8c3bd0b708
Fixed #31653 -- Added AddConstraintNotValid()/ValidateConstraint() operations for PostgreSQL.
2021-06-08 07:46:51 +02:00
7f6a41d3d9
Fixed #32814 -- Improved performance of TextNode.
...
This avoids calling render() and handling exceptions, which is not
necessary for text nodes.
2021-06-07 21:02:00 +02:00
651e527f9b
Fixed #32716 -- Fixed ManifestStaticFilesStorage crash when max_post_process_passes is 0.
2021-06-07 07:56:20 +02:00
7272e1963f
Fixed #32821 -- Updated os.scandir() uses to use a context manager.
2021-06-07 06:52:42 +02:00
7dd502b0e1
Refs #24121 -- Added __repr__() to ChangeList and BaseStorage.
2021-06-07 06:31:50 +02:00
d6f3b58589
Fixed #32810 -- Optimized django.utils.formats.number_format() a bit.
...
Pre-calculate use_l10n for get_format() calls.
2021-06-05 13:48:26 +02:00
2e4711c611
Made SerializeMixin check lockfile attr at import time.
2021-06-04 12:29:09 +02:00
0393b9262d
Fixed #32812 -- Restored immutability of named values from QuerySet.values_list().
...
Regression in 981a072dd4
2021-06-04 07:23:16 +02:00
62e8f369c3
Fixed #32808 -- Prevented DiscoverRunner.build_suite() from mutating test loader patterns.
...
Thanks Chris Jerdonek for the report and reviews.
2021-06-03 08:59:37 +02:00
1b4d1675b2
Refs #32641 -- Made DiscoverRunner's "Found X tests" message work for finding one test.
...
This also removes passing level to log() as logging.INFO is the default.
2021-06-02 12:53:09 +02:00
ec2727efef
Fixed #28154 -- Prevented infinite loop in FileSystemStorage.save() when a broken symlink with the same name exists.
2021-06-02 12:20:22 +02:00
e1d787f1b3
Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
...
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.
[1] https://bugs.python.org/issue36384
2021-06-02 10:58:39 +02:00
46572de2e9
Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView.
2021-06-02 10:58:39 +02:00
e703b152c6
Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.
...
Regression in 1e38f1191d
2021-06-01 15:11:42 +02:00
a0410ffe8f
Refs #32552 -- Added DiscoverRunner.log() to allow customization.
...
Thanks Carlton Gibson, Chris Jerdonek, and David Smith for reviews.
2021-06-01 13:31:44 +02:00
cd19db10df
Fixed #32796 -- Changed CsrfViewMiddleware to fail earlier on badly formatted cookie tokens.
2021-06-01 09:02:27 +02:00
c609d5149c
Refs #24121 -- Added __repr__() to Engine
2021-06-01 07:44:36 +02:00
55775891fb
Fixed #32795 -- Changed CsrfViewMiddleware to fail earlier on badly formatted tokens.
2021-05-31 21:12:21 +02:00
91e21836f6
Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage.
2021-05-31 11:09:48 +02:00
781b44240a
Refs #32319 -- Changed HashedFilesMixin to use named groups in patterns.
2021-05-31 10:40:21 +02:00
d270dd584e
Refs #32778 -- Improved the name of the regex object detecting invalid CSRF token characters.
...
This also improves the comments near where the variable is used.
2021-05-29 12:53:50 +02:00
5685b7cd73
Fixed typos in comments and docs.
2021-05-29 12:51:14 +02:00
b9df2b74b9
Fixed #32676 -- Prevented migrations from rendering related field attributes when not passed during initialization.
...
Thanks Simon Charette for the implementation idea.
2021-05-28 20:25:59 +02:00
b746596f5f
Refs #32779 -- Changed DatabaseSchemaEditor._unique_sql()/_create_unique_sql() to take fields as second parameter.
2021-05-28 10:50:27 +02:00
22da686ca9
Refs #24121 -- Added __repr__() to PermWrapper.
2021-05-28 08:03:23 +02:00
214b36f50a
Refs #32596 -- Added early return on safe methods in CsrfViewMiddleware.process_view().
2021-05-28 07:32:01 +02:00
cfd8c91839
Refs #32596 -- Optimized CsrfViewMiddleware._check_referer() to delay computing good_referer.
2021-05-28 07:32:01 +02:00
71179a6124
Fixed #32596 -- Added CsrfViewMiddleware._check_referer().
...
This encapsulates CsrfViewMiddleware's referer logic into a method and
updates existing tests to check the "seam" introduced by the refactor,
when doing so would improve the test.
2021-05-28 07:31:56 +02:00
e93eb3d971
Fixed #32789 -- Made feeds emit elements with no content as self-closing tags.
2021-05-27 21:05:28 +02:00
9e4780deda
Fixed #32669 -- Fixed detection when started non-django modules which aren't packages with "python -m" in autoreloader.
2021-05-26 12:29:43 +02:00
5a8e8f80bb
Fixed #32772 -- Made database cache count size once per set.
2021-05-26 11:21:11 +02:00
12b19a1d76
Fixed #32783 -- Fixed crash of autoreloader when __main__ module doesn't have __spec__ attribute.
...
Regression in ec6d2531c5
2021-05-26 11:19:47 +02:00
1143f3bb5e
Fixed #32543 -- Added search_help_text to ModelAdmin.
2021-05-26 10:20:13 +02:00
68357b2ca9
Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for template changes.
2021-05-26 09:41:29 +02:00
3e0fdf5546
Fixed #32780 -- Made Add/RemoveConstraint operations a noop for covering/deferrable unique constraints on SQLite.
2021-05-25 11:34:25 +02:00
866dccb650
Fixed #32778 -- Avoided unnecessary recompilation of token regex in _sanitize_token().
2021-05-25 09:56:09 +02:00
d3d95d645f
Refs #24121 -- Added __repr__() to Lookup.
2021-05-24 07:32:25 +02:00
f0a9413bd2
Refs #24121 -- Improved Value.__repr__().
2021-05-24 07:26:53 +02:00
7ef2398e81
Fixed #32777 -- Passed table reference as a string to DatabaseSchemaEditor._index_columns().
2021-05-24 06:31:48 +02:00
5e04e84d67
Fixed #32503 -- Fixed altering BLOB/TEXT field to non-nullable with default on MySQL 8.0.13+.
...
MySQL 8.0.13+ supports defaults for BLOB/TEXT but not in the
ALTER COLUMN statement.
Regression in 6b16c91157
2021-05-21 13:34:37 +02:00
7cca22964c
Fixed #32375 -- Started deprecation toward changing the default sitemap protocol to https.
...
The default sitemap protocol, when it is built outside the context of
a request, will be changed from 'http' to 'https' in Django 5.0.
2021-05-21 11:00:54 +02:00
736bb9868a
Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods.
2021-05-20 07:29:16 +02:00
2978c63a34
Fixed #32771 -- Used IS_POPUP_VAR constant instead of hard-coded value.
2021-05-20 07:04:26 +02:00
536c155e67
Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget.
...
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
2021-05-19 20:34:57 +02:00
c2e6047c72
Fixed #32740 -- Caught possible exception when initializing colorama.
2021-05-19 10:33:15 +02:00
127fd927d0
Fixed #32766 -- Removed unused ORDER_TYPE_VAR.
...
Unused since 5434ce231d
2021-05-19 07:51:13 +02:00
8cd55021bc
Fixed #32379 -- Started deprecation toward changing default USE_TZ to True.
...
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-18 20:26:44 +02:00
958cdf65ae
Fixed #32747 -- Prevented initialization of unused caches.
...
Thanks Alexander Ebral for the report.
Regression in 98e05ccde4
2021-05-18 18:24:19 +02:00
a24fed399c
Fixed #32733 -- Skipped system check for specifying type of auto-created primary keys on abstract models.
...
Regression in b5e12d490a
2021-05-18 13:02:33 +02:00
f7691d4812
Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME.
...
Regression in ba31b01034
2021-05-18 09:14:05 +02:00
de32fe83a2
Fixed #32317 -- Refactored loaddata command to make it extensible.
...
Moved deeply nested blocks out of inner loops to improve readability
and maintainability.
Thanks to Mariusz Felisiak, Shreyas Ravi, and Paolo Melchiorre for
feedback.
2021-05-18 07:05:33 +02:00
3954bf50fb
Fixed #32750 -- Fixed crash of Extract() transform on OuterRef() expressions.
...
Thanks Simon Charette for the review.
2021-05-17 17:51:39 +02:00
1557778121
Refs #32317 -- Simplified find_fixtures() in loaddata command.
...
This always replaces 'fixture_name' with its base name, which preserves
the previous behavior, because os.path.basename() was not called only on
relative paths without os.path.sep i.e. when base name was equal to the
file name.
This also changes os.path.dirname() and os.path.basename() calls to the
equivalent os.path.split() call.
2021-05-14 20:45:04 +02:00
1e655d35ad
Refs #32317 -- Cleaned up try/except blocks in loaddata command.
...
This moves code unable to trigger relevant exceptions outside of
try/except blocks, and changes 'objects' to 'objects_in_fixture'
which is equal to the length of 'objects'.
2021-05-14 20:45:04 +02:00
530f58caaa
Fixed #32734 -- Fixed validation of startapp's directory with trailing slash.
...
Regression in fc9566d42d
2021-05-14 12:45:00 +02:00
29345aecf6
Fixed #32721 -- Fixed migrations crash when adding namespaced spatial indexes on PostGIS.
2021-05-14 07:10:28 +02:00
99bc67a9e7
Refs #32721 -- Made PostGISSchemaEditor._create_index_sql() call super()._create_index_sql().
2021-05-13 13:13:16 +02:00
b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
...
- Validate filename returned by FileField.upload_to() not a filename
passed to the FileField.generate_filename() (upload_to() may
completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.
Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.
Regression in 0b79eb3691
2021-05-13 08:53:44 +02:00
b81c7562fc
Fixed #32717 -- Fixed filtering of querysets combined with the | operator.
...
Address a long standing bug in a Where.add optimization to discard
equal nodes that was surfaced by implementing equality for Lookup
instances in bbf141bcdc
2021-05-13 07:26:52 +02:00
3733ae8957
Fixed #32031 -- Added model class for each model to AdminSite.each_context().
2021-05-13 06:57:09 +02:00
29e4ccb1a2
Fixed #32738 -- Deprecated django.utils.datetime_safe module.
2021-05-12 14:42:17 +02:00
46346f8ea0
Refs #32738 -- Added sanitize_strftime_format() to replace datetime_safe.
2021-05-12 14:42:17 +02:00
44accb066a
Refs #32738 , Refs #29600 , Refs #29595 -- Removed unused django.utils.datetime_safe.time().
...
Unused since c72dde41e6
2021-05-12 14:42:17 +02:00
1061f52436
Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection options in MySQL backend.
...
The 'db' and 'passwd' connection options have been deprecated, use
'database' and 'password' instead (available since mysqlclient >= 1.3.8).
This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.
2021-05-12 12:21:57 +02:00
d06c5b3581
Fixed #32366 -- Updated datetime module usage to recommended approach.
...
- Replaced datetime.utcnow() with datetime.now().
- Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp().
- Replaced datetime.utctimetuple() with datetime.timetuple().
- Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
2021-05-12 11:08:41 +02:00
e6406853c3
Refs #24121 -- Added__repr__() to StaticNode.
2021-05-12 08:41:52 +02:00
34363a391b
Fixed #32735 -- Made DateFormat.Y() return a zero-padded year.
2021-05-12 08:17:06 +02:00
b1a4b1f0bd
Fixed #32722 -- Fixed comparing to TruncTime() on Oracle.
2021-05-11 09:19:25 +02:00
205c36b58f
Fixed #32670 -- Allowed GDALRasters to use any GDAL virtual filesystem.
2021-05-07 20:03:46 +02:00
028f10fac6
Fixed #32712 -- Deprecated django.utils.baseconv module.
2021-05-07 11:57:40 +02:00
c4ee3b208a
Fixed #32699 -- Fixed comparing to TruncTime() with 0 microseconds on MySQL.
2021-05-07 08:13:40 +02:00
e1e81aa1c4
Fixed #32713 , Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
...
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.
[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
a0a5e0f4c8
Fixed #32705 -- Prevented database cache backend from checking .rowcount on closed cursor.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-05 12:41:59 +02:00
136ff592ad
Fixed #32690 -- Fixed __in lookup crash when combining with filtered aggregates.
...
Having lookups group by subquery right-hand-sides is likely unnecessary
in the first place but relatively large amount of work would be needed
to achieve that such as making Lookup instances proper resolvable
expressions.
Regression in 3543129822
2021-05-05 11:41:35 +02:00
06fd4df41a
Fixed #32479 -- Added fallbacks to subsequent language codes in translations.
...
Thanks Claude Paroz and Nick Pope for reviews.
2021-05-05 09:37:54 +02:00
96f55ccf79
Fixed #32714 -- Prevented recreation of migration for Meta.ordering with OrderBy expressions.
...
Regression in c8b6594305
2021-05-05 08:43:57 +02:00
f9f6bd63c9
Refs #32074 -- Removed usage of deprecated Thread.setDaemon().
...
Thread.setDaemon() was deprecated in Python 3.10 and will be removed in
Python 3.12.
2021-05-04 12:07:18 +02:00
623c8cd8f4
Refs #32074 -- Used asyncio.get_running_loop() instead of get_event_loop().
...
Using asyncio.get_event_loop() when there is no running event loop was
deprecated in Python 3.10, see https://bugs.python.org/issue39529 .
2021-05-04 11:29:23 +02:00
0b79eb3691
Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-05-04 08:44:42 +02:00
8de4ca74ba
Fixed #32693 -- Quoted and lowercased generated column aliases.
2021-05-04 07:36:56 +02:00
071cf68630
Fixed #32709 -- Corrected examples in django/utils/baseconv.py docstring.
2021-05-04 07:09:09 +02:00
1f643c28b5
Fixed #32653 -- Made quoting names in the Oracle backend consistent with db_table.
2021-04-30 12:59:07 +02:00
54da6e2ac2
Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.
2021-04-30 12:32:52 +02:00
8bcb00858e
Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ExceptionReporter._get_raw_insecure_uri().
2021-04-30 08:05:42 +02:00
2161db0792
Fixed capitalization of "ECMAScript" and "JavaScript".
2021-04-29 20:29:08 +02:00
baba733dcc
Refs #32682 -- Renamed lookup_needs_distinct() to lookup_spawns_duplicates().
...
Follow up to 1871182031
2021-04-29 12:04:30 +02:00
ee3b719a81
Refs #32675 -- Removed to_field from ForeignKeys in contrib apps' migrations.
...
Refs #22889 .
2021-04-29 07:46:22 +02:00
0c71e0f9cf
Removed unnecessary reuse_with_filtered_relation argument from Query methods.
...
In Query.join() the argument reuse_with_filtered_relation was used to
determine whether to use == or .equals(). As this area of code is
related to aliases, we only expect an instance of Join or BaseTable to
be provided - the only two classes that provide .equals().
In both cases, the implementations of __eq__() and equals() are based
on use of the "identity" property. __eq__() performs an isinstance()
check first, returning NotImplemented if required. BaseTable.equals()
then does a straightforward equality check on "identity". Join.equals()
is a little bit different as it skips checking the last element of the
"identity" property: filtered_relation. This was only included
previously when the with_filtered_relation argument was True, impossible
since bbf141bcdc
2021-04-28 21:19:42 +02:00
a6c79f4987
Removed unused with_filtered_relation argument from .equals()
...
Unused since bbf141bcdc
2021-04-28 20:42:20 +02:00
c8b6594305
Fixed #32632 , Fixed #32657 -- Removed flawed support for Subquery deconstruction.
...
Subquery deconstruction support required implementing complex and
expensive equality rules for sql.Query objects for little benefit as
the latter cannot themselves be made deconstructible to their reference
to model classes.
Making Expression @deconstructible and not BaseExpression allows
interested parties to conform to the "expression" API even if they are
not deconstructible as it's only a requirement for expressions allowed
in Model fields and meta options (e.g. constraints, indexes).
Thanks Phillip Cutter for the report.
This also fixes a performance regression in bbf141bcdc
2021-04-28 12:13:55 +02:00
6e742dabc9
Fixed #32687 -- Restored passing process’ environment to underlying tool in dbshell on PostgreSQL.
...
Regression in bbe6fbb876
2021-04-27 10:43:35 +02:00
1871182031
Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for preventing duplicates.
...
Thanks Zain Patel for the report and Simon Charette for reviews.
The exception introduced in 6307c3f1a1
2021-04-27 10:34:47 +02:00
cd74aad90e
Refs #32682 -- Renamed use_distinct variable to may_have_duplicates.
...
QuerySet.distinct() is not the only way to avoid duplicate, it's also
not preferred.
2021-04-27 10:34:47 +02:00
4074f38e1d
Refs #32682 -- Fixed QuerySet.delete() crash on querysets with self-referential subqueries on MySQL.
2021-04-27 10:34:47 +02:00
d68be0494b
Refs 32637 -- Made technical 404 debug page display exception message when URL is resolved.
...
Follow up to 3b8527e32b
2021-04-27 08:40:52 +02:00
eab71f7690
Fixed #32686 -- Removed unnecessary semicolon on collected multiline SQL for RunSQL.
2021-04-27 08:01:07 +02:00
4e5bbb6ef2
Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin template.
...
Regression in 84609b3205
2021-04-26 07:08:16 +02:00
0aacbdcf27
Refs #32673 -- Fixed lookups crash when comparing against lookups on Oracle.
...
Follow up to 170b006ce8
2021-04-23 16:32:53 +02:00
170b006ce8
Fixed #32673 -- Fixed lookups crash when comparing against lookups on PostgreSQL.
...
Regression in 3a505c70e7
2021-04-23 15:38:32 +02:00
0461b7a6b6
Fixed #32662 -- Refactored a generator out of SQLCompiler.get_order_by().
...
This also renames the `asc` variable to `default_order`, markes the
`desc` variable as unused, fixes a typo in SQLCompiler.get_order_by()
docstring, and reorders some blocks in SQLCompiler._order_by_pairs().
2021-04-21 12:35:49 +02:00
Sanskar Jaiswal
Keryn Knight
aryabartar
Chris Jerdonek
saeedblanchette
Mateo Radman
Adam Johnson
Takayuki Hirayama
Mariusz Felisiak
Jacob Walls
Florian Apolloner
Daniyal
abhiabhi94
Gildardo Adrian Maravilla Jacome
David Sanders
David Wobrock
Hannes Ljungberg
Mohammadreza Varasteh
Moriyoshi Koizumi
Michael Lissner
Hasan Ramezani
Hannes Ljungberg
Yuekui Li
Rohith PR
Carlton Gibson
Claude Paroz
Rust Saiargaliev
Slava Skvortsov
William Schwartz
Artur Beltsov
snowman2
Simon Charette
Raffaele Salmaso
Nick Pope
saeedblanchette
Jordi Castells
Alex Hill
ecogels
Maxim Beder
Karthikeyan Singaravelan
pythonwood
Tim Graham
Konstantin Alekseev
Zain Patel