django 1.9发行说明
Django 1.9 发行说明¶
欢迎来到Django 1.9!
这些发布记录包括新特性,还有一些在你从Django 1.8或者更老版本升级上来时需要知道的向后不兼容变化。我们放弃了一些特性,因为这些特性已经达到了弃用周期的终点;并且我们开始一些特性的弃用过程。
Python兼容性¶
Django 1.9需要Python 2.7或者3.5。我们强烈建议并且也只是官方支持每一个分支的最后一个发布版本。
Django 1.8最后支持Python 3.2和3.3。
Django 1.9有什么新的特性¶
在事务提交后执行操作¶
新的on_commit()钩子允许在数据库事务成功提交后执行操作。这对像发送提醒邮件这样的任务、创建排除任务或者无效化缓存很有用。
密码检验¶
Django 现在提供密码检验以防止用户使用弱密码。检验被融入包含密码修改和重置框架,并它很容易融入其他任何的代码。检验被一个或者多个验证器执行,这在一个新的AUTH_PASSWORD_VALIDATORS设置里配置。
在Django里包含4个验证器,他们可以强制使用一个最小长度,Four validators are included in Django, which can enforce a minimum length, compare the password to the user’s attributes like their name, ensure passwords aren’t entirely numeric, or check against an included list of common passwords. You can combine multiple validators, and some validators have custom configuration options. For example, you can choose to provide a custom list of common passwords. Each validator provides a help text to explain its requirements to the user.
By default, no validation is performed and all passwords are accepted, so if you don’t set AUTH_PASSWORD_VALIDATORS, you will not see any change. In new projects created with the default startprojecttemplate, a simple set of validators is enabled. To enable basic validation in the included auth forms for your project, you could set, for example:
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},]
See Password validation for more details.
Permission mixins for class-based views¶
Django now ships with the mixinsAccessMixin,LoginRequiredMixin,PermissionRequiredMixin, andUserPassesTestMixin to provide the functionality of the django.contrib.auth.decorators for class-based views. These mixins have been taken from, or are at least inspired by, thedjango-braces project.
There are a few differences between Django’s and django-braces’ implementation, though:
The raise_exception attribute can only be True or False. Custom exceptions or callables are not supported.
The handle_no_permission()method does not take a request argument. The current request is available in self.request.
The custom test_func() of UserPassesTestMixindoes not take a user argument. The current user is available inself.request.user.
The permission_requiredattribute supports a string (defining one permission) or a list/tuple of strings (defining multiple permissions) that need to be fulfilled to grant access.
The new permission_denied_messageattribute allows passing a message to the PermissionDenied exception.
New styling for contrib.admin¶
The admin sports a modern, flat design with new SVG icons which look perfect on HiDPI screens. It still provides a fully-functional experience to YUI’s A-grade browsers. Older browser may experience varying levels of graceful degradation.
Running tests in parallel¶
The test command now supports a --parallel option to run a project’s tests in multiple processes in parallel.
Each process gets its own database. You must ensure that different test cases don’t access the same resources. For instance, test cases that touch the filesystem should create a temporary directory for their own use.
This option is enabled by default for Django’s own test suite provided:
the OS supports it (all but Windows)
the database backend supports it (all the built-in backends but Oracle)
Minor features¶
django.contrib.admin¶
Admin views now have model_admin or admin_site attributes.
The URL of the admin change view has been changed (was at/admin/<app>/<model>/<pk>/ by default and is now at/admin/<app>/<model>/<pk>/change/). This should not affect your application unless you have hardcoded admin URLs. In that case, replace those links by reversing admin URLs instead. Note that the old URL still redirects to the new one for backwards compatibility, but it may be removed in a future version.
ModelAdmin.get_list_select_related() was added to allow changing the select_related() values used in the admin’s changelist query based on the request.
The available_apps context variable, which lists the available applications for the current user, has been added to theAdminSite.each_context()method.
AdminSite.empty_value_display andModelAdmin.empty_value_display were added to override the display of empty values in admin change list. You can also customize the value for each field.
Added jQuery events when an inline form is added or removed on the change form page.
The time picker widget includes a ‘6 p.m’ option for consistency of having predefined options every 6 hours.
JavaScript slug generation now supports Romanian characters.
django.contrib.admindocs¶
The model section of the admindocs now also describes methods that take arguments, rather than ignoring them.
django.contrib.auth¶
The default iteration count for the PBKDF2 password hasher has been increased by 20%. This backwards compatible change will not affect users who have subclassed django.contrib.auth.hashers.PBKDF2PasswordHasher to change the default value.
The BCryptSHA256PasswordHasher will now update passwords if itsrounds attribute is changed.
AbstractBaseUser and BaseUserManager were moved to a newdjango.contrib.auth.base_user module so that they can be imported without including django.contrib.auth in INSTALLED_APPS (doing so raised a deprecation warning in older versions and is no longer supported in Django 1.9).
The permission argument ofpermission_required() accepts all kinds of iterables, not only list and tuples.
The new PersistentRemoteUserMiddlewaremakes it possible to use REMOTE_USER for setups where the header is only populated on login pages instead of every request in the session.
The password_reset() view accepts anextra_email_context parameter.
django.contrib.contenttypes¶
It’s now possible to useorder_with_respect_to with aGenericForeignKey.
django.contrib.gis¶
All GeoQuerySet methods have been deprecated and replaced byequivalent database functions. As soon as the legacy methods have been replaced in your code, you should even be able to remove the special GeoManager from your GIS-enabled classes.
The GDAL interface now supports instantiating file-based and in-memoryGDALRaster objects from raw data. Setters for raster properties such as projection or pixel values have been added.
For PostGIS users, the new RasterFieldallows storing GDALRaster objects. It supports automatic spatial index creation and reprojection when saving a model. It does not yet support spatial querying.
The new GDALRaster.warp()method allows warping a raster by specifying target raster properties such as origin, width, height, or pixel size (amongst others).
The new GDALRaster.transform() method allows transforming a raster into a different spatial reference system by specifying a targetsrid.
The new GeoIP2 class allows using MaxMind’s GeoLite2 databases which includes support for IPv6 addresses.
django.contrib.postgres¶
Added support for the rangefield.contained_by lookup for some built in fields which correspond to the range fields.
Added JSONField.
Added PostgreSQL specific aggregation functions.
Added the TransactionNow database function.
django.contrib.sessions¶
The session model and SessionStore classes for the db andcached_db backends are refactored to allow a custom database session backend to build upon them. SeeExtending database-backed session engines for more details.
django.contrib.sites¶
get_current_site() now handles the case where request.get_host() returns domain:port, e.g.example.com:80. If the lookup fails because the host does not match a record in the database and the host has a port, the port is stripped and the lookup is retried with the domain part only.
django.contrib.syndication¶
Support for multiple enclosures per feed item has been added. If multiple enclosures are defined on a RSS feed, an exception is raised as RSS feeds, unlike Atom feeds, do not support multiple enclosures per feed item.
Cache¶
django.core.cache.backends.base.BaseCache now has a get_or_set()method.
django.views.decorators.cache.never_cache() now sends more persuasive headers (added no-cache, no-store, must-revalidate to Cache-Control) to better prevent caching. This was also added in Django 1.8.8.
CSRF¶
The request header’s name used for CSRF authentication can be customized with CSRF_HEADER_NAME.
The CSRF referer header is now validated against theCSRF_COOKIE_DOMAIN setting if set. See How it works for details.
The new CSRF_TRUSTED_ORIGINS setting provides a way to allow cross-origin unsafe requests (e.g. POST) over HTTPS.
Database backends¶
The PostgreSQL backend (django.db.backends.postgresql_psycopg2) is also available as django.db.backends.postgresql. The old name will continue to be available for backwards compatibility.
File Storage¶
Storage.get_valid_name() is now called when the upload_to is a callable.
File now has the seekable() method when using Python 3.
Forms¶
ModelForm accepts the new Meta optionfield_classes to customize the type of the fields. SeeOverriding the default fields for details.
You can now specify the order in which form fields are rendered with thefield_order attribute, the field_orderconstructor argument , or the order_fields() method.
A form prefix can be specified inside a form class, not only when instantiating a form. See Prefixes for forms for details.
You can now specify keyword argumentsthat you want to pass to the constructor of forms in a formset.
SlugField now accepts anallow_unicode argument to allow Unicode characters in slugs.
CharField now accepts astrip argument to strip input data of leading and trailing whitespace. As this defaults to True this is different behavior from previous releases.
Form fields now support the disabled argument, allowing the field widget to be displayed disabled by browsers.
It’s now possible to customize bound fields by overriding a field’sget_bound_field() method.
Generic Views¶
Class-based views generated using as_view() now have view_classand view_initkwargs attributes.
method_decorator() can now be used with a list or tuple of decorators. It can also be used to decorate classes instead of methods.
Internationalization¶
The django.views.i18n.set_language() view now properly redirects totranslated URLs, when available.
The django.views.i18n.javascript_catalog() view now works correctly if used multiple times with different configurations on the same page.
The django.utils.timezone.make_aware() function gained an is_dstargument to help resolve ambiguous times during DST transitions.
You can now use locale variants supported by gettext. These are usually used for languages which can be written in different scripts, for example Latin and Cyrillic (e.g. be@latin ).
Added the django.views.i18n.json_catalog() view to help build a custom client-side i18n library upon Django translations. It returns a JSON object containing a translations catalog, formatting settings, and a plural rule.
Added the name_translated attribute to the object returned by theget_language_info template tag. Also added a corresponding template filter: language_name_translated.
You can now run compilemessages from the root directory of your project and it will find all the app message files that were created bymakemessages.
makemessages now calls xgettext once per locale directory rather than once per translatable file. This speeds up localization builds.
blocktrans supports assigning its output to a variable usingasvar.
Two new languages are available: Colombian Spanish and Scottish Gaelic.
Management Commands¶
The new sendtestemail command lets you send a test email to easily confirm that email sending through Django is working.
To increase the readability of the SQL code generated bysqlmigrate, the SQL code generated for each migration operation is preceded by the operation’s description.
The dumpdata command output is now deterministically ordered. Moreover, when the --output option is specified, it also shows a progress bar in the terminal.
The createcachetable command now has a --dry-run flag to print out the SQL rather than execute it.
The startapp command creates an apps.py file. Since it doesn’t use default_app_config (a discouraged API), you must specify the app config’s path, e.g. 'polls.apps.PollsConfig', in INSTALLED_APPS for it to be used (instead of just 'polls').
When using the PostgreSQL backend, the dbshell command can connect to the database using the password from your settings file (instead of requiring it to be manually entered).
The django package may be run as a script, i.e. python -m django, which will behave the same as django-admin.
Management commands that have the --noinput option now also take--no-input as an alias for that option.
Migrations¶
Initial migrations are now marked with an initial = True class attribute which allowsmigrate --fake-initial to more easily detect initial migrations.
Added support for serialization of functools.partial and LazyObjectinstances.
When supplying None as a value in MIGRATION_MODULES, Django will consider the app an app without migrations.
When applying migrations, the “Rendering model states” step that’s displayed when running migrate with verbosity 2 or higher now computes only the states for the migrations that have already been applied. The model states for migrations being applied are generated on demand, drastically reducing the amount of required memory.
However, this improvement is not available when unapplying migrations and therefore still requires the precomputation and storage of the intermediate migration states.
This improvement also requires that Django no longer supports mixed migration plans. Mixed plans consist of a list of migrations where some are being applied and others are being unapplied. This was never officially supported and never had a public API that supports this behavior.
The squashmigrations command now supports specifying the starting migration from which migrations will be squashed.
Models¶
QuerySet.bulk_create()now works on proxy models.
Database configuration gained a TIME_ZONEoption for interacting with databases that store datetimes in local time and don’t support time zones when USE_TZ is True.
Added the RelatedManager.set() method to the related managers created by ForeignKey, GenericForeignKey, andManyToManyField.
The add() method on a reverse foreign key now has a bulk parameter to allow executing one query regardless of the number of objects being added rather than one query per object.
Added the keep_parents parameter to Model.delete() to allow deleting only a child’s data in a model that uses multi-table inheritance.
Model.delete()and QuerySet.delete() return the number of objects deleted.
Added a system check to prevent defining both Meta.ordering andorder_with_respect_to on the same model.
Date and time lookups can be chained with other lookups (such as exact, gt, lt, etc.). For example:Entry.objects.filter(pub_date__month__gt=6).
Time lookups (hour, minute, second) are now supported byTimeField for all database backends. Support for backends other than SQLite was added but undocumented in Django 1.7.
You can specify the output_field parameter of theAvg aggregate in order to aggregate over non-numeric columns, such as DurationField.
Added the date lookup to DateTimeFieldto allow querying the field by only the date portion.
Added the Greatest andLeast database functions.
Added the Now database function, which returns the current date and time.
Transform is now a subclass ofFunc() which allows Transforms to be used on the right hand side of an expression, just like regular Funcs. This allows registering some database functions likeLength,Lower, andUpper as transforms.
SlugField now accepts anallow_unicode argument to allow Unicode characters in slugs.
Added support for referencing annotations in QuerySet.distinct().
connection.queries shows queries with substituted parameters on SQLite.
Query expressions can now be used when creating new model instances using save(), create(), andbulk_create().
Requests and Responses¶
Unless HttpResponse.reason_phrase is explicitly set, it now is determined by the current value of HttpResponse.status_code. Modifying the value ofstatus_code outside of the constructor will also modify the value ofreason_phrase.
The debug view now shows details of chained exceptions on Python 3.
The default 40x error views now accept a second positional parameter, the exception that triggered the view.
View error handlers now supportTemplateResponse, commonly used with class-based views.
Exceptions raised by the render() method are now passed to theprocess_exception() method of each middleware.
Request middleware can now set HttpRequest.urlconf to None to revert any changes made by previous middleware and return to using the ROOT_URLCONF.
The DISALLOWED_USER_AGENTS check inCommonMiddleware now raises aPermissionDenied exception as opposed to returning an HttpResponseForbidden so thathandler403 is invoked.
Added HttpRequest.get_port() to fetch the originating port of the request.
Added the json_dumps_params parameter toJsonResponse to allow passing keyword arguments to thejson.dumps() call used to generate the response.
The BrokenLinkEmailsMiddleware now ignores 404s when the referer is equal to the requested URL. To circumvent the empty referer check already implemented, some Web bots set the referer to the requested URL.
Templates¶
Template tags created with the simple_tag()helper can now store results in a template variable by using the asargument.
Added a Context.setdefault()method.
The django.template logger was added and includes the following messages:
A DEBUG level message for missing context variables.
A WARNING level message for uncaught exceptions raised during the rendering of an {% include %} when debug mode is off (helpful since {% include %} silences the exception and returns an empty string).
The firstof template tag supports storing the output in a variable using ‘as’.
Context.update() can now be used as a context manager.
Django template loaders can now extend templates recursively.
The debug page template postmortem now include output from each engine that is installed.
Debug page integration for custom template engines was added.
The DjangoTemplates backend gained the ability to register libraries and builtins explicitly through the template OPTIONS.
The timesince and timeuntil filters were improved to deal with leap years when given large time spans.
The include tag now caches parsed templates objects during template rendering, speeding up reuse in places such as for loops.
Tests¶
Added the json() method to test client responses to give access to the response body as JSON.
Added the force_login() method to the test client. Use this method to simulate the effect of a user logging into the site while skipping the authentication and verification steps oflogin().
URLs¶
Regular expression lookaround assertions are now allowed in URL patterns.
The application namespace can now be set using an app_name attribute on the included module or object. It can also be set by passing a 2-tuple of (<list of patterns>, <application namespace>) as the first argument toinclude().
System checks have been added for common URL pattern mistakes.
Validators¶
Added django.core.validators.int_list_validator() to generate validators of strings containing integers separated with a custom character.
EmailValidator now limits the length of domain name labels to 63 characters per RFC 1034.
Added validate_unicode_slug() to validate slugs that may contain Unicode characters.
Backwards incompatible changes in 1.9¶
Warning
In addition to the changes outlined in this section, be sure to review theFeatures removed in 1.9 for the features that have reached the end of their deprecation cycle and therefore been removed. If you haven’t updated your code within the deprecation timeline for a given feature, its removal may appear as a backwards incompatible change.
Database backend API¶
A couple of new tests rely on the ability of the backend to introspect column defaults (returning the result as Field.default). You can set thecan_introspect_default database feature to False if your backend doesn’t implement this. You may want to review the implementation on the backends that Django includes for reference (#24245).
Registering a global adapter or converter at the level of the DB-API module to handle time zone information of datetime values passed as query parameters or returned as query results on databases that don’t support time zones is discouraged. It can conflict with other libraries.
The recommended way to add a time zone to datetime values fetched from the database is to register a converter for DateTimeFieldin DatabaseOperations.get_db_converters().
The needs_datetime_string_cast database feature was removed. Database backends that set it must register a converter instead, as explained above.
The DatabaseOperations.value_to_db_<type>() methods were renamed toadapt_<type>field_value() to mirror the convert_<type>field_value()methods.
To use the new date lookup, third-party database backends may need to implement the DatabaseOperations.datetime_cast_date_sql() method.
The DatabaseOperations.time_extract_sql() method was added. It calls the existing date_extract_sql() method. This method is overridden by the SQLite backend to add time lookups (hour, minute, second) toTimeField, and may be needed by third-party database backends.
The DatabaseOperations.datetime_cast_sql() method (not to be confused with DatabaseOperations.datetime_cast_date_sql() mentioned above) has been removed. This method served to format dates on Oracle long before 1.0, but hasn’t been overridden by any core backend in years and hasn’t been called anywhere in Django’s code or tests.
In order to support test parallelization, you must implement theDatabaseCreation._clone_test_db() method and setDatabaseFeatures.can_clone_databases = True. You may have to adjustDatabaseCreation.get_test_db_clone_settings().
Default settings that were tuples are now lists¶
The default settings in django.conf.global_settings were a combination of lists and tuples. All settings that were formerly tuples are now lists.
is_usable attribute on template loaders is removed¶
Django template loaders previously required an is_usable attribute to be defined. If a loader was configured in the template settings and this attribute was False, the loader would be silently ignored. In practice, this was only used by the egg loader to detect if setuptools was installed. The is_usableattribute is now removed and the egg loader instead fails at runtime if setuptools is not installed.
Related set direct assignment¶
Direct assignment of related objects in the ORM used to perform a clear() followed by a call to add(). This caused needlessly large data changes and prevented using them2m_changed signal to track individual changes in many-to-many relations.
Direct assignment now relies on the the newset() method on related managers which by default only processes changes between the existing related set and the one that’s newly assigned. The previous behavior can be restored by replacing direct assignment by a call to set() with the keyword argumentclear=True.
ModelForm, and therefore ModelAdmin, internally rely on direct assignment for many-to-many relations and as a consequence now use the new behavior.
Filesystem-based template loaders catch more specific exceptions¶
When using the filesystem.Loaderor app_directories.Loadertemplate loaders, earlier versions of Django raised aTemplateDoesNotExist error if a template source existed but was unreadable. This could happen under many circumstances, such as if Django didn’t have permissions to open the file, or if the template source was a directory. Now, Django only silences the exception if the template source does not exist. All other situations result in the original IOError being raised.
HTTP redirects no longer forced to absolute URIs¶
Relative redirects are no longer converted to absolute URIs. RFC 2616required the Location header in redirect responses to be an absolute URI, but it has been superseded by RFC 7231 which allows relative URIs inLocation, recognizing the actual practice of user agents, almost all of which support them.
Consequently, the expected URLs passed to assertRedirects should generally no longer include the scheme and domain part of the URLs. For example,self.assertRedirects(response, 'http://testserver/some-url/') should be replaced by self.assertRedirects(response, '/some-url/') (unless the redirection specifically contained an absolute URL, of course).
Dropped support for PostgreSQL 9.0¶
Upstream support for PostgreSQL 9.0 ended in September 2015. As a consequence, Django 1.9 sets 9.1 as the minimum PostgreSQL version it officially supports.
Dropped support for Oracle 11.1¶
Upstream support for Oracle 11.1 ended in August 2015. As a consequence, Django 1.9 sets 11.2 as the minimum Oracle version it officially supports.
Bulk behavior of add() method of related managers¶
To improve performance, the add() methods of the related managers created by ForeignKey and GenericForeignKey changed from a series ofModel.save() calls to a single QuerySet.update() call. The change means that pre_save and post_save signals aren’t sent anymore. You can use the bulk=False keyword argument to revert to the previous behavior.
Template LoaderOrigin and StringOrigin are removed¶
In previous versions of Django, when a template engine was initialized with debug as True, an instance of django.template.loader.LoaderOrigin ordjango.template.base.StringOrigin was set as the origin attribute on the template object. These classes have been combined intoOrigin and is now always set regardless of the engine debug setting. For a minimal level of backwards compatibility, the old class names will be kept as aliases to the new Origin class until Django 2.0.
Changes to the default logging configuration¶
To make it easier to write custom logging configurations, Django’s default logging configuration no longer defines ‘django.request’ and ‘django.security’ loggers. Instead, it defines a single ‘django’ logger, filtered at the INFOlevel, with two handlers:
‘console’: filtered at the INFO level and only active if DEBUG=True.
‘mail_admins’: filtered at the ERROR level and only active ifDEBUG=False.
If you aren’t overriding Django’s default logging, you should see minimal changes in behavior, but you might see some new logging to the runserverconsole, for example.
If you are overriding Django’s default logging, you should check to see how your configuration merges with the new defaults.
HttpRequest details in error reporting¶
It was redundant to display the full details of theHttpRequest each time it appeared as a stack frame variable in the HTML version of the debug page and error email. Thus, the HTTP request will now display the same standard representation as other variables (repr(request)). As a result, theExceptionReporterFilter.get_request_repr() method and the undocumenteddjango.http.build_request_repr() function were removed.
The contents of the text version of the email were modified to provide a traceback of the same structure as in the case of AJAX requests. The traceback details are rendered by the ExceptionReporter.get_traceback_text() method.
Removal of time zone aware global adapters and converters for datetimes¶
Django no longer registers global adapters and converters for managing time zone information on datetime values sent to the database as query parameters or read from the database in query results. This change affects projects that meet all the following conditions:
The USE_TZ setting is True.
The database is SQLite, MySQL, Oracle, or a third-party database that doesn’t support time zones. In doubt, you can check the value ofconnection.features.supports_timezones.
The code queries the database outside of the ORM, typically withcursor.execute(sql, params).
If you’re passing aware datetime parameters to such queries, you should turn them into naive datetimes in UTC:
from django.utils import timezoneparam = timezone.make_naive(param, timezone.utc)
If you fail to do so, the conversion will be performed as in earlier versions (with a deprecation warning) up until Django 1.11. Django 2.0 won’t perform any conversion, which may result in data corruption.
If you’re reading datetime values from the results, they will be naive instead of aware. You can compensate as follows:
from django.utils import timezonevalue = timezone.make_aware(value, timezone.utc)
You don’t need any of this if you’re querying the database through the ORM, even if you’re using raw()queries. The ORM takes care of managing time zone information.
Template tag modules are imported when templates are configured¶
The DjangoTemplates backend now performs discovery on installed template tag modules when instantiated. This update enables libraries to be provided explicitly via the 'libraries'key of OPTIONS when defining aDjangoTemplates backend. Import or syntax errors in template tag modules now fail early at instantiation time rather than when a template with a {% load %} tag is first compiled.
django.template.base.add_to_builtins() is removed¶
Although it was a private API, projects commonly used add_to_builtins() to make template tags and filters available without using the{% load %} tag. This API has been formalized. Projects should now define built-in libraries via the 'builtins' key of OPTIONS when defining aDjangoTemplates backend.
simple_tag now wraps tag output in conditional_escape¶
In general, template tags do not autoescape their contents, and this behavior isdocumented. For tags likeinclusion_tag, this is not a problem because the included template will perform autoescaping. Forassignment_tag, the output will be escaped when it is used as a variable in the template.
For the intended use cases of simple_tag, however, it is very easy to end up with incorrect HTML and possibly an XSS exploit. For example:
@register.simple_tag(takes_context=True)def greeting(context):
return "Hello {0}!".format(context['request'].user.first_name)
In older versions of Django, this will be an XSS issue becauseuser.first_name is not escaped.
In Django 1.9, this is fixed: if the template context has autoescape=Trueset (the default), then simple_tag will wrap the output of the tag function with conditional_escape().
To fix your simple_tags, it is best to apply the following practices:
Any code that generates HTML should use either the template system orformat_html().
If the output of a simple_tag needs escaping, useescape() orconditional_escape().
If you are absolutely certain that you are outputting HTML from a trusted source (e.g. a CMS field that stores HTML entered by admins), you can mark it as such using mark_safe().
Tags that follow these rules will be correct and safe whether they are run on Django 1.9+ or earlier.
Paginator.page_range¶
Paginator.page_range is now an iterator instead of a list.
In versions of Django previous to 1.8, Paginator.page_range returned alist in Python 2 and a range in Python 3. Django 1.8 consistently returned a list, but an iterator is more efficient.
Existing code that depends on list specific features, such as indexing, can be ported by converting the iterator into a list using list().
Implicit QuerySet __in lookup removed¶
In earlier versions, queries such as:
Model.objects.filter(related_id=RelatedModel.objects.all())
would implicitly convert to:
Model.objects.filter(related_id__in=RelatedModel.objects.all())
resulting in SQL like "related_id IN (SELECT id FROM ...)".
This implicit __in no longer happens so the “IN” SQL is now “=”, and if the subquery returns multiple results, at least some databases will throw an error.
contrib.admin browser support¶
The admin no longer supports Internet Explorer 8 and below, as these browsers have reached end-of-life.
CSS and images to support Internet Explorer 6 and 7 have been removed. PNG and GIF icons have been replaced with SVG icons, which are not supported by Internet Explorer 8 and earlier.
The jQuery library embedded in the admin has been upgraded from version 1.11.2 to 2.1.4. jQuery 2.x has the same API as jQuery 1.x, but does not support Internet Explorer 6, 7, or 8, allowing for better performance and a smaller file size. If you need to support IE8 and must also use the latest version of Django, you can override the admin’s copy of jQuery with your own by creating a Django application with this structure:
app/static/admin/js/vendor/ jquery.js jquery.min.js
SyntaxError when installing Django setuptools 5.5.x¶
When installing Django 1.9+ with setuptools 5.5.x, you’ll see:
Compiling django/conf/app_template/apps.py ...
File "django/conf/app_template/apps.py", line 4
class {{ camel_case_app_name }}Config(AppConfig):
^
SyntaxError: invalid syntax
Compiling django/conf/app_template/models.py ...
File "django/conf/app_template/models.py", line 1
{{ unicode_literals }}from django.db import models
^
SyntaxError: invalid syntax
It’s safe to ignore these errors (Django will still install just fine), but you can avoid them by upgrading setuptools to a more recent version. If you’re using pip, you can upgrade pip using pip install -U pip which will also upgrade setuptools.
Miscellaneous¶
The jQuery static files in contrib.admin have been moved into avendor/jquery subdirectory.
The text displayed for null columns in the admin changelist list_displaycells has changed from (None) (or its translated equivalent) to - (a dash).
django.http.responses.REASON_PHRASES anddjango.core.handlers.wsgi.STATUS_CODE_TEXT have been removed. Use Python’s stdlib instead: http.client.responses for Python 3 andhttplib.responses for Python 2.
ValuesQuerySet and ValuesListQuerySet have been removed.
The admin/base.html template no longer setswindow.__admin_media_prefix__ or window.__admin_utc_offset__. Image references in JavaScript that used that value to construct absolute URLs have been moved to CSS for easier customization. The UTC offset is stored on a data attribute of the <body> tag.
CommaSeparatedIntegerField validation has been refined to forbid values like ',', ',1', and '1,,2'.
Form initialization was moved from the ProcessFormView.get() method to the newFormMixin.get_context_data() method. This may be backwards incompatible if you have overridden the get_context_data()method without calling super().
Support for PostGIS 1.5 has been dropped.
The django.contrib.sites.models.Site.domain field was changed to beunique.
In order to enforce test isolation, database queries are not allowed by default in SimpleTestCase tests anymore. You can disable this behavior by setting theallow_database_queries class attribute to True on your test class.
ResolverMatch.app_name was changed to contain the full namespace path in the case of nested namespaces. For consistency with ResolverMatch.namespace, the empty value is now an empty string instead of None.
For security hardening, session keys must be at least 8 characters.
Private function django.utils.functional.total_ordering() has been removed. It contained a workaround for a functools.total_ordering() bug in Python versions older than 2.7.3.
XML serialization (either through dumpdata or the syndication framework) used to output any characters it received. Now if the content to be serialized contains any control characters not allowed in the XML 1.0 standard, the serialization will fail with a ValueError.
CharField now strips input of leading and trailing whitespace by default. This can be disabled by setting the newstrip argument to False.
Template text that is translated and uses two or more consecutive percent signs, e.g. "%%", may have a newmsgidafter makemessages is run (most likely the translation will be marked fuzzy). The new msgid will be marked "#, python-format".
If neither request.current_appnor Context.current_app are set, theurl template tag will now use the namespace of the current request. Set request.current_app to None if you don’t want to use a namespace hint.
The SILENCED_SYSTEM_CHECKS setting now silences messages of all levels. Previously, messages of ERROR level or higher were printed to the console.
The FlatPage.enable_comments field is removed from the FlatPageAdminas it’s unused by the application. If your project or a third-party app makes use of it, create a custom ModelAdmin to add it back.
The return value ofsetup_databases() and the first argument of teardown_databases()changed. They used to be (old_names, mirrors) tuples. Now they’re just the first item, old_names.
By default LiveServerTestCase attempts to find an available port in the 8081-8179 range instead of just trying port 8081.
The system checks for ModelAdmin now check instances rather than classes.
The private API to apply mixed migration plans has been dropped for performance reasons. Mixed plans consist of a list of migrations where some are being applied and others are being unapplied.
The related model object descriptor classes indjango.db.models.fields.related (private API) are moved from therelated module to related_descriptors and renamed as follows:
ReverseSingleRelatedObjectDescriptor is ForwardManyToOneDescriptor
SingleRelatedObjectDescriptor is ReverseOneToOneDescriptor
ForeignRelatedObjectsDescriptor is ReverseManyToOneDescriptor
ManyRelatedObjectsDescriptor is ManyToManyDescriptor
If you implement a custom handler404 view, it must return a response with an HTTP 404 status code. UseHttpResponseNotFound or pass status=404 to theHttpResponse. Otherwise, APPEND_SLASH won’t work correctly with DEBUG=False.
Features deprecated in 1.9¶
assignment_tag()¶
Django 1.4 added the assignment_tag helper to ease the creation of template tags that store results in a template variable. Thesimple_tag() helper has gained this same ability, making the assignment_tag obsolete. Tags that useassignment_tag should be updated to use simple_tag.
{% cycle %} syntax with comma-separated arguments¶
The cycle tag supports an inferior old syntax from previous Django versions:
{% cycle row1,row2,row3 %}
Its parsing caused bugs with the current syntax, so support for the old syntax will be removed in Django 1.10 following an accelerated deprecation.
ForeignKey and OneToOneField on_delete argument¶
In order to increase awareness about cascading model deletion, theon_delete argument of ForeignKey and OneToOneField will be required in Django 2.0.
Update models and existing migrations to explicitly set the argument. Since the default is models.CASCADE, add on_delete=models.CASCADE to allForeignKey and OneToOneFields that don’t use a different option. You can also pass it as the second positional argument if you don’t care about compatibility with older versions of Django.
Field.rel changes¶
Field.rel and its methods and attributes have changed to match the related fields API. The Field.rel attribute is renamed to remote_field and many of its methods and attributes are either changed or renamed.
The aim of these changes is to provide a documented API for relation fields.
GeoManager and GeoQuerySet custom methods¶
All custom GeoQuerySet methods (area(), distance(), gml(), ...) have been replaced by equivalent geographic expressions in annotations (see in new features). Hence the need to set a custom GeoManager to GIS-enabled models is now obsolete. As soon as your code doesn’t call any of the deprecated methods, you can simply remove the objects = GeoManager() lines from your models.
Template loader APIs have changed¶
Django template loaders have been updated to allow recursive template extending. This change necessitated a new template loader API. The oldload_template() and load_template_sources() methods are now deprecated. Details about the new API can be found in the template loader documentation.
Passing a 3-tuple or an app_name to include()¶
The instance namespace part of passing a tuple as an argument to include()has been replaced by passing the namespace argument to include(). For example:
polls_patterns = [ url(...),]urlpatterns = [ url(r'^polls/', include((polls_patterns, 'polls', 'author-polls'))),]
becomes:
polls_patterns = ([ url(...),], 'polls') # 'polls' is the app_nameurlpatterns = [ url(r'^polls/', include(polls_patterns, namespace='author-polls')),]
The app_name argument to include() has been replaced by passing a 2-tuple (as above), or passing an object or module with an app_nameattribute (as below). If the app_name is set in this new way, thenamespace argument is no longer required. It will default to the value ofapp_name. For example, the URL patterns in the tutorial are changed from:
mysite/urls.py
urlpatterns = [
url(r'^polls/', include('polls.urls', namespace="polls")),
...]
to:
mysite/urls.py
urlpatterns = [
url(r'^polls/', include('polls.urls')), # 'namespace="polls"' removed
...]
polls/urls.py
app_name = 'polls' # addedurlpatterns = [...]
This change also means that the old way of including an AdminSite instance is deprecated. Instead, pass admin.site.urls directly tourl():
urls.py
from django.conf.urls import urlfrom django.contrib import adminurlpatterns = [ url(r'^admin/', admin.site.urls),]
URL application namespace required if setting an instance namespace¶
In the past, an instance namespace without an application namespace would serve the same purpose as the application namespace, but it was impossible to reverse the patterns if there was an application namespace with the same name. Includes that specify an instance namespace require that the included URLconf sets an application namespace.
current_app parameter to contrib.auth views¶
All views in django.contrib.auth.views have the following structure:
def view(request, ..., current_app=None, ...): ... if current_app is not None: request.current_app = current_app return TemplateResponse(request, template_name, context)
As of Django 1.8, current_app is set on the request object. For consistency, these views will require the caller to set current_app on therequest instead of passing it in a separate argument.
django.contrib.gis.geoip¶
The django.contrib.gis.geoip2 module supersedesdjango.contrib.gis.geoip. The new module provides a similar API except that it doesn’t provide the legacy GeoIP-Python API compatibility methods.
Miscellaneous¶
The weak argument to django.dispatch.signals.Signal.disconnect() has been deprecated as it has no effect.
The check_aggregate_support() method ofdjango.db.backends.base.BaseDatabaseOperations has been deprecated and will be removed in Django 2.0. The more general check_expression_support()should be used instead.
django.forms.extras is deprecated. You can findSelectDateWidget in django.forms.widgets(or simply django.forms) instead.
Private API django.db.models.fields.add_lazy_relation() is deprecated.
The django.contrib.auth.tests.utils.skipIfCustomUser() decorator is deprecated. With the test discovery changes in Django 1.6, the tests fordjango.contrib apps are no longer run as part of the user’s project. Therefore, the @skipIfCustomUser decorator is no longer needed to decorate tests in django.contrib.auth.
If you customized some error handlers, the view signatures with only one request parameter are deprecated. The views should now also accept a second exception positional parameter.
The django.utils.feedgenerator.Atom1Feed.mime_type anddjango.utils.feedgenerator.RssFeed.mime_type attributes are deprecated in favor of content_type.
Signer now issues a warning if an invalid separator is used. This will become an exception in Django 1.10.
django.db.models.Field._get_val_from_obj() is deprecated in favor ofField.value_from_object().
django.template.loaders.eggs.Loader is deprecated as distributing applications as eggs is not recommended.
The callable_obj keyword argument toSimpleTestCase.assertRaisesMessage() is deprecated. Pass the callable as a positional argument instead.
The allow_tags attribute on methods of ModelAdmin has been deprecated. Use format_html(),format_html_join(), ormark_safe() when constructing the method’s return value instead.
The enclosure keyword argument to SyndicationFeed.add_item() is deprecated. Use the new enclosures argument which accepts a list ofEnclosure objects instead of a single one.
The django.template.loader.LoaderOrigin anddjango.template.base.StringOrigin aliases fordjango.template.base.Origin are deprecated.
Features removed in 1.9¶
These features have reached the end of their deprecation cycle and so have been removed in Django 1.9 (please see the deprecation timeline for more details):
django.utils.dictconfig is removed.
django.utils.importlib is removed.
django.utils.tzinfo is removed.
django.utils.unittest is removed.
The syncdb command is removed.
django.db.models.signals.pre_syncdb anddjango.db.models.signals.post_syncdb is removed.
Support for allow_syncdb on database routers is removed.
Automatic syncing of apps without migrations is removed. Migrations are compulsory for all apps unless you pass the --run-syncdboption to migrate.
The SQL management commands for apps without migrations, sql, sqlall,sqlclear, sqldropindexes, and sqlindexes, are removed.
Support for automatic loading of initial_data fixtures and initial SQL data is removed.
All models need to be defined inside an installed application or declare an explicit app_label. Furthermore, it isn’t possible to import them before their application is loaded. In particular, it isn’t possible to import models inside the root package of an application.
The model and form IPAddressField is removed. A stub field remains for compatibility with historical migrations.
AppCommand.handle_app() is no longer supported.
RequestSite and get_current_site() are no longer importable fromdjango.contrib.sites.models.
FastCGI support via the runfcgi management command is removed.
django.utils.datastructures.SortedDict is removed.
ModelAdmin.declared_fieldsets is removed.
The util modules that provided backwards compatibility are removed:
django.contrib.admin.util
django.contrib.gis.db.backends.util
django.db.backends.util
django.forms.util
ModelAdmin.get_formsets is removed.
The backward compatible shims introduced to rename theBaseMemcachedCache._get_memcache_timeout() method toget_backend_timeout() is removed.
The --natural and -n options for dumpdata are removed.
The use_natural_keys argument for serializers.serialize() is removed.
Private API django.forms.forms.get_declared_fields() is removed.
The ability to use a SplitDateTimeWidget with DateTimeField is removed.
The WSGIRequest.REQUEST property is removed.
The class django.utils.datastructures.MergeDict is removed.
The zh-cn and zh-tw language codes are removed.
The internal django.utils.functional.memoize() is removed.
django.core.cache.get_cache is removed.
django.db.models.loading is removed.
Passing callable arguments to querysets is no longer possible.
BaseCommand.requires_model_validation is removed in favor ofrequires_system_checks. Admin validators is replaced by admin checks.
The ModelAdmin.validator_class and default_validator_class attributes are removed.
ModelAdmin.validate() is removed.
django.db.backends.DatabaseValidation.validate_field is removed in favor of the check_field method.
The validate management command is removed.
django.utils.module_loading.import_by_path is removed in favor ofdjango.utils.module_loading.import_string.
ssi and url template tags are removed from the future template tag library.
django.utils.text.javascript_quote() is removed.
Database test settings as independent entries in the database settings, prefixed by TEST_, are no longer supported.
Thecache_choicesoption to ModelChoiceField andModelMultipleChoiceField is removed.
The default value of theRedirectView.permanentattribute has changed from True to False.
django.contrib.sitemaps.FlatPageSitemap is removed in favor ofdjango.contrib.flatpages.sitemaps.FlatPageSitemap.
Private API django.test.utils.TestTemplateLoader is removed.
The django.contrib.contenttypes.generic module is removed.
本文地址:http://my.oschina.net/soarwilldo/blog/600686
原文地址:https://docs.djangoproject.com/en/1.9/releases/1.9/