innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
27,239 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

16463 Commits

Author SHA1 Message Date
Carlton Gibson 5b4c6b58a0
Fixed #30064 -- Added form to validate admin search fields query input. 2019-08-22 14:09:49 +02:00
Nasir Hussain 6b16c91157 Fixed #30712 -- Allowed BLOB/TEXT defaults on MySQL 8.0.13+. 2019-08-22 12:23:10 +02:00
Mads Jensen 85ac838d9e Fixed #21039 -- Added AddIndexConcurrently/RemoveIndexConcurrently operations for PostgreSQL. 
Thanks to Simon Charettes for review.

Co-Authored-By: Daniel Tao <daniel.tao@gmail.com>
 2019-08-21 13:10:06 +02:00
Hasan Ramezani 22394bd3a1 Fixed #29667 -- Prohibited whitespaces in path() URLs. 2019-08-20 11:53:10 +02:00
Nick Pope 21e559495b Fixed #29979, Refs #17337 -- Extracted AutoField field logic into a mixin and refactored AutoFields. 
This reduces duplication by allowing AutoField, BigAutoField and
SmallAutoField to inherit from IntegerField, BigIntegerField and
SmallIntegerField respectively. Doing so also allows for enabling the
max_length warning check and minimum/maximum value validation for auto
fields, as well as providing a mixin that can be used for other possible
future auto field types such as a theoretical UUIDAutoField.
 2019-08-20 09:22:25 +02:00
Hasan Ramezani 85458e94e3 Fixed #29260 -- Skipped an UPDATE when adding a model instance with primary key that has a default. 2019-08-19 13:28:35 +02:00
Maaz Bin Tahir Saeed e9f74f53cc Fixed #30693 -- Removed separate import of os.path in django.core.management.templates. 2019-08-19 13:27:13 +02:00
Claude Paroz d1c2e6dd04 Refs #28428 -- Made FileField.upload_to support pathlib.Path. 2019-08-18 20:34:58 +02:00
Claude Paroz 0468159763 Refs #30426 -- Changed default SECURE_CONTENT_TYPE_NOSNIFF to True. 2019-08-18 13:17:49 +02:00
Simon Charette 8b4a43dda7 Fixed #29545 -- Fixed using filter lookups againts nested subquery expressions. 
Made sql.Where resolve lhs of its child nodes. This is necessary to
allow filter lookups against nested subquery expressions to properly
resolve their OuterRefs to Cols.

Thanks Oskar Persson for the simplified test case.
 2019-08-17 11:24:35 +02:00
Adnan Umer 6805c0f99f Fixed #30701 -- Updated patch_vary_headers() to handle an asterisk according to RFC 7231. 2019-08-16 15:25:42 +02:00
Adam Johnson 7da6a28a44 Fixed #27676 -- Allowed BLOB/TEXT defaults on MariaDB 10.2.1+. 2019-08-16 11:39:37 +02:00
Andrew Brown 8a281aa7fe Fixed #30687 -- Fixed using of OuterRef() expressions in distance lookups. 2019-08-16 06:50:33 +02:00
zeyneloz 8289fc55ff Refs #30449 -- Made RelatedOnlyFieldListFilter respect ModelAdmin.ordering. 2019-08-15 10:29:10 +02:00
zeyneloz 00035672a4 Fixed #30449 -- Fixed RelatedFieldListFilter/RelatedOnlyFieldListFilter to respect model's Meta.ordering. 
Regression in 6d4e5feb79.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2019-08-15 10:29:05 +02:00
Mariusz Felisiak 1f8382d34d
Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params. 
Regression in 4f5b58f5cd.

Thanks Florian Apolloner for the report and helping with tests.
 2019-08-14 15:25:35 +02:00
Mads Jensen 0b8d911d28 Optimized Field.deconstruct() by using elif. 2019-08-14 10:50:31 +02:00
Claude Paroz eed2e740f7 Fixed #30461 -- Made GeoIP2 and GEOIP_PATH setting accept pathlib.Path as library path. 
Thanks Nikita Krokosh for the initial patch.
 2019-08-13 19:44:10 +02:00
Claude Paroz 88c0b907e7 Refs #30461 -- Added django.utils._os.to_path(). 2019-08-13 17:17:39 +02:00
Mariusz Felisiak c19ad2da4b
Fixed #30704 -- Fixed crash of JSONField nested key and index transforms on expressions with params. 
Thanks Florian Apolloner for the report and helping with tests.
 2019-08-13 08:42:17 +02:00
Simon Charette efa1908f66 Refs #25367 -- Moved Oracle Exists() handling to contextual methods. 
Oracle requires the EXISTS expression to be wrapped in a CASE WHEN in
the following cases.

1. When part of a SELECT clause.
2. When part of a ORDER BY clause.
3. When compared against another expression in the WHERE clause.

This commit moves the systematic CASE WHEN wrapping of Exists.as_oracle
to contextual .select_format, Lookup.as_oracle, and OrderBy.as_oracle
methods in order to avoid unnecessary wrapping.
 2019-08-13 06:48:14 +02:00
Simon Charette fff5186d32 Refs #25367 -- Moved select_format hook to BaseExpression. 
This will expose an intermediary hook for expressions that need special
formatting when used in a SELECT clause.
 2019-08-13 06:48:14 +02:00
Min ho Kim 4f7328ce8a Corrected multiple typos. 2019-08-12 12:53:36 +02:00
Simon Charette 088a6fab1c Refs #24793 -- Removed bogus connection argument from SQLCompiler.compile() calls. 
The method doesn't expect a connection object to be passed as its second
argument.
 2019-08-12 07:47:55 +02:00
Simon Charette 8b3e1b6e9e Refs #11964 -- Made constraint support check respect required_db_features. 
This will notably silence the warnings issued when running the test
suite on MySQL.
 2019-08-12 06:44:37 +02:00
Simon Charette 2fb872e56f Refs #23879 -- Made introspection respect required_db_features. 2019-08-12 06:33:46 +02:00
swatantra 73ac9e3f04 Fixed #30677 -- Improved error message for urlencode() and Client when None is passed as data. 2019-08-11 20:15:23 +02:00
Ngalim Siregar 503f60ff57 Fixed #29008 -- Fixed crash of 404 debug page when URL path converter raises Http404. 2019-08-09 22:48:08 +02:00
Jon Dufresne 5b57798513 Removed unnecessary StatAggregate.resolve_expression(). 
This method only calls the parent method, but without the for_save
argument. The parent class, Aggregate, already ignores the for_save
argument so there is no need for special handling.

Unnecessary since its introduction in e4cf8c8420.
 2019-08-08 22:34:25 +02:00
Adnan Umer 8d3519071e Fixed #30673 -- Relaxed system check for db_table collision when database routers are installed by turning the error into a warning. 2019-08-08 21:14:06 +02:00
Min ho Kim 65e86948b8 Corrected several typos in string literals and test names. 2019-08-07 11:23:14 +02:00
Andrew Godwin 052388aba4 Fixed #30676 -- Added --pdb option to test runner. 2019-08-07 08:16:31 +02:00
Adnan Umer c5075360c5 Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER setting. 2019-08-05 18:44:08 +02:00
Mariusz Felisiak 05964b2198 Moved indexes in ArrayField's Index and Slice transforms to SQL params. 
Follow up to 7deeabc7c7.

These lookups aren't vulnerable to SQL injection because both accept
only integer indexes. It is a part of good practices.
 2019-08-05 14:16:35 +02:00
Diederik van der Boor 25f21bd237 Fixed #28393 -- Added helpful error messages for invalid AutoField/FloatField/IntegerField values. 
Co-authored-by: Diederik van der Boor <vdboor@edoburu.nl>
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
 2019-08-05 08:41:29 +02:00
Nick Pope 4cf1f2f13e Simplified AlterModelTable by making it subclass ModelOptionOperation. 2019-08-02 18:19:55 +02:00
aaktsipetrov 4edad1ddf6 Fixed #30668 -- Made QuerySet.filter() raise NotSupportedError if any of source expressions is not filterable. 2019-08-02 15:06:00 +02:00
Nick Pope 194d1dfc18 Fixed #30661 -- Added models.SmallAutoField. 2019-08-02 11:39:01 +02:00
zeyneloz 955b382600 Fixed #30599 -- Prevented ManifestFilesMixin.read_manifest() from silencing errors other than FileNotFoundError. 2019-08-02 08:35:28 +02:00
Mariusz Felisiak d14fa04ab3 Removed obsolete mentions of a check constraint in BaseDatabaseSchemaEditor.add_constraint()/remove_constraint() docstrings. 2019-08-02 07:09:37 +02:00
Jon Dufresne e8d0d2a5ef Removed unneeded ValueError catching in django.utils.text._replace_entity(). 
The html.entities.name2codepoint dict contains only valid Unicode
codepoints. Either the key exists and chr() will succeed or the key does
not exist.
 2019-08-01 14:30:20 +02:00
Mariusz Felisiak ff111ea5e3 Refs #30664 -- Fixed migrations crash when altering AutoField/BigAutoField with quoted db_column on PostgreSQL. 2019-08-01 12:06:32 +02:00
Ngalim Siregar e4684220af Fixed #30664 -- Fixed migrations crash when altering table on SQLite or altering AutoField/BigAutoField on PostgreSQL for models with quoted db_table. 2019-08-01 12:06:32 +02:00
Florian Apolloner 76ed1c49f8 Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri(). 
Thanks to Guido Vranken for initial report.
 2019-08-01 09:24:54 +02:00
Mariusz Felisiak 7deeabc7c7 Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection. 
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
 2019-08-01 09:24:54 +02:00
Florian Apolloner 4b78420d25 Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities. 
Thanks to Guido Vranken for initial report.
 2019-08-01 09:24:54 +02:00
Florian Apolloner 7f65974f82 Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML. 
Thanks to Guido Vranken for initial report.
 2019-08-01 09:24:54 +02:00
Carlton Gibson eea0bf7bd5 Refs #30669 -- Removed incorrect branch in ASGIHander.read_body(). 
None is not valid for settings.FILE_UPLOAD_MAX_MEMORY_SIZE.
Always use SpooledTemporaryFile.
 2019-07-31 13:33:01 +02:00
Étienne Beaulé 5f24e7158e Fixed #30665 -- Added support for distinct argument to Avg() and Sum(). 2019-07-31 11:22:50 +02:00
Nick Pope f618e033ac Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands. 2019-07-31 10:02:13 +02:00