Commit Graph

3110 Commits

Author SHA1 Message Date
Florian Apolloner 0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Tim Graham 54da6e2ac2 Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. 2021-04-30 12:32:52 +02:00
Mariusz Felisiak 34d1905712
Fixed #32665 -- Fixed caches system check crash when STATICFILES_DIRS is a list of 2-tuples.
Thanks Jared Lockhart for the report.

Regression in c36075ac1d.
2021-04-21 09:41:37 +02:00
Chris Jerdonek 823a9e6bac Fixed #32416 -- Made ThreadedWSGIServer close connections after each thread.
ThreadedWSGIServer is used by LiveServerTestCase.
2021-04-12 10:23:56 +02:00
bankc db5b75f10f Fixed #31840 -- Added support for Cross-Origin Opener Policy header.
Thanks Adam Johnson and Tim Graham for the reviews.

Co-authored-by: Tim Graham <timograham@gmail.com>
2021-03-30 19:59:24 +02:00
Daniyal 474cc420bf Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.core. 2021-03-19 08:04:37 +01:00
Tim Graham dba44a7a7a Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme. 2021-03-18 20:00:22 +01:00
Mariusz Felisiak ec0ff40631 Fixed #32355 -- Dropped support for Python 3.6 and 3.7 2021-02-10 10:20:54 +01:00
Josh Santos 9c6ba87692 Fixed #32145 -- Improved makemessages error message when app's locale directory doesn't exist. 2021-02-09 20:00:20 +01:00
Mikolaj Rybinski 8e90560aa8 Fixed #32420 -- Fixed detecting primary key values in deserialization when PK is also a FK. 2021-02-05 12:33:43 +01:00
Daniel Ebrahimian 3f8979e37b Fixed #32350 -- Fixed showmigrations crash for applied squashed migrations.
Thanks Simon Charette for reviews.
2021-02-04 21:17:26 +01:00
Simon Charette f23b05696e Fixed #32395 -- Allowed capturing stdout of migration signals. 2021-02-04 11:19:49 +01:00
Timothy McCurrach b1821fbad5 Fixed #32360 -- Added system check for FILE_UPLOAD_TEMP_DIR setting. 2021-01-22 07:51:00 +01:00
Adam Johnson 8c7ff7b8cf
Removed unreachable SystemExit check.
This check dates back to Python <2.5, before Python introduced
BaseException to prevent exactly unwarranted catching of SystemExit
(and others).

response_for_exception() is only called under `except Exception` or
`except Http404` so it's now impossible for a SystemExit instance to
reach the branch.
2021-01-19 07:04:53 +01:00
Hasan Ramezani 34aa4f1997 Fixed #32296 -- Added --skip-checks option to runserver command. 2021-01-18 12:51:35 +01:00
Mariusz Felisiak 88e972e46d
Fixed #32265, Refs #32355 -- Removed unnecessary ServerHandler.handle_error().
ConnectionAbortedError, BrokenPipeError, ConnectionResetError raised
from SocketServer.BaseServer.finish_request() are already suppressed
by wsgiref.handlers.BaseHandler.run() in Python 3.7+, see
47ffc1a9f6
2021-01-16 17:37:53 +01:00
Mariusz Felisiak 0aa6a602b2 Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak d32a232fe9 Refs #27468 -- Removed support for the pre-Django 3.1 signatures in Signer and signing.dumps()/loads().
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak 52a238ddf2 Refs #30165 -- Removed ugettext(), ugettext_lazy(), ugettext_noop(), ungettext(), and ungettext_lazy() per deprecation timeline. 2021-01-14 17:50:04 +01:00
Paolo Melchiorre c412d9af7e
Fixed #32291 -- Added fixtures compression support to dumpdata. 2021-01-12 15:47:58 +01:00
Hasan Ramezani ba3fb2e4d0
Refs #32311 -- Fixed CSRF_FAILURE_VIEW system check errors code. 2021-01-12 11:22:13 +01:00
Hasan Ramezani 64331419c8
Fixed #32311 -- Added system check for CSRF_FAILURE_VIEW setting. 2021-01-12 09:44:36 +01:00
Florian Apolloner 102d92fc09 Refs #32191 -- Added Signer.sign_object()/unsign_object().
Co-authored-by: Craig Smith <hello@craigiansmith.com.au>
2021-01-06 20:16:47 +01:00
Akshat1Nar b41d38ae26 Fixed #32298 -- Fixed URLValidator hostname length validation.
URLValidator now validates the maximum length of a hostname without
the userinfo and port.
2021-01-04 09:25:40 +01:00
Mariusz Felisiak 98ad327864
Fixed #32299 -- Prevented mutating handlers when processing middlewares marking as unused in an async context.
Thanks Hubert Bielenia for the report.
2020-12-29 09:04:35 +01:00
Mariusz Felisiak ce30e750e6
Used model's Options.label where applicable.
Follow up to b7a3a6c9ef.
2020-12-29 08:56:39 +01:00
Nick Pope bb64b99b78 Fixed #29867 -- Added support for storing None value in caches.
Many of the cache operations make use of the default argument to the
.get() operation to determine whether the key was found in the cache.
The default value of the default argument is None, so this results in
these operations assuming that None is not stored in the cache when it
actually is. Adding a sentinel object solves this issue.

Unfortunately the unmaintained python-memcached library does not support
a default argument to .get(), so the previous behavior is preserved for
the deprecated MemcachedCache backend.
2020-12-17 09:57:21 +01:00
Abhishek Ghaskata 593829a5ab
Fixed typo in django/core/cache/backends/base.py docstring. 2020-12-15 07:05:02 +01:00
Petter Strandmark 772eca0b02 Fixed #32240 -- Made runserver suppress ConnectionAbortedError/ConnectionResetError errors.
See https://bugs.python.org/issue27682 and
https://github.com/python/cpython/pull/9713
2020-12-14 20:46:18 +01:00
Adam Johnson cf2ca22a57 Ensured that registered checks accept keyword arguments. 2020-12-14 18:08:37 +01:00
Mariusz Felisiak 5ce31d6a71
Fixed #32193 -- Deprecated MemcachedCache. 2020-12-09 21:27:32 +01:00
Florian Apolloner 98e05ccde4 Fixed #32233 -- Cleaned-up duplicate connection functionality. 2020-12-08 08:55:44 +01:00
Florian Apolloner 148702e725 Refs #21012 -- Removed unnecessary _create_cache() hook.
This removes unused (since d038c547b5)
workaround to load a cache backend with its dotted import path and
moves remaining logic to the CacheHandler.

Thanks Tim Graham for the review.
2020-12-07 17:44:16 +01:00
manav014 f63f3cdf09 Fixed #29712 -- Made makemessages warn if locales have hyphens and skip them. 2020-11-13 09:25:42 +01:00
MinchinWeb f1585c54d0
Fixed #31216 -- Added support for colorama terminal colors on Windows.
Modern setups on Windows support terminal colors.
The colorama library may also be used, as an
alternative to the ANSICON library.
2020-11-11 14:27:10 +01:00
Artem Kosenko b7f500396e Fixed #31757 -- Adjusted system check for SECRET_KEY to warn about autogenerated default keys.
Thanks Nick Pope, René Fleschenberg, and Carlton Gibson for reviews.
2020-11-11 12:45:34 +01:00
Carles Pina i Estany 721c95ba0b Fixed #32180 -- Added system check for file system caches absolute location. 2020-11-11 11:04:52 +01:00
William Schwartz c0fc5ba380 Fixed #32183 -- Fixed shell crash when passing code with nested scopes. 2020-11-11 09:18:26 +01:00
William Schwartz cc22693505 Fixed #32177 -- Made execute_from_command_line() use program name from the argv argument.
This caused crash in environments where sys.argv[0] is incorrectly set
to None.
2020-11-10 08:16:53 +01:00
christa c36075ac1d Fixed #31983 -- Added system check for file system caches location.
Thanks Johannes Maron and Nick Pope for reviews.
2020-11-04 20:30:23 +01:00
Hasan Ramezani f06beea929 Fixed #32153 -- Fixed management commands when using required list options.
Thanks Mark Gajdosik for the report and initial patch.
2020-10-30 12:01:33 +01:00
Martin Thoma 302caa40e4 Made small readability improvements. 2020-10-28 20:20:20 +01:00
Carlton Gibson e17ee44688 Fixed #32128 -- Added asgiref 3.3 compatibility.
Thread sensitive parameter is True by default from asgiref v3.3.0.
Added an explicit thread_sensitive=False to previously implicit uses.
2020-10-27 11:24:07 +01:00
Thomas Riccardi f1f24539d8 Fixed #32094 -- Fixed flush() calls on management command self.stdout/err proxies. 2020-10-09 12:59:00 +02:00
Simon Charette 4c675523bd Refs #29838, Refs #28507 -- Made make_hashable() ignore key order. 2020-10-05 20:42:46 +02:00
Hasan Ramezani 6eb3f53bdd Fixed #32047 -- Fixed call_command() crash if a constant option from required mutually exclusive group is passed in options. 2020-09-30 20:10:38 +02:00
aryan 11c4a4412b Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads.
This patch allows upload handlers to handle interrupted uploads.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-09-30 10:30:43 +02:00
Tom Carrick e387f191f7 Fixed #31777 -- Added support for database collations to Char/TextFields.
Thanks Simon Charette and Mariusz Felisiak for reviews.
2020-09-21 18:24:56 +02:00
Владимир Лысенко b376297d6c Tweaked loaddata command to re-use a calculated value.
Removed a dublicated call to get_public_serializer_formats which
had already populated self.serialization_formats.

Thanks to Nick Pope for review.
2020-09-17 10:49:54 +02:00
Nick Pope b4d46df5ca Fixed #29887 -- Added a cache backend for pymemcache. 2020-09-16 09:40:30 +02:00
Hasan Ramezani 7be6a6a4d6 Fixed #31989 -- Fixed return value of django.core.files.locks.lock()/unlock() on POSIX systems. 2020-09-15 10:21:26 +02:00
Hasan Ramezani 2808cdc8fb Fixed #31962 -- Made SessionMiddleware raise SessionInterrupted when session destroyed while request is processing. 2020-09-09 09:04:28 +02:00
Nick Pope a629139425 Refs #29887, Refs #24212 -- Added servers configuration hook for memcached backends.
The servers property can be overridden to allow memcached backends to
alter the server configuration prior to it being passed to instantiate
the client. This allows avoidance of documentation for per-backend
differences, e.g. stripping the 'unix:' prefix for pylibmc.
2020-09-02 08:51:17 +02:00
Nick Pope cc1f2c6a19 Refs #29887 -- Simplified memcached client instantiation. 2020-09-01 10:51:00 +02:00
Mariusz Felisiak 1853724aca Fixed CVE-2020-24584 -- Fixed permission escalation in intermediate-level directories of the file system cache on Python 3.7+. 2020-09-01 09:17:23 +02:00
Mariusz Felisiak 8d7271578d Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level static and storage directories on Python 3.7+.
Thanks WhiteSage for the report.
2020-09-01 09:17:23 +02:00
Nick Pope b5acb9db75 Fixed #31907 -- Fixed missing validate_key() calls in cache backends. 2020-08-24 09:41:21 +02:00
Nick Pope e2013b260a Refs #29887, #27480 -- Moved touch() to BaseMemcachedCache. 2020-08-20 09:00:21 +02:00
Nick Pope 0cb0d59b23 Fixed comments related to nonexistent keys for incr()/decr() in memcached backends. 2020-08-20 08:58:50 +02:00
Ahmad A. Hussein 61a0ba43cf Refs #31811 -- Added optional timing outputs to the test runner. 2020-08-13 17:17:15 +02:00
Nick Pope 0a306f7da6 Fixed #25513 -- Extracted admin pagination to Paginator.get_elided_page_range(). 2020-08-06 12:38:56 +02:00
Mariusz Felisiak d907371ef9 Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.
It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.

Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review.
2020-08-04 09:35:24 +02:00
David Smith e74b3d724e Bumped minimum isort version to 5.1.0.
Fixed inner imports per isort 5.
isort 5.0.0 to 5.1.0 was unstable.
2020-07-30 10:58:59 +02:00
David Smith 95da207bdb Fixed #28507 -- Made ValidationError.__eq__() ignore messages and params ordering.
Co-authored-by: caleb logan <clogan202@gmail.com>
2020-07-29 12:04:13 +02:00
Florian Apolloner 948a874425
Fixed #29324 -- Made SECRET_KEY validation lazy (on first access). 2020-07-29 09:06:54 +02:00
Jon Dufresne 83fbaa9231 Fixed #31806 -- Made validators include the value in ValidationErrors. 2020-07-27 13:03:26 +02:00
Jon Dufresne cc3d24d7d5 Removed redundant forms.DecimalField.validate() in favor of DecimalValidator. 2020-07-27 12:07:53 +02:00
Parth Verma 41065cfed5 Fixed #31802 -- Added system check for non-integer SITE_ID. 2020-07-24 10:41:55 +02:00
Jon Dufresne 796be5901a Fixed #31769 -- Improved default naming of merged migrations.
47 gives 60 in total (47 + 5 + 5 + 3).
2020-07-20 15:04:22 +02:00
Florian Apolloner 96a3ea39ef Fixed #31784 -- Fixed crash when sending emails on Python 3.6.11+, 3.7.8+, and 3.8.4+.
Fixed sending emails crash on email addresses with display names longer
then 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+.

Wrapped display names were passed to email.headerregistry.Address()
what caused raising an exception because address parts cannot contain
CR or LF.

See https://bugs.python.org/issue39073

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-07-20 07:10:40 +02:00
excursus 9a54a9172a
Fixed typo in django/core/management/templates.py docstring. 2020-06-24 21:46:01 +02:00
Mariusz Felisiak 02ea98bc2f
Refs #31692 -- Fixed compilemessages crash on Windows with Python < 3.8.
Regression in ed0a040773.
See https://bugs.python.org/issue31961
2020-06-23 11:14:27 +02:00
Adam Johnson 6e5041f57c
Removed unused param_dict return from URLResolver.resolve_error_handler().
Unused since its introduction in ed114e1510.
2020-06-22 21:28:56 +02:00
Claude Paroz e62d55a4fe Fixed #31692 -- Prevented unneeded .po file compilation.
Thanks Nick Pope and Simon Charette for the reviews.
2020-06-22 08:44:16 +02:00
Claude Paroz ed0a040773 Refs #31692 -- Updated compilemessages and tests to use pathlib. 2020-06-22 08:33:00 +02:00
Guillermo Bonvehí f386454d13 Fixed #31728 -- Fixed cache culling when no key is found for deletion.
DatabaseCache._cull implementation could fail if no key was found to
perform a deletion in the table. This prevented the new cache key/value
from being correctly added.
2020-06-22 06:29:35 +02:00
David Smith 27c09043da Refs #31670 -- Renamed whitelist argument and attribute of EmailValidator. 2020-06-18 21:43:20 +02:00
Hasan Ramezani 47651eadb8 Fixed #30583 -- Fixed handling JSONFields in XML serializer.
Co-authored-by: Chason Chaffin <chason@gmail.com>
2020-06-17 11:12:18 +02:00
Mariusz Felisiak 78c811334c
Refs #30190 -- Minor edits to JSONL serializer.
Follow up to e29637681b.
2020-06-17 07:59:40 +02:00
Ali Vakilzade e29637681b
Fixed #30190 -- Added JSONL serializer. 2020-06-16 16:51:58 +02:00
Chinmoy Chakraborty 2928019e0c Fixed #31645 -- Enhanced the migration warning for migrate commmand.
Added the list of apps with changes not reflected in migrations.
2020-06-12 10:26:06 +02:00
davidchorpash 07506a6114 Fixed #31661 -- Removed period in makemigrations history check warning. 2020-06-08 06:46:23 +02:00
Mariusz Felisiak 926148ef01
Fixed #31654 -- Fixed cache key validation messages. 2020-06-05 07:21:52 +02:00
Jon Dufresne f997b5e6ae
Refs #5086 -- Removed unused only_django argument from sql_flush().
Unused (always True) since its introduction in 132605d889.
2020-06-04 11:59:47 +02:00
Tim Graham e24b63fe85 Refs #31630 -- Removed DatabaseFeatures.can_introspect_autofield. 2020-06-04 08:27:46 +02:00
David Smith dbdc192ca3 Preferred usage of among/while to amongst/whilst. 2020-06-03 21:02:48 +02:00
Dan Palmer 2c82414914 Fixed CVE-2020-13254 -- Enforced cache key validation in memcached backends. 2020-06-03 09:24:26 +02:00
René Fleschenberg 578b3046e3 Reverted "Refs #23919 -- Removed obsolete __init__.py files in management command directories."
This reverts commit ccc25bfe4f.

https://groups.google.com/d/topic/django-developers/GVHMH2ciAnk/discussion
2020-06-01 10:55:41 +02:00
Mariusz Felisiak d94a9aa055
Refs #31040, Refs #31224 -- Prevented cycles in exceptions chain.
Async exception handling was raising an exception that was creating a
cycle in the exception chain (by re-raising an exception in
sync_to_async that was already being handled).

Thanks Chris Jerdonek for detailed analysis.
2020-05-28 13:05:15 +02:00
Claude Paroz adf58311b8 Fixed #29078 -- Made serializers respect prefetch_related() for m2m fields. 2020-05-25 10:45:16 +02:00
Hasan Ramezani c60524c658 Fixed #31546 -- Allowed specifying list of tags in Command.requires_system_checks. 2020-05-21 12:34:54 +02:00
wtkm11 9756c33429 Fixed #31504 -- Allowed calling makemigrations without an active database connection. 2020-05-19 10:24:23 +02:00
Paolo Melchiorre 0e3b0da2e3 Fixed #31552 -- Added support for LZMA and XZ fixtures to loaddata. 2020-05-15 11:30:28 +02:00
François Freitag 7cd88b3fec
Updated logging calls to use arguments instead of string interpolation. 2020-05-13 09:12:18 +02:00
Mariusz Felisiak 0668164b4a
Fixed E128, E741 flake8 warnings. 2020-05-12 08:52:23 +02:00
Jon Dufresne d6aff369ad Refs #30116 -- Simplified regex match group access with Match.__getitem__().
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
2020-05-11 12:01:28 +02:00
Yash Saini ccb1cfb64e Fixed #31548 -- Fixed URLValidator crash on non-strings. 2020-05-08 20:53:05 +02:00
Mariusz Felisiak b23e3a1caa Refs #27661 -- Added Tags.staticfiles.
Follow up to 0ec4dc91e0.
2020-05-08 11:38:18 +02:00
Carlton Gibson 92507bf3ea Fixed #31515 -- Made ASGIHandler dispatch lifecycle signals with thread sensitive. 2020-05-06 09:42:02 +02:00
Nick Pope 8f10ceaa90 Changed `'%s' % value` pattern to `str(value)`. 2020-05-04 08:27:18 +02:00