From c3ca99cd3c85a2e551e4ba97c95f534564ed4036 Mon Sep 17 00:00:00 2001 From: Bertrand Bordage Date: Wed, 12 Apr 2017 11:54:44 +0200 Subject: [PATCH] Adds upgrade notes for #3528. --- CHANGELOG.txt | 1 + docs/releases/1.10.rst | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index cb79c9d3f0..48dc61abd6 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -60,6 +60,7 @@ Changelog * Fix: `RichTextBlock` toolbar now correctly positioned within `StructBlock` (Janneke Janssen) * Fix: Fixed display of ManyToMany fields and False values on the ModelAdmin inspect view (Andy Babic) * Fix: Prevent pages from being recursively copied into themselves (Matheus Bratfisch) + * Fix: Specifying the full file name in documents URL is mandatory (Morgan Aubert) 1.9 (16.02.2017) diff --git a/docs/releases/1.10.rst b/docs/releases/1.10.rst index 7025f410eb..9c6116ba6f 100644 --- a/docs/releases/1.10.rst +++ b/docs/releases/1.10.rst @@ -75,6 +75,7 @@ Bug fixes * ``RichTextBlock`` toolbar now correctly positioned within ``StructBlock`` (Janneke Janssen) * Fixed display of ManyToMany fields and False values on the ModelAdmin inspect view (Andy Babic) * Prevent pages from being recursively copied into themselves (Matheus Bratfisch) + * Specifying the full file name in documents URL is mandatory (Morgan Aubert) Upgrade considerations @@ -122,3 +123,19 @@ Adding / editing users through Wagtail admin no longer sets ``is_staff`` flag ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Previously, the ``is_staff`` flag (which grants access to the Django admin interface) was automatically set for superusers, and reset for other users, when creating and updating users through the Wagtail admin. This behaviour has now been removed, since Wagtail is designed to work independently of the Django admin. If you need to reinstate the old behaviour, you can set up a `pre_save signal handler `_ on the User model to set the flag appropriately. + + +Specifying the full file name in documents URL is mandatory +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In previous releases, it was possible to download a document using +the primary key and a fraction of its file name, or even without file name. +You could get the same document at the addresses +``/documents/1/your-file-name.pdf``, ``/documents/1/you`` & ``/documents/1/``. + +This feature was supposed to allow shorter URLs but was not used in Wagtail. +For security reasons, we removed it, so only the full URL works: +``/documents/1/your-file-name.pdf`` + +If any of your applications relied on the previous behaviour, you will have to +rewrite it to take this into account.