Commit Graph

7993 Commits

Author SHA1 Message Date
Yury V. Zaytsev
4bb9a3c484 Fix XSS caused by disabled autoescaping in the default DRF Browsable API view templates (#6330)
* Add test that verifies that HTML is correctly escaped in Browsable API views

* Fix `urlize_quoted_links` tag to avoid double escaping in autoescape mode

* Fix XSS in default DRF Browsable API template by re-enabling autoescape
2019-01-16 12:36:25 +00:00
Adrien Brunet
e3bd4b9048 Fix #1811: take limit_choices_to into account with FK (#6371)
* Fix issue1811: take limit_choices_to into account with FK

* Issue 1811: Add tests to illustrate issue

* Filter queryset only if limit_choices_to exists

* Move test_relations_with_limited_querysets file within test_relations_pk

* move limit_choices_to logic from relations.py to utils/field_mapping.py

* move limit_choices_to above other check to avoid conflicts
2019-01-08 13:49:47 +00:00
johnthagen
9c408b296b Remove reference to deprecated drf-openapi package (#6398) 2019-01-08 12:47:09 +00:00
Matt Wiens
e0ae975e5c Fix a badly formatted title in docs (#6089)
While having code blocks in a title is valid Markdown, MkDocs does not
render it as expected. This removes a code block placed in a title.
2019-01-08 12:07:00 +00:00
Stephen Finucane
c052a86c7b compat: (py2) urlparse = urllib.parse (py3) (#6262)
* compat: (py2) urlparse = urllib.parse (py3)

We were mistakenly importing the 'urlparse' function from the Python 2
'urlparse' module, as opposed to the module itself. Correct this.

Signed-off-by: Stephen Finucane <stephen@that.guru>
Closes: #6261

* compat: Remove 'compat.urlparse'

We can just use Django's vendored six library, like we do everywhere
else.

Signed-off-by: Stephen Finucane <stephen@that.guru>
2019-01-08 12:03:02 +00:00
johnthagen
a49d744d5e Fix OpenAPI links (#6382) 2019-01-08 11:56:42 +00:00
johnthagen
0860ef9eee Update quickstart to Django 2.0 routing syntax (#6385)
* Update quickstart to Django 2.0 routing syntax

* Remove uneccessary raw string identifiers

* Correctly import path function

* Fix import path to use django.urls

This is what is prescribed in the Django 2.1 tutorial
2019-01-08 11:53:51 +00:00
Carlton Gibson
587058e3c2 Allow run_validators() to handle non-dict types. (#6365)
Fixes #6053.

Original test case thanks to Vincent Delaitre in #6242.
2019-01-08 11:39:30 +00:00
Yaser Khahani
0cf18c4163 Use Default Version in URLPathVersioning if 'version' Didn't Specified by Client (#6380)
* Use Default Version in URLPathVersioning if 'version' Didn't Passed

* Clean Code
2019-01-08 11:34:54 +00:00
Adrien Brunet
4863a24451 Fix links 404/302/303 in docs/community (#6387)
* Fix links 404/302/303

* Fix machinalis links in docs

* Fix kickstarter links in documentation

* Fix kickstarter links in documentation

* Fix kickstarter links in documentation - dropping links when broken
2019-01-08 11:15:53 +00:00
johnthagen
7749e4e3be Make code snippet Python 3 compatible (#6377) 2019-01-04 18:00:38 -08:00
Adrien Brunet
1e2fd25f54 Fix #3387: Documentation - Remove leading '.' before format option (#6388) 2019-01-04 14:45:08 +00:00
Xavier Ordoquy
030119c117
Merge pull request #6386 from philratcliffe/fix_missing_import_in_example_code
Fix missing import in example code
2018-12-28 17:54:41 +01:00
Phil Ratcliffe
1a9548db4f Fix missing import in example code 2018-12-28 16:10:08 +00:00
Anuvrat Parashar
97a47958c0 correct grammar, remove common noun after proper noun. (#6383)
`MultipartParser` is enough to denote that it is a parser.
2018-12-24 15:54:27 +00:00
Xavier Ordoquy
5fd12d1b16
Merge pull request #6376 from johnthagen/patch-1
Fix example to be Python 3.x and 2.7 compatible
2018-12-23 07:46:35 +01:00
johnthagen
f0712aa78a
Fix example to be Python 3.x and 2.7 compatible 2018-12-22 15:29:02 -05:00
Carlton Gibson
86aa7768a7 Update quote in relations.md (#6373)
Fixes #6372.
2018-12-21 11:39:01 +00:00
Carlton Gibson
63e6bbfd36 Note that only latest patches of Python & Django are supported. (#6370)
Fixes #6367.
2018-12-20 13:41:54 +00:00
Dario Cangialosi, Coder
fa57fb8aeb Use HTTPS URL example for git clone commands. (#6134) 2018-12-19 19:28:03 +01:00
Alf
963ce306f3 Added "allow_unicode" to generated kwargs for ModelSerializer SlugField (#6315) 2018-12-19 15:37:52 +01:00
Cyrus Ghazanfar
7ad5bdb669 Adjusted login template override example (#6265) 2018-12-19 15:25:34 +01:00
Jonathan Berger
1348bdc48a Fixed quickstart.md typos (#6348) 2018-12-19 14:50:14 +01:00
Xavier Ordoquy
a52087b1b8
Merge pull request #6362 from adrienbrunet/typo
docs: typo in permissions (double space)
2018-12-19 14:34:18 +01:00
Adrien Brunet
c4a021185f docs: typo in permissions (double space) 2018-12-18 13:03:03 +01:00
Tom Christie
2aecef3460 Update kloudless logo 2018-12-18 11:23:08 +00:00
Tom Christie
3453d65655 Update Kloudless logo 2018-12-18 11:18:40 +00:00
Michael D. Hoyle
a64980232a Add example of gender-neutral language in contributing guide. (#6358) 2018-12-17 21:10:39 +01:00
Dan Wilson
ef61288d77 Remove mention of djangorestframework-jwt (#6353)
Follow-up to https://github.com/encode/django-rest-framework/pull/6138
2018-12-13 21:01:10 +00:00
JerzySpendel
627eeb8202 Add missing comma in documentation of permission composition (#6336) 2018-12-07 16:44:57 -05:00
Josh Smith
facb433c89 Remove unmaintained digest authentication package (#6347)
https://github.com/juanriaza/django-rest-framework-digestauth has not been updated in 5 years and is currently incompatible with the latest DRF ecosystem.
2018-12-06 16:26:40 +00:00
HoangYell
b61806e3b3 add "js-tooltip" class to "POST" button (#6344)
the tool tip of "POST" button is different from other buttons, since it loses the "js-tooltip" class.
2018-12-03 12:10:05 +00:00
Benjamin Pereto
5a54f897ec FIX: openapi schema title should be a string not a tuple (#6259) 2018-11-28 12:45:26 +00:00
Xavier Ordoquy
11edf572c5
Merge pull request #6299 from encode/xordoquy/fix_composable_permissions
Fix composable permissions
2018-11-27 15:47:30 +01:00
Xavier Ordoquy
74574217a4 Fix composable permissions
In some cases we end with an operation between two `OperandHolder`.
This didn't work as it didn't knew how to deal with | or &
This fixes by adding those operations.
2018-11-27 15:29:44 +01:00
takaaki shimbo
0f5dfe8b3c Fix typo in schemas (#6332)
* Fix typo in generators.py

* Fix typo in inspectors.py

* message line too long

* Change backslash to multiline strings

* Removed trailing whitespace from assertion message
2018-11-26 10:14:59 -08:00
Ryan P Kilby
9b7db8dd69
Travis has released Xenial support (#6322) 2018-11-20 23:45:04 -08:00
Tom Christie
2084555fbe Update Lights On logo 2018-11-16 15:41:38 +00:00
Mice Pápai
d0369b27cd update docs/api-guide/serializers.md: consistency (#6320) 2018-11-15 14:44:54 +00:00
Tom Christie
2c0b2bd44e
Add 'Lights On Software' (#6319)
* Add 'Lights On Software'

* Fix link
2018-11-15 13:52:24 +00:00
Tom Christie
588c6976d4
Delete lightson.png 2018-11-15 12:06:47 +00:00
Tom Christie
bc36cf5e2b
Lights On 2018-11-15 12:06:18 +00:00
Tom Christie
f73b4896b8
Lights On Software 2018-11-15 12:04:06 +00:00
Stan Fateev
f7d2839562 Typo fix in the release announcement (#6318) 2018-11-14 07:50:28 +01:00
Xavier Ordoquy
bf9533ae37
Merge pull request #6286 from markddavidoff/patch-1
permissions must return a boolean to allow &/| operator comparison
2018-11-05 16:04:08 +00:00
Stephen Finucane
fae7e91728 docs: Remove references to drf-openapi (#6272)
This has been EOL'd in favour of drf-yasg [1].

[1] https://github.com/limdauto/drf_openapi/commit/1673c6e0

Signed-off-by: Stephen Finucane <stephen@that.guru>
2018-11-03 15:57:47 +01:00
Tom Snee
d59a130168 Fixes an import statement in chapter 5 of the tutorial. (#6267) 2018-11-02 08:48:39 -07:00
ilmucio
40da2a21ef Update authentication.md (#6291) 2018-10-29 15:43:06 -07:00
Mark Davidoff
1f13b6f6b2 use actual user instead of fake user in permission composition test 2018-10-29 10:45:40 -07:00
Zach Wernberg
67e99a29b8 Fix typo in release-notes.md (#6285) 2018-10-29 10:03:34 -07:00