Commit Graph

12487 Commits

Author SHA1 Message Date
Keryn Knight 854e9b0668 Fixed #32824 -- Improved performance of NodeList.render().
This avoids the following:
 - checking that each item in the nodelist is a subclass of Node,
 - calling str() on the render_annotated() output, because it's
   documented that Node.render() must return a string,
 - calling mark_safe() on the output, when the value to be wrapped is
   definitively known to be a string because the result of ''.join()
   is always of that type,
 - using an intermediate list to store each individual string.
2021-06-11 12:22:06 +02:00
Mariusz Felisiak fa0433d05f Fixed #32832 -- Fixed adding BLOB/TEXT nullable field with default on MySQL 8.0.13+.
Regression in d4ac23bee1.

Thanks Omkar Deshpande for the report.
2021-06-10 20:03:43 +02:00
Mariusz Felisiak 57bc16b38e Refs #32503 -- Added release notes for 5e04e84d67. 2021-06-10 20:03:43 +02:00
Angus Holder 3e73c65ffc Fixed #32195 -- Added system check for invalid view in path() and improved error messages. 2021-06-09 09:06:42 +02:00
Mariusz Felisiak fcd44b889f
Refs #14357 -- Updated docs about interaction between aggregations and QuerySet.order_by().
Obsolete since 0ddb4ebf7b.
2021-06-08 16:39:00 +02:00
Sanskar Jaiswal 8c3bd0b708 Fixed #31653 -- Added AddConstraintNotValid()/ValidateConstraint() operations for PostgreSQL. 2021-06-08 07:46:51 +02:00
Claude Paroz ecf8af7935
Fixed header underlines in performance docs. 2021-06-05 18:20:40 +02:00
David Smith d8c17aa10c Refs #32338 -- Improved accessibility of RadioSelect examples in docs.
Co-authored-by: Thibaud Colas <thibaudcolas@gmail.com>
2021-06-04 08:28:25 +02:00
Takayuki Hirayama 0393b9262d Fixed #32812 -- Restored immutability of named values from QuerySet.values_list().
Regression in 981a072dd4.

Thanks pirelle for the report.
2021-06-04 07:23:16 +02:00
Mariusz Felisiak f10c52afab
Refs #31356 -- Changed IRC links to the Libera.Chat webchat.
Follow up to 66491f08fe.
2021-06-03 12:07:30 +02:00
Jacob Walls f0d0d29f03
Fixed typos in docs. 2021-06-03 07:49:50 +02:00
Mariusz Felisiak d9cee3f5f2 Fixed docs header underlines in security archive. 2021-06-02 12:16:38 +02:00
Carlton Gibson ba10772bf6 Added stub release notes for Django 3.2.5. 2021-06-02 11:25:32 +02:00
Carlton Gibson a39f235ca4 Added CVE-2021-33203 and CVE-2021-33571 to security archive. 2021-06-02 11:15:54 +02:00
Mariusz Felisiak e1d787f1b3 Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.

[1] https://bugs.python.org/issue36384
2021-06-02 10:58:39 +02:00
Florian Apolloner 46572de2e9 Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView. 2021-06-02 10:58:39 +02:00
Carlton Gibson f66ae7a2d5 Confirmed release date for Django 3.2.4, 3.1.12, and 2.2.24. 2021-06-02 10:19:19 +02:00
Jacob Walls 1443b5e9ac
Fixed typo in docs/internals/contributing/writing-code/coding-style.txt. 2021-06-02 08:14:57 +02:00
Mariusz Felisiak e703b152c6
Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.
Regression in 1e38f1191d.

Thanks Mohsen Tamiz for the report.
2021-06-01 15:11:42 +02:00
Daniyal a0410ffe8f Refs #32552 -- Added DiscoverRunner.log() to allow customization.
Thanks Carlton Gibson, Chris Jerdonek, and David Smith for reviews.
2021-06-01 13:31:44 +02:00
Gildardo Adrian Maravilla Jacome 91e21836f6 Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage. 2021-05-31 11:09:48 +02:00
David Sanders 5685b7cd73
Fixed typos in comments and docs. 2021-05-29 12:51:14 +02:00
David Wobrock b9df2b74b9 Fixed #32676 -- Prevented migrations from rendering related field attributes when not passed during initialization.
Thanks Simon Charette for the implementation idea.
2021-05-28 20:25:59 +02:00
Hannes Ljungberg b746596f5f Refs #32779 -- Changed DatabaseSchemaEditor._unique_sql()/_create_unique_sql() to take fields as second parameter. 2021-05-28 10:50:27 +02:00
Mohammadreza Varasteh e93eb3d971 Fixed #32789 -- Made feeds emit elements with no content as self-closing tags. 2021-05-27 21:05:28 +02:00
Nick Pope e513fb0e77 Fixed typo in MiddlewareMixin deprecation note. 2021-05-27 06:17:30 +02:00
Mariusz Felisiak 12b19a1d76
Fixed #32783 -- Fixed crash of autoreloader when __main__ module doesn't have __spec__ attribute.
Regression in ec6d2531c5.

Thanks JonathanNickelson for the report.
2021-05-26 11:19:47 +02:00
Hasan Ramezani 1143f3bb5e Fixed #32543 -- Added search_help_text to ModelAdmin. 2021-05-26 10:20:13 +02:00
Carlton Gibson b46dbd4e3e Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24. 2021-05-26 10:16:05 +02:00
Hasan Ramezani 68357b2ca9 Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for template changes. 2021-05-26 09:41:29 +02:00
Rohith PR 7cca22964c Fixed #32375 -- Started deprecation toward changing the default sitemap protocol to https.
The default sitemap protocol, when it is built outside the context of
a request, will be changed from 'http' to 'https' in Django 5.0.
2021-05-21 11:00:54 +02:00
yyyyyyyan e197dcca36 Clarified docs about increasing the work factor for bcrypt hasher. 2021-05-20 20:24:51 +02:00
Mariusz Felisiak 66491f08fe
Changed IRC references to Libera.Chat. 2021-05-20 12:23:36 +02:00
Ben Sturmfels 31b6ce9ff9 Fixed note about ISP caching in docs.
Regression in 7aabd62380.
2021-05-20 10:55:42 +02:00
David Sanders 736bb9868a Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods. 2021-05-20 07:29:16 +02:00
Mike Lissner 6e155d280d Added note about culling in database cache backend docs.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-20 06:24:48 +02:00
David D Lowe fa4e963ee7 Doc'd that HttpRequest.path doesn't contain a query string. 2021-05-19 11:23:56 +02:00
Carlton Gibson c2e6047c72 Fixed #32740 -- Caught possible exception when initializing colorama. 2021-05-19 10:33:15 +02:00
David Sanders dacc307d93
Fixed typo in docs/ref/contrib/admin/index.txt. 2021-05-19 07:28:56 +02:00
Claude Paroz 8cd55021bc Fixed #32379 -- Started deprecation toward changing default USE_TZ to True.
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-18 20:26:44 +02:00
Mariusz Felisiak 958cdf65ae Fixed #32747 -- Prevented initialization of unused caches.
Thanks Alexander Ebral for the report.

Regression in 98e05ccde4.
2021-05-18 18:24:19 +02:00
Rust Saiargaliev a24fed399c Fixed #32733 -- Skipped system check for specifying type of auto-created primary keys on abstract models.
Regression in b5e12d490a.
2021-05-18 13:02:33 +02:00
Girish Sontakke 27d4573d35
Fixed #32755 -- Corrected Model.get_absolute_url() example in docs. 2021-05-18 11:30:38 +02:00
Slava Skvortsov f7691d4812 Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME.
Regression in ba31b01034.
2021-05-18 09:14:05 +02:00
Nick Pope 0851933cba Fixed #32720 -- Added configuration and docs for Sphinx link checker.
We explicitly ignore checking anchors for line-range anchors on GitHub
which are dynamically generated and, otherwise, show up as broken links.

See https://github.com/sphinx-doc/sphinx/issues/7388#issuecomment-739961689.

We also ignore links to resources that require authentication.
2021-05-17 11:21:35 +02:00
Nick Pope c156e36955 Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. 2021-05-17 09:46:09 +02:00
Nick Pope 7c4ee487c7 Refs #32720 -- Fixed some broken links in docs. 2021-05-17 09:22:17 +02:00
Nick Pope 1c3bbcf802 Refs #32720 -- Used full hashes in security archive. 2021-05-17 08:27:46 +02:00
Mariusz Felisiak df5c96299a Corrected commit hashes for security patches. 2021-05-17 08:26:06 +02:00
Nick Pope 8c4caee76a Refs #32720 -- Used :commit: and :source: role in old release notes. 2021-05-17 07:36:57 +02:00
Mariusz Felisiak 820408d842 Added stub release notes for Django 3.2.4. 2021-05-13 09:42:26 +02:00
Mariusz Felisiak b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
2021-05-13 08:53:44 +02:00
Simon Charette b81c7562fc Fixed #32717 -- Fixed filtering of querysets combined with the | operator.
Address a long standing bug in a Where.add optimization to discard
equal nodes that was surfaced by implementing equality for Lookup
instances in bbf141bcdc.

Thanks Shaheed Haque for the report.
2021-05-13 07:26:52 +02:00
Raffaele Salmaso 3733ae8957 Fixed #32031 -- Added model class for each model to AdminSite.each_context(). 2021-05-13 06:57:09 +02:00
David Smith 0456d3e427
Fixed #26721 -- Doc'd setting UTF-8 on Windows. 2021-05-12 20:46:01 +02:00
Nick Pope 29e4ccb1a2 Fixed #32738 -- Deprecated django.utils.datetime_safe module. 2021-05-12 14:42:17 +02:00
Nick Pope 1061f52436 Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection options in MySQL backend.
The 'db' and 'passwd' connection options have been deprecated, use
'database' and 'password' instead (available since mysqlclient >= 1.3.8).

This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.
2021-05-12 12:21:57 +02:00
Nick Pope 69ffb1acf3 Refs #32366 -- Avoided use of datetime.utcnow() in the documentation. 2021-05-12 11:06:31 +02:00
Nick Pope 88b3982af3 Fixed a typo in docs/ref/models/fields.txt.
datetime.date.utcnow() doesn't exist, should be .today().
2021-05-12 11:06:29 +02:00
Mariusz Felisiak d1f1417cae
Refs #32718 -- Corrected CVE-2021-31542 release notes. 2021-05-12 10:42:01 +02:00
Nick Pope 34363a391b Fixed #32735 -- Made DateFormat.Y() return a zero-padded year. 2021-05-12 08:17:06 +02:00
Jordi Castells 205c36b58f Fixed #32670 -- Allowed GDALRasters to use any GDAL virtual filesystem. 2021-05-07 20:03:46 +02:00
Hasan Ramezani 028f10fac6 Fixed #32712 -- Deprecated django.utils.baseconv module. 2021-05-07 11:57:40 +02:00
Nick Pope c240ceea7d
Fixed typo in docs/internals/contributing/writing-documentation.txt. 2021-05-06 20:01:32 +02:00
Mariusz Felisiak 29779075d7 Added stub release notes for Django 3.2.3. 2021-05-06 10:08:00 +02:00
Mariusz Felisiak efebcc429f Added CVE-2021-32052 to security archive. 2021-05-06 09:58:24 +02:00
Mariusz Felisiak e1e81aa1c4
Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
Simon Charette 96f55ccf79 Fixed #32714 -- Prevented recreation of migration for Meta.ordering with OrderBy expressions.
Regression in c8b6594305.

Thanks Kevin Marsh for the report.
2021-05-05 08:43:57 +02:00
Carlton Gibson 62b2e8b37e Added commits for CVE-2021-31542 to security archive. 2021-05-04 11:09:21 +02:00
Carlton Gibson 607ebbfba9 Added CVE-2021-31542 to security archive. 2021-05-04 11:06:07 +02:00
Carlton Gibson 5a43cfe245 Added stub release notes for Django 3.2.2. 2021-05-04 11:01:33 +02:00
Florian Apolloner 0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Susan Wright 7582d913e7
Added spelling option to make.bat. 2021-04-30 14:04:22 +02:00
Tim Graham 54da6e2ac2 Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. 2021-04-30 12:32:52 +02:00
Hasan Ramezani 8bcb00858e Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ExceptionReporter._get_raw_insecure_uri(). 2021-04-30 08:05:42 +02:00
Hasan Ramezani ca34db4650
Refs #32178 -- Doc'd DatabaseFeatures.django_test_skips/django_test_expected_failures in contributing guide. 2021-04-29 20:55:34 +02:00
Nick Pope 2161db0792
Fixed capitalization of "ECMAScript" and "JavaScript". 2021-04-29 20:29:08 +02:00
Carlton Gibson 907d3a7ff4 Refs #32674 -- Noted that auto-created through table PKs cannot be automatically migrated. 2021-04-29 13:53:56 +02:00
Mariusz Felisiak baba733dcc
Refs #32682 -- Renamed lookup_needs_distinct() to lookup_spawns_duplicates().
Follow up to 1871182031.
2021-04-29 12:04:30 +02:00
Carlton Gibson 4f128fcf5d
Refs #32694 -- Clarified when colorama requirement is needed in Windows how-to. 2021-04-29 11:26:38 +02:00
David Wobrock 4ab3ef238e Fixed #32675 -- Doc'd that autodector changes might cause generation of no-op migrations.
Follow up to aa4acc164d.
2021-04-29 07:46:22 +02:00
Adam Johnson 68e876c095
Corrected introduction to range field lookups docs.
Follow up to 24b9f50823.
2021-04-28 20:35:05 +02:00
Simon Charette c8b6594305 Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery deconstruction.
Subquery deconstruction support required implementing complex and
expensive equality rules for sql.Query objects for little benefit as
the latter cannot themselves be made deconstructible to their reference
to model classes.

Making Expression @deconstructible and not BaseExpression allows
interested parties to conform to the "expression" API even if they are
not deconstructible as it's only a requirement for expressions allowed
in Model fields and meta options (e.g. constraints, indexes).

Thanks Phillip Cutter for the report.

This also fixes a performance regression in bbf141bcdc.
2021-04-28 12:13:55 +02:00
Konstantin Alekseev 6e742dabc9 Fixed #32687 -- Restored passing process’ environment to underlying tool in dbshell on PostgreSQL.
Regression in bbe6fbb876.
2021-04-27 10:43:35 +02:00
Mariusz Felisiak 1871182031 Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for preventing duplicates.
Thanks Zain Patel for the report and Simon Charette for reviews.

The exception introduced in 6307c3f1a1
revealed a possible data loss issue in the admin.
2021-04-27 10:34:47 +02:00
Mariusz Felisiak cd74aad90e Refs #32682 -- Renamed use_distinct variable to may_have_duplicates.
QuerySet.distinct() is not the only way to avoid duplicate, it's also
not preferred.
2021-04-27 10:34:47 +02:00
Zain Patel 4e5bbb6ef2 Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin template.
Regression in 84609b3205.
2021-04-26 07:08:16 +02:00
Clumart.G 67bb1f516c
Refs #28034 -- Corrected docs example in contributing tutorial. 2021-04-23 15:24:16 +02:00
Carlton Gibson 6a7af38b07 Added note to update docs config when creating new stable branch.
django_next_version in docs/conf.py should be bumped when creating a new stable
branch.
2021-04-22 08:08:38 +02:00
Abhyudai 4a77aeb1f8
Fixed #32667 -- Added link to labeling checks in BaseCommand.requires_system_checks docs.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-04-21 16:40:04 +02:00
Simon Charette 6d0cbe42c3 Fixed #32650 -- Fixed handling subquery aliasing on queryset combination.
This issue started manifesting itself when nesting a combined subquery
relying on exclude() since 8593e162c9 but
sql.Query.combine never properly handled subqueries outer refs in the
first place, see QuerySetBitwiseOperationTests.test_subquery_aliases()
(refs #27149).

Thanks Raffaele Salmaso for the report.
2021-04-21 09:49:15 +02:00
Mariusz Felisiak 34d1905712
Fixed #32665 -- Fixed caches system check crash when STATICFILES_DIRS is a list of 2-tuples.
Thanks Jared Lockhart for the report.

Regression in c36075ac1d.
2021-04-21 09:41:37 +02:00
Carlton Gibson 5c73fbb6a9 Fixed #32647 -- Restored multi-row select with shift-modifier in admin changelist.
Regression in 30e59705fc.
2021-04-21 08:31:06 +02:00
Tobias Bengfort 54e94640ac Refs #25287 -- Added support for multiplying and dividing DurationField by scalar values on SQLite. 2021-04-20 11:44:41 +02:00
David Smith 3fec16e8ac Fixed #32574 -- Confirmed support for PROJ 8.x. 2021-04-19 20:13:43 +02:00
Adam Johnson 725ca1fb60 Corrected File, ContentFile, and ImageFile signatures in docs. 2021-04-16 06:17:45 +02:00
Carlton Gibson e3e2276e6f Fixed #32652 -- Fixed links to new contributors FAQ. 2021-04-15 17:14:22 +02:00
Florian Apolloner 4511d14598 Fixed #32643 -- Fixed decoding of messages in the pre-Django 3.2 format.
Thanks Jan Pieter Waagmeester for the report.

Regression in 2d6179c819.
2021-04-14 22:52:59 +02:00
Mariusz Felisiak ca98729055
Fixed #32645 -- Fixed QuerySet.update() crash when ordered by joined fields on MySQL/MariaDB.
Thanks Matt Westcott for the report.

Regression in 779e615e36.
2021-04-14 21:11:17 +02:00
Mariusz Felisiak 338eb65b6e Refs #32548 -- Forwardported 3.2.1 release note. 2021-04-14 20:25:58 +02:00