Fixed #19196 -- Added test/requirementsTim Graham
Backport of 4d92a0bd86 from master.
2013-07-04[1.5.x] Fixed #19940 -- Made test.runner.setup_databases properly handle ↵Tim Graham
aliases for defau Thanks simonpercivall. Backport of 2cbd579efe from master.
2013-05-21[1.5.x] Fixed #20212 - __reduce__ should only be defined for Py3+.Daniel Lindsley
2013-05-21[1.5.x] Fixed prefetch_related + pickle regressionsAnssi Kääriäinen
There were a couple of regressions related to field pickling. The regressions were introduced by QuerySet._known_related_objects caching. The regressions aren't present in master, the fix was likely in f403653cf146384946e5c879ad2a351768ebc226. Fixed #20157, fixed #20257. Also made QuerySets with model=None picklable.
2013-05-20[1.5.x] Fixed #20278 -- ensured .get() exceptions do not recurse infinitelyAnssi Kääriäinen
A regression caused by d5b93d3281fe93cbef5de84a52 made .get() error reporting recurse infinitely on certain rare conditions. Fixed this by not trying to print the given lookup kwargs. Backpatch of 266c0bb23e9d64c47ace4d162e582febd5a1e336
2013-05-07[1.5.x] Fixed #20354 -- `makemessages` no longer crashes with ↵Tai Lee
`UnicodeDecodeError` Handle the `UnicodeDecodeError` exception, send a warning to `stdout` with the file name and location, and continue processing other files. Backport of 99a6f0e77 from master.
2013-05-05[1.5.x] Fixed test failures introduced in ↵Florian Apolloner
a5becad9094e5c5403b692b9a7b3a6ffaabf64a3. Backport of 780fa48f5fb81b2f0f58de95167abff84a6149aa from master
2013-04-12[1.5.x] Fixed #20237 (again) Allowed binary parameter to assertContainsClaude Paroz
Backport of b04fd579d5 from master.
2013-04-12[1.5.x] Fixed #20211: Document backwards-incompatible change in ↵Baptiste Mispelon
BoundField.label_tag Also cleaned up label escaping and consolidated the test suite regarding label_tag. Backport of ab686022f from master.
2013-04-11[1.5.x] Fixed #20237 -- Reenabled assertContains with binary parameterClaude Paroz
Thanks Baptiste Mispelon for the review. Backport of fe01404bb9 from master.
2013-04-05[1.5.x] Fixed #20207 -- Handle ManyToManyField with a unicode name correctly.Simon Charette
Backport of 216580e034.
2013-04-01[1.5.x] Fixed #20169 -- Ensured that the WSGI request's path is correctly ↵Julien Phalip
based on the `SCRIPT_NAME` environment parameter or the `FORCE_SCRIPT_NAME` setting, regardless of whether or not those have a trailing slash. Thanks to bmispelon for the review. Backport of 2f81a0ca6543f
2013-03-27[1.5.x] Correctly restore warning capture after logging tests.Jacob Kaplan-Moss
This is a fix to the wrong behavior that 15c3906eeb introduced. Backport of 4befef9 from trunk.
2013-03-27[1.5.x] Fixed logging-related test failure introduced by e79b857.Jacob Kaplan-Moss
Backport of 654d8e9.
2013-03-27[1.5.x] Fixed #18985 -- ensure module level deprecations are displayedPreston Holmes
Also don't compete with -W CLI option. Thanks to Aymeric Augustin for the catch, and Claude Paroz for the patch. Backport of e79b857a07905340556f781a7d63016236b21c61 from master.