| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-02-27 | Fixed #34643 -- Moved inputs beneath labels and errors in admin forms. | antoliny0919 | |
| Thanks Sarah Boyce and Jacob Walls for reviews. Co-authored-by: Hrushikesh Vaidya <hrushikeshrv@gmail.com> | |||
| 2025-12-22 | Fixed #36807 -- Fixed form field alignment under <fieldset> in the admin. | Jacob Walls | |
| It isn't safe to set display: flex on <fieldset>, because on Safari this interferes with display: block on child divs. Thanks Paulo Coutinho for the report and Antoliny for the review. Regression in 4187da258fe212d494cb578a0bc2b52c4979ab95. | |||
| 2025-10-14 | Fixed #34041 -- Added aria-current attribute to admin breadcrumbs. | antoliny0919 | |
| Co-authored by: farita1699 <uwanjerry25@gmail.com> | |||
| 2025-08-19 | Fixed #35892 -- Supported Widget.use_fieldset in admin forms. | antoliny0919 | |
| 2025-07-23 | Refs #36500 -- Rewrapped long docstrings and block comments via a script. | django-bot | |
| Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505. | |||
| 2025-07-23 | Removed double spaces after periods and within phrases. | Sarah Boyce | |
| 2025-04-17 | Fixed #35959 -- Displayed password reset button in admin only when user has ↵ | Sarah Boyce | |
| sufficient permissions. This change ensures that the "Reset password" button in the admin is shown only when the user has the necessary permission to perform a password change operation. It reuses the password hashing rendering logic in `display_for_field` to show the appropriate read-only widget for users with view-only access. | |||
| 2025-03-27 | Fixed #34917 -- Underlined links in the main content area of the admin. | antoliny0919 | |
| 2025-01-13 | Fixed #36087 -- Supported password reset on a custom user model with a ↵ | Sarah Boyce | |
| composite primary key. | |||
| 2024-10-16 | Refs #35727 -- Updated response.content.decode calls to use the ↵ | SaJH | |
| HttpResponse.text property. Signed-off-by: SaJH <wogur981208@gmail.com> | |||
| 2024-05-22 | Fixed #31405 -- Added LoginRequiredMiddleware. | Hisham Mahmood | |
| Co-authored-by: Adam Johnson <me@adamj.eu> Co-authored-by: Mehmet İnce <mehmet@mehmetince.net> Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2024-03-27 | Fixed #34977 -- Improved accessibility in the UserChangeForm by replacing ↵ | Fabian Braun | |
| the reset password link with a button. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-02-20 | Fixed #34429 -- Allowed setting unusable passwords for users in the auth forms. | Fabian Braun | |
| Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-01-26 | Applied Black's 2024 stable style. | Mariusz Felisiak | |
| https://github.com/psf/black/releases/tag/24.1.0 | |||
| 2023-09-20 | Defined PASSWORD_HASHERS for auth_tests.test_views.ChangelistTests. | Lily Foote | |
| auth_tests.test_views.ChangelistTests.test_view_user_password_is_readonly depends on the password hasher having the three components algorithm, salt and hash. The default password hasher (PBKDF2PasswordHasher) has an extra iterations component, breaking the test. | |||
| 2023-01-17 | Refs #15619 -- Removed support for logging out via GET requests. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2023-01-04 | Refs #34074 -- Used headers argument for RequestFactory and Client in docs ↵ | David Wobrock | |
| and tests. | |||
| 2022-09-01 | Fixed ReadOnlyPasswordHashWidget's template for RTL languages. | Shai Berger | |
| 2022-04-20 | Refactored out RedirectURLMixin.get_success_url(). | Aymeric Augustin | |
| This also adds a default implementation of get_default_redirect_url(). | |||
| 2022-04-20 | Simplified LogoutView.get_success_url(). | Aymeric Augustin | |
| This preserves the behavior of redirecting to the logout URL without query string parameters when an insecure ?next=... parameter is given. It changes the behavior of a POST to the logout URL, as shown by the test that is changed. Currently, this results in a GET to the logout URL. However, such GET requests are deprecated. This change would be necessary in Django 5.0 anyway. This commit merely anticipates it. | |||
| 2022-04-18 | Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page ↵ | Aymeric Augustin | |
| when LOGOUT_REDIRECT_URL is set. | |||
| 2022-03-29 | Fixed #15619 -- Deprecated log out via GET requests. | René Fleschenberg | |
| Thanks Florian Apolloner for the implementation idea. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2022-03-24 | Refs #15619 -- Logged out with POST requests in admin. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2021-07-19 | Fixed wording of AuthViewsTestCase's docstring. | Chris Jerdonek | |
| 2021-06-25 | Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using ↵ | Mateo Radman | |
| "assert" in various code. | |||
| 2021-02-08 | Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView. | ThinkChaos | |
| 2021-01-14 | Refs #27468 -- Removed support for the pre-Django 3.1 user sessions. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2021-01-14 | Fixed #31358 -- Increased salt entropy of password hashers. | Jon Moroney | |
| Co-authored-by: Florian Apolloner <florian@apolloner.eu> | |||
| 2020-09-14 | Fixed #31789 -- Added a new headers interface to HttpResponse. | Tom Carrick | |
| 2020-07-09 | Used urllib.parse.urljoin() in auth_tests to join URLs. | Jon Dufresne | |
| As the strings represent URLs and not paths, should use urllib to manipulate them. | |||
| 2020-05-11 | Refs #30116 -- Simplified regex match group access with Match.__getitem__(). | Jon Dufresne | |
| The method has been available since Python 3.6. The shorter syntax is also marginally faster. | |||
| 2020-04-29 | Refs #27468 -- Made user sessions use SHA-256 algorithm. | Mariusz Felisiak | |
| 2020-03-16 | Fixed #31361 -- Fixed invalid action="" in admin forms. | Jon Dufresne | |
| The attribute action="" (empty string) on the <form> element is invalid HTML5. The spec (https://html.spec.whatwg.org/#attr-fs-action) says: > The action and formaction content attributes, if specified, must have > a value that is a valid non-empty URL potentially surrounded by > spaces. Emphasis on non-empty. The action attribute is allowed to be omitted, in which case the current URL is used which is the same behavior as now. | |||
| 2020-02-18 | Refs #26601 -- Deprecated passing None as get_response arg to middleware ↵ | Claude Paroz | |
| classes. This is the new contract since middleware refactoring in Django 1.10. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2019-12-02 | Fixed CVE-2019-19118 -- Required edit permissions on parent model for ↵ | Carlton Gibson | |
| editable inlines in admin. Thank you to Shen Ying for reporting this issue. | |||
| 2019-11-18 | Replaced encode() usage with bytes literals. | Jon Dufresne | |
| 2019-06-14 | Fixed #12952 -- Adjusted admin log change messages to use form labels ↵ | Sanyam Khurana | |
| instead of field names. | |||
| 2019-05-27 | Refs #24944 -- Added test for overriding domain in email context in ↵ | Mattia Procopio | |
| PasswordResetView. | |||
| 2019-05-24 | Fixed #28780 -- Allowed specyfing a token parameter displayed in password ↵ | Rob | |
| reset URLs. Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com> | |||
| 2019-03-15 | Cleaned up exception message checking in some tests. | Jon Dufresne | |
| 2019-02-14 | Refs #15902 -- Deprecated storing user's language in the session. | Claude Paroz | |
| 2018-12-31 | Updated test URL patterns to use path() and re_path(). | Tim Graham | |
| 2018-11-27 | Switched setUp() to setUpTestData() where possible in Django's tests. | Simon Charette | |
| 2018-10-10 | Refs #27795 -- Removed force_bytes() usage from django/utils/http.py. | Jon Dufresne | |
| django.utils.http.urlsafe_base64_encode() now returns a string, not a bytestring. Since URLs are represented as strings, urlsafe_base64_encode() should return a string. All uses immediately decoded the bytestring to a string anyway. As the inverse operation, urlsafe_base64_decode() accepts a string. | |||
| 2018-10-01 | Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin ↵ | Tim Graham | |
| user change form. | |||
| 2018-10-01 | Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" ↵ | Carlton Gibson | |
| users. Thanks Claude Paroz & Tim Graham for collaborating on the patch. | |||
| 2018-08-17 | Fixed #29686 -- Made UserAdmin.user_change_password() pass user to ↵ | Alexander Todorov | |
| has_change_permission(). | |||
| 2018-06-20 | Refs #27398 -- Simplified some tests with assertRedirects(). | Tim Graham | |
 |
index : django.git | |
| django |
| summaryrefslogtreecommitdiff |