2017 年 7 月 1 日
Django 1.11.3 修复了 1.11.2 中的几个漏洞。
renderer
argument if a Widget.render()
method accepts **kwargs
(#28265).Model.__init__()
to crash if a field has an
instance only descriptor (#28269).DisallowedModelAdminLookup
exception when using
a nested reverse relation in list_filter
(#28262).FieldListFilter.get_queryset()
crash on invalid input
(#28202).AdminFileWidget
(#28278).models.Model
(#28282).QuerySet.union()
, intersection()
, and difference()
when
combining with an EmptyQuerySet
(#28293).Paginator
’s unordered object list warning from evaluating a
QuerySet
(#28284).redirect_field_name
in LoginView
’s template
context. It's now an empty string (as it is for the original function-based
login()
view) if the corresponding parameter isn't sent in a request (in
particular, when the login page is accessed directly) (#28229).django/forms/widgets/attrs.html
template from being localized so that numeric attributes (e.g. max
and
min
) of NumberInput
work correctly (#28303).CheckboxSelectMultiple
, NullBooleanSelect
, RadioSelect
,
SelectMultiple
, and Select
widgets (#28176). In Django
1.11.1, casting was added in Python to avoid localization of numeric values
in Django templates, but this made some use cases more difficult. Casting is
now done in the template using the |stringformat:'s'
filter.db_constraint=False
(#28298).UnboundLocalError
crash in RenameField
with nonexistent field
(#28350).limit_choices_to
from being
evaluated when a ModelForm
is instantiated (#28345).12月 05, 2023