Carlton Gibson
4f61810751
Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme().
2019-09-02 15:32:23 +02:00
Simon Charette
13a8884a08
Fixed #30739 -- Fixed exclusion of multi-valued lookup against outer rhs.
...
OuterRef right hand sides have to be nested, just like F rhs have to,
during the subquery pushdown split_exclude performs to ensure they are
resolved against the outer query aliases.
2019-09-02 10:52:36 +02:00
Simon Charette
600628f8f0
Refs #28442 -- Adjusted related lookups handling of expression rhs.
...
Expressions should never be prepared as other Lookup.get_prep_lookup
implementations hint at by returning early on the presence of the
resolve_expression attribute.
The previous solution was only handling lookups against related fields
pointing at AutoFields and would break for foreign keys to other fields.
It was also causing bidirectional coupling between model fields and
expressions which the method level import of OuterRef was a symptom of.
2019-09-02 10:52:36 +02:00
Nick Pope
999891bd80
Refs #29379 -- Moved autocomplete attribute to UsernameField.
...
Moving the autocomplete attribute into UsernameField allows this to work
for custom forms making use of UsernameField, removes some duplication
in the code, and keeps consistency with the autocapitalize attribute
that is already defined on UsernameField.
2019-09-02 10:50:56 +02:00
Alan Crosswell
03fa846c6a
Fixed #30731 -- Fixed handling trailing groups in simplify_regex().
...
Previously simplify_regex() didn't handle trailing groups for regexp
without the end of string character ("$").
2019-08-30 12:43:39 +02:00
yukihira1992
0545781764
Fixed #30736 -- Added Storage.get_alternative_name() to allow customization.
2019-08-30 11:32:19 +02:00
Berker Peksag
400ec5125e
Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods.
...
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-29 19:32:12 +02:00
daniel a rios
b5a5c92c72
Fixed #30066 -- Enabled super user creation without email and password
2019-08-29 12:49:16 +02:00
Mariusz Felisiak
d275fd04f3
Refs #25367 -- Simplified OrderBy and Lookup by using Case() instead of RawSQL() on Oracle.
...
Follow up to efa1908f66
.
2019-08-29 11:56:12 +02:00
Matthew Schinckel
4137fc2efc
Fixed #25367 -- Allowed boolean expressions in QuerySet.filter() and exclude().
...
This allows using expressions that have an output_field that is a
BooleanField to be used directly in a queryset filters, or in the
When() clauses of a Case() expression.
Thanks Josh Smeaton, Tim Graham, Simon Charette, Mariusz Felisiak, and
Adam Johnson for reviews.
Co-Authored-By: NyanKiyoshi <hello@vanille.bid>
2019-08-29 09:45:29 +02:00
Jon Dufresne
a44d80f88e
Adjusted subprocess.run() calls to use arg list, rather than string.
...
The Python docs recommend passing a sequence to subprocess.run() when
possible. Doing so allows for automatic escaping and quoting of
arguments.
https://docs.python.org/3/library/subprocess.html#frequently-used-arguments
> args is required for all calls and should be a string, or a sequence
> of program arguments. Providing a sequence of arguments is generally
> preferred, as it allows the module to take care of any required
> escaping and quoting of arguments (e.g. to permit spaces in file
> names).
Also removed `shell=True` where unnecessary.
2019-08-28 10:19:30 +02:00
Jon Dufresne
1e6b9e29e6
Refs #27795 -- Removed an unnecessary force_bytes() call in uri_to_iri().
...
The value returned from urllib.parse.quote() is always a string, so can
safely call .encode().
2019-08-28 09:20:46 +02:00
Federico Jaramillo Martínez
8f6860863e
Fixed #30722 -- Added default rate-limiting requests to admin's Select2 widget.
2019-08-27 13:47:36 +02:00
Andrew Brown
691def10a0
Fixed #30727 -- Made Subquery pickle without evaluating their QuerySet.
...
Subquery expression objects, when pickled, were evaluating the QuerySet
objects saved in its _constructor_args attribute.
2019-08-27 13:05:20 +02:00
Hasan Ramezani
03dbdfd9bb
Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS.
2019-08-26 14:48:40 +02:00
Mariusz Felisiak
579909a13f
Refs #30591 -- Fixed introspection of check and unique column constraints on MariaDB.
...
Unnamed unique and check columns constraints have the same name as
a column. Ensure uniqueness by using custom names.
Thanks Adnan Umer for the report.
2019-08-26 09:15:37 +02:00
Jon Dufresne
d0861fcb2d
Refs #23919 -- Replaced super(ASGIHandler, self) with super().
2019-08-26 08:36:56 +02:00
Simon Charette
bb9e82f274
Fixed #29955 -- Added support for distance expression to the dwithin lookup.
...
This was missed when adding support to other distance lookups in
refs #25499 .
Thanks Peter Bex for the report and Mariusz for testcases.
2019-08-23 21:28:28 +02:00
Dulmandakh
06372a8d27
Fixed #30507 -- Updated admin's jQuery to 3.4.1.
2019-08-23 11:00:16 +02:00
Claude Paroz
9386586f31
Replaced subprocess commands by run() wherever possible.
2019-08-23 10:53:36 +02:00
Mariusz Felisiak
521308e575
Fixed #30715 -- Fixed crash of ArrayField lookups on ArrayAgg annotations over AutoField.
2019-08-23 10:43:08 +02:00
Mariusz Felisiak
b1f669406f
Reduced code duplication in ArrayField's lookups.
2019-08-23 10:43:08 +02:00
Carlton Gibson
5b4c6b58a0
Fixed #30064 -- Added form to validate admin search fields query input.
2019-08-22 14:09:49 +02:00
Nasir Hussain
6b16c91157
Fixed #30712 -- Allowed BLOB/TEXT defaults on MySQL 8.0.13+.
2019-08-22 12:23:10 +02:00
Mads Jensen
85ac838d9e
Fixed #21039 -- Added AddIndexConcurrently/RemoveIndexConcurrently operations for PostgreSQL.
...
Thanks to Simon Charettes for review.
Co-Authored-By: Daniel Tao <daniel.tao@gmail.com>
2019-08-21 13:10:06 +02:00
Hasan Ramezani
22394bd3a1
Fixed #29667 -- Prohibited whitespaces in path() URLs.
2019-08-20 11:53:10 +02:00
Nick Pope
21e559495b
Fixed #29979 , Refs #17337 -- Extracted AutoField field logic into a mixin and refactored AutoFields.
...
This reduces duplication by allowing AutoField, BigAutoField and
SmallAutoField to inherit from IntegerField, BigIntegerField and
SmallIntegerField respectively. Doing so also allows for enabling the
max_length warning check and minimum/maximum value validation for auto
fields, as well as providing a mixin that can be used for other possible
future auto field types such as a theoretical UUIDAutoField.
2019-08-20 09:22:25 +02:00
Hasan Ramezani
85458e94e3
Fixed #29260 -- Skipped an UPDATE when adding a model instance with primary key that has a default.
2019-08-19 13:28:35 +02:00
Maaz Bin Tahir Saeed
e9f74f53cc
Fixed #30693 -- Removed separate import of os.path in django.core.management.templates.
2019-08-19 13:27:13 +02:00
Claude Paroz
d1c2e6dd04
Refs #28428 -- Made FileField.upload_to support pathlib.Path.
2019-08-18 20:34:58 +02:00
Claude Paroz
0468159763
Refs #30426 -- Changed default SECURE_CONTENT_TYPE_NOSNIFF to True.
2019-08-18 13:17:49 +02:00
Simon Charette
8b4a43dda7
Fixed #29545 -- Fixed using filter lookups againts nested subquery expressions.
...
Made sql.Where resolve lhs of its child nodes. This is necessary to
allow filter lookups against nested subquery expressions to properly
resolve their OuterRefs to Cols.
Thanks Oskar Persson for the simplified test case.
2019-08-17 11:24:35 +02:00
Adnan Umer
6805c0f99f
Fixed #30701 -- Updated patch_vary_headers() to handle an asterisk according to RFC 7231.
2019-08-16 15:25:42 +02:00
Adam Johnson
7da6a28a44
Fixed #27676 -- Allowed BLOB/TEXT defaults on MariaDB 10.2.1+.
2019-08-16 11:39:37 +02:00
Andrew Brown
8a281aa7fe
Fixed #30687 -- Fixed using of OuterRef() expressions in distance lookups.
2019-08-16 06:50:33 +02:00
zeyneloz
8289fc55ff
Refs #30449 -- Made RelatedOnlyFieldListFilter respect ModelAdmin.ordering.
2019-08-15 10:29:10 +02:00
zeyneloz
00035672a4
Fixed #30449 -- Fixed RelatedFieldListFilter/RelatedOnlyFieldListFilter to respect model's Meta.ordering.
...
Regression in 6d4e5feb79
.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-08-15 10:29:05 +02:00
Mariusz Felisiak
1f8382d34d
Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params.
...
Regression in 4f5b58f5cd
.
Thanks Florian Apolloner for the report and helping with tests.
2019-08-14 15:25:35 +02:00
Mads Jensen
0b8d911d28
Optimized Field.deconstruct() by using elif.
2019-08-14 10:50:31 +02:00
Claude Paroz
eed2e740f7
Fixed #30461 -- Made GeoIP2 and GEOIP_PATH setting accept pathlib.Path as library path.
...
Thanks Nikita Krokosh for the initial patch.
2019-08-13 19:44:10 +02:00
Claude Paroz
88c0b907e7
Refs #30461 -- Added django.utils._os.to_path().
2019-08-13 17:17:39 +02:00
Mariusz Felisiak
c19ad2da4b
Fixed #30704 -- Fixed crash of JSONField nested key and index transforms on expressions with params.
...
Thanks Florian Apolloner for the report and helping with tests.
2019-08-13 08:42:17 +02:00
Simon Charette
efa1908f66
Refs #25367 -- Moved Oracle Exists() handling to contextual methods.
...
Oracle requires the EXISTS expression to be wrapped in a CASE WHEN in
the following cases.
1. When part of a SELECT clause.
2. When part of a ORDER BY clause.
3. When compared against another expression in the WHERE clause.
This commit moves the systematic CASE WHEN wrapping of Exists.as_oracle
to contextual .select_format, Lookup.as_oracle, and OrderBy.as_oracle
methods in order to avoid unnecessary wrapping.
2019-08-13 06:48:14 +02:00
Simon Charette
fff5186d32
Refs #25367 -- Moved select_format hook to BaseExpression.
...
This will expose an intermediary hook for expressions that need special
formatting when used in a SELECT clause.
2019-08-13 06:48:14 +02:00
Min ho Kim
4f7328ce8a
Corrected multiple typos.
2019-08-12 12:53:36 +02:00
Simon Charette
088a6fab1c
Refs #24793 -- Removed bogus connection argument from SQLCompiler.compile() calls.
...
The method doesn't expect a connection object to be passed as its second
argument.
2019-08-12 07:47:55 +02:00
Simon Charette
8b3e1b6e9e
Refs #11964 -- Made constraint support check respect required_db_features.
...
This will notably silence the warnings issued when running the test
suite on MySQL.
2019-08-12 06:44:37 +02:00
Simon Charette
2fb872e56f
Refs #23879 -- Made introspection respect required_db_features.
2019-08-12 06:33:46 +02:00
swatantra
73ac9e3f04
Fixed #30677 -- Improved error message for urlencode() and Client when None is passed as data.
2019-08-11 20:15:23 +02:00
Ngalim Siregar
503f60ff57
Fixed #29008 -- Fixed crash of 404 debug page when URL path converter raises Http404.
2019-08-09 22:48:08 +02:00
Jon Dufresne
5b57798513
Removed unnecessary StatAggregate.resolve_expression().
...
This method only calls the parent method, but without the for_save
argument. The parent class, Aggregate, already ignores the for_save
argument so there is no need for special handling.
Unnecessary since its introduction in e4cf8c8420
.
2019-08-08 22:34:25 +02:00
Adnan Umer
8d3519071e
Fixed #30673 -- Relaxed system check for db_table collision when database routers are installed by turning the error into a warning.
2019-08-08 21:14:06 +02:00
Min ho Kim
65e86948b8
Corrected several typos in string literals and test names.
2019-08-07 11:23:14 +02:00
Andrew Godwin
052388aba4
Fixed #30676 -- Added --pdb option to test runner.
2019-08-07 08:16:31 +02:00
Adnan Umer
c5075360c5
Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER setting.
2019-08-05 18:44:08 +02:00
Mariusz Felisiak
05964b2198
Moved indexes in ArrayField's Index and Slice transforms to SQL params.
...
Follow up to 7deeabc7c7
.
These lookups aren't vulnerable to SQL injection because both accept
only integer indexes. It is a part of good practices.
2019-08-05 14:16:35 +02:00
Diederik van der Boor
25f21bd237
Fixed #28393 -- Added helpful error messages for invalid AutoField/FloatField/IntegerField values.
...
Co-authored-by: Diederik van der Boor <vdboor@edoburu.nl>
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-05 08:41:29 +02:00
Nick Pope
4cf1f2f13e
Simplified AlterModelTable by making it subclass ModelOptionOperation.
2019-08-02 18:19:55 +02:00
aaktsipetrov
4edad1ddf6
Fixed #30668 -- Made QuerySet.filter() raise NotSupportedError if any of source expressions is not filterable.
2019-08-02 15:06:00 +02:00
Nick Pope
194d1dfc18
Fixed #30661 -- Added models.SmallAutoField.
2019-08-02 11:39:01 +02:00
zeyneloz
955b382600
Fixed #30599 -- Prevented ManifestFilesMixin.read_manifest() from silencing errors other than FileNotFoundError.
2019-08-02 08:35:28 +02:00
Mariusz Felisiak
d14fa04ab3
Removed obsolete mentions of a check constraint in BaseDatabaseSchemaEditor.add_constraint()/remove_constraint() docstrings.
2019-08-02 07:09:37 +02:00
Jon Dufresne
e8d0d2a5ef
Removed unneeded ValueError catching in django.utils.text._replace_entity().
...
The html.entities.name2codepoint dict contains only valid Unicode
codepoints. Either the key exists and chr() will succeed or the key does
not exist.
2019-08-01 14:30:20 +02:00
Mariusz Felisiak
ff111ea5e3
Refs #30664 -- Fixed migrations crash when altering AutoField/BigAutoField with quoted db_column on PostgreSQL.
2019-08-01 12:06:32 +02:00
Ngalim Siregar
e4684220af
Fixed #30664 -- Fixed migrations crash when altering table on SQLite or altering AutoField/BigAutoField on PostgreSQL for models with quoted db_table.
2019-08-01 12:06:32 +02:00
Florian Apolloner
76ed1c49f8
Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Mariusz Felisiak
7deeabc7c7
Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
...
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-08-01 09:24:54 +02:00
Florian Apolloner
4b78420d25
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Florian Apolloner
7f65974f82
Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Carlton Gibson
eea0bf7bd5
Refs #30669 -- Removed incorrect branch in ASGIHander.read_body().
...
None is not valid for settings.FILE_UPLOAD_MAX_MEMORY_SIZE.
Always use SpooledTemporaryFile.
2019-07-31 13:33:01 +02:00
Étienne Beaulé
5f24e7158e
Fixed #30665 -- Added support for distinct argument to Avg() and Sum().
2019-07-31 11:22:50 +02:00
Nick Pope
f618e033ac
Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands.
2019-07-31 10:02:13 +02:00
Nick Pope
69a30f620e
Refs #30160 -- Simplified archive extension map and added other aliases.
2019-07-31 09:46:17 +02:00
Hasan Ramezani
e3fc9af4ab
Refs #30593 -- Fixed introspection of check constraints columns on MariaDB.
2019-07-30 16:32:13 +02:00
Hasan Ramezani
b2aad9ad4d
Refs #30593 -- Added _parse_constraint_columns() hook to introspection on MariaDB.
2019-07-30 16:32:13 +02:00
Nick Pope
0509148c24
Refs #30160 -- Made destination path a required argument of extract().
2019-07-30 11:27:56 +02:00
Jerrod Martin
c7bef16a74
Fixed #30411 -- Improved formatting of text tracebacks in technical 500 templates.
...
Co-Authored-By: Daniel Hahler <git@thequod.de>
2019-07-29 11:09:54 +02:00
Claude Paroz
3c6d32e0b2
Fixed #30552 -- Fixed loss of SRID when calling reverse() on LineString/Point.
...
Thanks Mariusz Felisiak for contributing the Point part.
2019-07-27 20:12:46 +02:00
Jon Dufresne
4122d9d3f1
Refs #28147 -- Fixed setting of OneToOne and Foreign Key fields to None when using attnames.
...
Regression in 519016e5f2
.
2019-07-27 12:04:56 +02:00
Piotr Domanski
4b4e68a7a6
Fixed #30567 -- Made WSGIHandler pass FileResponse.block_size to wsgi.file_wrapper.
2019-07-26 07:31:51 +02:00
Mariusz Felisiak
806ba19bbf
Added Query.is_sliced property.
...
Previously, we used Query.can_filter() mainly to check if a query is
sliced what was confusing.
2019-07-25 20:45:55 +02:00
Hasan Ramezani
1853383969
Fixed #27995 -- Added error messages on unsupported operations following union(), intersection(), and difference().
2019-07-25 12:39:55 +02:00
Jon Dufresne
5ed20b3aa3
Fixed #30657 -- Allowed customizing Field's descriptors with a descriptor_class attribute.
...
Allows model fields to override the descriptor class used on the model
instance attribute.
2019-07-25 08:15:20 +02:00
Jon Dufresne
93ffa81bc5
Refs #30657 -- Made DeferredAttribute.__init__() to take a field instance instead of a field name.
2019-07-25 07:24:52 +02:00
Tom Forbes
fc75694257
Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved.
2019-07-24 14:08:37 +02:00
Mariusz Felisiak
fed5e19369
Removed unused BaseReloader.watch_file().
...
Unused since its introduction in c8720e7696
.
2019-07-24 13:32:02 +02:00
Jon Dufresne
d89053585e
Improved error message when index in __getitem__() is invalid.
2019-07-23 20:12:08 +02:00
Mariusz Felisiak
8d52a525c8
Refs #29548 -- Fixed DatabaseWrapper.display_name on MariaDB.
2019-07-23 13:34:06 +02:00
Tom Forbes
2ff517ccb6
Fixed #30506 -- Fixed crash of autoreloader when path contains null characters.
2019-07-23 10:03:23 +02:00
Jon Dufresne
60dc957a82
Removed unnecessary code in Model.__init__().
...
As is_related_object is True, the val variable is unused for the
remainder of the method.
Unnecessary since 53da1e4794
.
2019-07-23 07:45:07 +02:00
Georgi Yanchev
c6581a40be
Fixed #30644 -- Made introspection use pg_table_is_visible() instead of filtering by public schema on PostgreSQL.
2019-07-22 08:14:53 +02:00
Mariusz Felisiak
842fd620ff
Simplified get_key_columns()/get_relations() introspection methods for PostgreSQL.
2019-07-20 15:15:41 +02:00
Min ho Kim
9f11939dd1
Fixed typos in comments and a test name.
2019-07-19 18:24:06 +02:00
Hasan Ramezani
1fc2c70f76
Fixed #30593 -- Added support for check constraints on MariaDB 10.2+.
2019-07-19 11:05:06 +02:00
Mads Jensen
a3417282ac
Fixed #29824 -- Added support for database exclusion constraints on PostgreSQL.
...
Thanks to Nick Pope and Mariusz Felisiak for review.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-07-16 18:04:41 +02:00
Mads Jensen
7174cf0b00
Refs #29824 -- Added RangeOperators helper class.
2019-07-16 16:57:46 +02:00
Yann Sionneau
e47b8293a7
Fixed #30636 -- Fixed options ordering when cloning test database on MySQL.
...
--defaults-file must be given before other options.
2019-07-16 07:25:43 +02:00
Mariusz Felisiak
858cfd74e9
Simplified RangeContainedBy by making it subclass PostgresSimpleLookup.
2019-07-13 10:55:19 +02:00
Mariusz Felisiak
70c2b90d95
Simplified DateTimeRangeContains by making it subclass PostgresSimpleLookup.
2019-07-12 17:27:49 +02:00
Hasan Ramezani
402e6d292f
Fixed #30602 -- Made Extract raise ValueError when using unsupported lookups for DurationField.
2019-07-12 08:08:35 +02:00