| Age | Commit message (Collapse) | Author |
|
admin.
Thanks Simon Charette for review.
Backport of a24cf21722 from master
|
|
This fixes a regression introduced by the 53ff096982 security fix.
Thanks to @a1tus for the report and Tim for the review.
refs #23329.
Backport of 342ccbd from master
|
|
Thanks to Trac alias Markush2010 and ross for the detailed reports.
Backport of 3cbb759 from master
|
|
This is a security fix. Disclosure following shortly.
|
|
names.
This is a security fix. Disclosure following shortly.
|
|
This is a security fix. Disclosure following shortly.
|
|
This reverts commit 4ae68f677b3348765d8649d8b57beffa18fe8d3d.
stable/1.5.x branch is in security-fixes-only mode.
|
|
Thanks sebastien at clarisys.fr for the report and gautier
for the patch.
Backport of 5e2c4a4bd1 from master
|
|
This is a security fix. Disclosure following shortly.
|
|
This is a security fix. Disclosure following shortly.
|
|
functools.partial.
Regression in 8b93b31487d6d3b0fcbbd0498991ea0db9088054.
Thanks rcoup for the report.
Backport of 3c06b2f2a3 from master
|
|
typecasting.
This is a security fix. Disclosure will follow shortly.
Backport of 75c0d4ea3ae48970f788c482ee0bd6b29a7f1307 from master
|
|
This is a security fix. Disclosure will follow shortly.
Backport of c083e3815aec23b99833da710eea574e6f2e8566 from master
|
|
Thanks Benjamin Bach for the report and initial patch.
This is a security fix; disclosure to follow shortly.
Backport of 8b93b31487d6d3b0fcbbd0498991ea0db9088054 from master
|
|
Thanks Tim Graham for the report
Backport of c75dd664c from master
|
|
Oracle doesn't like grouping by TextField, so use CharFields instead in
models.
Backport of 728d3fe1bac6b5f23dbd088e11860cfba51cf7b5 from master
|
|
Correctly calculate the ``aggregate_start`` offset from loaded fields,
if any are deferred, instead of ``self.query.select`` which includes all
fields on the model.
Backpatch of 69f7db153d8108dcef033207d49f4c80febf3d70 from master.
|
|
In queries using .defer() together with .select_related() the values
and fields arguments didn't align properly for resolve_columns().
Backpatch of 8c27247397cf16b17d0153ae059593c5a468de01 from master.
|
|
Also fixed a py3 incompatibility.
Thanks to brutasse for the report.
Backport of 3754f4ad410640382f9fe25073da03009cdc2ea3 from master.
|
|
A .annotate().select_related() query resulted in misaligned rows vs
columns for compiler.resolve_columns() method.
Report & patch by Michael Manfre.
Backpatch of 83554b018ef283827c0e7459ab934d447b3419d5 from master.
|
|
Currently module level queries are executed against the real database
(specified in NAME) instead of the test database; since it is to late
to fix this for 1.6, we at least ensures stable builds. Refs #21443.
Backport of 4fcc1e4ad8d153f41132b171c231b6d5d4086c28 from master.
|
|
Our WSGIServer rewrapped the socket errors from server_bind into
WSGIServerExceptions, which is used later on to provide nicer
error messages in runserver and used by the liveserver to see if
the port is already in use. But wrapping server_bind isn't enough since
it only binds to the socket, socket.listen (which is called from
server_activate) could also raise "Address already in use".
Instead of overriding server_activate too I chose to just catch socket
errors, which seems to make more sense anyways and should be more robust
against changes in wsgiref.
Backport of 2ca00faa913754cd5860f6e1f23c8da2529c691a from master
|
|
This reverts commit 6a708cd654fe63278ea8a14b3e44da847c62ebf4.
Reverted since it only moved the failures to some other tests and it apperently
only worked by accident. Patched selenium for now to include:
https://github.com/SeleniumHQ/selenium/pull/118
which seems to be the root cause for sporadic extra requests to the live server,
which then cause all sorts of issues.
|
|
Thanks rmboggs for the report.
Backport of 4f40b97d97 from master
|
|
This commit is a last resort; technically the test is correct but our testsuite
has some threading issues when LiveServer is used. Since this will never get
fixed in 1.5 and apperently doesn't get triggered on 1.6 we just make sure the
test doesn't error out. I am not 100% sure why this actually fixes the issue,
but this is still better than having failing builds wheneever we do a security
release for 1.5.
(Tested on jenkins itself, should work (tm)).
|
|
No forward port to 1.6 since it has new transactionmanagement. The
wait_page_loaded should ensure that the liveserver has time to tear
down properly after the submit.
|
|
Fixed the bug that a QuerySet that prefetches related objects cannot be
pickled and unpickled more than once (The second pickling attempt
raises an exception).
Added a new test for the queryset pickling idempotency.
The bug was introduced by
bac187c0d8e829fb3ca2ca82965eabbcbcb6ddd5.
|
|
paths.
Thanks Rainer Koirikivi for the report and draft patch.
This is a security fix; disclosure to follow shortly.
Backport of 7fe5b656c9 from master
|
|
contrib.sessions
Added settings.SESSION_SERIALIZER which is the import path of a serializer
to use for sessions.
Thanks apollo13, carljm, shaib, akaariai, charettes, and dstufft for reviews.
Backport of b0ce6fe656 from master
|
|
This is a security fix; disclosure to follow shortly.
|
|
The failure wasn't present in 1.6+, so this is not a backpatch.
|
|
Backport of b70c371fc1f18ea0c43b503122df3f311afc7105 from master.
|
|
|
|
Thanks to av@rdf.ru and flarno11@yahoo.de for the report.
Backport of 4fd94969d8 from master
|
|
down aliases
Thanks simonpercivall.
Backport of d9c580306c from master
|
|
Backport of 4d92a0bd86 from master.
|
|
aliases for defau
Thanks simonpercivall.
Backport of 2cbd579efe from master.
|
|
|
|
There were a couple of regressions related to field pickling. The
regressions were introduced by QuerySet._known_related_objects caching.
The regressions aren't present in master, the fix was likely in
f403653cf146384946e5c879ad2a351768ebc226.
Fixed #20157, fixed #20257. Also made QuerySets with model=None
picklable.
|
|
A regression caused by d5b93d3281fe93cbef5de84a52 made .get() error
reporting recurse infinitely on certain rare conditions. Fixed this by
not trying to print the given lookup kwargs.
Backpatch of 266c0bb23e9d64c47ace4d162e582febd5a1e336
|
|
`UnicodeDecodeError`
Handle the `UnicodeDecodeError` exception, send a warning to `stdout` with the
file name and location, and continue processing other files.
Backport of 99a6f0e77 from master.
|
|
a5becad9094e5c5403b692b9a7b3a6ffaabf64a3.
Backport of 780fa48f5fb81b2f0f58de95167abff84a6149aa from master
|
|
Backport of b04fd579d5 from master.
|
|
BoundField.label_tag
Also cleaned up label escaping and consolidated the test suite regarding
label_tag.
Backport of ab686022f from master.
|
|
Thanks Baptiste Mispelon for the review.
Backport of fe01404bb9 from master.
|
|
Backport of 216580e034.
|
|
based on the `SCRIPT_NAME` environment parameter or the `FORCE_SCRIPT_NAME` setting, regardless of whether or not those have a trailing slash. Thanks to bmispelon for the review.
Backport of 2f81a0ca6543f
|
|
This is a fix to the wrong behavior that 15c3906eeb introduced.
Backport of 4befef9 from trunk.
|
|
Backport of 654d8e9.
|
|
Also don't compete with -W CLI option.
Thanks to Aymeric Augustin for the catch, and Claude Paroz for the patch.
Backport of e79b857a07905340556f781a7d63016236b21c61 from master.
|