| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
Ensure skip_file_prefixes does not match sibling packages like django*.
Bug in f42b89f1bf49a5b89ed852b60f79342320a81c5e
and 34bd3ed944bf38792c631b55e581963d44d52284.
|
|
|
|
|
|
|
|
|
|
Where the docs used `:pep:` links for established Python language
features, replaced them with direct references to the Python docs
(usually glossary terms).
|
|
|
|
The new ModelAdmin.delete_confirmation_max_display attribute allows
limiting the number of related objects shown on the delete confirmation
page. When the limit is reached, a "…and N more objects." message is shown.
The feature relies on a new truncated_unordered_list template filter
added to django.contrib.admin.templatetags.admin_filters.
Thanks Jacob Tyler Walls for the review and guidance, Tobias McNulty for the report,
and terminator14 for the solution suggested.
|
|
Added new constant django.db.models.fields.BLANK_CHOICE_LABEL for
an accessible and translatable blank choice label in forms.
Deprecated django.db.models.fields.BLANK_CHOICE_DASH constant.
Added the immediately deprecated transitional setting
USE_BLANK_CHOICE_DASH.
Co-Authored-By: Marijke Luttekes <mail@marijkeluttekes.dev>
|
|
ForeignObject should not be treated as an internal tool. In the past
we made changes in its API with a proper deprecation, e.g.
8b1ff0da4b162e87edebd94e61f2cd153e9e159d.
|
|
formatting.
|
|
Now that the DSF is a CVE Numbering Authority (CNA), we
manage our own CVE assignments.
|
|
InclusionAdminNode and parse_bits().
|
|
|
|
|
|
|
|
|
|
* Indented get_connection() details into its function block.
* Updated introductory paragraph to better reflect current capabilities.
* Changed link in "Quick examples" to go to descriptive text rather than
reference for send_mail().
* Avoided implying that send_mail() is only reliable "in most cases."
* Improved description of development SMTP server.
* Expanded information on third-party backends.
* Moved "Email backends" introductory paragraph above API methods and
expanded it to match section content.
|
|
|
|
Moved "Sending multiple emails" from the "Email backends" section to the
"Sending messages" section and renamed it to "Sending many messages
efficiently" to better reflect its content.
Moved the related connection manager example from the "Email backends"
intro into the same section.
|
|
Moved "Obtaining an instance of an email backend" after documentation
for individual backends (matching similar approach in Tasks docs).
|
|
Moved documentation section for each email backend to be a direct child
of "Email backends" (rather than subsections of "Obtaining an instance
of an email backend"). Added a section header for "Third-party backends"
to surface it in the outline and separate it from "Dummy backend."
|
|
Moved the "Preventing header injection" discussion below sections on
EmailMessage and related classes.
|
|
Introduced a top-level "Sending messages" section to group together
send_mail(), send_mass_mail(), mail_admins(), mail_managers(), the
EmailMessage and EmailMultiAlternatives classes, and other topics
related to sending.
|
|
The top-level "Examples" section of docs/topics/email.txt seemed intended
to illustrate the difference between send_mail() and send_mass_mail(),
not to provide general examples of sending email. Moved it into the
existing "send_mass_mail() vs. send_mail()" section.
(There's already a "Quick examples" section at the top of the page with
general examples.)
|
|
|
|
|
|
|
|
pagination block.
Bug in 3f59711581bd22ebd0f13fb040b15b69c0eee21f.
|
|
|
|
DateInput widget.
|
|
Altering the .po files by hand was causing incorrect line numbers and
plural forms. Since our fetching procedure does not recompile any
hand-edited .po files to .mo files for production use, just accept
Transifex's plural forms as a source of truth.
https://forum.djangoproject.com/t/discourage-releasers-from-editing-po-files-by-hand/44441
|
|
Passing the --domain flag again just overwrites the prior value.
|
|
|
|
For use in checking user permissions via has_perm().
Co-authored-by: 사재혁 <jaehyuck.sa.dev@gmail.com>
|
|
|
|
projects.unbit.it has an invalid certificate and provides old packages.
|
|
The decorator was updated to accept **kwargs and forward them to
task_class, allowing additional parameters to be passed to custom
Task subclasses.
|
|
request bodies.
Notably that the limit can be bypassed under ASGI.
|
|
CVE-2026-33034 to security archive.
|
|
|
|
ASGI requests.
The `body` property in `HttpRequest` checks DATA_UPLOAD_MAX_MEMORY_SIZE
against the declared `Content-Length` header before reading. On the ASGI
path, chunked requests carry no `Content-Length`, so the check evaluated
to 0 and always passed regardless of the actual body size.
This work adds a new check on the actual number of bytes consumed.
Thanks to Superior for the report, and to Jake Howard and Jacob Walls
for reviews.
|
|
When a multipart file part used `Content-Transfer-Encoding: base64` and
the non-whitespace base64 bytes did not align to a multiple of 4 within
a chunk, the parser entered a loop calling `field_stream.read(1-3)` once
per whitespace byte. Each such call fetched the entire internal buffer,
sliced off 1-3 bytes, and pushed the remainder back via unget(), doing
an O(n) memory copy per call. A 2.5 MB payload of mostly whitespace
produced CPU amplification relative to a normal upload of the same size.
The alignment loop now reads `self._chunk_size` bytes at a time, and
accumulates stripped parts in a list joined once at the end.
Thanks to Seokchan Yoon for the report and the fixing patch.
|
|
ModelAdmin.list_editable.
Thanks Natalia Bidart, Jake Howard, and Markus Holtermann for reviews.
|
|
Edit permissions were still checked as part of ordinary form validation,
but because GenericInlineModelAdmin overrides get_formset(), it lacked
InlineModelAdmin's dynamic DeleteProtectedModelForm.has_changed() logic
for checking permissions server-side, leaving the add case unaddressed.
This change reimplements the relevant part of InlineModelAdmin.get_formset().
Thanks N05ec@LZU-DSLab for the report, and Natalia Bidart,
Markus Holtermann, and Simon Charette for reviews.
|
|
Thanks Tarek Nakkouch for the report and Jake Howard and Natalia Bidart
for reviews.
|
