Simon Charette
384ac0990f
Refs #32061 -- Prevented password leak on MySQL dbshell crash.
...
The usage of the --password flag when invoking the mysql CLI has the
potential of exposing the password in plain text if the command happens
to crash due to the inclusion of args provided to
subprocess.run(check=True) in the string representation of the
subprocess.CalledProcessError exception raised on non-zero return code.
Since this has the potential of leaking the password to logging
facilities configured to capture crashes (e.g. sys.excepthook, Sentry)
it's safer to rely on the MYSQL_PWD environment variable instead even
if its usage is discouraged due to potential leak through the ps
command on old flavors of Unix.
Thanks Charlie Denton for reporting the issue to the security team.
Refs #24999 .
2020-10-30 10:12:52 +01:00
Simon Charette
bbe6fbb876
Refs #32061 -- Unified DatabaseClient.runshell() in db backends.
2020-10-29 22:22:58 +01:00
Christian Klus
4ac2d4fa42
Fixed #32152 -- Fixed grouping by subquery aliases.
...
Regression in 42c08ee465
.
Thanks Simon Charette for the review.
2020-10-29 09:56:09 +01:00
Martin Thoma
302caa40e4
Made small readability improvements.
2020-10-28 20:20:20 +01:00
Hasan Ramezani
4eb756793b
Refs #28215 -- Marked auth credentials as sensitive variables.
...
Co-authored-by: Collin Anderson <collin@onetencommunications.com>
2020-10-28 14:21:53 +01:00
Gagan Deep
982e860b73
Fixed #32062 -- Added %b support to Date.strftime.
...
This enables the admin to display the month as locale's abbreviated
name if %b is used in the date format.
2020-10-28 11:11:37 +01:00
Simon Charette
8593e162c9
Fixed #32143 -- Used EXISTS to exclude multi-valued relationships.
...
As mentioned in the pre-existing split_exclude() docstring EXISTS is
easier to optimize for query planers and circumvents the IN (NULL)
handling issue.
2020-10-28 07:22:00 +01:00
Simon Charette
bbf141bcdc
Refs #27149 -- Fixed sql.Query identity.
...
By making Query subclass BaseExpression in
3543129822
the former defined it's
identity based off _construct_args which is not appropriate.
2020-10-28 07:21:53 +01:00
alvinshaita
556fa4bbba
Fixed #1891 , Fixed #11707 -- Prevented duplicates with limit_choices_to on multi-value relations.
2020-10-27 20:40:04 +01:00
Josh Santos
36bc47069c
Fixed #32127 -- Fixed admin change-form textarea layout for mid-sized displays.
2020-10-27 16:06:11 +01:00
Carlton Gibson
e17ee44688
Fixed #32128 -- Added asgiref 3.3 compatibility.
...
Thread sensitive parameter is True by default from asgiref v3.3.0.
Added an explicit thread_sensitive=False to previously implicit uses.
2020-10-27 11:24:07 +01:00
Nguyen You
0b4fe82c74
Improved naming consistency in BaseManage.contribute_to_class().
...
Matches signatures of other contribute_to_class() methods.
2020-10-27 10:51:03 +01:00
Tim Graham
7734337bcb
Made OracleSpatialAdapter clone geometries rather than mutate them.
2020-10-27 07:14:16 +01:00
Hannes Ljungberg
10f8b82d19
Fixed #29497 -- Fixed loss of assigned parent when saving child with bulk_create() after parent.
2020-10-26 12:00:34 +01:00
dokgeppo
6014fd89b3
Fixed #32138 -- Prevented admin's map from covering other widgets.
2020-10-26 08:35:55 +01:00
Jon Dufresne
b2717c7532
Simplifed formset iteration using enumerate().
2020-10-26 08:02:38 +01:00
Adam Johnson
a56586eafe
Fixed #32134 -- Fixed crash of __range lookup with namedtuple.
...
Regression in 8be79984dc
.
Thanks Gordon Wrigley for the report.
2020-10-23 18:01:31 +02:00
Tim Graham
755dbf39fc
Replaced @no_oracle skips with DatabaseFeatures.allows_group_by_lob.
2020-10-22 18:16:58 +02:00
Carlton Gibson
ad11f5b8c9
Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior.
2020-10-22 14:15:19 +02:00
Mariusz Felisiak
3418092238
Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation.
...
Thanks Gordon Wrigley for the report and implementation idea.
Regression in 226ebb1729
.
2020-10-22 13:21:14 +02:00
Étienne Beaulé
509d9da26f
Fixed #26390 -- Disabled grouping by Random().
...
Thanks to Tzu-ping Chung for the tests.
2020-10-21 20:54:53 +02:00
Carlton Gibson
257f8495d6
Fixed #32069 -- Fixed admin change-form layout on small screens.
...
Restored flex-wrap CSS declaration to form elements at smallest breakpoint.
This was present since the responsive admin was introduced in dc37e8846e
.
Regression in 8ee4bb6ffc
, where it was accidentally removed.
2020-10-21 15:06:43 +02:00
manav014
096b14f0ac
Fixed #13060 -- Improved error message when ManagementForm data is missing.
2020-10-21 11:47:07 +02:00
Tom Carrick
f5e07601b2
Fixed #32046 -- Added CreateCollation/RemoveCollation operations for PostgreSQL.
2020-10-21 10:53:44 +02:00
Jacob Walls
0362b0e986
Fixed #26615 -- Made password reset token invalidate when changing email.
...
Co-Authored-By: Silas Barta <sbarta@gmail.com>
2020-10-21 09:29:53 +02:00
Hannes Ljungberg
0e7a45fca0
Fixed #32126 -- Fixed grouping by Case() annotation without cases.
...
Co-authored-by: Simon Charette <charettes@users.noreply.github.com>
2020-10-21 07:22:52 +02:00
Hannes Ljungberg
f7963615eb
Fixed #32121 -- Fixed detecting uniqueness of USERNAME_FIELD when using Meta.constraints.
...
Co-authored-by: Simon Charette <charettes@users.noreply.github.com>
2020-10-20 07:23:51 +02:00
Tim Graham
ede9fac758
Fixed #32120 -- Added DatabaseFeatures.indexes_foreign_keys.
2020-10-20 06:22:56 +02:00
Herbert Poul
c897b1587c
Fixed #32108 -- Made transaction.on_commit() raise TypeError when callback is not a callable.
2020-10-19 20:46:13 +02:00
Hasan Ramezani
3b1746d519
Fixed #32107 -- Fixed ProtectedError.protected_objects and RestrictedError.restricted_objects.
...
Regression in 4ca5c565f4
and
ab3cbd8b9a
.
Thanks Vitaliy Yelnik for the report.
2020-10-19 12:43:32 +02:00
Tim Graham
0eee5c1b9c
Added DatabaseFeatures.can_alter_geometry_field.
2020-10-19 12:41:52 +02:00
Hannes Ljungberg
c7c7615d00
Fixed #32116 -- Fixed QuerySet.order_by() crash on EmptyQuerySet with union() on a single non-empty ordered queryset.
2020-10-19 08:36:07 +02:00
manav014
af87574a3c
Fixed #6517 -- Made dbshell use charset option on MySQL.
...
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-10-17 12:24:36 +02:00
Mariusz Felisiak
1fb97fb965
Refs #32096 -- Made JSONField check respect Meta.required_db_vendor.
...
Thanks Simon Charette for the implementation idea.
2020-10-15 22:05:16 +02:00
Chris Jerdonek
a492ccf0bc
Refs #31672 -- Simplified ExceptionReporter.get_traceback_frames().
2020-10-15 20:23:44 +02:00
Çağıl Uluşahin
9159d173c3
Fixed #25253 -- Made AlterField operation a noop when changing attributes that don't affect the schema.
2020-10-15 20:11:07 +02:00
Aarni Koskela
68e33b347d
Fixed #32105 -- Added template paths as ExceptionReporter class attributes.
...
This allows replacement of the debugging templates without having to
copy-paste the `get_traceback_html` and `get_traceback_text` functions
into a subclass.
Thanks to Nick Pope for review.
2020-10-15 13:56:15 +02:00
Mariusz Felisiak
ee0abac169
Refs #32096 -- Fixed ExclusionConstraint crash with JSONField key transforms in expressions.
...
Regression in 6789ded0a6
.
2020-10-14 20:56:04 +02:00
Mariusz Felisiak
bbd55e5863
Refs #32096 -- Fixed ExpressionWrapper crash with JSONField key transforms.
...
Regression in 6789ded0a6
.
Thanks Simon Charette and Igor Jerosimić for the report.
2020-10-14 20:56:04 +02:00
Mariusz Felisiak
7e1e198494
Refs #32096 -- Fixed __in lookup crash against key transforms for JSONField.
...
Regression in 6789ded0a6
and
1251772cb8
.
Thanks Simon Charette and Igor Jerosimić for the report.
2020-10-14 20:56:04 +02:00
Mariusz Felisiak
1f31027bb3
Refs #32096 -- Fixed crash of ArrayAgg/StringAgg/JSONBAgg with ordering over JSONField key transforms.
...
Regression in 6789ded0a6
.
Thanks Igor Jerosimić for the report.
2020-10-14 20:56:04 +02:00
David-Wobrock
ee005328c8
Fixed #31640 -- Made Trunc() truncate datetimes to Date/TimeField in a specific timezone.
2020-10-14 20:06:26 +02:00
David-Wobrock
a0571c1003
Refs #31640 -- Made Extract raise ValueError when using tzinfo with Date/TimeField.
2020-10-14 20:03:07 +02:00
Matthias Kestenholz
b26ec77deb
Updated the link documenting the de_CH number formats.
2020-10-14 14:37:26 +02:00
Jacob Walls
ac6c426007
Fixed #20601 -- Allowed forcing format with thousand separators in floatformat filter.
...
Thanks Claude Paroz and Nick Pope for reviews.
2020-10-13 10:36:46 +02:00
Marco Richetta
e92971ccb0
Removed unnecessary check in BaseModelAdmin.get_view_on_site_url().
2020-10-13 06:28:14 +02:00
Hasan Ramezani
78ae8cc5d8
Fixed #31674 -- Fixed displaying traceback in technical 500 debug page.
...
Previously, the technical 500 debug page didn't contain a traceback
when the exception chain contained an exception without traceback.
Thanks Chris Jerdonek for the report.
2020-10-12 10:25:36 +02:00
Sultan
6599608c4d
Fixed #32098 -- Made FieldFile use FileField.attname.
...
After a93425a37f
FileDescriptor is a
subclass of DeferredAttribute and uses FileField.attname to access the
field data, so that custom subclasses can not only save data to files,
but also represent the same data with a different data type by
attaching FileFiled.name to a particular descriptor.
Follow up to a93425a37f
.
2020-10-12 07:22:59 +02:00
nik258heda
079deba530
Fixed #32087 -- Made technical 500 debug page use HTTPS for sharing traceback.
2020-10-12 06:29:36 +02:00
Thomas Riccardi
f1f24539d8
Fixed #32094 -- Fixed flush() calls on management command self.stdout/err proxies.
2020-10-09 12:59:00 +02:00