5bd6cfdfbb
Unsafe usage of JavaScript’s Element.innerHTML could result in XSS in the admin’s add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn’t identified there, out of an abundance of caution it’s also updated to use textContent. Bugfixes: * Fixed missing varchar/text_pattern_ops index on CharField and TextField respectively when using AddField on PostgreSQL. * Fixed makemessages crash on Python 2 with non-ASCII file names. |
||
|---|---|---|
| .. | ||
| ALTERNATIVES | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| MESSAGE | ||
| PLIST | ||