innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
28,672 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

11040 Commits

Author SHA1 Message Date
Mariusz Felisiak cca0d98118 [3.1.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. 
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.

Backport of d4d800ca1a from main.
 2021-04-06 08:25:24 +02:00
Nick Pope 8f6d431b08 [3.1.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.http.limited_parse_qsl(). 2021-02-18 10:15:30 +01:00
Mariusz Felisiak efaf9f4ac9
[3.1.x] Fixed backends.postgresql.tests.Tests.test_nodb_cursor_raises_postgres_authentication_failure(). 
Follow up to 9efe832ee1.
 2021-02-05 06:08:08 +01:00
Christopher Keith 5dec57a6fc [3.1.x] Fixed #31550 -- Adjusted ASGI test_file_response for various Windows content types. 
Backport of 76181308fb from master
 2021-02-04 21:58:38 +01:00
Mariusz Felisiak 9efe832ee1 [3.1.x] Fixed #32403 -- Fixed re-raising DatabaseErrors when using only 'postgres' database. 
Thanks Kazantcev Andrey for the report.

Regression in f48f671223.
Backport of f131841c60 from master
 2021-02-02 21:36:06 +01:00
Mariusz Felisiak 02e6592835 [3.1.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). 
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.

Thanks Wang Baohua for the report.

Backport of 05413afa8c from master.
 2021-02-01 09:13:58 +01:00
Mariusz Felisiak 03a86784d0 [3.1.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database. 
Backport of 135c800fe6 from master
 2021-01-29 11:03:04 +01:00
Mariusz Felisiak 5fdc81d893 [3.1.x] Fixed #32304 -- Fixed prefixing STATIC_URL and MEDIA_URL by SCRIPT_NAME for absolute URLs with no domain. 
Thanks Adam Hooper for the report.

Regression in c574bec092.
Backport of e13b71403b from master
 2020-12-31 13:19:34 +01:00
Mariusz Felisiak 6b4b7da740 [3.1.x] Fixed #32299 -- Prevented mutating handlers when processing middlewares marking as unused in an async context. 
Thanks Hubert Bielenia for the report.
Backport of 98ad327864 from master
 2020-12-29 09:06:03 +01:00
sage a891e1bb0a [3.1.x] Fixed #32252 -- Fixed __isnull=True on key transforms on SQLite and Oracle. 
__isnull=True on key transforms should not match keys with NULL values.

Backport of 8d7085e0fd from master
 2020-12-11 11:18:15 +01:00
sage a7935fe942 [3.1.x] Fixed #32203 -- Fixed QuerySet.values()/values_list() crash on key transforms with non-string values on SQLite. 
Thanks Gordon Wrigley for the report.

Backport of fe6e582421 from master
 2020-11-25 20:30:38 +01:00
sage a2abeb3de7 [3.1.x] Refs #32203 -- Added tests for QuerySet.values()/values_list() on key transforms with non-trivial values. 
Backport of 7408c4cd15 from master
 2020-11-25 20:30:30 +01:00
Mariusz Felisiak 97bfe0cba5 [3.1.x] Fixed #32224 -- Avoided suppressing connection errors in supports_json_field on SQLite. 
Regression in 6789ded0a6.

Thanks Juan Garcia Alvite for the report.
Backport of f5e5aac59e from master
 2020-11-25 12:21:29 +01:00
Mariusz Felisiak a582ef8b89 [3.1.x] Added test for filtering JSONField key transforms with quoted strings. 
Backport of bec415b290 from master
 2020-11-25 06:55:39 +01:00
Hasan Ramezani 166c0d2474 [3.1.x] Fixed #32200 -- Fixed grouping by ExpressionWrapper() with Q objects. 
Thanks Gordon Wrigley for the report.

Regression in df32fd42b8.

Backport of fe9c7ded29 from master
 2020-11-19 21:42:14 +01:00
Carlton Gibson 012822c7f9 [3.1.x] Fixed #32202 -- Fixed autoreloader argument generation for Windows with Python 3.7-. 
Backport of ead37dfb58 from master
 2020-11-19 12:12:47 +01:00
Nick Pope 1f6e7fb4ab [3.1.x] Changed docs and a code comment to use gender-neutral pronouns. 
Follow up to e1b7723817.

Backport of 477c800443 from master.
 2020-11-13 22:29:41 +01:00
Hannes Ljungberg cc3870c30f [3.1.x] Fixed #32182 -- Fixed crash of JSONField nested key transforms with subquery annotations on PostgreSQL. 
Backport of 0773837e15 from master
 2020-11-10 08:13:03 +01:00
Carlton Gibson 8b3010a298 [3.1.x] Fixed #32159 -- Ensured AsyncRequestFactory correctly sets headers. 
Backport of ebb08d1942 from master
 2020-11-04 11:09:52 +01:00
Patrick Arminio bb74d2db98 [3.1.x] Fixed #32162 -- Fixed setting Content-Length header in AsyncRequestFactory. 
Backport of 542b4b3ab4 from master
 2020-11-03 10:33:34 +01:00
Max Smolens e707a1bd9a [3.1.x] Fixed #31850 -- Fixed BasicExtractorTests.test_extraction_warning with xgettext 0.21+. 
"format string with unnamed arguments cannot be properly localized"
warning is not raised in xgettext 0.21+.

This patch uses a message that causes an xgettext warning regardless of
the version.

Backport of 07a30f5616 from master
 2020-11-02 10:29:14 +01:00
Christian Klus ab951d242e [3.1.x] Fixed #32152 -- Fixed grouping by subquery aliases. 
Regression in 42c08ee465.

Thanks Simon Charette for the review.

Backport of 4ac2d4fa42 from master
 2020-10-29 11:30:53 +01:00
Mariusz Felisiak 767e06b5a8 [3.1.x] Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation. 
Thanks Gordon Wrigley for the report and implementation idea.

Regression in 226ebb1729.
Backport of 3418092238 from master
 2020-10-22 13:22:00 +02:00
Hasan Ramezani 2212927c1b [3.1.x] Fixed #32107 -- Fixed ProtectedError.protected_objects and RestrictedError.restricted_objects. 
Regression in 4ca5c565f4 and
ab3cbd8b9a.

Thanks Vitaliy Yelnik for the report.

Backport of 3b1746d519 from master
 2020-10-19 13:10:13 +02:00
Claude Paroz 8caf524a1d [3.1.x] Fixed #32110 -- Doc'd and tested enumerations for ChoiceField.choices. 
Backport of 7f85498eef from master
 2020-10-17 21:01:54 +02:00
Mariusz Felisiak 536213278c [3.1.x] Refs #32096 -- Fixed ExclusionConstraint crash with JSONField key transforms in expressions. 
Regression in 6789ded0a6.

Backport of ee0abac169 from master.
 2020-10-14 22:10:09 +02:00
Mariusz Felisiak ae6b24093c [3.1.x] Refs #32096 -- Fixed ExpressionWrapper crash with JSONField key transforms. 
Regression in 6789ded0a6.

Thanks Simon Charette and Igor Jerosimić for the report.

Backport of bbd55e5863 from master
 2020-10-14 21:03:40 +02:00
Mariusz Felisiak 59fe0b8541 [3.1.x] Refs #32096 -- Fixed __in lookup crash against key transforms for JSONField. 
Regression in 6789ded0a6 and
1251772cb8.

Thanks Simon Charette and Igor Jerosimić for the report.

Backport of 7e1e198494 from master
 2020-10-14 21:03:15 +02:00
Mariusz Felisiak d94e777b66 [3.1.x] Refs #32096 -- Fixed crash of ArrayAgg/StringAgg/JSONBAgg with ordering over JSONField key transforms. 
Regression in 6789ded0a6.

Thanks Igor Jerosimić for the report.

Backport of 1f31027bb3 from master
 2020-10-14 21:02:29 +02:00
Mariusz Felisiak 735c88fdd7 [3.1.x] Refs #32096 -- Added test for ArrayAgg over JSONField key transforms. 
Backport of 1d650ad019 from master
 2020-10-14 20:57:03 +02:00
Tim Schilling 4047c1602c [3.1.x] Fixed #32091 -- Fixed admin search bar width on filtered admin page. 
Backport of b7da588e88 from master
 2020-10-09 12:11:15 +02:00
Qi Zhao 8c403b17f9 [3.1.x] Fixed #32080 -- Fixed displaying Unicode chars in forms.JSONField and read-only JSONField values in admin. 
Backport of de81676b51 from master
 2020-10-09 08:44:32 +02:00
Mariusz Felisiak 322f0f7012 [3.1.x] Skipped GetImageDimensionsTests.test_webp when WEBP is not installed. 
Backport of fce389af7c from master
 2020-10-06 11:26:30 +02:00
David Smith 12ba61ed17 [3.1.x] Bumped minimum isort version to 5.1.0. 
Fixed inner imports per isort 5.
isort 5.0.0 to 5.1.0 was unstable.

Backport of e74b3d724e from master
 2020-09-30 09:51:31 +02:00
Mariusz Felisiak b7df7de44f [3.1.x] Fixed #32038 -- Fixed EmptyFieldListFilter crash with GenericRelation. 
Thanks Javier Matos Odut for the report.

Backport of e4ab44a4b2 from master
 2020-09-25 10:10:26 +02:00
Mariusz Felisiak fbb7881956 [3.1.x] Fixed #32012 -- Made test database creation sync apps models when migrations are disabled. 
Thanks Jaap Roes for the report.
Backport of 77caeaea88 from master
 2020-09-23 10:54:50 +02:00
Mariusz Felisiak 5a03e14deb [3.1.x] Refs #32007 -- Skipped test_q_expression_annotation_with_aggregation on Oracle. 
Backport of 3a9f192b13 from master
 2020-09-16 11:47:48 +02:00
Mariusz Felisiak 1afc9b31bb [3.1.x] Fixed #32007 -- Fixed queryset crash with Q() annotation and aggregation. 
Thanks Gordon Wrigley for the report.

Regression in 8a6df55f2d.
Backport of eaf9764d3b from master
 2020-09-15 11:41:42 +02:00
Mariusz Felisiak a3bb80dc31 [3.1.x] Fixed #31990 -- Fixed QuerySet.ordered for GROUP BY queries on models with Meta.ordering. 
Regression in 0ddb4ebf7b.

Thanks Julien Dutriaux for the report.
Backport of e11d05e0b4 from master
 2020-09-14 20:08:18 +02:00
Mariusz Felisiak 17d5b16dbf [3.1.x] Refs #31901 -- Fixed SeleniumTests.test_list_editable_popups with headless mode. 
Backport of 6a881197e9 from master
 2020-09-02 15:18:15 +02:00
Brian Helba c69c6886de [3.1.x] Fixed #31941 -- Corrected FileField.deconstruct() with a callable storage. 
Backport of 2d42e23b6d from master
 2020-09-02 11:07:43 +02:00
Mariusz Felisiak 2b099caa59 [3.1.x] Fixed CVE-2020-24584 -- Fixed permission escalation in intermediate-level directories of the file system cache on Python 3.7+. 
Backport of f56b57976133129b0b351a38bba4ac882badabf0 from master.
 2020-09-01 09:35:05 +02:00
Mariusz Felisiak 934430d22a [3.1.x] Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level static and storage directories on Python 3.7+. 
Thanks WhiteSage for the report.

Backport of ea0febbba531a3ecc8c77b570efbfb68ca7155db from master.
 2020-09-01 09:35:05 +02:00
Federico Jaramillo Martínez c4e5384e73 [3.1.x] Fixed #31952 -- Fixed EmptyFieldListFilter crash with reverse relationships. 
Thanks dacotagh for the report.

Backport of 179d9dc0c2 from master
 2020-08-31 10:40:21 +02:00
Simon Charette 2986ec031d [3.1.x] Fixed #31965 -- Adjusted multi-table fast-deletion on MySQL/MariaDB. 
The optimization introduced in 7acef095d7 did not properly handle
deletion involving filters against aggregate annotations.

It initially was surfaced by a MariaDB test failure but misattributed
to an undocumented change in behavior that resulted in the systemic
generation of poorly performing database queries in 5b83bae031.

Thanks Anton Plotkin for the report.

Refs #23576.

Backport of f6405c0b8e from master
 2020-08-31 09:22:59 +02:00
Mariusz Felisiak 655e1ce6b1 [3.1.x] Fixed #31956 -- Fixed crash of ordering by JSONField with a custom decoder on PostgreSQL. 
Thanks Marc Debureaux for the report.
Thanks Simon Charette, Nick Pope, and Adam Johnson for reviews.

Backport of 0be51d2226 from master
 2020-08-28 19:12:02 +02:00
Kevin Michel 3a42c0447b [3.1.x] Fixed #31928 -- Fixed detecting an async get_response in various middlewares. 
SecurityMiddleware and the three cache middlewares were not calling
super().__init__() during their initialization or calling the required
MiddlewareMixin._async_check() method.

This made the middlewares not properly present as coroutine and
confused the middleware chain when used in a fully async context.

Thanks Kordian Kowalski for the report.

Backport of 825ce75fae from master
 2020-08-28 12:35:53 +02:00
Mariusz Felisiak 9075d1f662 [3.1.x] Fixed #31936 -- Fixed __in lookup on key transforms for JSONField. 
This resolves an issue on databases without a native JSONField
(MariaDB, MySQL, SQLite, Oracle), where values must be wrapped.

Thanks Sébastien Pattyn for the report.
Backport of 1251772cb8 from master
 2020-08-26 22:14:46 +02:00
Michael Galler b6d2419120 [3.1.x] Fixed #31905 -- Made MiddlewareMixin call process_request()/process_response() with thread sensitive. 
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>

Backport of 547a07fa7e from master
 2020-08-26 07:54:55 +02:00
Mariusz Felisiak e81aa7a94a [3.1.x] Fixed #31877 -- Reverted "Fixed #19878 -- Deprecated TemplateView passing URL kwargs into context." 
This reverts commit 4ed534758c.

Backport of bb8f66934d from master
 2020-08-24 11:39:05 +02:00