- fr
- Language: en
Django 1.7 release notes¶
September 2, 2014
Welcome to Django 1.7!
These release notes cover the new features, as well as some backwards incompatible changes you’ll want to be aware of when upgrading from Django 1.6 or older versions. We’ve begun the deprecation process for some features, and some features have reached the end of their deprecation process and have been removed.
Python compatibility¶
Django 1.7 requires Python 2.7, 3.2, 3.3, or 3.4. We highly recommend and only officially support the latest release of each series.
The Django 1.6 series is the last to support Python 2.6. Django 1.7 is the first release to support Python 3.4.
This change should affect only a small number of Django users, as most operating-system vendors today are shipping Python 2.7 or newer as their default version. If you’re still using Python 2.6, however, you’ll need to stick to Django 1.6 until you can upgrade your Python version. Per our support policy, Django 1.6 will continue to receive security support until the release of Django 1.8.
What’s new in Django 1.7¶
Schema migrations¶
Django now has built-in support for schema migrations. It allows models to be updated, changed, and deleted by creating migration files that represent the model changes and which can be run on any development, staging or production database.
Migrations are covered in their own documentation, but a few of the key features are:
syncdb
has been deprecated and replaced bymigrate
. Don’t worry - calls tosyncdb
will still work as before.A new
makemigrations
command provides an easy way to autodetect changes to your models and make migrations for them.pre_syncdb
andpost_syncdb
have been deprecated, to be replaced bypre_migrate
andpost_migrate
respectively. These new signals have slightly different arguments. Check the documentation for details.The
allow_syncdb
method on database routers is now calledallow_migrate
, but still performs the same function. Routers withallow_syncdb
methods will still work, but that method name is deprecated and you should change it as soon as possible (nothing more than renaming is required).initial_data
fixtures are no longer loaded for apps with migrations; if you want to load initial data for an app, we suggest you create a migration for your application and define aRunPython
orRunSQL
operation in theoperations
section of the migration.Test rollback behavior is different for apps with migrations; in particular, Django will no longer emulate rollbacks on non-transactional databases or inside
TransactionTestCase
unless specifically requested.It is not advised to have apps without migrations depend on (have a ForeignKey or ManyToManyField to) apps with migrations. Read the dependencies documentation for more.
If you are upgrading from South, see our Upgrading from South documentation, and third-party app authors should read the South 1.0 release notes for details on how to support South and Django migrations simultaneously.
App-loading refactor¶
Historically, Django applications were tightly linked to models. A singleton known as the “app cache” dealt with both installed applications and models. The models module was used as an identifier for applications in many APIs.
As the concept of Django applications matured, this code showed some shortcomings. It has been refactored into an “app registry” where models modules no longer have a central role and where it’s possible to attach configuration data to applications.
Improvements thus far include:
- Applications can run code at startup, before Django does anything else, with
the
ready()
method of their configuration. - Application labels are assigned correctly to models even when they’re
defined outside of
models.py
. You don’t have to setapp_label
explicitly any more. - It is possible to omit
models.py
entirely if an application doesn’t have any models. - Applications can be relabeled with the
label
attribute of application configurations, to work around label conflicts. - The name of applications can be customized in the admin with the
verbose_name
of application configurations. - The admin automatically calls
autodiscover()
when Django starts. You can consequently remove this line from your URLconf. - Django imports all application configurations and models as soon as it starts, through a deterministic and straightforward process. This should make it easier to diagnose import issues such as import loops.
New method on Field subclasses¶
To help power both schema migrations and to enable easier addition of
composite keys in future releases of Django, the
Field
API now has a new required method:
deconstruct()
.
This method takes no arguments, and returns a tuple of four items:
name
: The field’s attribute name on its parent model, or None if it is not part of a modelpath
: A dotted, Python path to the class of this field, including the class name.args
: Positional arguments, as a listkwargs
: Keyword arguments, as a dict
These four values allow any field to be serialized into a file, as well as allowing the field to be copied safely, both essential parts of these new features.
This change should not affect you unless you write custom Field subclasses;
if you do, you may need to reimplement the deconstruct()
method if your
subclass changes the method signature of __init__
in any way. If your
field just inherits from a built-in Django field and doesn’t override __init__
,
no changes are necessary.
If you do need to override deconstruct()
, a good place to start is the
built-in Django fields (django/db/models/fields/__init__.py
) as several
fields, including DecimalField
and DateField
, override it and show how
to call the method on the superclass and simply add or remove extra arguments.
This also means that all arguments to fields must themselves be serializable; to see what we consider serializable, and to find out how to make your own classes serializable, read the migration serialization documentation.
Calling custom QuerySet
methods from the Manager
¶
Historically, the recommended way to make reusable model queries was to create
methods on a custom Manager
class. The problem with this approach was that
after the first method call, you’d get back a QuerySet
instance and
couldn’t call additional custom manager methods.
Though not documented, it was common to work around this issue by creating a
custom QuerySet
so that custom methods could be chained; but the solution
had a number of drawbacks:
- The custom
QuerySet
and its custom methods were lost after the first call tovalues()
orvalues_list()
. - Writing a custom
Manager
was still necessary to return the customQuerySet
class and all methods that were desired on theManager
had to be proxied to theQuerySet
. The whole process went against the DRY principle.
The QuerySet.as_manager()
class method can now directly create Manager with QuerySet methods:
class FoodQuerySet(models.QuerySet):
def pizzas(self):
return self.filter(kind='pizza')
def vegetarian(self):
return self.filter(vegetarian=True)
class Food(models.Model):
kind = models.CharField(max_length=50)
vegetarian = models.BooleanField(default=False)
objects = FoodQuerySet.as_manager()
Food.objects.pizzas().vegetarian()
Using a custom manager when traversing reverse relations¶
It is now possible to specify a custom manager when traversing a reverse relationship:
class Blog(models.Model):
pass
class Entry(models.Model):
blog = models.ForeignKey(Blog)
objects = models.Manager() # Default Manager
entries = EntryManager() # Custom Manager
b = Blog.objects.get(id=1)
b.entry_set(manager='entries').all()
New system check framework¶
We’ve added a new System check framework for detecting common problems (like invalid models) and providing hints for resolving those problems. The framework is extensible so you can add your own checks for your own apps and libraries.
To perform system checks, you use the check
management command.
This command replaces the older validate
management command.
Admin shortcuts support time zones¶
The “today” and “now” shortcuts next to date and time input widgets in the admin are now operating in the current time zone. Previously, they used the browser time zone, which could result in saving the wrong value when it didn’t match the current time zone on the server.
In addition, the widgets now display a help message when the browser and server time zone are different, to clarify how the value inserted in the field will be interpreted.
Using database cursors as context managers¶
Prior to Python 2.7, database cursors could be used as a context manager. The specific backend’s cursor defined the behavior of the context manager. The behavior of magic method lookups was changed with Python 2.7 and cursors were no longer usable as context managers.
Django 1.7 allows a cursor to be used as a context manager. That is, the following can be used:
with connection.cursor() as c:
c.execute(...)
instead of:
c = connection.cursor()
try:
c.execute(...)
finally:
c.close()
Custom lookups¶
It is now possible to write custom lookups and transforms for the ORM.
Custom lookups work just like Django’s built-in lookups (e.g. lte
,
icontains
) while transforms are a new concept.
The django.db.models.Lookup
class provides a way to add lookup
operators for model fields. As an example it is possible to add day_lte
operator for DateFields
.
The django.db.models.Transform
class allows transformations of
database values prior to the final lookup. For example it is possible to
write a year
transform that extracts year from the field’s value.
Transforms allow for chaining. After the year
transform has been added
to DateField
it is possible to filter on the transformed value, for
example qs.filter(author__birthdate__year__lte=1981)
.
For more information about both custom lookups and transforms refer to the custom lookups documentation.
Improvements to Form
error handling¶
Form.add_error()
¶
Previously there were two main patterns for handling errors in forms:
- Raising a
ValidationError
from within certain functions (e.g.Field.clean()
,Form.clean_<fieldname>()
, orForm.clean()
for non-field errors.) - Fiddling with
Form._errors
when targeting a specific field inForm.clean()
or adding errors from outside of a “clean” method (e.g. directly from a view).
Using the former pattern was straightforward since the form can guess from the context (i.e. which method raised the exception) where the errors belong and automatically process them. This remains the canonical way of adding errors when possible. However the latter was fiddly and error-prone, since the burden of handling edge cases fell on the user.
The new add_error()
method allows adding errors
to specific form fields from anywhere without having to worry about the details
such as creating instances of django.forms.utils.ErrorList
or dealing with
Form.cleaned_data
. This new API replaces manipulating Form._errors
which now becomes a private API.
See Cleaning and validating fields that depend on each other for an example using
Form.add_error()
.
Error metadata¶
The ValidationError
constructor accepts metadata
such as error code
or params
which are then available for interpolating
into the error message (see Raising ValidationError for more details);
however, before Django 1.7 those metadata were discarded as soon as the errors
were added to Form.errors
.
Form.errors
and
django.forms.utils.ErrorList
now store the ValidationError
instances
so these metadata can be retrieved at any time through the new
Form.errors.as_data
method.
The retrieved ValidationError
instances can then be identified thanks to
their error code
which enables things like rewriting the error’s message
or writing custom logic in a view when a given error is present. It can also
be used to serialize the errors in a custom format such as XML.
The new Form.errors.as_json()
method is a convenience method which returns error messages along with error
codes serialized as JSON. as_json()
uses as_data()
and gives an idea
of how the new system could be extended.
Error containers and backward compatibility¶
Heavy changes to the various error containers were necessary in order
to support the features above, specifically
Form.errors
,
django.forms.utils.ErrorList
, and the internal storages of
ValidationError
. These containers which used
to store error strings now store ValidationError
instances and public APIs
have been adapted to make this as transparent as possible, but if you’ve been
using private APIs, some of the changes are backwards incompatible; see
ValidationError constructor and internal storage for more details.
Minor features¶
django.contrib.admin
¶
- You can now implement
site_header
,site_title
, andindex_title
attributes on a customAdminSite
in order to easily change the admin site’s page title and header text. No more needing to override templates! - Buttons in
django.contrib.admin
now use theborder-radius
CSS property for rounded corners rather than GIF background images. - Some admin templates now have
app-<app_name>
andmodel-<model_name>
classes in their<body>
tag to allow customizing the CSS per app or per model. - The admin changelist cells now have a
field-<field_name>
class in the HTML to enable style customizations. - The admin’s search fields can now be customized per-request thanks to the new
django.contrib.admin.ModelAdmin.get_search_fields()
method. - The
ModelAdmin.get_fields()
method may be overridden to customize the value ofModelAdmin.fields
. - In addition to the existing
admin.site.register
syntax, you can use the newregister()
decorator to register aModelAdmin
. - You may specify
ModelAdmin.list_display_links
= None
to disable links on the change list page grid. - You may now specify
ModelAdmin.view_on_site
to control whether or not to display the “View on site” link. - You can specify a descending ordering for a
ModelAdmin.list_display
value by prefixing theadmin_order_field
value with a hyphen. - The
ModelAdmin.get_changeform_initial_data()
method may be overridden to define custom behavior for setting initial change form data.
django.contrib.auth
¶
- Any
**kwargs
passed toemail_user()
are passed to the underlyingsend_mail()
call. - The
permission_required()
decorator can take a list of permissions as well as a single permission. - You can override the new
AuthenticationForm.confirm_login_allowed()
method to more easily customize the login policy. django.contrib.auth.views.password_reset()
takes an optionalhtml_email_template_name
parameter used to send a multipart HTML email for password resets.- The
AbstractBaseUser.get_session_auth_hash()
method was added and if yourAUTH_USER_MODEL
inherits fromAbstractBaseUser
, changing a user’s password now invalidates old sessions if theSessionAuthenticationMiddleware
is enabled. See Session invalidation on password change for more details including upgrade considerations when enabling this new middleware.
django.contrib.formtools
¶
- Calls to
WizardView.done()
now include aform_dict
to allow easier access to forms by their step name.
django.contrib.gis
¶
- The default OpenLayers library version included in widgets has been updated from 2.11 to 2.13.
- Prepared geometries now also support the
crosses
,disjoint
,overlaps
,touches
andwithin
predicates, if GEOS 3.3 or later is installed.
django.contrib.messages
¶
- The backends for
django.contrib.messages
that use cookies, will now follow theSESSION_COOKIE_SECURE
andSESSION_COOKIE_HTTPONLY
settings. - The messages context processor now adds a
dictionary of default levels under the name
DEFAULT_MESSAGE_LEVELS
. Message
objects now have alevel_tag
attribute that contains the string representation of the message level.
django.contrib.redirects
¶
RedirectFallbackMiddleware
has two new attributes (response_gone_class
andresponse_redirect_class
) that specify the types ofHttpResponse
instances the middleware returns.
django.contrib.sessions
¶
- The
"django.contrib.sessions.backends.cached_db"
session backend now respectsSESSION_CACHE_ALIAS
. In previous versions, it always used the default cache.
django.contrib.sitemaps
¶
- The
sitemap framework
now makes use oflastmod
to set aLast-Modified
header in the response. This makes it possible for theConditionalGetMiddleware
to handle conditionalGET
requests for sitemaps which setlastmod
.
django.contrib.sites
¶
- The new
django.contrib.sites.middleware.CurrentSiteMiddleware
allows setting the current site on each request.
django.contrib.staticfiles
¶
The static files storage classes may be subclassed to override the permissions that collected static files and directories receive by setting the
file_permissions_mode
anddirectory_permissions_mode
parameters. Seecollectstatic
for example usage.The
CachedStaticFilesStorage
backend gets a sibling class calledManifestStaticFilesStorage
that doesn’t use the cache system at all but instead a JSON file calledstaticfiles.json
for storing the mapping between the original file name (e.g.css/styles.css
) and the hashed file name (e.g.css/styles.55e7cbb9ba48.css
). Thestaticfiles.json
file is created when running thecollectstatic
management command and should be a less expensive alternative for remote storages such as Amazon S3.See the
ManifestStaticFilesStorage
docs for more information.findstatic
now accepts verbosity flag level 2, meaning it will show the relative paths of the directories it searched. Seefindstatic
for example output.
django.contrib.syndication
¶
- The
Atom1Feed
syndication feed’supdated
element now utilizesupdateddate
instead ofpubdate
, allowing thepublished
element to be included in the feed (which relies onpubdate
).
Cache¶
- Access to caches configured in
CACHES
is now available viadjango.core.cache.caches
. This dict-like object provides a different instance per thread. It supersedesdjango.core.cache.get_cache()
which is now deprecated. - If you instantiate cache backends directly, be aware that they aren’t
thread-safe any more, as
django.core.cache.caches
now yields different instances per thread. - Defining the
TIMEOUT
argument of theCACHES
setting asNone
will set the cache keys as “non-expiring” by default. Previously, it was only possible to passtimeout=None
to the cache backend’sset()
method.
Cross Site Request Forgery¶
- The
CSRF_COOKIE_AGE
setting facilitates the use of session-based CSRF cookies.
Email¶
send_mail()
now accepts anhtml_message
parameter for sending a multiparttext/plain
andtext/html
email.- The SMTP
EmailBackend
now accepts atimeout
parameter.
File Storage¶
- File locking on Windows previously depended on the PyWin32 package; if it wasn’t installed, file locking failed silently. That dependency has been removed, and file locking is now implemented natively on both Windows and Unix.
File Uploads¶
- The new
UploadedFile.content_type_extra
attribute contains extra parameters passed to thecontent-type
header on a file upload. - The new
FILE_UPLOAD_DIRECTORY_PERMISSIONS
setting controls the file system permissions of directories created during file upload, likeFILE_UPLOAD_PERMISSIONS
does for the files themselves. - The
FileField.upload_to
attribute is now optional. If it is omitted or givenNone
or an empty string, a subdirectory won’t be used for storing the uploaded files. - Uploaded files are now explicitly closed before the response is delivered to
the client. Partially uploaded files are also closed as long as they are
named
file
in the upload handler. Storage.get_available_name()
now appends an underscore plus a random 7 character alphanumeric string (e.g."_x3a1gho"
), rather than iterating through an underscore followed by a number (e.g."_1"
,"_2"
, etc.) to prevent a denial-of-service attack. This change was also made in the 1.6.6, 1.5.9, and 1.4.14 security releases.
Forms¶
- The
<label>
and<input>
tags rendered byRadioSelect
andCheckboxSelectMultiple
when looping over the radio buttons or checkboxes now includefor
andid
attributes, respectively. Each radio button or checkbox includes anid_for_label
attribute to output the element’s ID. - The
<textarea>
tags rendered byTextarea
now include amaxlength
attribute if theTextField
model field has amax_length
. Field.choices
now allows you to customize the “empty choice” label by including a tuple with an empty string orNone
for the key and the custom label as the value. The default blank option"----------"
will be omitted in this case.MultiValueField
allows optional subfields by setting therequire_all_fields
argument toFalse
. Therequired
attribute for each individual field will be respected, and a newincomplete
validation error will be raised when any required fields are empty.- The
clean()
method on a form no longer needs to returnself.cleaned_data
. If it does return a changed dictionary then that will still be used. - After a temporary regression in Django 1.6, it’s now possible again to make
TypedChoiceField
coerce
method return an arbitrary value. SelectDateWidget.months
can be used to customize the wording of the months displayed in the select widget.- The
min_num
andvalidate_min
parameters were added toformset_factory()
to allow validating a minimum number of submitted forms. - The metaclasses used by
Form
andModelForm
have been reworked to support more inheritance scenarios. The previous limitation that prevented inheriting from bothForm
andModelForm
simultaneously have been removed as long asModelForm
appears first in the MRO. - It’s now possible to remove a field from a
Form
when subclassing by setting the name toNone
. - It’s now possible to customize the error messages for
ModelForm
’sunique
,unique_for_date
, andunique_together
constraints. In order to supportunique_together
or any otherNON_FIELD_ERROR
,ModelForm
now looks for theNON_FIELD_ERROR
key in theerror_messages
dictionary of theModelForm
’s innerMeta
class. See considerations regarding model’s error_messages for more details.
Internationalization¶
- The
django.middleware.locale.LocaleMiddleware.response_redirect_class
attribute allows you to customize the redirects issued by the middleware. - The
LocaleMiddleware
now stores the user’s selected language with the session key_language
. This should only be accessed using theLANGUAGE_SESSION_KEY
constant. Previously it was stored with the keydjango_language
and theLANGUAGE_SESSION_KEY
constant did not exist, but keys reserved for Django should start with an underscore. For backwards compatibilitydjango_language
is still read from in 1.7. Sessions will be migrated to the new key as they are written. - The
blocktrans
tag now supports atrimmed
option. This option will remove newline characters from the beginning and the end of the content of the{% blocktrans %}
tag, replace any whitespace at the beginning and end of a line and merge all lines into one using a space character to separate them. This is quite useful for indenting the content of a{% blocktrans %}
tag without having the indentation characters end up in the corresponding entry in the PO file, which makes the translation process easier. - When you run
makemessages
from the root directory of your project, any extracted strings will now be automatically distributed to the proper app or project message file. See Localization: how to create language files for details. - The
makemessages
command now always adds the--previous
command line flag to themsgmerge
command, keeping previously translated strings in po files for fuzzy strings. - The following settings to adjust the language cookie options were introduced:
LANGUAGE_COOKIE_AGE
,LANGUAGE_COOKIE_DOMAIN
andLANGUAGE_COOKIE_PATH
. - Added format definitions for Esperanto.
Management Commands¶
The
--no-color
option fordjango-admin
allows you to disable the colorization of management command output.The new
--natural-foreign
and--natural-primary
options fordumpdata
, and the newuse_natural_foreign_keys
anduse_natural_primary_keys
arguments forserializers.serialize()
, allow the use of natural primary keys when serializing.It is no longer necessary to provide the cache table name or the
--database
option for thecreatecachetable
command. Django takes this information from your settings file. If you have configured multiple caches or multiple databases, all cache tables are created.The
runserver
command received several improvements:- On Linux systems, if pyinotify is installed, the development server will reload immediately when a file is changed. Previously, it polled the filesystem for changes every second. That caused a small delay before reloads and reduced battery life on laptops.
- In addition, the development server automatically reloads when a
translation file is updated, i.e. after running
compilemessages
. - All HTTP requests are logged to the console, including requests for static
files or
favicon.ico
that used to be filtered out.
Management commands can now produce syntax colored output under Windows if the ANSICON third-party tool is installed and active.
collectstatic
command with symlink option is now supported on Windows NT 6 (Windows Vista and newer).Providing initial SQL data now works better if the sqlparse Python library is installed.
Note that it’s deprecated in favor of the
RunSQL
operation of migrations, which benefits from the improved behavior.
Models¶
- The
QuerySet.update_or_create()
method was added. - The new
default_permissions
modelMeta
option allows you to customize (or disable) creation of the default add, change, and delete permissions. - Explicit
OneToOneField
for Multi-table inheritance are now discovered in abstract classes. - It is now possible to avoid creating a backward relation for
OneToOneField
by setting itsrelated_name
to'+'
or ending it with'+'
. F expressions
support the power operator (**
).- The
remove()
andclear()
methods of the related managers created byForeignKey
andGenericForeignKey
now accept thebulk
keyword argument to control whether or not to perform operations in bulk (i.e. usingQuerySet.update()
). Defaults toTrue
. - It is now possible to use
None
as a query value for theiexact
lookup. - It is now possible to pass a callable as value for the attribute
limit_choices_to
when defining aForeignKey
orManyToManyField
. - Calling
only()
anddefer()
on the result ofQuerySet.values()
now raises an error (before that, it would either result in a database error or incorrect data). - You can use a single list for
index_together
(rather than a list of lists) when specifying a single set of fields. - Custom intermediate models having more than one foreign key to any of the
models participating in a many-to-many relationship are now permitted,
provided you explicitly specify which foreign keys should be used by setting
the new
ManyToManyField.through_fields
argument. - Assigning a model instance to a non-relation field will now throw an error. Previously this used to work if the field accepted integers as input as it took the primary key.
- Integer fields are now validated against database backend specific min and
max values based on their
internal_type
. Previously model field validation didn’t prevent values out of their associated column data type range from being saved resulting in an integrity error. - It is now possible to explicitly
order_by()
a relation_id
field by using its attribute name.
Signals¶
- The
enter
argument was added to thesetting_changed
signal. - The model signals can be now be connected to using a
str
of the'app_label.ModelName'
form – just like related fields – to lazily reference their senders.
Templates¶
- The
Context.push()
method now returns a context manager which automatically callspop()
upon exiting thewith
statement. Additionally,push()
now accepts parameters that are passed to thedict
constructor used to build the new context level. - The new
Context.flatten()
method returns aContext
’s stack as one flat dictionary. Context
objects can now be compared for equality (internally, this usesContext.flatten()
so the internal structure of eachContext
’s stack doesn’t matter as long as their flattened version is identical).- The
widthratio
template tag now accepts an"as"
parameter to capture the result in a variable. - The
include
template tag will now also accept anything with arender()
method (such as aTemplate
) as an argument. String arguments will be looked up usingget_template()
as always. - It is now possible to
include
templates recursively. - Template objects now have an origin attribute set when
TEMPLATE_DEBUG
isTrue
. This allows template origins to be inspected and logged outside of thedjango.template
infrastructure. TypeError
exceptions are no longer silenced when raised during the rendering of a template.- The following functions now accept a
dirs
parameter which is a list or tuple to overrideTEMPLATE_DIRS
: - The
time
filter now accepts timezone-related format specifiers'e'
,'O'
,'T'
and'Z'
and is able to digest time-zone-awaredatetime
instances performing the expected rendering. - The
cache
tag will now try to use the cache called “template_fragments” if it exists and fall back to using the default cache otherwise. It also now accepts an optionalusing
keyword argument to control which cache it uses. - The new
truncatechars_html
filter truncates a string to be no longer than the specified number of characters, taking HTML into account.
Requests and Responses¶
- The new
HttpRequest.scheme
attribute specifies the scheme of the request (http
orhttps
normally). - The shortcut
redirect()
now supports relative URLs. - The new
JsonResponse
subclass ofHttpResponse
helps easily create JSON-encoded responses.
Tests¶
DiscoverRunner
has two new attributes,test_suite
andtest_runner
, which facilitate overriding the way tests are collected and run.- The
fetch_redirect_response
argument was added toassertRedirects()
. Since the test client can’t fetch externals URLs, this allows you to useassertRedirects
with redirects that aren’t part of your Django app. - Correct handling of scheme when making comparisons in
assertRedirects()
. - The
secure
argument was added to all the request methods ofClient
. IfTrue
, the request will be made through HTTPS. assertNumQueries()
now prints out the list of executed queries if the assertion fails.- The
WSGIRequest
instance generated by the test handler is now attached to thedjango.test.Response.wsgi_request
attribute. - The database settings for testing have been collected into a dictionary
named
TEST
.
Utilities¶
- Improved
strip_tags()
accuracy (but it still cannot guarantee an HTML-safe result, as stated in the documentation).
Validators¶
RegexValidator
now accepts the optionalflags
and Booleaninverse_match
arguments. Theinverse_match
attribute determines if theValidationError
should be raised when the regular expression pattern matches (True
) or does not match (False
, by default) the providedvalue
. Theflags
attribute sets the flags used when compiling a regular expression string.URLValidator
now accepts an optionalschemes
argument which allows customization of the accepted URI schemes (instead of the defaultshttp(s)
andftp(s)
).validate_email()
now accepts addresses with IPv6 literals, likeexample@[2001:db8::1]
, as specified in RFC 5321.
Backwards incompatible changes in 1.7¶
Warning
In addition to the changes outlined in this section, be sure to review the deprecation plan for any features that have been removed. If you haven’t updated your code within the deprecation timeline for a given feature, its removal may appear as a backwards incompatible change.
allow_syncdb/allow_migrate¶
While Django will still look at allow_syncdb
methods even though they
should be renamed to allow_migrate
, there is a subtle difference in which
models get passed to these methods.
For apps with migrations, allow_migrate
will now get passed
historical models, which are special versioned models
without custom attributes, methods or managers. Make sure your allow_migrate
methods are only referring to fields or other items in model._meta
.
initial_data¶
Apps with migrations will not load initial_data
fixtures when they have
finished migrating. Apps without migrations will continue to load these fixtures
during the phase of migrate
which emulates the old syncdb
behavior,
but any new apps will not have this support.
Instead, you are encouraged to load initial data in migrations if you need it
(using the RunPython
operation and your model classes);
this has the added advantage that your initial data will not need updating
every time you change the schema.
Additionally, like the rest of Django’s old syncdb
code, initial_data
has been started down the deprecation path and will be removed in Django 1.9.
deconstruct() and serializability¶
Django now requires all Field classes and all of their constructor arguments to be serializable. If you modify the constructor signature in your custom Field in any way, you’ll need to implement a deconstruct() method; we’ve expanded the custom field documentation with instructions on implementing this method.
The requirement for all field arguments to be serializable means that any custom class instances being passed into Field constructors - things like custom Storage subclasses, for instance - need to have a deconstruct method defined on them as well, though Django provides a handy class decorator that will work for most applications.
App-loading changes¶
Start-up sequence¶
Django 1.7 loads application configurations and models as soon as it starts. While this behavior is more straightforward and is believed to be more robust, regressions cannot be ruled out. See Troubleshooting for solutions to some problems you may encounter.
Standalone scripts¶
If you’re using Django in a plain Python script — rather than a management
command — and you rely on the DJANGO_SETTINGS_MODULE
environment
variable, you must now explicitly initialize Django at the beginning of your
script with:
>>> import django
>>> django.setup()
Otherwise, you will hit an AppRegistryNotReady
exception.
WSGI scripts¶
Until Django 1.3, the recommended way to create a WSGI application was:
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
In Django 1.4, support for WSGI was improved and the API changed to:
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()
If you’re still using the former style in your WSGI script, you need to
upgrade to the latter, or you will hit an AppRegistryNotReady
exception.
App registry consistency¶
It is no longer possible to have multiple installed applications with the same label. In previous versions of Django, this didn’t always work correctly, but didn’t crash outright either.
If you have two apps with the same label, you should create an
AppConfig
for one of them and override its
label
there. You should then adjust your code
wherever it references this application or its models with the old label.
It isn’t possible to import the same model twice through different paths any
more. As of Django 1.6, this may happen only if you’re manually putting a
directory and a subdirectory on PYTHONPATH
. Refer to the section on
the new project layout in the 1.4 release notes for
migration instructions.
You should make sure that:
- All models are defined in applications that are listed in
INSTALLED_APPS
or have an explicitapp_label
. - Models aren’t imported as a side-effect of loading their application. Specifically, you shouldn’t import models in the root module of an application nor in the module that define its configuration class.
Django will enforce these requirements as of version 1.9, after a deprecation period.
Subclassing AppCommand¶
Subclasses of AppCommand
must now implement a
handle_app_config()
method instead of
handle_app()
. This method receives an AppConfig
instance instead of a models module.
Introspecting applications¶
Since INSTALLED_APPS
now supports application configuration classes
in addition to application modules, you should review code that accesses this
setting directly and use the app registry (django.apps.apps
) instead.
The app registry has preserved some features of the old app cache. Even though the app cache was a private API, obsolete methods and arguments will be removed through a standard deprecation path, with the exception of the following changes that take effect immediately:
get_model
raisesLookupError
instead of returningNone
when no model is found.- The
only_installed
argument ofget_model
andget_models
no longer exists, nor does theseed_cache
argument ofget_model
.
Management commands and order of INSTALLED_APPS
¶
When several applications provide management commands with the same name,
Django loads the command from the application that comes first in
INSTALLED_APPS
. Previous versions loaded the command from the
application that came last.
This brings discovery of management commands in line with other parts of
Django that rely on the order of INSTALLED_APPS
, such as static
files, templates, and translations.
ValidationError
constructor and internal storage¶
The behavior of the ValidationError
constructor has changed when it
receives a container of errors as an argument (e.g. a list
or an
ErrorList
):
- It converts any strings it finds to instances of
ValidationError
before adding them to its internal storage. - It doesn’t store the given container but rather copies its content to its
own internal storage; previously the container itself was added to the
ValidationError
instance and used as internal storage.
This means that if you access the ValidationError
internal storages, such
as error_list
; error_dict
; or the return value of
update_error_dict()
you may find instances of ValidationError
where you
would have previously found strings.
Also if you directly assigned the return value of update_error_dict()
to Form._errors
you may inadvertently add list instances where
ErrorList
instances are expected. This is a problem because unlike a
simple list, an ErrorList
knows how to handle instances of
ValidationError
.
Most use-cases that warranted using these private APIs are now covered by
the newly introduced Form.add_error()
method:
# Old pattern:
try:
# ...
except ValidationError as e:
self._errors = e.update_error_dict(self._errors)
# New pattern:
try:
# ...
except ValidationError as e:
self.add_error(None, e)
If you need both Django <= 1.6 and 1.7 compatibility you can’t use
Form.add_error()
since it
wasn’t available before Django 1.7, but you can use the following
workaround to convert any list
into ErrorList
:
try:
# ...
except ValidationError as e:
self._errors = e.update_error_dict(self._errors)
# Additional code to ensure ``ErrorDict`` is exclusively
# composed of ``ErrorList`` instances.
for field, error_list in self._errors.items():
if not isinstance(error_list, self.error_class):
self._errors[field] = self.error_class(error_list)
Behavior of LocMemCache
regarding pickle errors¶
An inconsistency existed in previous versions of Django regarding how pickle
errors are handled by different cache backends.
django.core.cache.backends.locmem.LocMemCache
used to fail silently when
such an error occurs, which is inconsistent with other backends and leads to
cache-specific errors. This has been fixed in Django 1.7, see
#21200 for more details.
Cache keys are now generated from the request’s absolute URL¶
Previous versions of Django generated cache keys using a request’s path and
query string but not the scheme or host. If a Django application was serving
multiple subdomains or domains, cache keys could collide. In Django 1.7, cache
keys vary by the absolute URL of the request including scheme, host, path, and
query string. For example, the URL portion of a cache key is now generated from
http://www.example.com/path/to/?key=val
rather than /path/to/?key=val
.
The cache keys generated by Django 1.7 will be different from the keys
generated by older versions of Django. After upgrading to Django 1.7, the first
request to any previously cached URL will be a cache miss.
Passing None
to Manager.db_manager()
¶
In previous versions of Django, it was possible to use
db_manager(using=None)
on a model manager instance to obtain a manager
instance using default routing behavior, overriding any manually specified
database routing. In Django 1.7, a value of None
passed to db_manager will
produce a router that retains any manually assigned database routing – the
manager will not be reset. This was necessary to resolve an inconsistency in
the way routing information cascaded over joins. See #13724 for more
details.
pytz may be required¶
If your project handles datetimes before 1970 or after 2037 and Django raises
a ValueError
when encountering them, you will have to install pytz. You
may be affected by this problem if you use Django’s time zone-related date
formats or django.contrib.syndication
.
Admin login redirection strategy¶
Historically, the Django admin site passed the request from an unauthorized or
unauthenticated user directly to the login view, without HTTP redirection. In
Django 1.7, this behavior changed to conform to a more traditional workflow
where any unauthorized request to an admin page will be redirected (by HTTP
status code 302) to the login page, with the next
parameter set to the
referring path. The user will be redirected there after a successful login.
Note also that the admin login form has been updated to not contain the
this_is_the_login_form
field (now unused) and the ValidationError
code
has been set to the more regular invalid_login
key.
select_for_update()
requires a transaction¶
Historically, queries that use
select_for_update()
could be
executed in autocommit mode, outside of a transaction. Before Django
1.6, Django’s automatic transactions mode allowed this to be used to
lock records until the next write operation. Django 1.6 introduced
database-level autocommit; since then, execution in such a context
voids the effect of select_for_update()
. It is, therefore, assumed
now to be an error and raises an exception.
This change was made because such errors can be caused by including an
app which expects global transactions (e.g. ATOMIC_REQUESTS
set to True
), or Django’s old autocommit
behavior, in a project which runs without them; and further, such
errors may manifest as data-corruption bugs. It was also made in
Django 1.6.3.
This change may cause test failures if you use select_for_update()
in a test class which is a subclass of
TransactionTestCase
rather than
TestCase
.
Contrib middleware removed from default MIDDLEWARE_CLASSES
¶
The app-loading refactor
deprecated using models from apps which are not part of the
INSTALLED_APPS
setting. This exposed an incompatibility between
the default INSTALLED_APPS
and MIDDLEWARE_CLASSES
in the
global defaults (django.conf.global_settings
). To bring these settings in
sync and prevent deprecation warnings when doing things like testing reusable
apps with minimal settings,
SessionMiddleware
,
AuthenticationMiddleware
, and
MessageMiddleware
were removed
from the defaults. These classes will still be included in the default settings
generated by startproject
. Most projects will not be affected by
this change but if you were not previously declaring the
MIDDLEWARE_CLASSES
in your project settings and relying on the
global default you should ensure that the new defaults are in line with your
project’s needs. You should also check for any code that accesses
django.conf.global_settings.MIDDLEWARE_CLASSES
directly.
Miscellaneous¶
The
django.core.files.uploadhandler.FileUploadHandler.new_file()
method is now passed an additionalcontent_type_extra
parameter. If you have a customFileUploadHandler
that implementsnew_file()
, be sure it accepts this new parameter.ModelFormSet
s no longer delete instances whensave(commit=False)
is called. Seecan_delete
for instructions on how to manually delete objects from deleted forms.Loading empty fixtures emits a
RuntimeWarning
rather than raisingCommandError
.django.contrib.staticfiles.views.serve()
will now raise anHttp404
exception instead ofImproperlyConfigured
whenDEBUG
isFalse
. This change removes the need to conditionally add the view to your root URLconf, which in turn makes it safe to reverse by name. It also removes the ability for visitors to generate spurious HTTP 500 errors by requesting static files that don’t exist or haven’t been collected yet.The
django.db.models.Model.__eq__()
method is now defined in a way where instances of a proxy model and its base model are considered equal when primary keys match. Previously only instances of exact same class were considered equal on primary key match.The
django.db.models.Model.__eq__()
method has changed such that twoModel
instances without primary key values won’t be considered equal (unless they are the same instance).The
django.db.models.Model.__hash__()
method will now raiseTypeError
when called on an instance without a primary key value. This is done to avoid mutable__hash__
values in containers.AutoField
columns in SQLite databases will now be created using theAUTOINCREMENT
option, which guarantees monotonic increments. This will cause primary key numbering behavior to change on SQLite, becoming consistent with most other SQL databases. This will only apply to newly created tables. If you have a database created with an older version of Django, you will need to migrate it to take advantage of this feature. For example, you could do the following:django.contrib.auth.models.AbstractUser
no longer defines aget_absolute_url()
method. The old definition returned"/users/%s/" % urlquote(self.username)
which was arbitrary since applications may or may not define such a url inurlpatterns
. Define aget_absolute_url()
method on your own custom user object or useABSOLUTE_URL_OVERRIDES
if you want a URL for your user.The static asset-serving functionality of the
django.test.LiveServerTestCase
class has been simplified: Now it’s only able to serve content already present inSTATIC_ROOT
when tests are run. The ability to transparently serve all the static assets (similarly to what one gets withDEBUG = True
at development-time) has been moved to a new class that lives in thestaticfiles
application (the one actually in charge of such feature):django.contrib.staticfiles.testing.StaticLiveServerTestCase
. In other words,LiveServerTestCase
itself is less powerful but at the same time has less magic.Rationale behind this is removal of dependency of non-contrib code on contrib applications.
The old cache URI syntax (e.g.
"locmem://"
) is no longer supported. It still worked, even though it was not documented or officially supported. If you’re still using it, please update to the currentCACHES
syntax.The default ordering of
Form
fields in case of inheritance has changed to follow normal Python MRO. Fields are now discovered by iterating through the MRO in reverse with the topmost class coming last. This only affects you if you relied on the default field ordering while having fields defined on both the current class and on a parentForm
.The
required
argument ofSelectDateWidget
has been removed. This widget now respects the form field’sis_required
attribute like other widgets.Widget.is_hidden
is now a read-only property, getting its value by introspecting the presence ofinput_type == 'hidden'
.select_related()
now chains in the same way as other similar calls likeprefetch_related
. That is,select_related('foo', 'bar')
is equivalent toselect_related('foo').select_related('bar')
. Previously the latter would have been equivalent toselect_related('bar')
.GeoDjango dropped support for GEOS < 3.1.
The
init_connection_state
method of database backends now executes in autocommit mode (unless you setAUTOCOMMIT
toFalse
). If you maintain a custom database backend, you should check that method.The
django.db.backends.BaseDatabaseFeatures.allows_primary_key_0
attribute has been renamed toallows_auto_pk_0
to better describe it. It’sTrue
for all database backends included with Django except MySQL which does allow primary keys with value 0. It only forbids autoincrement primary keys with value 0.Shadowing model fields defined in a parent model has been forbidden as this creates ambiguity in the expected model behavior. In addition, clashing fields in the model inheritance hierarchy result in a system check error. For example, if you use multi-inheritance, you need to define custom primary key fields on parent models, otherwise the default
id
fields will clash. See Multiple inheritance for details.django.utils.translation.parse_accept_lang_header()
now returns lowercase locales, instead of the case as it was provided. As locales should be treated case-insensitive this allows us to speed up locale detection.django.utils.translation.get_language_from_path()
anddjango.utils.translation.trans_real.get_supported_language_variant()
now no longer have asupported
argument.The
shortcut
view indjango.contrib.contenttypes.views
now supports protocol-relative URLs (e.g.//example.com
).GenericRelation
now supports an optionalrelated_query_name
argument. Settingrelated_query_name
adds a relation from the related object back to the content type for filtering, ordering and other query operations.When running tests on PostgreSQL, the
USER
will need read access to the built-inpostgres
database. This is in lieu of the previous behavior of connecting to the actual non-test database.As part of the System check framework, fields, models, and model managers all implement a
check()
method that is registered with the check framework. If you have an existing method calledcheck()
on one of these objects, you will need to rename it.As noted above in the “Cache” section of “Minor Features”, defining the
TIMEOUT
argument of theCACHES
setting asNone
will set the cache keys as “non-expiring”. Previously, with the memcache backend, aTIMEOUT
of0
would set non-expiring keys, but this was inconsistent with the set-and-expire (i.e. no caching) behavior ofset("key", "value", timeout=0)
. If you want non-expiring keys, please update your settings to useNone
instead of0
as the latter now designates set-and-expire in the settings as well.The
sql*
management commands now respect theallow_migrate()
method ofDATABASE_ROUTERS
. If you have models synced to non-default databases, use the--database
flag to get SQL for those models (previously they would always be included in the output).Decoding the query string from URLs now falls back to the ISO-8859-1 encoding when the input is not valid UTF-8.
With the addition of the
SessionAuthenticationMiddleware
to the default project template (pre-1.7.2 only), a database must be created before accessing a page usingrunserver
.The addition of the
schemes
argument toURLValidator
will appear as a backwards-incompatible change if you were previously using a custom regular expression to validate schemes. Any scheme not listed inschemes
will fail validation, even if the regular expression matches the given URL.
Features deprecated in 1.7¶
django.core.cache.get_cache
¶
django.core.cache.get_cache()
has been supplanted by
django.core.cache.caches
.
django.utils.dictconfig
/django.utils.importlib
¶
django.utils.dictconfig
and django.utils.importlib
were copies of
respectively logging.config
and importlib
provided for Python
versions prior to 2.7. They have been deprecated.
django.utils.module_loading.import_by_path
¶
The current import_by_path()
function
catches AttributeError
, ImportError
and ValueError
exceptions,
and re-raises ImproperlyConfigured
. Such
exception masking makes it needlessly hard to diagnose circular import
problems, because it makes it look like the problem comes from inside Django.
It has been deprecated in favor of
import_string()
.
django.utils.tzinfo
¶
django.utils.tzinfo
provided two tzinfo
subclasses,
LocalTimezone
and FixedOffset
. They’ve been deprecated in favor of
more correct alternatives provided by django.utils.timezone
,
django.utils.timezone.get_default_timezone()
and
django.utils.timezone.get_fixed_timezone()
.
django.utils.unittest
¶
django.utils.unittest
provided uniform access to the unittest2
library
on all Python versions. Since unittest2
became the standard library’s
unittest
module in Python 2.7, and Django 1.7 drops support for older
Python versions, this module isn’t useful anymore. It has been deprecated. Use
unittest
instead.
django.utils.datastructures.SortedDict
¶
As OrderedDict
was added to the standard library in
Python 2.7, SortedDict
is no longer
needed and has been deprecated.
The two additional, deprecated methods provided by SortedDict
(insert()
and value_for_index()
) have been removed. If you relied on these methods to
alter structures like form fields, you should now treat these OrderedDict
s
as immutable objects and override them to change their content.
For example, you might want to override MyFormClass.base_fields
(although
this attribute isn’t considered a public API) to change the ordering of fields
for all MyFormClass
instances; or similarly, you could override
self.fields
from inside MyFormClass.__init__()
, to change the fields
for a particular form instance. For example (from Django itself):
PasswordChangeForm.base_fields = OrderedDict(
(k, PasswordChangeForm.base_fields[k])
for k in ['old_password', 'new_password1', 'new_password2']
)
Custom SQL location for models package¶
Previously, if models were organized in a package (myapp/models/
) rather
than simply myapp/models.py
, Django would look for initial SQL data in myapp/models/sql/
. This bug has been fixed so that Django
will search myapp/sql/
as documented. After this issue was fixed, migrations
were added which deprecates initial SQL data. Thus, while this change still
exists, the deprecation is irrelevant as the entire feature will be removed in
Django 1.9.
Reorganization of django.contrib.sites
¶
django.contrib.sites
provides reduced functionality when it isn’t in
INSTALLED_APPS
. The app-loading refactor adds some constraints in
that situation. As a consequence, two objects were moved, and the old
locations are deprecated:
RequestSite
now lives indjango.contrib.sites.requests
.get_current_site()
now lives indjango.contrib.sites.shortcuts
.
declared_fieldsets
attribute on ModelAdmin
¶
ModelAdmin.declared_fieldsets
has been deprecated. Despite being a private
API, it will go through a regular deprecation path. This attribute was mostly
used by methods that bypassed ModelAdmin.get_fieldsets()
but this was
considered a bug and has been addressed.
Reorganization of django.contrib.contenttypes
¶
Since django.contrib.contenttypes.generic
defined both admin and model
related objects, an import of this module could trigger unexpected side effects.
As a consequence, its contents were split into contenttypes
submodules and the django.contrib.contenttypes.generic
module is deprecated:
GenericForeignKey
andGenericRelation
now live infields
.BaseGenericInlineFormSet
andgeneric_inlineformset_factory()
now live informs
.GenericInlineModelAdmin
,GenericStackedInline
andGenericTabularInline
now live inadmin
.
syncdb
¶
The syncdb
command has been deprecated in favor of the new migrate
command. migrate
takes the same arguments as syncdb
used to plus a few
more, so it’s safe to just change the name you’re calling and nothing else.
util
modules renamed to utils
¶
The following instances of util.py
in the Django codebase have been renamed
to utils.py
in an effort to unify all util and utils references:
django.contrib.admin.util
django.contrib.gis.db.backends.util
django.db.backends.util
django.forms.util
get_formsets
method on ModelAdmin
¶
ModelAdmin.get_formsets
has been deprecated in favor of the new
get_formsets_with_inlines()
, in order to
better handle the case of selectively showing inlines on a ModelAdmin
.
IPAddressField
¶
The django.db.models.IPAddressField
and
django.forms.IPAddressField
fields have been deprecated in favor of
django.db.models.GenericIPAddressField
and
django.forms.GenericIPAddressField
.
BaseMemcachedCache._get_memcache_timeout
method¶
The BaseMemcachedCache._get_memcache_timeout()
method has been renamed to
get_backend_timeout()
. Despite being a private API, it will go through the
normal deprecation.
Natural key serialization options¶
The --natural
and -n
options for dumpdata
have been
deprecated. Use --natural-foreign
instead.
Similarly, the use_natural_keys
argument for serializers.serialize()
has been deprecated. Use use_natural_foreign_keys
instead.
Merging of POST
and GET
arguments into WSGIRequest.REQUEST
¶
It was already strongly suggested that you use GET
and POST
instead of
REQUEST
, because the former are more explicit. The property REQUEST
is
deprecated and will be removed in Django 1.9.
django.utils.datastructures.MergeDict
class¶
MergeDict
exists primarily to support merging POST
and GET
arguments into a REQUEST
property on WSGIRequest
. To merge
dictionaries, use dict.update()
instead. The class MergeDict
is
deprecated and will be removed in Django 1.9.
Language codes zh-cn
, zh-tw
and fy-nl
¶
The currently used language codes for Simplified Chinese zh-cn
,
Traditional Chinese zh-tw
and (Western) Frysian fy-nl
are deprecated
and should be replaced by the language codes zh-hans
, zh-hant
and
fy
respectively. If you use these language codes, you should rename the
locale directories and update your settings to reflect these changes. The
deprecated language codes will be removed in Django 1.9.
django.utils.functional.memoize
function¶
The function memoize
is deprecated and should be replaced by the
functools.lru_cache
decorator (available from Python 3.2 onwards).
Django ships a backport of this decorator for older Python versions and it’s
available at django.utils.lru_cache.lru_cache
. The deprecated function will
be removed in Django 1.9.
Geo Sitemaps¶
Google has retired support for the Geo Sitemaps format. Hence Django support for Geo Sitemaps is deprecated and will be removed in Django 1.8.
Passing callable arguments to queryset methods¶
Callable arguments for querysets were an undocumented feature that was unreliable. It’s been deprecated and will be removed in Django 1.9.
Callable arguments were evaluated when a queryset was constructed rather than when it was evaluated, thus this feature didn’t offer any benefit compared to evaluating arguments before passing them to queryset and created confusion that the arguments may have been evaluated at query time.
ADMIN_FOR
setting¶
The ADMIN_FOR
feature, part of the admindocs, has been removed. You can
remove the setting from your configuration at your convenience.
SplitDateTimeWidget
with DateTimeField
¶
SplitDateTimeWidget
support in DateTimeField
is
deprecated, use SplitDateTimeWidget
with
SplitDateTimeField
instead.
django.core.management.BaseCommand
¶
requires_model_validation
is deprecated in favor of a new
requires_system_checks
flag. If the latter flag is missing, then the
value of the former flag is used. Defining both requires_system_checks
and
requires_model_validation
results in an error.
The check()
method has replaced the old validate()
method.
ModelAdmin
validators¶
The ModelAdmin.validator_class
and default_validator_class
attributes
are deprecated in favor of the new checks_class
attribute.
The ModelAdmin.validate()
method is deprecated in favor of
ModelAdmin.check()
.
The django.contrib.admin.validation
module is deprecated.
django.db.backends.DatabaseValidation.validate_field
¶
This method is deprecated in favor of a new check_field
method.
The functionality required by check_field()
is the same as that provided
by validate_field()
, but the output format is different. Third-party database
backends needing this functionality should provide an implementation of
check_field()
.
Loading ssi
and url
template tags from future
library¶
Django 1.3 introduced {% load ssi from future %}
and
{% load url from future %}
syntax for forward compatibility of the
ssi
and url
template tags. This syntax is now deprecated and
will be removed in Django 1.9. You can simply remove the
{% load ... from future %}
tags.
django.utils.text.javascript_quote
¶
javascript_quote()
was an undocumented function present in django.utils.text
.
It was used internally in the javascript_catalog view
whose implementation was changed to make use of json.dumps()
instead.
If you were relying on this function to provide safe output from untrusted
strings, you should use django.utils.html.escapejs
or the
escapejs
template filter.
If all you need is to generate valid JavaScript strings, you can simply use
json.dumps()
.
fix_ampersands
utils method and template filter¶
The django.utils.html.fix_ampersands
method and the fix_ampersands
template filter are deprecated, as the escaping of ampersands is already taken care
of by Django’s standard HTML escaping features. Combining this with fix_ampersands
would either result in double escaping, or, if the output is assumed to be safe,
a risk of introducing XSS vulnerabilities. Along with fix_ampersands
,
django.utils.html.clean_html
is deprecated, an undocumented function that calls
fix_ampersands
.
As this is an accelerated deprecation, fix_ampersands
and clean_html
will be removed in Django 1.8.
Reorganization of database test settings¶
All database settings with a TEST_
prefix have been deprecated in favor of
entries in a TEST
dictionary in the database
settings. The old settings will be supported until Django 1.9. For backwards
compatibility with older versions of Django, you can define both versions of
the settings as long as they match.
FastCGI support¶
FastCGI support via the runfcgi
management command will be removed in
Django 1.9. Please deploy your project using WSGI.
Moved objects in contrib.sites
¶
Following the app-loading refactor, two objects in
django.contrib.sites.models
needed to be moved because they must be
available without importing django.contrib.sites.models
when
django.contrib.sites
isn’t installed. Import RequestSite
from
django.contrib.sites.requests
and get_current_site()
from
django.contrib.sites.shortcuts
. The old import locations will work until
Django 1.9.
django.forms.forms.get_declared_fields()
¶
Django no longer uses this functional internally. Even though it’s a private API, it’ll go through the normal deprecation cycle.
Private Query Lookup APIs¶
Private APIs django.db.models.sql.where.WhereNode.make_atom()
and
django.db.models.sql.where.Constraint
are deprecated in favor of the new
custom lookups API.
Features removed in 1.7¶
These features have reached the end of their deprecation cycle and so have been removed in Django 1.7 (please see the deprecation timeline for more details):
django.utils.simplejson
is removed.django.utils.itercompat.product
is removed.- INSTALLED_APPS and TEMPLATE_DIRS are no longer corrected from a plain string into a tuple.
HttpResponse
,SimpleTemplateResponse
,TemplateResponse
,render_to_response()
,index()
, andsitemap()
no longer take amimetype
argumentHttpResponse
immediately consumes its content if it’s an iterator.- The
AUTH_PROFILE_MODULE
setting, and theget_profile()
method on the User model are removed. - The
cleanup
management command is removed. - The
daily_cleanup.py
script is removed. select_related()
no longer has adepth
keyword argument.- The
get_warnings_state()
/restore_warnings_state()
functions fromdjango.test.utils
and thesave_warnings_state()
/restore_warnings_state()
django.test.*TestCase are removed. - The
check_for_test_cookie
method inAuthenticationForm
is removed. - The version of
django.contrib.auth.views.password_reset_confirm()
that supports base36 encoded user IDs (django.contrib.auth.views.password_reset_confirm_uidb36
) is removed. - The
django.utils.encoding.StrAndUnicode
mix-in is removed.