93cae5cb2f
Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
...
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
2022-04-11 08:59:33 +02:00
04ad0f26ba
Refs #33397 -- Added extra tests for resolving an output_field of CombinedExpression.
2022-03-30 11:03:48 +02:00
7119f40c98
Refs #33476 -- Refactored code to strictly match 88 characters line length.
2022-02-07 20:37:05 +01:00
9c19aff7c7
Refs #33476 -- Reformatted code with Black.
2022-02-07 20:37:05 +01:00
c5cd878382
Refs #33476 -- Refactored problematic code before reformatting by Black.
...
In these cases Black produces unexpected results, e.g.
def make_random_password(
self,
length=10,
allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):
or
cursor.execute("""
SELECT ...
""",
[table name],
)
2022-02-03 11:20:46 +01:00
72b23c04d8
Fixed #33374 -- Fixed ExpressionWrapper annotations with full queryset.
2021-12-21 06:17:04 +01:00
dd1fa3a31b
Fixed #33018 -- Fixed annotations with empty queryset.
...
Thanks Simon Charette for the review and implementation idea.
2021-09-29 20:23:29 +02:00
c51bf80d56
Used more specific unittest assertions in tests.
2021-07-07 10:51:38 +02:00
d992f4e3c2
Refs #31369 -- Removed models.NullBooleanField per deprecation timeline.
2021-01-14 17:50:04 +01:00
275dd4ebba
Fixed #32178 -- Allowed database backends to skip tests and mark expected failures.
...
Co-authored-by: Tim Graham <timograham@gmail.com>
2020-12-10 18:00:57 +01:00
8b040e3cbb
Fixed #25534 , Fixed #31639 -- Added support for transform references in expressions.
...
Thanks Mariusz Felisiak and Simon Charette for reviews.
2020-11-27 20:42:04 +01:00
fe9c7ded29
Fixed #32200 -- Fixed grouping by ExpressionWrapper() with Q objects.
...
Thanks Gordon Wrigley for the report.
Regression in df32fd42b8
2020-11-19 21:00:04 +01:00
4ac2d4fa42
Fixed #32152 -- Fixed grouping by subquery aliases.
...
Regression in 42c08ee465
2020-10-29 09:56:09 +01:00
3a9f192b13
Refs #32007 -- Skipped test_q_expression_annotation_with_aggregation on Oracle.
2020-09-16 11:47:02 +02:00
eaf9764d3b
Fixed #32007 -- Fixed queryset crash with Q() annotation and aggregation.
...
Thanks Gordon Wrigley for the report.
Regression in 8a6df55f2d
2020-09-15 11:40:59 +02:00
493b26bbfc
Fixed #31888 -- Avoided module-level MySQL queries in tests.
2020-08-17 09:31:16 +02:00
f4ac167119
Fixed #27719 -- Added QuerySet.alias() to allow creating reusable aliases.
...
QuerySet.alias() allows creating reusable aliases for expressions that
don't need to be selected but are used for filtering, ordering, or as
a part of complex expressions.
Thanks Simon Charette for reviews.
2020-07-31 13:19:33 +02:00
e74b3d724e
Bumped minimum isort version to 5.1.0.
...
Fixed inner imports per isort 5.
isort 5.0.0 to 5.1.0 was unstable.
2020-07-30 10:58:59 +02:00
156a2138db
Refs #30446 -- Removed unnecessary Value(..., output_field) in docs and tests.
2020-07-15 10:58:38 +02:00
8a6df55f2d
Fixed #31773 -- Fixed preserving output_field in ExpressionWrapper for combined expressions.
...
Thanks Thodoris Sotiropoulos for the report and Simon Charette for the
implementation idea.
Regression in df32fd42b8
2020-07-09 11:55:03 +02:00
aeb8996a67
Fixed #31659 -- Made ExpressionWrapper preserve output_field for combined expressions.
...
Regression in df32fd42b8
2020-06-12 07:20:06 +02:00
78ad4b4b02
Fixed #31660 -- Fixed queryset crash when grouping by m2o relation.
...
Regression in 3a941230c8
2020-06-08 07:21:54 +02:00
3a941230c8
Fixed #31584 -- Fixed crash when chaining values()/values_list() after Exists() annotation and aggregation on Oracle.
...
Oracle requires the EXISTS expression to be wrapped in a CASE WHEN in
the GROUP BY clause.
Regression in efa1908f66
2020-05-14 15:07:08 +02:00
42c08ee465
Fixed #31566 -- Fixed aliases crash when chaining values()/values_list() after annotate() with aggregations and subqueries.
...
Subquery annotation references must be resolved if they are excluded
from the GROUP BY clause by a following .values() call.
Regression in fb3f034f1c
2020-05-14 08:16:16 +02:00
9100c664db
Relaxed some query ordering assertions in tests.
...
It accounts for differences seen on cockroachdb.
2019-11-18 12:32:37 +01:00
52545e788d
Fixed #28289 -- Fixed crash of RawSQL annotations on inherited model fields.
2019-07-11 08:27:15 +02:00
e595a713cc
Refs #29542 , #30158 -- Enabled a HAVING subquery filter test on Oracle.
...
Now that subquery annotations aren't included in the GROUP BY unless
explicitly grouped against, the test works on Oracle.
2019-03-21 18:48:41 -04:00
dd3b470719
Fixed #29542 -- Fixed invalid SQL if a Subquery from the HAVING clause is used in the GROUP BY clause.
...
Thanks Tim Graham for the review.
2018-07-14 12:03:22 +02:00
0e64e046a4
Fixed #29530 -- Fixed aliases ordering when chaining annotate() and filter().
2018-07-02 21:09:29 +02:00
4ab1f559e8
Fixed #29416 -- Removed unnecesary subquery from GROUP BY clause on MySQL when using a RawSQL annotation.
...
Regression in 1d070d027c
2018-05-27 18:25:19 -04:00
5fa4f40f45
Fixed #29227 -- Allowed BooleanField to be null=True.
...
Thanks Lynn Cyrin for contributing to the patch, and Nick Pope for review.
2018-03-20 12:10:10 -04:00
362813d628
Fixed hanging indentation in various code.
2018-03-16 10:54:34 +01:00
fbf647287e
Fixed #28811 -- Fixed crash when combining regular and group by annotations.
2018-01-03 08:24:16 -05:00
ebc4ee3369
Refs #23941 -- Prevented incorrect rounding of DecimalField annotations on SQLite.
2017-12-21 19:50:56 -05:00
c3c6c92d76
Refs #18247 -- Fixed filtering on CombinedExpression(output_field=DecimalField()) annotation on SQLite.
2017-08-10 17:42:30 -04:00
6e228d0b65
Fixed #28277 -- Added validation of QuerySet.annotate() and aggregate() args.
...
Thanks Tim Graham and Nick Pope for reviews.
2017-06-29 18:25:36 +02:00
2c69824e5a
Refs #23968 -- Removed unnecessary lists, generators, and tuple calls.
2017-06-01 19:08:59 -04:00
1d070d027c
Fixed #25414 -- Fixed QuerySet.annotate() with pk in values() on MySQL.
...
Thanks Tim Graham and Simon Charette for the reviews.
2017-03-29 06:47:07 +02:00
ac5f886c56
Fixed #27800 -- Fixed QuerySet.annotate(Length(...)).distinct() crash.
2017-01-31 18:45:55 -05:00
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
c7bfcd2f37
Fixed #27481 -- Made SQLite return annotated boolean values as boolean, not integer.
...
Thanks Simon Charette for review.
2016-11-14 14:47:20 -05:00
321e94fa41
Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.
2016-11-10 21:30:21 -05:00
631ef6b272
Made FieldError/FieldDoesNotExist messages uniform across Python versions.
...
Removed possible u'' prefixes on Python 2.
2016-09-17 09:29:14 -04:00
c002a0d39f
Fixed #26517 -- Fixed ExpressionWrapper with empty queryset.
2016-08-08 10:43:33 -04:00
1c8c0837c6
Sorted single letter imports per the latest version of isort.
2016-03-28 11:45:31 -04:00
406675b1a0
Fixed #26176 -- Fixed E123 flake8 warnings.
2016-02-05 15:11:07 -05:00
1f7b25c1a7
Fixed #24986 -- Added support for annotations in DISTINCT queries.
2015-08-15 08:23:32 -04:00
f9636fdf92
Refs #23843 -- Updated Oracle annotations workaround to reflect latest status.
2015-08-14 13:52:18 -04:00
801a84ae32
Fixed #24835 -- Fixed QuerySet.exists() after an annotation with Count()
...
QuerySet.exists() incorrectly handled query.group_by = True
case (grouping by all select fields), causing GROUP BY
expressions to be wiped along with select fields.
2015-05-25 20:46:20 -04:00
Mariusz Felisiak
Luke Plant
django-bot
David Wobrock
Mads Jensen
Hasan Ramezani
Ian Foote
Christian Klus
Ahmad A. Hussein
Alexandr Tatarinov
David Smith
Simon Charette
Tim Graham
can
Robin Ramael
Sergey Fedoseev
Jon Dufresne
Lex Berezhny
Claude Paroz
za
François Freitag
Johannes Dollinger
Valentina Mukhamedzhanova
Paweł Marczewski