Commit Graph

29189 Commits

Author SHA1 Message Date
Mariusz Felisiak 009fddc96b
Refs #32061 -- Fixed test_crash_password_does_not_leak() crash on Windows.
When env is passed to subprocess.run() we should pass all existing
environment variables. This fixes crash on Windows:

Fatal Python error: failed to get random numbers to initialize Python

Fatal Python error: _Py_HashRandomization_Init: failed to get random
numbers to initialize Python
Python runtime state: preinitialized
2020-11-03 11:38:40 +01:00
Patrick Arminio 542b4b3ab4 Fixed #32162 -- Fixed setting Content-Length header in AsyncRequestFactory. 2020-11-03 10:12:40 +01:00
Claude Paroz b03b19b585
Refs #29113 -- Simplified formset validation.
Thanks Nick Pope for review and complement.
2020-11-03 09:57:10 +01:00
Tim Graham 92434bb0f5 Fixed DistinctOnTests.test_basic_distinct_on on CockroachDB. 2020-11-03 07:32:03 +01:00
Tim Graham f814fb6040 Removed serial pk assumption from FormfieldShouldDeleteFormTests.test_custom_delete. 2020-11-03 07:09:56 +01:00
Sicong 09e1ec71df
Fixed #32166 -- Removed redundant definition of Greatest in test_expression_on_aggregation. 2020-11-03 07:08:42 +01:00
David-Wobrock cfc7cd6513 Fixed #32132 -- Fixed column types in m2m intermediary tables for Positive(Big/Small)IntegerFields. 2020-11-02 20:11:58 +01:00
David-Wobrock 4ebd633350 Refs #32132 -- Added rel_db_type() tests for auto and integer fields. 2020-11-02 20:11:58 +01:00
Vitaliy Yelnik d1791539a7
Simplified DeclarativeFieldsMetaclass.__new__() a bit. 2020-11-02 10:46:56 +01:00
Nikita Sobolev 42f3fafdfa
Updated {% static %} tag examples in docs to use single quotes where appropriate. 2020-11-02 10:34:24 +01:00
Carlton Gibson c8785b473f Added stub release notes for 3.1.4. 2020-11-02 09:20:53 +01:00
Carlton Gibson 7fc07b9b2b Set release date for 3.1.3, 3.0.11, and 2.2.17. 2020-11-02 08:35:24 +01:00
Daniel Hahler ab943f031c Protected Watchman autoreloader against busy loops.
With an error in the loop above (e.g. using query without args), this
would trigger a busy loop. While this was caused due to changes to the
loop itself, it seems to be just good practice to protect against this.
2020-11-02 07:18:39 +01:00
Hasan Ramezani f06beea929 Fixed #32153 -- Fixed management commands when using required list options.
Thanks Mark Gajdosik for the report and initial patch.
2020-10-30 12:01:33 +01:00
Nick Pope 966b5b49b6 Updated MultiValueDict.update() to mirror dict.update() behavior.
Changes in behavior include:

- Accepting iteration over empty sequences, updating nothing.
- Accepting iterable of 2-tuples providing key-value pairs.
- Failing with the same or comparable exceptions for invalid input.

Notably this replaces the previous attempt to catch TypeError which was
unreachable as the call to .items() resulted in AttributeError on
non-dict objects.
2020-10-30 10:44:44 +01:00
Nick Pope 1a8ad8a5c6 Removed unused custom exception support for ImmutableList.
If the warning provided was an instance of Exception, then it would be
used as-is. In practice this is untested, unused and ImmutableList is
an undocumented internal datastructure.
2020-10-30 10:44:44 +01:00
Nick Pope c3d9b8b28f Increased test coverage for django.utils.datastructures.MultiValueDict.
Co-authored-by: Mads Jensen <mje@inducks.org>
2020-10-30 10:44:44 +01:00
Mads Jensen 825f8470f5 Increased test coverage for django.utils.datastructures.OrderedSet.
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2020-10-30 10:44:44 +01:00
Simon Charette 384ac0990f Refs #32061 -- Prevented password leak on MySQL dbshell crash.
The usage of the --password flag when invoking the mysql CLI has the
potential of exposing the password in plain text if the command happens
to crash due to the inclusion of args provided to
subprocess.run(check=True) in the string representation of the
subprocess.CalledProcessError exception raised on non-zero return code.

Since this has the potential of leaking the password to logging
facilities configured to capture crashes (e.g. sys.excepthook, Sentry)
it's safer to rely on the MYSQL_PWD environment variable instead even
if its usage is discouraged due to potential leak through the ps
command on old flavors of Unix.

Thanks Charlie Denton for reporting the issue to the security team.

Refs #24999.
2020-10-30 10:12:52 +01:00
Simon Charette eb25fdb620 Refs #32061 -- Added test for dbshell password leak on PostgreSQL. 2020-10-30 10:12:47 +01:00
Simon Charette bbe6fbb876 Refs #32061 -- Unified DatabaseClient.runshell() in db backends. 2020-10-29 22:22:58 +01:00
Christian Klus 4ac2d4fa42 Fixed #32152 -- Fixed grouping by subquery aliases.
Regression in 42c08ee465.

Thanks Simon Charette for the review.
2020-10-29 09:56:09 +01:00
Caio Ariede 9ca22c7733 Fixed #26962 -- Doc'd running migrations in transactions. 2020-10-29 08:00:06 +01:00
Martin Thoma 302caa40e4 Made small readability improvements. 2020-10-28 20:20:20 +01:00
Hasan Ramezani 4eb756793b
Refs #28215 -- Marked auth credentials as sensitive variables.
Co-authored-by: Collin Anderson <collin@onetencommunications.com>
2020-10-28 14:21:53 +01:00
Jon Dufresne cee93c6ba1 Refs #25780 -- Removed redundant status code assertions from tests. 2020-10-28 12:26:49 +01:00
Gagan Deep 982e860b73 Fixed #32062 -- Added %b support to Date.strftime.
This enables the admin to display the month as locale's abbreviated
name if %b is used in the date format.
2020-10-28 11:11:37 +01:00
Gagan Deep 0ee3cbd988 Added unit test for Date.getFullMonthName. 2020-10-28 11:11:37 +01:00
Simon Charette 8593e162c9 Fixed #32143 -- Used EXISTS to exclude multi-valued relationships.
As mentioned in the pre-existing split_exclude() docstring EXISTS is
easier to optimize for query planers and circumvents the IN (NULL)
handling issue.
2020-10-28 07:22:00 +01:00
Simon Charette bbf141bcdc Refs #27149 -- Fixed sql.Query identity.
By making Query subclass BaseExpression in
3543129822 the former defined it's
identity based off _construct_args which is not appropriate.
2020-10-28 07:21:53 +01:00
alvinshaita 556fa4bbba Fixed #1891, Fixed #11707 -- Prevented duplicates with limit_choices_to on multi-value relations. 2020-10-27 20:40:04 +01:00
Josh Santos 36bc47069c Fixed #32127 -- Fixed admin change-form textarea layout for mid-sized displays. 2020-10-27 16:06:11 +01:00
Carlton Gibson e17ee44688 Fixed #32128 -- Added asgiref 3.3 compatibility.
Thread sensitive parameter is True by default from asgiref v3.3.0.
Added an explicit thread_sensitive=False to previously implicit uses.
2020-10-27 11:24:07 +01:00
Nguyen You 0b4fe82c74
Improved naming consistency in BaseManage.contribute_to_class().
Matches signatures of other contribute_to_class() methods.
2020-10-27 10:51:03 +01:00
Tim Graham c3b1e41288 Removed unneeded @no_oracle skips. 2020-10-27 07:14:16 +01:00
Tim Graham 7734337bcb Made OracleSpatialAdapter clone geometries rather than mutate them. 2020-10-27 07:14:16 +01:00
Tim Graham 49ece89702
Fixed some queries tests when primary key values are large.
On CockroachDB, primary key values stored in these fields are larger
than they accept. Fixes:
queries.test_bulk_update.BulkUpdateNoteTests.test_multiple_fields,
queries.test_bulk_update.BulkUpdateNoteTests.test_inherited_fields, and
queries.tests.RelatedLookupTypeTests.test_values_queryset_lookup.
2020-10-27 06:39:52 +01:00
Tim Graham 73be11a266
Removed an obsolete query test that assumes serial pks.
The code from the original fix (922aba3def)
was removed in 419de7b00d.
2020-10-27 06:31:26 +01:00
Hannes Ljungberg 10f8b82d19 Fixed #29497 -- Fixed loss of assigned parent when saving child with bulk_create() after parent. 2020-10-26 12:00:34 +01:00
Tim Graham 83a8da576d
Fixed admin_views's test_history_view on databases that don't use serial pks. 2020-10-26 10:44:55 +01:00
David Smith 51d6e6e774 Refs #31670 -- Used allowlist_externals in tox.ini. 2020-10-26 09:09:59 +01:00
dokgeppo 6014fd89b3
Fixed #32138 -- Prevented admin's map from covering other widgets. 2020-10-26 08:35:55 +01:00
Jon Dufresne b2717c7532
Simplifed formset iteration using enumerate(). 2020-10-26 08:02:38 +01:00
Jon Dufresne 2b56c56653 Corrected output of rendered formset example in model formsets docs. 2020-10-26 07:38:54 +01:00
Adam Johnson a56586eafe Fixed #32134 -- Fixed crash of __range lookup with namedtuple.
Regression in 8be79984dc.

Thanks Gordon Wrigley for the report.
2020-10-23 18:01:31 +02:00
Tim Graham 755dbf39fc Replaced @no_oracle skips with DatabaseFeatures.allows_group_by_lob. 2020-10-22 18:16:58 +02:00
Carlton Gibson ad11f5b8c9 Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior. 2020-10-22 14:15:19 +02:00
Mariusz Felisiak 3418092238
Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation.
Thanks Gordon Wrigley for the report and implementation idea.

Regression in 226ebb1729.
2020-10-22 13:21:14 +02:00
Simon Charette 284bde3fbe
Refs #9475 -- Linked through_default docs to related managers methods. 2020-10-22 10:08:35 +02:00
Étienne Beaulé 509d9da26f Fixed #26390 -- Disabled grouping by Random().
Thanks to Tzu-ping Chung for the tests.
2020-10-21 20:54:53 +02:00