[Python-modules-commits] [python-django] 01/06: Import python-django_1.7.11.orig.tar.gz
Raphaël Hertzog
hertzog at moszumanska.debian.org
Wed Dec 30 15:46:06 UTC 2015
This is an automated email from the git hooks/post-receive script.
hertzog pushed a commit to branch debian/jessie-updates
in repository python-django.
commit 2d07f4b16101fcc8973128c4e4920b41f87175ee
Author: Raphaël Hertzog <hertzog at debian.org>
Date: Fri Dec 11 10:40:00 2015 +0100
Import python-django_1.7.11.orig.tar.gz
---
Django.egg-info/PKG-INFO | 2 +-
Django.egg-info/SOURCES.txt | 1 +
PKG-INFO | 2 +-
django/__init__.py | 2 +-
django/db/models/query.py | 25 +++++++++++++++++++++++--
django/utils/formats.py | 20 ++++++++++++++++++++
docs/_ext/djangodocs.py | 30 +++++++++++++++++++-----------
docs/conf.py | 8 ++++++--
docs/faq/install.txt | 3 ++-
docs/internals/deprecation.txt | 9 ++++++---
docs/ref/databases.txt | 2 +-
docs/ref/request-response.txt | 8 ++++----
docs/releases/1.7.11.txt | 26 ++++++++++++++++++++++++++
docs/releases/1.7.txt | 5 +++++
docs/releases/index.txt | 1 +
docs/topics/auth/default.txt | 4 ++--
docs/topics/logging.txt | 4 ++--
docs/topics/testing/tools.txt | 17 +++++++++++------
tests/i18n/tests.py | 3 +++
tests/migrations/test_autodetector.py | 12 ++++++------
tests/prefetch_related/tests.py | 22 ++++++++++++++++++++++
tests/requirements/mysql.txt | 3 ++-
tests/requirements/py2.txt | 3 ++-
23 files changed, 167 insertions(+), 45 deletions(-)
diff --git a/Django.egg-info/PKG-INFO b/Django.egg-info/PKG-INFO
index ee0cc12..aa7166c 100644
--- a/Django.egg-info/PKG-INFO
+++ b/Django.egg-info/PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: Django
-Version: 1.7.10
+Version: 1.7.11
Summary: A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Home-page: http://www.djangoproject.com/
Author: Django Software Foundation
diff --git a/Django.egg-info/SOURCES.txt b/Django.egg-info/SOURCES.txt
index be01607..bbc9541 100644
--- a/Django.egg-info/SOURCES.txt
+++ b/Django.egg-info/SOURCES.txt
@@ -4024,6 +4024,7 @@ docs/releases/1.6.9.txt
docs/releases/1.6.txt
docs/releases/1.7.1.txt
docs/releases/1.7.10.txt
+docs/releases/1.7.11.txt
docs/releases/1.7.2.txt
docs/releases/1.7.3.txt
docs/releases/1.7.4.txt
diff --git a/PKG-INFO b/PKG-INFO
index ee0cc12..aa7166c 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: Django
-Version: 1.7.10
+Version: 1.7.11
Summary: A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Home-page: http://www.djangoproject.com/
Author: Django Software Foundation
diff --git a/django/__init__.py b/django/__init__.py
index 42dcf4a..09dbd4d 100644
--- a/django/__init__.py
+++ b/django/__init__.py
@@ -1,4 +1,4 @@
-VERSION = (1, 7, 10, 'final', 0)
+VERSION = (1, 7, 11, 'final', 0)
def get_version(*args, **kwargs):
diff --git a/django/db/models/query.py b/django/db/models/query.py
index 22919e5..a81ee56 100644
--- a/django/db/models/query.py
+++ b/django/db/models/query.py
@@ -10,7 +10,7 @@ from django.conf import settings
from django.core import exceptions
from django.db import connections, router, transaction, IntegrityError
from django.db.models.constants import LOOKUP_SEP
-from django.db.models.fields import AutoField, Empty
+from django.db.models.fields import AutoField, Empty, FieldDoesNotExist
from django.db.models.query_utils import (Q, select_related_descend,
deferred_class_factory, InvalidQuery)
from django.db.models.deletion import Collector
@@ -1906,10 +1906,31 @@ def prefetch_one_level(instances, prefetcher, lookup, level):
rel_attr_val = rel_obj_attr(rel_obj)
rel_obj_cache.setdefault(rel_attr_val, []).append(rel_obj)
+ to_attr, as_attr = lookup.get_current_to_attr(level)
+ # Make sure `to_attr` does not conflict with a field.
+ if as_attr and instances:
+ # We assume that objects retrieved are homogeneous (which is the premise
+ # of prefetch_related), so what applies to first object applies to all.
+ model = instances[0].__class__
+ opts = model._meta
+ conflicts = False
+ try:
+ opts.get_field(to_attr)
+ except FieldDoesNotExist:
+ for related_m2m in opts.get_all_related_many_to_many_objects():
+ if related_m2m.get_accessor_name() == to_attr:
+ conflicts = True
+ break
+ else:
+ conflicts = True
+ if conflicts:
+ msg = 'to_attr={} conflicts with a field on the {} model.'
+ raise ValueError(msg.format(to_attr, model.__name__))
+
for obj in instances:
instance_attr_val = instance_attr(obj)
vals = rel_obj_cache.get(instance_attr_val, [])
- to_attr, as_attr = lookup.get_current_to_attr(level)
+
if single:
val = vals[0] if vals else None
to_attr = to_attr if as_attr else cache_name
diff --git a/django/utils/formats.py b/django/utils/formats.py
index fc68179..2fe98ac 100644
--- a/django/utils/formats.py
+++ b/django/utils/formats.py
@@ -31,6 +31,24 @@ ISO_INPUT_FORMATS = {
}
+FORMAT_SETTINGS = frozenset([
+ 'DECIMAL_SEPARATOR',
+ 'THOUSAND_SEPARATOR',
+ 'NUMBER_GROUPING',
+ 'FIRST_DAY_OF_WEEK',
+ 'MONTH_DAY_FORMAT',
+ 'TIME_FORMAT',
+ 'DATE_FORMAT',
+ 'DATETIME_FORMAT',
+ 'SHORT_DATE_FORMAT',
+ 'SHORT_DATETIME_FORMAT',
+ 'YEAR_MONTH_FORMAT',
+ 'DATE_INPUT_FORMATS',
+ 'TIME_INPUT_FORMATS',
+ 'DATETIME_INPUT_FORMATS',
+])
+
+
def reset_format_cache():
"""Clear any cached formats.
@@ -85,6 +103,8 @@ def get_format(format_type, lang=None, use_l10n=None):
be localized (or not), overriding the value of settings.USE_L10N.
"""
format_type = force_str(format_type)
+ if format_type not in FORMAT_SETTINGS:
+ return format_type
if use_l10n or (use_l10n is None and settings.USE_L10N):
if lang is None:
lang = get_language()
diff --git a/docs/_ext/djangodocs.py b/docs/_ext/djangodocs.py
index 6770ff4..dd141cd 100644
--- a/docs/_ext/djangodocs.py
+++ b/docs/_ext/djangodocs.py
@@ -126,14 +126,8 @@ def visit_snippet_latex(self, node):
"""
Latex document generator visit handler
"""
- self.verbatim = ''
+ code = node.rawsource.rstrip('\n')
-
-def depart_snippet_latex(self, node):
- """
- Latex document generator depart handler.
- """
- code = self.verbatim.rstrip('\n')
lang = self.hlsettingstack[-1][0]
linenos = code.count('\n') >= self.hlsettingstack[-1][1] - 1
fname = node['filename']
@@ -152,9 +146,14 @@ def depart_snippet_latex(self, node):
linenos=linenos,
**highlight_args)
- self.body.append('\n{\\colorbox[rgb]{0.9,0.9,0.9}'
- '{\\makebox[\\textwidth][l]'
- '{\\small\\texttt{%s}}}}\n' % (fname,))
+ self.body.append(
+ '\n{\\colorbox[rgb]{0.9,0.9,0.9}'
+ '{\\makebox[\\textwidth][l]'
+ '{\\small\\texttt{%s}}}}\n' % (
+ # Some filenames have '_', which is special in latex.
+ fname.replace('_', r'\_'),
+ )
+ )
if self.table:
hlcode = hlcode.replace('\\begin{Verbatim}',
@@ -166,7 +165,16 @@ def depart_snippet_latex(self, node):
hlcode = hlcode.rstrip() + '\n'
self.body.append('\n' + hlcode + '\\end{%sVerbatim}\n' %
(self.table and 'Original' or ''))
- self.verbatim = None
+
+ # Prevent rawsource from appearing in output a second time.
+ raise nodes.SkipNode
+
+
+def depart_snippet_latex(self, node):
+ """
+ Latex document generator depart handler.
+ """
+ pass
class SnippetWithFilename(Directive):
diff --git a/docs/conf.py b/docs/conf.py
index 7707cf3..6df8dd8 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -233,8 +233,12 @@ rst_epilog = """
# -- Options for LaTeX output --------------------------------------------------
latex_elements = {
- 'preamble': ('\\DeclareUnicodeCharacter{2264}{\\ensuremath{\\le}}'
- '\\DeclareUnicodeCharacter{2265}{\\ensuremath{\\ge}}')
+ 'preamble': (
+ '\\DeclareUnicodeCharacter{2264}{\\ensuremath{\\le}}'
+ '\\DeclareUnicodeCharacter{2265}{\\ensuremath{\\ge}}'
+ '\\DeclareUnicodeCharacter{2665}{[unicode-heart]}'
+ '\\DeclareUnicodeCharacter{2713}{[unicode-checkmark]}'
+ ),
}
# Grouping the document tree into LaTeX files. List of tuples
diff --git a/docs/faq/install.txt b/docs/faq/install.txt
index e2e993a..794b5c1 100644
--- a/docs/faq/install.txt
+++ b/docs/faq/install.txt
@@ -46,7 +46,8 @@ Django version Python versions
1.4 2.5, 2.6, 2.7
1.5 2.6, 2.7 and 3.2, 3.3 (experimental)
1.6 2.6, 2.7 and 3.2, 3.3
-**1.7, 1.8** **2.7** and **3.2, 3.3, 3.4**
+**1.7** **2.7** and **3.2, 3.3, 3.4**
+1.8 2.7 and 3.2, 3.3, 3.4, 3.5
============== ===============
For each version of Python, only the latest micro release (A.B.C) is officially
diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt
index 40f003b..aa3862a 100644
--- a/docs/internals/deprecation.txt
+++ b/docs/internals/deprecation.txt
@@ -32,9 +32,12 @@ details on these changes.
* ``allow_syncdb`` on database routers will no longer automatically become
``allow_migrate``.
-* The legacy method of syncing apps without migrations will be removed,
- and migrations will become compulsory for all apps. This includes automatic
- loading of ``initial_data`` fixtures and support for initial SQL data.
+* Automatic syncing of apps without migrations will be removed. Migrations will
+ become compulsory for all apps unless you pass the ``--run-syncdb`` option to
+ ``migrate``.
+
+* Support for automatic loading of ``initial_data`` fixtures and initial SQL
+ data will be removed.
* All models will need to be defined inside an installed application or
declare an explicit :attr:`~django.db.models.Options.app_label`.
diff --git a/docs/ref/databases.txt b/docs/ref/databases.txt
index 470774c..69b6b7f 100644
--- a/docs/ref/databases.txt
+++ b/docs/ref/databases.txt
@@ -277,7 +277,7 @@ In addition to a DB API driver, Django needs an adapter to access the database
drivers from its ORM. Django provides an adapter for MySQLdb/mysqlclient while
MySQL Connector/Python includes `its own`_.
-.. _its own: http://dev.mysql.com/doc/refman/5.6/en/connector-python-django-backend.html
+.. _its own: http://dev.mysql.com/doc/connector-python/en/connector-python-django-backend.html
MySQLdb
~~~~~~~
diff --git a/docs/ref/request-response.txt b/docs/ref/request-response.txt
index 0384448..02cecad 100644
--- a/docs/ref/request-response.txt
+++ b/docs/ref/request-response.txt
@@ -398,12 +398,12 @@ a subclass of dictionary. Exceptions are outlined here:
Returns ``True`` if the given key is set. This lets you do, e.g., ``if "foo"
in request.GET``.
-.. method:: QueryDict.get(key, default)
+.. method:: QueryDict.get(key, default=None)
Uses the same logic as ``__getitem__()`` above, with a hook for returning a
default value if the key doesn't exist.
-.. method:: QueryDict.setdefault(key, default)
+.. method:: QueryDict.setdefault(key, default=None)
Just like the standard dictionary ``setdefault()`` method, except it uses
``__setitem__()`` internally.
@@ -461,7 +461,7 @@ In addition, ``QueryDict`` has the following methods:
Returns a copy of the object, using ``copy.deepcopy()`` from the Python
standard library. This copy will be mutable even if the original was not.
-.. method:: QueryDict.getlist(key, default)
+.. method:: QueryDict.getlist(key, default=None)
Returns the data with the requested key, as a Python list. Returns an
empty list if the key doesn't exist and no default value was provided.
@@ -476,7 +476,7 @@ In addition, ``QueryDict`` has the following methods:
Appends an item to the internal list associated with key.
-.. method:: QueryDict.setlistdefault(key, default_list)
+.. method:: QueryDict.setlistdefault(key, default_list=None)
Just like ``setdefault``, except it takes a list of values instead of a
single value.
diff --git a/docs/releases/1.7.11.txt b/docs/releases/1.7.11.txt
new file mode 100644
index 0000000..9d0ade2
--- /dev/null
+++ b/docs/releases/1.7.11.txt
@@ -0,0 +1,26 @@
+===========================
+Django 1.7.11 release notes
+===========================
+
+*November 24, 2015*
+
+Django 1.7.11 fixes a security issue and a data loss bug in 1.7.10.
+
+Fixed settings leak possibility in ``date`` template filter
+===========================================================
+
+If an application allows users to specify an unvalidated format for dates and
+passes this format to the :tfilter:`date` filter, e.g.
+``{{ last_updated|date:user_date_format }}``, then a malicious user could
+obtain any secret in the application's settings by specifying a settings key
+instead of a date format. e.g. ``"SECRET_KEY"`` instead of ``"j/m/Y"``.
+
+To remedy this, the underlying function used by the ``date`` template filter,
+``django.utils.formats.get_format()``, now only allows accessing the date/time
+formatting settings.
+
+Bugfixes
+========
+
+* Fixed a data loss possibility with :class:`~django.db.models.Prefetch` if
+ ``to_attr`` is set to a ``ManyToManyField`` (:ticket:`25693`).
diff --git a/docs/releases/1.7.txt b/docs/releases/1.7.txt
index e2723ca..453461b 100644
--- a/docs/releases/1.7.txt
+++ b/docs/releases/1.7.txt
@@ -1464,6 +1464,11 @@ Miscellaneous
the default project template (pre-1.7.2 only), a database must be created
before accessing a page using :djadmin:`runserver`.
+* The addition of the ``schemes`` argument to ``URLValidator`` will appear
+ as a backwards-incompatible change if you were previously using a custom
+ regular expression to validate schemes. Any scheme not listed in ``schemes``
+ will fail validation, even if the regular expression matches the given URL.
+
.. _deprecated-features-1.7:
Features deprecated in 1.7
diff --git a/docs/releases/index.txt b/docs/releases/index.txt
index a1447ea..c76e1ae 100644
--- a/docs/releases/index.txt
+++ b/docs/releases/index.txt
@@ -25,6 +25,7 @@ versions of the documentation contain the release notes for any later releases.
.. toctree::
:maxdepth: 1
+ 1.7.11
1.7.10
1.7.9
1.7.8
diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt
index 0dcca0f..41d7118 100644
--- a/docs/topics/auth/default.txt
+++ b/docs/topics/auth/default.txt
@@ -326,7 +326,7 @@ How to log a user in
If you have an authenticated user you want to attach to the current session
- this is done with a :func:`~django.contrib.auth.login` function.
-.. function:: login()
+.. function:: login(request, user)
To log a user in, from a view, use :func:`~django.contrib.auth.login()`. It
takes an :class:`~django.http.HttpRequest` object and a
@@ -374,7 +374,7 @@ If you have an authenticated user you want to attach to the current session
How to log a user out
---------------------
-.. function:: logout()
+.. function:: logout(request)
To log out a user who has been logged in via
:func:`django.contrib.auth.login()`, use
diff --git a/docs/topics/logging.txt b/docs/topics/logging.txt
index e7ed13b..44f7efa 100644
--- a/docs/topics/logging.txt
+++ b/docs/topics/logging.txt
@@ -688,8 +688,8 @@ By default, Django configures the following logging:
When :setting:`DEBUG` is ``True``:
-* The ``django`` catch-all logger sends all messages at the ``INFO`` level or
- higher to the console. Django doesn't make any such logging calls at this
+* The ``django`` catch-all logger sends all messages at the ``WARNING`` level
+ or higher to the console. Django doesn't make any such logging calls at this
time (all logging is at the ``DEBUG`` level or handled by the
``django.request`` and ``django.security`` loggers).
diff --git a/docs/topics/testing/tools.txt b/docs/topics/testing/tools.txt
index 4b279ab..4883caa 100644
--- a/docs/topics/testing/tools.txt
+++ b/docs/topics/testing/tools.txt
@@ -985,7 +985,7 @@ For example::
class TestMyViews(TestCase):
urls = 'myapp.test_urls'
- def testIndexPageView(self):
+ def test_index_page_view(self):
# Here you'd test your view using ``Client``.
call_some_test_code()
@@ -1019,11 +1019,11 @@ For example::
class TestMyViews(TestCase):
multi_db = True
- def testIndexPageView(self):
+ def test_index_page_view(self):
call_some_test_code()
This test case will flush *all* the test databases before running
-``testIndexPageView``.
+``test_index_page_view``.
The ``multi_db`` flag also affects into which databases the
attr:`TransactionTestCase.fixtures` are loaded. By default (when
@@ -1406,13 +1406,16 @@ your test suite.
The following examples are valid tests and don't raise any
``AssertionError``::
- self.assertHTMLEqual('<p>Hello <b>world!</p>',
+ self.assertHTMLEqual(
+ '<p>Hello <b>world!</p>',
'''<p>
Hello <b>world! <b/>
- </p>''')
+ </p>'''
+ )
self.assertHTMLEqual(
'<input type="checkbox" checked="checked" id="id_accept_terms" />',
- '<input id="id_accept_terms" type='checkbox' checked>')
+ '<input id="id_accept_terms" type="checkbox" checked>'
+ )
``html1`` and ``html2`` must be valid HTML. An ``AssertionError`` will be
raised if one of them cannot be parsed.
@@ -1629,6 +1632,7 @@ it would under MySQL with MyISAM tables)::
@skipIfDBFeature('supports_transactions')
def test_transaction_behavior(self):
# ... conditional test code
+ pass
.. versionchanged:: 1.7
@@ -1647,6 +1651,7 @@ under MySQL with MyISAM tables)::
@skipUnlessDBFeature('supports_transactions')
def test_transaction_behavior(self):
# ... conditional test code
+ pass
.. versionchanged:: 1.7
diff --git a/tests/i18n/tests.py b/tests/i18n/tests.py
index e4bae85..0bf54d3 100644
--- a/tests/i18n/tests.py
+++ b/tests/i18n/tests.py
@@ -828,6 +828,9 @@ class FormattingTests(TestCase):
'<input id="id_date_added" name="date_added" type="hidden" value="31.12.2009 06:00:00" />; <input id="id_cents_paid" name="cents_paid" type="hidden" value="59,47" />'
)
+ def test_format_arbitrary_settings(self):
+ self.assertEqual(get_format('DEBUG'), 'DEBUG')
+
class MiscTests(TestCase):
diff --git a/tests/migrations/test_autodetector.py b/tests/migrations/test_autodetector.py
index 047862c..e91a5d1 100644
--- a/tests/migrations/test_autodetector.py
+++ b/tests/migrations/test_autodetector.py
@@ -823,7 +823,7 @@ class AutodetectorTests(TestCase):
"""
# Explicitly testing for not specified, since this is the case after
# a CreateModel operation w/o any definition on the original model
- model_state_not_secified = ModelState("a", "model", [("id", models.AutoField(primary_key=True))])
+ model_state_not_specified = ModelState("a", "model", [("id", models.AutoField(primary_key=True))])
# Explicitly testing for None, since this was the issue in #23452 after
# a AlterFooTogether operation with e.g. () as value
model_state_none = ModelState("a", "model", [
@@ -851,13 +851,13 @@ class AutodetectorTests(TestCase):
self.fail('Created operation(s) %s from %s' % (ops, msg))
tests = (
- (model_state_not_secified, model_state_not_secified, '"not specified" to "not specified"'),
- (model_state_not_secified, model_state_none, '"not specified" to "None"'),
- (model_state_not_secified, model_state_empty, '"not specified" to "empty"'),
- (model_state_none, model_state_not_secified, '"None" to "not specified"'),
+ (model_state_not_specified, model_state_not_specified, '"not specified" to "not specified"'),
+ (model_state_not_specified, model_state_none, '"not specified" to "None"'),
+ (model_state_not_specified, model_state_empty, '"not specified" to "empty"'),
+ (model_state_none, model_state_not_specified, '"None" to "not specified"'),
(model_state_none, model_state_none, '"None" to "None"'),
(model_state_none, model_state_empty, '"None" to "empty"'),
- (model_state_empty, model_state_not_secified, '"empty" to "not specified"'),
+ (model_state_empty, model_state_not_specified, '"empty" to "not specified"'),
(model_state_empty, model_state_none, '"empty" to "None"'),
(model_state_empty, model_state_empty, '"empty" to "empty"'),
)
diff --git a/tests/prefetch_related/tests.py b/tests/prefetch_related/tests.py
index 691067b..86240f6 100644
--- a/tests/prefetch_related/tests.py
+++ b/tests/prefetch_related/tests.py
@@ -221,6 +221,28 @@ class PrefetchRelatedTests(TestCase):
self.assertTrue('prefetch_related' in str(cm.exception))
self.assertTrue("name" in str(cm.exception))
+ def test_forward_m2m_to_attr_conflict(self):
+ msg = 'to_attr=authors conflicts with a field on the Book model.'
+ authors = Author.objects.all()
+ with self.assertRaisesMessage(ValueError, msg):
+ list(Book.objects.prefetch_related(
+ Prefetch('authors', queryset=authors, to_attr='authors'),
+ ))
+ # Without the ValueError, an author was deleted due to the implicit
+ # save of the relation assignment.
+ self.assertEqual(self.book1.authors.count(), 3)
+
+ def test_reverse_m2m_to_attr_conflict(self):
+ msg = 'to_attr=books conflicts with a field on the Author model.'
+ poems = Book.objects.filter(title='Poems')
+ with self.assertRaisesMessage(ValueError, msg):
+ list(Author.objects.prefetch_related(
+ Prefetch('books', queryset=poems, to_attr='books'),
+ ))
+ # Without the ValueError, a book was deleted due to the implicit
+ # save of reverse relation assignment.
+ self.assertEqual(self.author1.books.count(), 2)
+
class CustomPrefetchTests(TestCase):
@classmethod
diff --git a/tests/requirements/mysql.txt b/tests/requirements/mysql.txt
index 18c098a..cec0805 100644
--- a/tests/requirements/mysql.txt
+++ b/tests/requirements/mysql.txt
@@ -1 +1,2 @@
-mysqlclient
+# Due to a bug that will be fixed in mysqlclient 1.3.7.
+mysqlclient >= 1.3.7
diff --git a/tests/requirements/py2.txt b/tests/requirements/py2.txt
index a9f6804..b77ddd8 100644
--- a/tests/requirements/py2.txt
+++ b/tests/requirements/py2.txt
@@ -1,2 +1,3 @@
-r base.txt
-python-memcached
+# Due to https://github.com/linsomniac/python-memcached/issues/79 in newer versions.
+python-memcached <= 1.53
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-django.git
More information about the Python-modules-commits
mailing list