Altered the behavior of URLField to avoid a potential DOS vector, and to avoid potential leakage of local filesystem data. A security announcement will be made shortly.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16760 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #7596.  Added Model.objects.bulk_create, and make use of it in several places.  This provides a performance benefit when inserting multiple objects.  THanks to Russ for the review, and Simon Meers for the MySQl implementation.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16739 bcc190cf-cafb-0310-a4f2-bffc1f526a37

This allows to make these links more resilent to changes in the target URLs.
Thanks Jannis for the report and Aymeric Augustin for the patch.

Fixes #16586.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16720 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #16059 -- Improved the usability of the admin's vertical and horizontal "filter" widgets, in particular by providing a better visual representation of the buttons' enabled and disabled states, and by providing more elaborate, yet less cluttered, help texts.

Note that this commit is an exception to the current tacit rule that javascript code changes should be avoided until a proper javascript testing framework for Django core is in place. This exception is commanded by the fact that it is to fix a recognized usability issue and that the patch has been (manually) extensively tested in IE6+, Chrome, Safari, Firefox and Opera.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16714 bcc190cf-cafb-0310-a4f2-bffc1f526a37

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16712 bcc190cf-cafb-0310-a4f2-bffc1f526a37

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16711 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Reverted r16662 -- There are bunch of problems with this patch, including failing tests, that I didn't pick up before committing.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16669 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #16202 -- Added a Slovenian localflavor. Thanks to Jure Cuhalev <gandalf@owca.info>, Gasper Zejn, Domen Kozar and iElectric for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16662 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #9847 -- Added 403 response handler. Many thanks to kgrandis, adamnelson, vkryachko, fvox13  and Chris Beaven.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16606 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Many thanks to Florian Apolloner and Jacob Kaplan-Moss for reviewing and eagle eyeing.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16594 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #3615: Added support for loading fixtures with forward references on database backends (such as MySQL/InnoDB) that do not support deferred constraint checking. Many thanks to jsdalton for coming up with a clever solution to this long-standing issue, and to jacob, ramiro, graham_king, and russellm for review/testing. (Apologies if I missed anyone else who helped here.)

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16590 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #16101 -- Added parameters to SingleObjectMixin to override the name of the URL keyword arguments used for pk and slug. Thanks, Andrew Ingram and Julien Phalip.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16569 bcc190cf-cafb-0310-a4f2-bffc1f526a37

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16542 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #16161 -- Added `--clear` option to `collectstatic` management command to be able to explicitly clear the files stored in the destination storage before collecting.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16509 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #16115 -- Added ModelAdmin.save_related method to be able to do pre- or post-save operations for objects related to the parent object currently displayed. Thanks, Julien Phalip.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16498 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #16050 -- BACKWARDS-INCOMPATIBLE CHANGE: Moved static files of the admin to conventional file system location.

This also removes the need for ADMIN_MEDIA_PREFIX and replaces it with the convention to find admin's static files at STATIC_URL + 'admin/'.

Thanks to Jacob for the review and general help.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16487 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #16199 -- Added a Cookie based session backend. Many thanks to Eric Florenzano for his initial work and Florian Apollaner for reviewing.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16466 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #14390 and #16262 -- Moved password related functions from auth models to utils module and stopped check_password from throwing an exception. Thanks, subsume and lrekucki.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16456 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Thanks Matt Bennett for report and draft patch; Vinay Sajip and Russell Keith-Magee for review.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16444 bcc190cf-cafb-0310-a4f2-bffc1f526a37

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16423 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #11585 -- Added ability to translate and prefix URL patterns with a language code as an alternative method for language discovery. Many thanks to Orne Brocaar for his initial work and Carl Meyer for feedback.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16405 bcc190cf-cafb-0310-a4f2-bffc1f526a37

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16402 bcc190cf-cafb-0310-a4f2-bffc1f526a37

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16401 bcc190cf-cafb-0310-a4f2-bffc1f526a37

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16383 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #12847 -- Added name parameter to simple_tag, assignment_tag and inclusion_tag helpers. Thanks, vladmos.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16373 bcc190cf-cafb-0310-a4f2-bffc1f526a37

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16366 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #16155 -- Removed Python 2.4 compatibility constructs from code and mentions from docs. Thanks Aymeric Augustin for the report and patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16349 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Thanks to buriy and Aleksandra for the implementation!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16343 bcc190cf-cafb-0310-a4f2-bffc1f526a37

This adds a flexible mechanism for filtering what request/traceback
information is shown in 500 error emails and logs. It also applies
screening to some views known to be sensitive e.g. views that handle
passwords.

Thanks to oaylanc for the report and many thanks to Julien Phalip for the
patch and the rest of the work on this.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16339 bcc190cf-cafb-0310-a4f2-bffc1f526a37

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16338 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Removed an alias for ``django.template.loader`` that had been deprecated since 2005. This should only affect World Online.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16337 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Many thanks to bendavis78 for the initial patch, and for input from others.

Also fixed #7309. If people were relying on the undocumented default ordering
applied by the admin before, they will need to add 'ordering = ["-pk"]' to
their ModelAdmin.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16316 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #9200 -- Added new form wizard to formtools based on class based views. Many thanks to Stephan Jäkel, ddurham and ElliottM for their work.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16307 bcc190cf-cafb-0310-a4f2-bffc1f526a37

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16306 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Many thanks to rniemeyer for the patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16298 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #12417 -- Added signing functionality, including signing cookies. Many thanks to Simon, Stephan, Paul and everyone else involved.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16253 bcc190cf-cafb-0310-a4f2-bffc1f526a37

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16227 bcc190cf-cafb-0310-a4f2-bffc1f526a37

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16220 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Thanks to brodie for the report, and further input from tow21

This is a potentially backwards incompatible change - if you were doing
PUT/DELETE requests and relying on the lack of protection, you will need to
update your code, as noted in the releaste notes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16201 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Thanks to aaugustin for implementing this.

(Technically this doesn't fix the original report, as we've decided against
having *any* default values, but the new feature makes it possible, and the
docs have an example addressing #15954).

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16160 bcc190cf-cafb-0310-a4f2-bffc1f526a37