0dcd549bbe
Fixed #30360 -- Added support for secret key rotation.
...
Thanks Florian Apolloner for the implementation idea.
Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-02-01 11:12:24 +01:00
fc18f36c4a
Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
...
Thanks Alan Ryan for the report and initial patch.
2022-02-01 07:41:40 +01:00
394517f078
Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.
...
Thanks Keryn Knight for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-02-01 07:40:51 +01:00
97a7274468
Fixed #33480 -- Fixed makemigrations crash when renaming field of renamed model.
...
Regression in aa4acc164d
2022-02-01 07:01:41 +01:00
71e7c8e737
Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on aggregates with default.
...
Thanks Adam Johnson for the report.
2022-01-31 11:33:24 +01:00
beb7ddbcee
Updated translations from Transifex.
...
Updated Bulgarian, Czech, German, Uzbek, and Vietnamese translations.
Forwardport of 7a1c6533eb
2022-01-29 19:01:15 +01:00
55022f75c1
Fixed #33465 -- Added empty __slots__ to SafeString and SafeData.
...
Despite inheriting from the str type, every SafeString instance gains
an empty __dict__ due to the normal, expected behaviour of type
subclassing in Python.
Adding __slots__ to SafeData is necessary, because otherwise inheriting
from that (as SafeString does) will give it a __dict__ and negate the
benefit added by modifying SafeString.
2022-01-29 13:50:34 +01:00
67db54a5a7
Fixed #33452 -- Fixed admin change-form layout for submit buttons on mid-sized displays.
...
Thanks David Smith for reviews.
2022-01-29 11:59:08 +01:00
c5c7a15b09
Fixed #33461 -- Escaped template errors in the technical 500 debug page.
2022-01-28 07:07:12 +01:00
e87f57fdb8
Fixed #26142 -- Allowed model formsets to prevent new object creation.
...
Thanks Jacob Walls, David Smith, and Mariusz Felisiak for reviews.
Co-authored-by: parth <parthvin@gmail.com>
2022-01-27 20:45:21 +01:00
0af9a5fc7d
Fixed #33463 -- Fixed QuerySet.bulk_update() with F() expressions.
2022-01-27 19:03:26 +01:00
e972620ada
Fixed #33462 -- Fixed migration crash when altering type of primary key with MTI and foreign key.
...
This prevents duplicated operations when altering type of primary key
with MTI and foreign key. Previously, a foreign key to the base model
was added twice, once directly and once by the inheritance model.
Thanks bcail for the report.
Regression in 325d7710ce
2022-01-27 18:51:39 +01:00
2eed554c3f
Fixed wrapping of long messages in the admin.
2022-01-26 21:14:13 +01:00
85f2a9fb0f
Fixed #33407 -- Fixed .radiolist admin CSS.
...
Regression in 5942ab5eb1
2022-01-26 09:26:48 +01:00
a93a1ba347
Fixed broken link to cx_Oracle docs.
2022-01-25 20:14:24 +01:00
890bfa368c
Refs #20349 -- Avoided loading testing libraries when not needed.
2022-01-25 11:41:01 +01:00
edbf930287
Fixed #29984 -- Added QuerySet.iterator() support for prefetching related objects.
...
Co-authored-by: Raphael Kimmig <raphael.kimmig@ampad.de>
Co-authored-by: Simon Charette <charette.s@gmail.com>
2022-01-25 06:12:04 +01:00
c27932ec93
Fixed #33460 -- Used VALUES clause for insert in bulk on SQLite.
...
SQLite 3.7.11 introduced the ability to use multiple values directly.
SQLite 3.8.8 made multiple values not subject to the
SQLITE_LIMIT_COMPOUND_SELECT (500).
2022-01-24 20:51:32 +01:00
4ac0bf6acd
Fixed wrapping of long values in technical 500 debug page.
...
Follow up to d5f2d5d604
2022-01-24 11:54:41 +01:00
89d137f3be
Fixed #33457 -- Fixed "Local vars" scrolling in technical 500 debug page.
...
Thanks Keryn Knight for the report and the initial patch.
2022-01-24 07:42:52 +01:00
efb4478e48
Fixed #33458 -- Fixed encoding of messages with empty string as extra_tags.
2022-01-24 07:05:53 +01:00
7c4f396509
Stopped including type="text/css" attributes for CSS link tags.
2022-01-22 16:38:14 +01:00
2d8232fa71
Fixed #26760 -- Added --prune option to migrate command.
2022-01-21 17:10:31 +01:00
eeff1787b0
Fixed #33449 -- Fixed makemigrations crash on models without Meta.order_with_respect_to but with _order field.
...
Regression in aa4acc164d
2022-01-21 06:44:53 +01:00
f605e85af9
Fixed #33453 -- Dropped support for GDAL 2.1.
2022-01-20 18:54:29 +01:00
3fadf141e6
Fixed #33062 -- Made MultiPartParser remove non-printable chars from file names.
2022-01-20 07:19:52 +01:00
0f6946495a
Fixed #31685 -- Added support for updating conflicts to QuerySet.bulk_create().
...
Thanks Florian Apolloner, Chris Jerdonek, Hannes Ljungberg, Nick Pope,
and Mariusz Felisiak for reviews.
2022-01-19 20:17:42 +01:00
ba9de2e74e
Updated GEOS/GDAL links in docs and comments.
2022-01-19 19:06:12 +01:00
dc8bb35e39
Fixed #33446 -- Added CSS source map support to ManifestStaticFilesStorage.
2022-01-18 12:53:14 +01:00
fac26684fd
Removed unused buf_size argument to LimitedStream().
...
Unused since its introduction in 269e921756
2022-01-18 05:55:14 +01:00
30a0144134
Fixed #29338 -- Allowed using combined queryset in Subquery.
...
Thanks Eugene Kovalev for the initial patch, Simon Charette for the
review, and Chetan Khanna for help.
2022-01-17 18:01:07 +01:00
f37face331
Fixed #33435 -- Fixed invalid SQL generatered by Subquery.as_sql().
2022-01-17 09:00:46 +01:00
0a17666045
Fixed #28135 -- Made simplify_regex() handle non-capturing groups.
2022-01-14 11:01:02 +01:00
fdfa97fb16
Fixed #33441 -- Restored immutability of models.Field.__hash__().
...
Regression in 502e75f9ed
2022-01-14 07:00:48 +01:00
827bc07047
Refs #28135 -- Refactored out _find_groups()/_get_group_start_end() hooks in admindocs.
2022-01-13 16:33:19 +01:00
45a42aabfa
Fixed #29708 -- Deprecated PickleSerializer.
2022-01-13 13:50:20 +01:00
c920387fab
Optimized SessionBase.get_expire_at_browser_close().
2022-01-13 13:05:46 +01:00
436862787c
Refs #29708 -- Made SessionBase store expiry as string.
2022-01-13 13:05:42 +01:00
c6cb5a0277
Refs #29708 -- Stopped inheriting from PickleSerializer by RedisSerializer.
2022-01-13 12:28:06 +01:00
08d8bccbf1
Improved Model.__init__() properties loop.
...
This improves readability, accumulates unrecognized arguments raise an
exception with all of them, and avoids refetching the values.
2022-01-13 11:09:37 +01:00
0a4a5e5bac
Refs #32681 -- Fixed VariableDoesNotExist when rendering some admin template.
...
Regression in 84609b32054e5bbb6ef2
2022-01-13 10:10:48 +01:00
6815da6e94
Fixed #33396 -- Added view name to technical 500 debug page.
2022-01-13 07:02:41 +01:00
4099e6e737
Refs #33396 -- Added django.views.debug.get_caller() hook.
2022-01-13 06:50:06 +01:00
90cf963264
Changed django.utils.log.log_response() to take exception instance.
...
There's little point retrieving a fresh reference to the exception in
the legacy tuple format, when it's all available via the exception
instance we already have.
2022-01-12 20:23:42 +01:00
d05ab13c56
Refs #33426 -- Simplified technical_404_response() with ResolverMatch._func_path.
2022-01-12 15:56:59 +01:00
84e98ba194
Added exception to SuspiciousOperation logging.
...
This allows better debugging and filtering of errors.
2022-01-12 13:27:25 +01:00
18a15bbc9c
Fixed #33433 -- Avoided unnecessary resolve() calls in technical_404_response().
...
Thanks Keryn Knight for the initial patch.
2022-01-12 08:23:38 +01:00
dc9deea8e8
Fixed #11715 -- Changed default value of ModelAdmin.actions/inlines to empty tuples.
...
This clarifies the intended pattern of overwriting the default value
rather than mutating it.
2022-01-11 12:22:49 +01:00
b111b15c12
Refs #30141 -- Removed unused branch in parse_duration().
...
Unused since 99fc5dc13c
2022-01-11 11:09:08 +01:00
fa235004dd
Fixed #13251 -- Made pre/post_delete signals dispatch the origin.
2022-01-11 08:06:18 +01:00
6f78cb6b13
Fixed #29026 -- Added --scriptable option to makemigrations.
2022-01-10 18:49:57 +01:00
f4b06a3cc1
Fixed #33426 -- Fixed ResolverMatch.__repr_() for class-based views.
...
Regression in 7c08f26bf0
2022-01-10 17:30:41 +01:00
3d7ac6420c
Simplified @stringfilter decorator and Library with unwrap().
...
Nowadays we can use inspect.unwrap() to retrieve the innermost function
object when needed, and most of the uses of _decorated_function were to
access the original __name__ which is not needed because
@functools.wraps sets that attribute correctly.
2022-01-10 08:31:43 +01:00
2a66c102d9
Fixed #33425 -- Fixed view name for CBVs on technical 404 debug page.
...
Regression in 0c0b87725b
2022-01-08 13:05:55 +01:00
7346c288e3
Refs #32355 -- Removed unnecessary list() calls before reversed() on dictviews.
...
Dict and dictviews are iterable in reversed insertion order using
reversed() in Python 3.8+.
2022-01-07 16:29:15 +01:00
4c60c3edff
Fixed #33419 -- Restored marking forms.Field.help_text as HTML safe.
...
Regression in 456466d932
2022-01-07 15:35:31 +01:00
bdf3e156b4
Fixed #28628 -- Changed \d to [0-9] in regexes where appropriate.
2022-01-07 12:25:06 +01:00
28c98d4113
Fixed #33216 -- Simpilified deconstructed paths for some expressions.
2022-01-07 11:19:29 +01:00
96e7ff5e9f
Avoided isinstance(…, Variable) calls in FilterExpression.resolve().
...
By determining the variable type within __init__() instead of resolve()
we can skip an isinstance() check at template runtime. Templates are
executed in production more often than the parse trees themselves,
assuming the cached Loader is used.
2022-01-07 10:29:22 +01:00
c67e1cf44f
Refs #33348 -- Deprecated passing errors=None to SimpleTestCase.assertFormError()/assertFormsetErrors().
2022-01-06 17:29:32 +01:00
bc174e6ea0
Fixed #33410 -- Fixed recursive capturing of callbacks by TestCase.captureOnCommitCallbacks().
...
Regression in d89f976bdd
2022-01-06 06:38:17 +01:00
806efe912b
Fixed #33400 -- Added support for msg_prefix and count arguments to assertTemplateUsed()/assertTemplateNotUsed() used as context managers.
2022-01-05 12:49:42 +01:00
e700a3714f
Refs #33400 -- Renamed SimpleTestCase._assert_template_used() to _get_template_used().
2022-01-05 11:46:26 +01:00
f5233dce30
Fixed #32511 -- Corrected handling prefetched nested reverse relationships.
...
When prefetching a set of child objects related to a set of parent
objects, we usually want to populate the relationship back from the
child to the parent to avoid a query when accessing that relationship
attribute. However, there's an edge case where the child queryset
itself specifies a prefetch back to the parent. In that case, we want
to use the prefetched relationship rather than populating the reverse
relationship from the parent.
2022-01-05 09:49:05 +01:00
205f67cd5b
Refs #33216 -- Made @deconstructible do not change path for subclasses.
2022-01-04 13:15:29 +01:00
6d343d01c5
Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem.
...
Thanks to Dennis Brinkrolf for the report.
2022-01-04 10:04:12 +01:00
761f449e0d
Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter.
...
Thanks to Dennis Brinkrolf for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:03:56 +01:00
968a3d01fa
Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilarityValidator.
...
Thanks Chris Bailey for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:02:05 +01:00
482ee63b6f
Fixed #33402 -- Optimized multiple AlterFooTogether operations.
2022-01-04 06:24:03 +01:00
0ed2919814
Fixed #33406 -- Avoided creation of MaxLengthValidator(None) when resolving Value.output_field for strings.
...
This brings the behaviour in line with Field subclasses which append to
the validators within __init__(), like BinaryField, and prevents the
creation of a validator which incorrectly throws a TypeError, if it
were used.
2022-01-04 05:51:00 +01:00
30613d6a74
Fixed #33408 -- Fixed adding nullable unique fields on SQLite.
...
Regression in 2f73e5406d
2022-01-04 05:50:00 +01:00
0ab58c1209
Refs #29026 -- Allowed customizing InteractiveMigrationQuestioner's prompt destination.
...
Previously, the questioner did not obey the value of stdout provided
to the command.
2022-01-03 12:30:51 +01:00
a21a63cc28
Refs #27753 -- Removed unused django.utils.text._replace_entity() and _entity_re.
...
Unused since 157ab32f34
2021-12-30 13:19:25 +01:00
aecfc40c88
Fixed #33300 -- Ensured hidden elements are not displayed on small screens.
2021-12-30 07:57:36 +01:00
92412aa94c
Fixed #23273 -- Avoided creation of django_migrations table when there are no migrations to apply.
2021-12-30 06:36:55 +01:00
361bb8f786
Refs #26872 -- Fixed wrapping of long choices in ModelAdmin.list_filter.
...
Regression in 269a767146
2021-12-29 10:57:23 +01:00
d5f2d5d604
Fixed wrapping of long values in technical 500 debug page.
2021-12-29 07:59:45 +01:00
950d697b95
Refs #31617 -- Removed redundant title text in filter.html.
...
Unnecessary since 269a767146
2021-12-28 13:42:35 +01:00
59a66f0512
Refs #33342 -- Deprecated ExclusionConstraint.opclasses.
2021-12-27 08:55:18 +01:00
ff225fac1d
Refs #29517 -- Removed obsolete PositiveIntegerField test skip.
2021-12-27 06:16:59 +01:00
0e656c02fe
Fixed #33342 -- Added support for using OpClass() in exclusion constraints.
2021-12-24 11:39:00 +01:00
a0d43a7a6e
Refs #31617 -- Changed dark mode primary-fg to give higher contrast to secondary.
2021-12-23 21:10:25 +01:00
5f6a727a6a
Refs #33355 -- Constructed SQLite list aggregate types once.
2021-12-23 12:08:33 +01:00
ec7554f1c2
Refs #33355 -- Removed @none_guard from SQLite functions.
...
Co-Authored-By: Nick Pope <nick@nickpope.me.uk>
2021-12-23 12:00:29 +01:00
deec15a9a6
Refs #33355 -- Made trunc functions raise ValueError on invalid lookups on SQLite.
...
Co-Authored-By: Nick Pope <nick@nickpope.me.uk>
2021-12-23 11:47:13 +01:00
2d991ff661
Refs #33355 -- Moved SQLite functions to separate module.
...
Co-Authored-By: Nick Pope <nick@nickpope.me.uk>
2021-12-23 11:47:08 +01:00
fa4b2c15f2
Refs #33355 -- Optimized LPad() database function on SQLite.
...
Co-Authored-By: Nick Pope <nick@nickpope.me.uk>
2021-12-23 06:56:30 +01:00
ca04659b4b
Refs #32355 -- Bumped required psycopg2 version to 2.8.4.
...
psycopg2 2.8.4 is the first release to support Python 3.8.
2021-12-22 20:32:55 +01:00
c4328c2f4e
Refs #33355 -- Optimized Trunc() on SQLite by using f-strings.
...
Co-Authored-By: Nick Pope <nick@nickpope.me.uk>
2021-12-22 11:47:55 +01:00
a8fa3e5cd7
Refs #33355 -- Added missing tests for database functions and expression on null values.
2021-12-22 11:46:18 +01:00
19fb838803
Fixed #32600 -- Fixed Geometry collections and Polygon segmentation fault on macOS ARM64.
2021-12-21 13:00:09 +01:00
e95e6425ac
Refs #24121 -- Added __repr__() to BaseFormSet.
2021-12-21 12:06:05 +01:00
6045b1f041
Fixed typo in django/forms/widgets.py.
2021-12-21 09:14:58 +01:00
33401cba93
Optimized MiddlewareMixin coroutine check.
2021-12-21 08:41:29 +01:00
cc752c1c3a
Optimized django.template.autoreload.get_template_directories() a bit.
2021-12-21 08:39:40 +01:00
72b23c04d8
Fixed #33374 -- Fixed ExpressionWrapper annotations with full queryset.
2021-12-21 06:17:04 +01:00
e8b4feddc3
Fixed #33367 -- Fixed URLValidator crash in some edge cases.
2021-12-20 07:30:22 +01:00
4fd3044ca0
Fixed #33368 -- Fixed parse_duration() crash on invalid separators for decimal fractions.
2021-12-20 06:46:34 +01:00
b0d16d0129
Changed signatures of setting_changed signal receivers.
2021-12-17 13:07:04 +01:00
4328970780
Fixed #33366 -- Fixed case handling with swappable setting detection in migrations autodetector.
...
The migration framework uniquely identifies models by case insensitive
labels composed of their app label and model names and so does the app
registry in most of its methods (e.g. AppConfig.get_model) but it
wasn't the case for get_swappable_settings_name() until this change.
This likely slipped under the radar for so long and only regressed in
b9df2b74b9
2021-12-17 07:46:58 +01:00
tschilling
Mariusz Felisiak
Markus Holtermann
Kirill Safronov
Claude Paroz
Keryn Knight
vgolubev
Jörg Breitbart
Carlton Gibson
Ian Foote
Collin Anderson
Jacob Walls
Hrushikesh Vaidya
Timothy McCurrach
Fabian Büchler
sean_c_hsu
Moritz Duchêne
Adam Johnson
Nick Pope
My-Name-Is-Nabil
Ayush Joshi
mgaligniana
Baptiste Mispelon
David
Ad Timmering
Allen Jonathan David
Petter Friberg
Jamie Matthews
Florian Apolloner
David Wobrock
Shubh1815
David Smith
Hannes Ljungberg
Tim Graham
Brenton Partridge
vavanade
mendespedro
Simon Charette