Commit Graph

3171 Commits

Author SHA1 Message Date
Anvesh Mishra 6220c445c4 Fixed #29186 -- Fixed pickling HttpRequest and subclasses. 2022-09-14 13:04:34 +02:00
Shai Berger 42cd8c390d Fixed #33986 -- Hardened binary lookup in template commands.
Made template commands look up formatters before writing files.
This makes sure files included in the template are not identified
as executable formatter commands, even in case the template is
rendered into the system path (as might easily happen on Windows,
where the current directory is on the system path by default).

While at it, Warned about trusting custom templates for
startapp/startproject.

Thanks Trung Pham of Viettel Cyber Security for reporting the issue,
Django Security Team for discussions, and Adam Johnson and
Carlton Gibson for reviews.
2022-09-07 11:08:43 +02:00
Mark Evans 19e0587ee5 Fixed #33937 -- Optimized serialization of related m2m fields without natural keys. 2022-09-05 20:23:32 +02:00
Claude Paroz 903ac2f364 Fixed #33949 -- Fixed fixture dirs duplicates with Path instances. 2022-08-23 13:24:18 +02:00
Mariusz Felisiak a1e9e9abc5 Refs #27236 -- Reverted "Refs #27236 -- Added generic mechanism to handle the deprecation of migration operations."
This reverts commit 41019e48bb.
2022-07-26 11:41:19 +02:00
Anders Kaseorg 9ba2e8821f
Removed obsolete note in management.get_commands() docstring.
Commit 901c3708fb documented that the
return dict could directly include command modules instead of name
strings, which was true at the time. However, that possibility was
removed in commit 38f1fe3b35.
2022-07-25 07:55:52 +02:00
David Wobrock 41019e48bb Refs #27236 -- Added generic mechanism to handle the deprecation of migration operations. 2022-07-08 07:05:55 +02:00
Christos Kopanos 608ab043f7 Fixed #33826 -- Fixed RedisCache.set_many()/delete_many() crash with an empty list. 2022-07-06 10:45:52 +02:00
Christos Kopanos fcee0d3fb6 Used list comprehensions in RedisCache.delete_many(). 2022-07-06 10:37:20 +02:00
Vladimir Kochetkov 3926e35aa8 Fixed #33823 -- Made inspectdb generate unique related_name when reverse accessor clashes. 2022-07-06 09:35:50 +02:00
Mariusz Felisiak 083bfca6b6
Fixed #33800 -- Fixed system check for the same template tag module in installed apps and template tag libraries.
Thanks Claude Paroz for the report.

Regression in 004b4620f6.
2022-06-23 20:22:59 +02:00
Abhinav Yadav 2887b9f67c
Fixed #33657 -- Allowed customizing formatter class of argument parsers. 2022-06-20 17:34:52 +02:00
David Wobrock e286ce17ff Fixed #24870 -- Added --update option to makemigrations command. 2022-06-17 07:50:39 +02:00
David Wobrock 3893fcdd94 Refs #24870 -- Refactored out get_relative_path() hook in makemigrations. 2022-06-17 06:02:42 +02:00
Jonas Lundberg e96320c917 Fixed #33755 -- Moved ASGI body-file cleanup into request class. 2022-06-09 11:11:45 +02:00
Ronnie van den Crommenacker c32858a8ce Fixed #33565 -- Improved locale format validation for the makemessages command. 2022-06-08 16:17:12 +02:00
Anv3sh 295249c901 Fixed #32234 -- Made inspectdb inform about composite primary keys. 2022-06-01 08:40:44 +02:00
Jonas Lundberg f1e0fc645b Fixed #33754 -- Fixed crash with prematurely closed ASGI request body.
Regression in 441103a04d.
2022-05-31 08:38:00 +02:00
Aymeric Augustin 6485894157 Renamed wrapped functions to wrapper.
All these functions are wrapping another function. They're the wrapper,
while the function they're wrapping is the wrapped.
2022-05-25 10:53:52 +02:00
Mariusz Felisiak d27e6b233f
Fixed #33681 -- Made Redis client pass CACHES["OPTIONS"] to a connection pool.
Thanks Ben Picolo for the report.
2022-05-16 06:17:40 +02:00
Nick Pope 20e65a34ae
Made closing in connection handlers more DRY. 2022-05-12 15:13:51 +02:00
Kapil Bansal 3a82b5f655 Fixed #32559 -- Added 'step_size’ to numeric form fields.
Co-authored-by: Jacob Rief <jacob.rief@uibk.ac.at>
2022-05-12 14:16:52 +02:00
Carlton Gibson 34e2148fc7 Refs #33173 -- Removed use of deprecated cgi module.
https://peps.python.org/pep-0594/#cgi
2022-05-11 14:06:31 +02:00
Mariusz Felisiak 441103a04d
Refs #33173, Refs #30451 -- Fixed ResourceWarning from unclosed body files in ASGI handler on Python 3.11+. 2022-05-10 09:57:28 +02:00
Scott e12670016b
Fixed #33643 -- Fixed inspectdb crash on functional unique constraints on Oracle. 2022-04-16 15:29:51 +02:00
Mateo Radman 884b4c27f5 Fixed #32604 -- Made file upload respect group id when uploading to a temporary file. 2022-04-11 13:32:27 +02:00
Carlton Gibson bb61f0186d Refs #32365 -- Removed internal uses of utils.timezone.utc alias.
Remaining test case ensures that uses of the alias are mapped
canonically by the migration writer.
2022-03-24 06:29:50 +01:00
François Granade 4b8e4f5060 Fixed #33582 -- Fixed deserializing natural keys with foreing key dependencies in a multiple database setup. 2022-03-18 20:57:08 +01:00
Florian Apolloner 4f92cf87b0 Prevented initialization of unused database connections. 2022-03-17 07:40:57 +01:00
jochemfranken 5f9ad17201
Fixed #33580 -- Fixed crash when checking support for terminal colors on Wine.
Regression in f1585c54d0.
2022-03-16 16:16:10 +01:00
Mariusz Felisiak d11944be34
Refs #33476 -- Added warning to optimizemigration/squashmigrations commands when black cannot be applied. 2022-02-23 07:29:15 +01:00
David Wobrock 7c318a8bdd Fixed #27844 -- Added optimizemigration management command. 2022-02-22 10:30:40 +01:00
Mariusz Felisiak 1299bc33e1
Refs #33526 -- Made CSRF_COOKIE_SECURE/SESSION_COOKIE_SECURE/SESSION_COOKIE_HTTPONLY don't pass on truthy values. 2022-02-21 07:54:47 +01:00
Matthias Kestenholz a94ae4cb11
Refs #27468 -- Updated django.core.signing docstring.
Follow up to 71c4fb7beb.
2022-02-17 10:01:41 +01:00
rafrafek cdd4ff67d2 Refs #25684 -- Removed double newline from request/response output of runserver.
Follow up to 0bc5cd6280.
2022-02-14 06:55:34 +01:00
Carlton Gibson d113b5a837 Refs #33476 -- Made management commands use black.
Run black on generated files, if it is available on PATH.
2022-02-11 12:23:26 +01:00
Aaron Chong 2d472ad05c Fixed #33495 -- Improved debug logging message about adapting handlers for middlewares.
It's the wrapped handler that's adapted to the wrapping middleware.
2022-02-09 12:10:26 +01:00
Mariusz Felisiak 7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot 9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Mariusz Felisiak c5cd878382
Refs #33476 -- Refactored problematic code before reformatting by Black.
In these cases Black produces unexpected results, e.g.

def make_random_password(
    self,
    length=10,
    allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):

or

cursor.execute("""
SELECT ...
""",
    [table name],
)
2022-02-03 11:20:46 +01:00
tschilling 0dcd549bbe Fixed #30360 -- Added support for secret key rotation.
Thanks Florian Apolloner for the implementation idea.

Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2022-02-01 11:12:24 +01:00
Jacob Walls 2d8232fa71 Fixed #26760 -- Added --prune option to migrate command. 2022-01-21 17:10:31 +01:00
Nick Pope fac26684fd
Removed unused buf_size argument to LimitedStream().
Unused since its introduction in 269e921756.
2022-01-18 05:55:14 +01:00
Adam Johnson 45a42aabfa Fixed #29708 -- Deprecated PickleSerializer. 2022-01-13 13:50:20 +01:00
Adam Johnson c6cb5a0277 Refs #29708 -- Stopped inheriting from PickleSerializer by RedisSerializer. 2022-01-13 12:28:06 +01:00
Adam Johnson 90cf963264 Changed django.utils.log.log_response() to take exception instance.
There's little point retrieving a fresh reference to the exception in
the legacy tuple format, when it's all available via the exception
instance we already have.
2022-01-12 20:23:42 +01:00
Adam Johnson 84e98ba194
Added exception to SuspiciousOperation logging.
This allows better debugging and filtering of errors.
2022-01-12 13:27:25 +01:00
Jacob Walls 6f78cb6b13 Fixed #29026 -- Added --scriptable option to makemigrations. 2022-01-10 18:49:57 +01:00
Mariusz Felisiak 7346c288e3
Refs #32355 -- Removed unnecessary list() calls before reversed() on dictviews.
Dict and dictviews are iterable in reversed insertion order using
reversed() in Python 3.8+.
2022-01-07 16:29:15 +01:00
Ad Timmering bdf3e156b4 Fixed #28628 -- Changed \d to [0-9] in regexes where appropriate. 2022-01-07 12:25:06 +01:00