| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
wrapping a model.
Pickling a `SimpleLazyObject` wrapping a model did not work correctly; in
particular it did not add the `_django_version` attribute added in 42736ac8.
Now it will handle this and other custom `__reduce__` methods correctly.
|
|
|
|
| |
deprecation timeline.
|
|
|
|
| |
related functions per deprecation timeline.
|
|
|
|
|
|
|
| |
CSRF_COOKIE_DOMAIN.
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
|
| |
|
|
|
|
| |
that take arguments.
|
|
|
|
| |
Refs #24704.
|
|
|
|
|
| |
This also fixes a test failure on Python 2 when Django is installed in a
non-ASCII path. This problem cannot happen on Python 3.
|
|
|
|
|
|
| |
* Added helpers to test uncached and cached access.
* Fixed test_project_root_locale: it duplicated test_locale_paths_setting.
* Rewrote test_only_new_files: test more cases.
|
|
|
|
|
|
|
| |
* When some old files contain errors, the second call to
gen_filenames() should return them.
* When some new files contain errors, the first call to
gen_filenames(only_new=True) should return them.
|
|
|
|
| |
on_delete for ForeignKey/OneToOneField
|
|
|
|
|
|
| |
SlugField.
Thanks Flavio Curella and Berker Peksag for the initial patch.
|
|
|
|
| |
utils.datastructures.OrderedSet.__len__()
|
|
|
|
|
| |
Forwardport of ae1d663b7913f6da233c55409c4973248372d302
from stable/1.8.x plus more.
|
|
|
|
|
|
| |
Implemented __str__() to return the string-representation of the
proxied object, not the proxy itself, if the lazy object didn't have
a string-like object in its resultclasses.
|
|
|
|
| |
fixture paths
|
|
|
|
| |
accessible from class
|
|
|
|
| |
utils.module_loading.import_string()
|
|
|
|
| |
django.utils.timesince()
|
|
|
|
|
|
|
| |
syndication feeds
Renamed the mime_type properties of RssFeed and Atom1Feed to
content_type and start deprecation for the old names.
|
|
|
|
| |
with DurationField
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
ambiguous datetime
|
|
|
|
| |
elements in non-Django templates.
|
|
|
|
|
|
| |
characters.
This is a security fix; disclosure to follow shortly.
|
|
|
|
| |
This is a security fix; disclosure to follow shortly.
|
|
|
|
|
|
| |
numbers
Thanks Jacob Rief for the report and Tim Graham for the review.
|
| |
|
|
|
|
| |
Specifically stopped using the dir argument.
|
|
|
|
| |
Django source contains non-ASCII characters.
|
|
|
|
| |
compliance with RFC6454
|
|
|
|
|
|
| |
insertion
Report and original patch by Kay Cha.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
utils.text.compress_sequence()
The function no longer flushes zfile after each write as doing so can
lead to the gzipped streamed content being larger than the original
content; each flush adds a 5/6 byte type 0 block. Removing this means
buf.read() may return nothing, so only yield if that has some data.
Testing shows without the flush() the buffer is being flushed every 17k
or so and compresses the same as if it had been done as a whole string.
|
| |
|
|
|
|
| |
Thanks Berker Peksag and Tim Graham for the reviews. Refs #24219.
|
|
|
|
| |
deprecation timeline; refs #21674.
|
|
|
|
| |
timeline; refs #21725.
|
|
|
|
| |
refs #17262.
|
|
|
|
| |
deprecation timeline.
|
|
|
|
| |
deprecation timeline; refs #18659.
|
|
|
|
| |
This is a security fix. Disclosure following shortly.
|
|
|
|
| |
responses.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.
The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.
Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.
Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.
Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.
Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:
if isinstance(text, SafeData):
return text
else:
return escape(text)
render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.
This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.
Thanks mitsuhiko for the report.
|
|
|
|
|
|
|
|
| |
mark_safe and mark_for_escaping should have been kept similar.
On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
|
|
|
|
|
|
| |
real object, not resultclasses.
Co-Authored-By: Rocky Meza <rmeza@fusionbox.com>
|