Abdulmalik Abdulwahab
23052e636e
show revision unschedule button to only users with permission
2018-07-06 16:58:40 +01:00
Abdulmalik Abdulwahab
3e1511d362
add can_unschedule to PagePermissionTester
2018-07-06 16:58:40 +01:00
Abdulmalik Abdulwahab
254092e595
Change the user permission check on revisions unschedule to can_publish
2018-07-06 16:58:40 +01:00
Abdulmalik Abdulwahab
e616d11bdc
Failing test for unschedule for unpublished pages
2018-07-06 16:58:39 +01:00
Karl Hobley
c22321ee75
Merge pull request #4593 from kaedroho/update-search-query-classes
...
Update search query classes for RFC 25
2018-07-05 17:15:11 +01:00
Karl Hobley
fa1d572644
Minor python optimisation
2018-07-05 12:14:48 +01:00
Karl Hobley
8b4f64e2f1
Merge branch 'master' into update-search-query-classes
2018-07-05 12:10:51 +01:00
Matt Westcott
4f07f228b2
Fill in release date for 2.1.1
2018-07-04 15:36:49 +01:00
Matt Westcott
1fd111cf6a
Fill in release date for 1.13.2
2018-07-04 15:36:08 +01:00
Matt Westcott
815b58fbda
Fill in release date for 1.12.4
2018-07-04 15:36:07 +01:00
Matt Westcott
783b128fa2
Release note for #4496 in 2.1.1
2018-07-03 17:34:49 +01:00
Matt Westcott
048a4e83f1
Release note for #4496 in 1.13.2
2018-07-03 17:34:49 +01:00
Matt Westcott
7eab2ae793
Release note for #4496 in 1.12.4
2018-07-03 17:34:48 +01:00
Matt Westcott
ce4cd82bd9
Release note for #4496 in 2.2
2018-07-03 16:59:01 +01:00
Matt Westcott
879239b02c
Reject null characters in redirect URLs
2018-07-03 16:55:59 +01:00
Matt Westcott
3aff9f76e4
Revert "Strip Unicode NULL chars when normalizing paths"
...
This reverts commit 882f8f3cf8
.
Conflicts:
CHANGELOG.txt
CONTRIBUTORS.rst
docs/releases/2.2.rst
2018-07-03 16:45:27 +01:00
Matt Westcott
9ef8ee2d7f
Release note for #4553 in 2.1.1
2018-07-03 16:10:59 +01:00
Matt Westcott
b329ed4b65
Release note for #4553 in 1.12.4
2018-07-03 16:10:21 +01:00
Matt Westcott
55ddab6d14
Release note for #4553 in 1.13.x
2018-07-03 16:10:12 +01:00
Matt Westcott
ed9a3a2d69
Pass all necessary template context to chooser view after upload validation error
...
Fixes #4548
2018-07-03 15:26:28 +01:00
Matt Westcott
b4a2e13cb0
Copy 1.13.2 release notes to master
2018-06-29 15:37:58 +01:00
Matt Westcott
6c3431580a
Release note for #4480 in 1.12.4
2018-06-29 15:37:30 +01:00
Matt Westcott
1a4046a676
Copy 1.12.4 release notes to master
2018-06-29 15:36:43 +01:00
Tom Dyson
ee661ab6f8
README rewrite ( #4372 )
2018-06-28 17:27:55 +01:00
Matt Westcott
06d8fb0f63
Add guideline on the use of British vs American English
2018-06-27 20:39:08 +01:00
acrewdson
882f8f3cf8
Strip Unicode NULL chars when normalizing paths
...
After migrating a Wagtail-based site from MySQL to Postgres, we
noticed that malicious requests to the site that included percent-
encoded Unicode NULLs (`%00`) raised a `ValueError` exception that we
hadn't seen when using MySQL: `A string literal cannot contain NUL
(0x00) characters.` This appears to relate to `psycopg2`'s decision to
raise an exception in these situations, as discussed here:
https://github.com/psycopg/psycopg2/issues/420
While newer versions of Django appear to provide some field validation
that addresses these characters, it doesn't look like Wagtail's
redirect middleware is making use of those validators, and so it seemed
reasonable to clean these characters in the context of 'normalizing'
the paths before looking for corresponding redirects -- especially
since a quick investigation on the internet suggests that U+0000 in
URLs can be used as a means of attack, and also since RFC 3986 says:
Note, however, that the "%00" percent-encoding (NUL) may require
special handling and should be rejected if the application is not
expecting to receive raw data within a component.
2018-06-27 11:19:36 -04:00
Matt Westcott
0129e4ce77
Release note for #4648
2018-06-21 12:05:26 +01:00
Abdulmalik Abdulwahab
d5afeab48e
return none if page specific_class is not set in PageTypeField to_representation
2018-06-21 10:12:44 +01:00
Abdulmalik Abdulwahab
d33a00aa49
Write a failing test for missing page model
2018-06-21 09:44:06 +01:00
Matt Westcott
ac84cea671
Add release note for #4612 in 2.1.1
2018-06-20 17:30:26 +01:00
Matt Westcott
fee77469b3
Release note for #4583
2018-06-20 15:57:29 +01:00
Matt Westcott
d9d1529cc0
Convert the document chooser modal to use static onload handlers
2018-06-20 15:35:41 +01:00
Matt Westcott
630a887d58
Convert the embed chooser modal to use static onload handlers
2018-06-20 15:35:41 +01:00
Matt Westcott
bbffeca771
Convert the page/collection privacy modal to use static onload handlers
2018-06-20 15:35:41 +01:00
Matt Westcott
e68478777d
Deprecate passing JS templates to render_modal_workflow
2018-06-20 15:35:41 +01:00
Matt Westcott
8ea95c5841
Convert the search query chooser to use static onload handlers
2018-06-20 15:35:40 +01:00
Matt Westcott
074d9ce3f4
Convert the snippet chooser to use static onload handlers
2018-06-20 15:35:40 +01:00
Matt Westcott
af93a28c86
Handle modal-workflow responses as JSON whenever no JS onload handler is supplied
2018-06-20 15:35:40 +01:00
Matt Westcott
0ebf393b31
Convert the page/link chooser to use static onload handlers
2018-06-20 15:35:40 +01:00
Matt Westcott
aa9de4758f
Use static onload handlers in the image chooser modal
...
Instead of passing an 'onload' JS function as part of the AJAX response for each step of the workflow,
we specify all onload handlers up-front when initialising ModalWorkflow, and return a 'step' field
in the response to indicate which one to trigger.
2018-06-20 15:35:39 +01:00
Matt Westcott
87c247faa1
Use double-quotes in modal_workflow responses for JSON-consistency
2018-06-20 15:35:39 +01:00
Matt Westcott
8b3d3a7af8
Reorganise getChooserConfig for clarity
2018-06-20 15:35:39 +01:00
Matt Westcott
afc6d1482b
Eliminate template tags from embed chooser JS
2018-06-20 15:35:39 +01:00
Matt Westcott
a5a3e0251f
Eliminate template tags from snippet chooser JS
2018-06-20 15:35:38 +01:00
Matt Westcott
568928215e
Eliminate template tags from privacy setting view JS
2018-06-20 15:35:38 +01:00
Matt Westcott
206e186f57
Eliminate template tags from image chooser JS
2018-06-20 15:35:38 +01:00
Matt Westcott
b54846089b
Eliminate template tags from document choooser JS
2018-06-20 15:35:38 +01:00
Matt Westcott
61a04dfb5e
Support additional data in render_modal_workflow responses
...
This allows us to eliminate template tags in JS handlers, since
dynamic data can now be passed in rather than injected.
2018-06-20 15:35:38 +01:00
Bertrand Bordage
0a50aaf130
Typo.
2018-06-20 15:33:49 +02:00
Bertrand Bordage
806ba75497
Adds release notes for #4508 .
2018-06-20 15:31:55 +02:00