Claude Paroz
0468159763
Refs #30426 -- Changed default SECURE_CONTENT_TYPE_NOSNIFF to True.
2019-08-18 13:17:49 +02:00
Simon Charette
8b4a43dda7
Fixed #29545 -- Fixed using filter lookups againts nested subquery expressions.
...
Made sql.Where resolve lhs of its child nodes. This is necessary to
allow filter lookups against nested subquery expressions to properly
resolve their OuterRefs to Cols.
Thanks Oskar Persson for the simplified test case.
2019-08-17 11:24:35 +02:00
Claude Paroz
7203efb799
Fixed #30694 -- Documented FileResponse does not seek its file source.
2019-08-17 09:20:36 +02:00
Adnan Umer
6805c0f99f
Fixed #30701 -- Updated patch_vary_headers() to handle an asterisk according to RFC 7231.
2019-08-16 15:25:42 +02:00
Adam Johnson
7da6a28a44
Fixed #27676 -- Allowed BLOB/TEXT defaults on MariaDB 10.2.1+.
2019-08-16 11:39:37 +02:00
Andrew Brown
8a281aa7fe
Fixed #30687 -- Fixed using of OuterRef() expressions in distance lookups.
2019-08-16 06:50:33 +02:00
zeyneloz
8289fc55ff
Refs #30449 -- Made RelatedOnlyFieldListFilter respect ModelAdmin.ordering.
2019-08-15 10:29:10 +02:00
zeyneloz
00035672a4
Fixed #30449 -- Fixed RelatedFieldListFilter/RelatedOnlyFieldListFilter to respect model's Meta.ordering.
...
Regression in 6d4e5feb79
.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-08-15 10:29:05 +02:00
Mariusz Felisiak
1f8382d34d
Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params.
...
Regression in 4f5b58f5cd
.
Thanks Florian Apolloner for the report and helping with tests.
2019-08-14 15:25:35 +02:00
Mads Jensen
0b8d911d28
Optimized Field.deconstruct() by using elif.
2019-08-14 10:50:31 +02:00
Claude Paroz
eed2e740f7
Fixed #30461 -- Made GeoIP2 and GEOIP_PATH setting accept pathlib.Path as library path.
...
Thanks Nikita Krokosh for the initial patch.
2019-08-13 19:44:10 +02:00
Claude Paroz
88c0b907e7
Refs #30461 -- Added django.utils._os.to_path().
2019-08-13 17:17:39 +02:00
Mariusz Felisiak
c19ad2da4b
Fixed #30704 -- Fixed crash of JSONField nested key and index transforms on expressions with params.
...
Thanks Florian Apolloner for the report and helping with tests.
2019-08-13 08:42:17 +02:00
Simon Charette
efa1908f66
Refs #25367 -- Moved Oracle Exists() handling to contextual methods.
...
Oracle requires the EXISTS expression to be wrapped in a CASE WHEN in
the following cases.
1. When part of a SELECT clause.
2. When part of a ORDER BY clause.
3. When compared against another expression in the WHERE clause.
This commit moves the systematic CASE WHEN wrapping of Exists.as_oracle
to contextual .select_format, Lookup.as_oracle, and OrderBy.as_oracle
methods in order to avoid unnecessary wrapping.
2019-08-13 06:48:14 +02:00
Simon Charette
fff5186d32
Refs #25367 -- Moved select_format hook to BaseExpression.
...
This will expose an intermediary hook for expressions that need special
formatting when used in a SELECT clause.
2019-08-13 06:48:14 +02:00
Min ho Kim
4f7328ce8a
Corrected multiple typos.
2019-08-12 12:53:36 +02:00
Min ho Kim
d7673d9eda
Switched to use `HTTP_X_FORWARDED_PROTO` custom header in tests.
...
This is the conventional name: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
2019-08-12 12:51:26 +02:00
Simon Charette
f7e9db14bb
Refs #25367 -- Added test for Exists() lookup rhs.
2019-08-12 09:39:26 +02:00
Simon Charette
088a6fab1c
Refs #24793 -- Removed bogus connection argument from SQLCompiler.compile() calls.
...
The method doesn't expect a connection object to be passed as its second
argument.
2019-08-12 07:47:55 +02:00
Simon Charette
8b3e1b6e9e
Refs #11964 -- Made constraint support check respect required_db_features.
...
This will notably silence the warnings issued when running the test
suite on MySQL.
2019-08-12 06:44:37 +02:00
Simon Charette
2fb872e56f
Refs #23879 -- Made introspection respect required_db_features.
2019-08-12 06:33:46 +02:00
swatantra
73ac9e3f04
Fixed #30677 -- Improved error message for urlencode() and Client when None is passed as data.
2019-08-11 20:15:23 +02:00
Akash Agrawal
c1b26c77a9
Fixed #30696 -- Removed obsolete mention of CheckConstraint in the AddConstraint docs.
...
Follow up to 8eae094638
.
2019-08-11 15:39:48 +02:00
Akash Agrawal
af08a54415
Fixed #30670 -- Doc'd SchemaEditor.add/remove_constraint().
2019-08-11 03:26:44 +02:00
Ngalim Siregar
503f60ff57
Fixed #29008 -- Fixed crash of 404 debug page when URL path converter raises Http404.
2019-08-09 22:48:08 +02:00
Carlton Gibson
514efa3129
Fixed #30688 -- Clarified base_manager_name docs.
2019-08-09 10:08:06 +02:00
Jon Dufresne
5b57798513
Removed unnecessary StatAggregate.resolve_expression().
...
This method only calls the parent method, but without the for_save
argument. The parent class, Aggregate, already ignores the for_save
argument so there is no need for special handling.
Unnecessary since its introduction in e4cf8c8420
.
2019-08-08 22:34:25 +02:00
Adnan Umer
8d3519071e
Fixed #30673 -- Relaxed system check for db_table collision when database routers are installed by turning the error into a warning.
2019-08-08 21:14:06 +02:00
Min ho Kim
65e86948b8
Corrected several typos in string literals and test names.
2019-08-07 11:23:14 +02:00
Andrew Godwin
052388aba4
Fixed #30676 -- Added --pdb option to test runner.
2019-08-07 08:16:31 +02:00
Adnan Umer
c5075360c5
Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER setting.
2019-08-05 18:44:08 +02:00
Mariusz Felisiak
05964b2198
Moved indexes in ArrayField's Index and Slice transforms to SQL params.
...
Follow up to 7deeabc7c7
.
These lookups aren't vulnerable to SQL injection because both accept
only integer indexes. It is a part of good practices.
2019-08-05 14:16:35 +02:00
Mariusz Felisiak
0e02e496cd
Added tests for using ArrayField's IndexTransform/SliceTransform on expressions with params.
2019-08-05 14:16:25 +02:00
Diederik van der Boor
25f21bd237
Fixed #28393 -- Added helpful error messages for invalid AutoField/FloatField/IntegerField values.
...
Co-authored-by: Diederik van der Boor <vdboor@edoburu.nl>
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-05 08:41:29 +02:00
Mariusz Felisiak
1af469e67f
Added stub release notes for 2.2.5.
2019-08-02 20:32:21 +02:00
Nick Pope
4cf1f2f13e
Simplified AlterModelTable by making it subclass ModelOptionOperation.
2019-08-02 18:19:55 +02:00
niauah
75f8264083
Corrected StreamingHttpResponse.streaming_content description in docs.
2019-08-02 16:37:49 +02:00
aaktsipetrov
4edad1ddf6
Fixed #30668 -- Made QuerySet.filter() raise NotSupportedError if any of source expressions is not filterable.
2019-08-02 15:06:00 +02:00
Nick Pope
194d1dfc18
Fixed #30661 -- Added models.SmallAutoField.
2019-08-02 11:39:01 +02:00
zeyneloz
955b382600
Fixed #30599 -- Prevented ManifestFilesMixin.read_manifest() from silencing errors other than FileNotFoundError.
2019-08-02 08:35:28 +02:00
zeyneloz
246689452d
Added test for handling of non-existent manifest in ManifestFilesMixin.read_manifest().
2019-08-02 08:35:25 +02:00
Mariusz Felisiak
d14fa04ab3
Removed obsolete mentions of a check constraint in BaseDatabaseSchemaEditor.add_constraint()/remove_constraint() docstrings.
2019-08-02 07:09:37 +02:00
Jon Dufresne
e8d0d2a5ef
Removed unneeded ValueError catching in django.utils.text._replace_entity().
...
The html.entities.name2codepoint dict contains only valid Unicode
codepoints. Either the key exists and chr() will succeed or the key does
not exist.
2019-08-01 14:30:20 +02:00
Mariusz Felisiak
ff111ea5e3
Refs #30664 -- Fixed migrations crash when altering AutoField/BigAutoField with quoted db_column on PostgreSQL.
2019-08-01 12:06:32 +02:00
Ngalim Siregar
e4684220af
Fixed #30664 -- Fixed migrations crash when altering table on SQLite or altering AutoField/BigAutoField on PostgreSQL for models with quoted db_table.
2019-08-01 12:06:32 +02:00
Carlton Gibson
a5652eb795
Added CVE-2019-14235 to security release archive.
2019-08-01 12:01:27 +02:00
Carlton Gibson
3a6a2f5eaf
Added CVE-2019-14234 to security release archive.
2019-08-01 11:59:45 +02:00
Carlton Gibson
9600f63885
Added CVE-2019-14233 to security release archive.
2019-08-01 11:57:24 +02:00
Carlton Gibson
87750787d1
Added CVE-2019-14232 to the security release archive.
2019-08-01 11:54:24 +02:00
Florian Apolloner
76ed1c49f8
Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00