innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
27,215 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

5146 Commits

Author SHA1 Message Date
Mariusz Felisiak 1f8382d34d
Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params. 
Regression in 4f5b58f5cd.

Thanks Florian Apolloner for the report and helping with tests.
 2019-08-14 15:25:35 +02:00
Claude Paroz eed2e740f7 Fixed #30461 -- Made GeoIP2 and GEOIP_PATH setting accept pathlib.Path as library path. 
Thanks Nikita Krokosh for the initial patch.
 2019-08-13 19:44:10 +02:00
Mariusz Felisiak c19ad2da4b
Fixed #30704 -- Fixed crash of JSONField nested key and index transforms on expressions with params. 
Thanks Florian Apolloner for the report and helping with tests.
 2019-08-13 08:42:17 +02:00
Simon Charette fff5186d32 Refs #25367 -- Moved select_format hook to BaseExpression. 
This will expose an intermediary hook for expressions that need special
formatting when used in a SELECT clause.
 2019-08-13 06:48:14 +02:00
Jon Dufresne 5b57798513 Removed unnecessary StatAggregate.resolve_expression(). 
This method only calls the parent method, but without the for_save
argument. The parent class, Aggregate, already ignores the for_save
argument so there is no need for special handling.

Unnecessary since its introduction in e4cf8c8420.
 2019-08-08 22:34:25 +02:00
Min ho Kim 65e86948b8 Corrected several typos in string literals and test names. 2019-08-07 11:23:14 +02:00
Mariusz Felisiak 05964b2198 Moved indexes in ArrayField's Index and Slice transforms to SQL params. 
Follow up to 7deeabc7c7.

These lookups aren't vulnerable to SQL injection because both accept
only integer indexes. It is a part of good practices.
 2019-08-05 14:16:35 +02:00
Nick Pope 194d1dfc18 Fixed #30661 -- Added models.SmallAutoField. 2019-08-02 11:39:01 +02:00
zeyneloz 955b382600 Fixed #30599 -- Prevented ManifestFilesMixin.read_manifest() from silencing errors other than FileNotFoundError. 2019-08-02 08:35:28 +02:00
Mariusz Felisiak 7deeabc7c7 Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection. 
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
 2019-08-01 09:24:54 +02:00
Claude Paroz 3c6d32e0b2 Fixed #30552 -- Fixed loss of SRID when calling reverse() on LineString/Point. 
Thanks Mariusz Felisiak for contributing the Point part.
 2019-07-27 20:12:46 +02:00
Jon Dufresne 93ffa81bc5 Refs #30657 -- Made DeferredAttribute.__init__() to take a field instance instead of a field name. 2019-07-25 07:24:52 +02:00
Min ho Kim 9f11939dd1 Fixed typos in comments and a test name. 2019-07-19 18:24:06 +02:00
Mads Jensen a3417282ac Fixed #29824 -- Added support for database exclusion constraints on PostgreSQL. 
Thanks to Nick Pope and Mariusz Felisiak for review.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2019-07-16 18:04:41 +02:00
Mads Jensen 7174cf0b00 Refs #29824 -- Added RangeOperators helper class. 2019-07-16 16:57:46 +02:00
Mariusz Felisiak 858cfd74e9
Simplified RangeContainedBy by making it subclass PostgresSimpleLookup. 2019-07-13 10:55:19 +02:00
Mariusz Felisiak 70c2b90d95
Simplified DateTimeRangeContains by making it subclass PostgresSimpleLookup. 2019-07-12 17:27:49 +02:00
Johannes Hoppe 00d4e6f8b5 Updated Select2 to version 4.0.7. 2019-07-10 12:31:16 +02:00
Hasan Ramezani ed668796f6 Fixed #30543 -- Fixed checks of ModelAdmin.list_display for fields accessible only via instance. 
Co-Authored-By: Andrew Simons <andrewsimons@bubblegroup.com>
 2019-07-10 10:37:34 +02:00
Mariusz Felisiak 7991111af1
Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type. 
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson the review.

Regression in 6b048b364c.
 2019-07-10 10:33:36 +02:00
Chason Chaffin c238e65e29 Fixed #30596 -- Fixed SplitArrayField.has_changed() for non-string base fields. 
Thanks to Evgeniy Krysanov for the report and the idea to use to_python.
Thanks to Mariusz Felisiak for the test case.
 2019-07-03 13:35:51 +02:00
Hasan Ramezani a5308514fb Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields. 2019-07-02 12:55:09 +02:00
Min ho Kim fbb83fefd4 Fixed typos in comments and docs. 2019-07-02 09:36:17 +02:00
Claude Paroz d54baf6970 Updated translations from Transifex 
Forward port of b3f7262e6e from stable/2.2.x
 2019-06-29 16:17:16 +02:00
Jon Dufresne 42b9a23267 Fixed #30400 -- Improved typography of user facing strings. 
Thanks Claude Paroz for assistance with translations.
 2019-06-28 16:46:18 +02:00
Markus Holtermann ad7b438002 Bumped minimum ESLint version to 4.18.2. 2019-06-21 17:57:35 +02:00
Andrew Godwin a415ce70be Fixed #30451 -- Added ASGI handler and coroutine-safety. 
This adds an ASGI handler, asgi.py file for the default project layout,
a few async utilities and adds async-safety to many parts of Django.
 2019-06-20 12:29:43 +02:00
Sanyam Khurana 87f5d07eed Fixed #12952 -- Adjusted admin log change messages to use form labels instead of field names. 2019-06-14 18:20:29 +02:00
Mariusz Felisiak b616f65855
Added missing support for PointOnSurface function on MariaDB. 2019-06-12 10:51:43 +02:00
Jon Dufresne 9e38ed0536 Fixed #27486 -- Fixed Python 3.7 DeprecationWarning in intword and filesizeformat filters. 
intword and filesizeformat passed floats to ngettext() which is
deprecated in Python 3.7. The rationale for this warning is documented
in BPO-28692: https://bugs.python.org/issue28692.

For filesizeformat, the filesize value is expected to be an int -- it
fills %d string formatting placeholders. It was likely coerced to a
float to ensure floating point division on Python 2. Python 3 always
does floating point division, so coerce to an int instead of a float to
fix the warning.

For intword, the number may contain a decimal component. In English, a
decimal component makes the noun plural. A helper function,
round_away_from_one(), was added to convert the float to an integer that
is appropriate for ngettext().
 2019-06-11 20:34:59 +02:00
Aymeric Augustin 3ee0834a46 Fixed #30556 -- Avoided useless query and hasher call in ModelBackend.authenticate() when credentials aren't provided. 
There's no need to fetch a user instance from the database unless
a username and a password are provided as credentials.
 2019-06-10 11:12:31 +02:00
Hasan Ramezani dcb8f00d06 Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields. 
Thank you to Nick Pope for review.

Co-authored-by: CHI Cheng <cloudream@gmail.com>
 2019-06-07 12:44:39 +02:00
Hasan Ramezani 661e6cc2c9 Fixed #29706 -- Made RenameContentType._rename() save to the correct database. 2019-06-06 12:09:01 +02:00
Tobias Bengfort 581a0f4545 Refs #30226 -- Added User.get_user_permissions() method. 
Added to mirror the existing User.get_group_permissions().
 2019-06-05 13:56:37 +02:00
Tobias Bengfort 75337a6050 Fixed #30226 -- Added BaseBackend for authentication. 2019-06-05 13:39:46 +02:00
Jones Ambrosi f9561144d7 Fixed #30520 -- Fixed crash of admin model inlines on custom fields without labels. 2019-06-04 10:27:12 +02:00
Nathan Gaberel b27c9c953b Fixed #28604 -- Prevented ManifestStaticFilesStorage from leaving intermediate files. 2019-06-03 13:11:55 +02:00
Carlton Gibson 34ec52269a Applied jQuery patch for CVE-2019-11358. 2019-06-03 11:36:12 +02:00
Carlton Gibson deeba6d920 Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before rendering clickable link. 2019-06-03 11:36:12 +02:00
can dffa3e1992 Fixed #30493 -- Fixed prefetch_related() for GenericRelation with different content types. 
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>

Thanks Simon Charette for the review.
 2019-05-31 18:11:55 +02:00
Mariusz Felisiak f66021f3f7 Refs #30493 -- Added GenericRelatedObjectManager.get_content_type() hook. 2019-05-31 18:11:51 +02:00
Daniel Hahler 59f04d6b8f Simplified SessionMiddleware.process_response() a bit. 2019-05-29 14:10:11 +02:00
Caio Ariede a3f91891d2 Fixed #30315 -- Fixed crash of ArrayAgg and StringAgg with ordering when used in Subquery. 2019-05-28 10:05:50 +02:00
Rob 58df8aa40f Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs. 
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
 2019-05-24 08:40:25 +02:00
Mariusz Felisiak 2007e11d70
Forced utf-8 encoding when loading common passwords in CommonPasswordValidator. 
Previously we used `decode()` which defaults to utf-8. This change
restores previous behavior.

Follow up to 28eac41510.
 2019-05-23 08:39:16 +02:00
Jon Dufresne b711eafd2a Refs #30116 -- Removed unnecessary str() calls in CommonPasswordValidator. 
open() and gzip.open() supports path-like objects since Python 3.6.
 2019-05-22 19:47:28 +02:00
Brad Solomon 28eac41510 Improved performance of loading common passwords in CommonPasswordValidator. 
CommonPasswordValidator.__init__ previously called either splitlines or
readlines, creating an unneeded intermediate list in memory. For large
custom password files, this could be burdensome.
 2019-05-22 06:55:21 +02:00
Hasan Ramezani 9d6f981a66 Fixed #28763 -- Allowed overriding the session cookie age with SessionStore.get_session_cookie_age(). 2019-05-21 08:50:09 +02:00
Thomasina Lee c38e7a79f4 Fixed #30488 -- Removed redundant Coalesce call in SQL generated by SearchVector. 
Regression in 405c836336.
 2019-05-20 08:34:06 +02:00
Claude Paroz e286987a27 Fixed #30459 -- Delegated hide/show JS toggle to parent div. 
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
 2019-05-17 07:46:45 +02:00