Commit Graph

32 Commits

Author SHA1 Message Date
Simon Charette 574154ef56 [3.0.x] Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.
This was a regression introduced by 7deeabc7c7
to address CVE-2019-14234.

Thanks Tim Kleinschmidt for the report and Mariusz for the tests.

Backport of 6c3dfba892 from master
2019-09-16 08:53:02 +02:00
Mariusz Felisiak 1f8382d34d
Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params.
Regression in 4f5b58f5cd.

Thanks Florian Apolloner for the report and helping with tests.
2019-08-14 15:25:35 +02:00
Mariusz Felisiak 7deeabc7c7 Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-08-01 09:24:54 +02:00
Jon Dufresne 42b9a23267 Fixed #30400 -- Improved typography of user facing strings.
Thanks Claude Paroz for assistance with translations.
2019-06-28 16:46:18 +02:00
Simon Charette 84e7a9f4a7 Switched setUp() to setUpTestData() where possible in Django's tests. 2018-11-27 09:35:17 -05:00
Tim Graham 193c109327 Switched TestCase to SimpleTestCase where possible in Django's tests. 2018-11-27 08:58:44 -05:00
Tim Graham 4f7467b690
Refs #28577 -- Added check for HStoreField to prevent mutable default. 2018-04-03 11:12:56 -04:00
Matthew Wilkes 2162f0983d Fixed #24747 -- Allowed transforms in QuerySet.order_by() and distinct(*fields). 2018-02-10 19:08:55 -05:00
Tim Graham 6e4c6281db Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."
This reverts commit 550cb3a365
because try/except performs better.
2017-09-07 08:16:21 -04:00
Mads Jensen 550cb3a365 Fixed #27818 -- Replaced try/except/pass with contextlib.suppress(). 2017-06-28 14:07:55 -04:00
Simon Charette f37467ec7a Added a test for ArrayField(HStoreField()). 2017-05-03 23:53:08 -04:00
Tim Graham 6b4f018b2b Replaced type-specific assertions with assertEqual().
Python docs say, "it's usually not necessary to invoke these methods directly."
2017-03-17 07:51:48 -04:00
Claude Paroz 8346680e1c Refs #27795 -- Removed unneeded force_text calls
Thanks Tim Graham for the review.
2017-03-04 18:18:21 +01:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
David Hoffman bf84d042e0 Fixed #27582 -- Allowed HStoreField to store null values. 2016-12-15 10:35:44 -05:00
Claude Paroz 283b468462 Fixed #25454 -- Ensured register_hstore_handler is called for all connections
Thanks Simon Charette for help with the patch.
2016-07-21 17:54:54 +02:00
Jon Dufresne 4f336f6652 Fixed #26747 -- Used more specific assertions in the Django test suite. 2016-06-16 14:19:18 -04:00
Brad Melin f6517a5335 Fixed #26672 -- Fixed HStoreField to raise ValidationError instead of crashing on non-dict JSON input. 2016-06-02 16:28:01 -04:00
Claude Paroz 928c12eb1a Fixed #26215 -- Fixed RangeField/ArrayField serialization with None values
Also added tests for HStoreField and JSONField.
Thanks Aleksey Bukin for the report and Tim Graham for the initial patch and
the review.
2016-02-16 21:07:05 +01:00
Greg Chapple 8dea9f089d Fixed #26120 -- Made HStoreField cast keys and values to strings.
HStoreField now converts all keys and values to string before they're
saved to the database.
2016-01-29 09:51:23 -05:00
Ian Foote 86eccdc8b6 Fixed #25544 -- Removed duplicate ids in prefetch_related() queries. 2015-12-17 19:08:30 -05:00
Tim Graham a7b7f27c05 Fixed #25233 -- Fixed HStoreField.has_changed() handling of initial values.
Thanks Simon Charette for review.
2015-08-07 13:26:17 -04:00
Curtis Maloney 9f73009e98 Fixed #25215 -- Solved reference to forms.HStoreField in declaration of HStoreField
Correct test which was using the model field in a test form.
2015-08-04 19:15:22 +10:00
Andriy Sokolovskiy 2a7c59cd88 Added missing tests for transforms usage with subquery for PostgreSQL fields 2015-06-06 09:04:53 -04:00
Marc Tamlyn 00e8e514e1 Name PostgreSQL correctly. 2015-05-30 23:10:30 +01:00
Marc Tamlyn 74fe4428e5 Add HasAnyKeys lookup for HStoreField. 2015-05-30 21:39:45 +01:00
Florian Apolloner 6128005d90 Fixed forms import. 2015-05-24 17:52:35 +02:00
Andrea Grandi 43b2d88a5b Fixed #24844 -- Corrected has_changed implementation for HStoreField. 2015-05-24 17:32:16 +02:00
Tim Graham 3c8fe5dddf Fixed #24751 -- Fixed HStoreField isnull lookup. 2015-05-13 10:31:59 -04:00
Claude Paroz 36e90d1f45 Stopped special-casing postgres-specific tests
Refs #23879.
2015-04-18 15:17:49 +02:00
Tim Graham 8b39f33d78 Fixed #24290 -- Skipped postgres_tests if not running with PostgreSQL. 2015-02-17 06:34:13 -05:00
Marc Tamlyn 36f514f065 Added HStoreField.
Thanks to `django-hstore` for inspiration in some areas, and many people
for reviews.
2014-11-04 09:26:40 +00:00