Commit Graph

5363 Commits

Author SHA1 Message Date
adamb70 4c6ab1f2aa Fixed #28528 -- Allowed combining SearchVectors with different configs. 2020-02-06 07:52:50 +01:00
Nick Pope 335c9c94ac Simplified imports from django.db and django.contrib.gis.db. 2020-02-04 13:20:06 +01:00
Florian Apolloner 75daea2fc2 Refs #27604 -- Fixed loading of legacy cookie hashes when CookieStorage.key_salt is changed.
This partially reverts bcc9fa2528 to
not break legacy hashes when key_salt is actually changed.
2020-02-04 09:06:55 +01:00
Claude Paroz 8ae84156d6 Fixed #27604 -- Used the cookie signer to sign message cookies.
Co-authored-by: Craig Anderson <craiga@craiga.id.au>
2020-02-04 08:05:02 +01:00
Claude Paroz bcc9fa2528 Refs #27604 -- Added CookieStorage.key_salt to allow customization. 2020-02-04 08:05:02 +01:00
Simon Charette eb31d84532 Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter. 2020-02-03 08:49:13 +01:00
Claude Paroz 5dabb6002e Updated translations from Transifex.
Forwardport of ca4f87027e from stable/3.0.x
2020-01-31 20:59:10 +01:00
Claude Paroz e7d62e97eb
Refs #22426 -- Removed pre-Django 1.5 messages compatibility code and test.
This reverts commit f286721f7f.
2020-01-31 11:11:24 +01:00
Mariusz Felisiak b7a3a6c9ef
Used model's Options.label/label_lower where applicable. 2020-01-29 12:09:20 +01:00
Hannes Ljungberg a69b6e006b Fixed #31211 -- Added SearchConfig expression.
Thanks Simon Charette for the review.
2020-01-29 08:12:10 +01:00
Hasan Ramezani 2633c5341e Fixed #22261 -- Fixed resolving namespaced URLs for flatpages. 2020-01-28 13:14:23 +01:00
Hannes Ljungberg 7edd06a9cf Improved SearchVectorCombinable and SearchQueryCombinable error messages. 2020-01-27 15:09:47 +01:00
Hasan Ramezani 5d654e1e71 Refs #27888 -- Removed redundant {% if %} in admin changelist filters. 2020-01-24 20:31:09 +01:00
Hasan Ramezani b94764e178 Fixed #27888 -- Added link to clear all filters in the admin changelist view. 2020-01-23 14:14:54 +01:00
Michael Mulholland 5a68a223c7 Fixed #31200 -- Added system checks for permissions codenames max length. 2020-01-23 12:22:59 +01:00
Sergey Fedoseev 486a8dae2d Removed unused **kwargs from GEOSFuncFactory.__call__(). 2020-01-22 15:40:39 +05:00
Sergey Fedoseev 7b77505bc9 Removed unused *args and **kwargs from GEOSFuncFactory.__init__().
Follow-up to ff17ef1ada.
2020-01-22 15:19:34 +05:00
Sergey Fedoseev a905891159 Removed unneeded int() call in GEOSCoordSeq.__len__(). 2020-01-22 14:25:32 +05:00
Eugene Hatsko 0b013564ef Fixed #31190 -- Fixed prefetch_related() crash for GenericForeignKey with custom ContentType foreign key.
Regression in dffa3e1992.
2020-01-22 07:54:16 +01:00
Sergey Fedoseev b753e0e750 Removed unused GEOSFuncFactory subclasses.
Unused since 2d18c60fbb.
2020-01-21 22:54:22 +01:00
Sergey Fedoseev f2a725fba3 Fixed #30274 -- Prevented segmentation fault on LineString iteration.
This reverts commit 138a78ec8c and adds
a test for the regression.
2020-01-21 21:46:47 +01:00
Sergey Fedoseev a920c0b852 Fixed #31142 -- Fixed MakeValid.output_field when geometry type is changed.
Regression in 2ef4b4795e.
2020-01-20 08:59:45 +01:00
Daniel Hahler 68e018010b Optimized ModelAdmin._changeform_view() by avoiding multiple get_fieldsets() calls.
Co-authored-by: Hasan Ramezani <hasan.r67@gmail.com>
2020-01-17 16:00:04 +01:00
Mariusz Felisiak 266c853e10
Fixed #31162 -- Prevented error logs when using WKT strings in lookups.
Thanks dbxnr for the initial patch.

Regression in 6f44f714c9.
2020-01-16 14:34:54 +01:00
Owen T. Heisler 77d335e5ab Fixed #31160 -- Fixed admin CSS for ordered lists' descendants in unordered list. 2020-01-13 09:13:33 +01:00
Adam Donaghy 8b3e714ecf Fixed #30980 -- Improved error message when checking uniqueness of admin actions' __name__.
Thanks Keshav Kumar for the initial patch.
2020-01-10 14:00:28 +01:00
Federico Jaramillo Martínez 372eaa395f Fixed #28991 -- Added EmptyFieldListFilter class in admin.filters.
Thanks Simon Charette and Carlton Gibson for reviews.

Co-Authored-By: Jonas Haag <jonas@lophus.org>
Co-Authored-By: Christophe Baldy <christophe.baldy@polyconseil.fr>
2020-01-03 07:58:04 +01:00
David Wobrock 2f565f84ac Fixed #31097 -- Fixed crash of ArrayAgg and StringAgg with filter when used in Subquery. 2019-12-31 10:35:43 +01:00
Sjbrgsn b2bd08bb7a Fixed #30892 -- Fixed slugify() and admin's URLify.js for "İ".
Thanks Luis Nell for the implementation idea and very detailed report.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-12-30 20:47:22 +01:00
Farhaan Bukhsh cf5d4701dc Fixed #30819 -- Fixed year determination in admin calendar widget for two-digit years.
Two-digit years in the range of [00, 68] are in the current century,
while [69,99] are in the previous century, according to the Open Group
Specification.
2019-12-30 13:06:29 +01:00
Mike Hansen 35d36d9462 Refs #30585 -- Updated project templates and tests to use (block)translate tags. 2019-12-18 13:15:38 +01:00
Simon Charette 5b1fbcef7a Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
Co-Authored-By: Florian Apolloner <florian@apolloner.eu>
2019-12-18 09:11:39 +01:00
James Turk ff00a05347 Fixed #31088 -- Added support for websearch searching in SearchQuery. 2019-12-16 14:59:59 +01:00
Jon Dufresne e703b93a65 Fixed #31080 -- Removed redundant type="text/javascript" attribute from <script> tags. 2019-12-11 09:49:54 +01:00
Baptiste Mispelon 3df3c5e670 Fixed #26480 -- Fixed crash of contrib.auth.authenticate() on decorated authenticate() methods of authentication backends.
The Signature API (PEP 362) has better support for decorated functions
(by default, it follows the __wrapped__ attribute set by
functools.wraps for example).
2019-12-10 09:36:30 +01:00
Hasan Ramezani 5d674eac87 Fixed #31039 -- Added support for contained_by lookup with AutoFields, SmallIntegerField, and DecimalField. 2019-12-05 15:50:39 +01:00
Hasan Ramezani 664521c56a Refs #31039 -- Removed unnecessary registration of contained_by lookup for BigIntegerField.
It's already registered for IntegerField.
2019-12-05 15:02:18 +01:00
Jon Dufresne 65285d1e7d Refs #29892 -- Made Selenium tests wait for popups to be ready. 2019-12-02 15:06:36 +01:00
Carlton Gibson 6376278a90 Updated contrib translations from Transifex.
Forward port of 4afa0e5d2a from stable/3.0.x
2019-12-02 11:25:23 +01:00
Carlton Gibson 11c5e0609b Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin.
Thank you to Shen Ying for reporting this issue.
2019-12-02 08:56:08 +01:00
Baptiste Mispelon f47ba7e780 Fixed #30255 -- Fixed admindocs errors when rendering docstrings without leading newlines.
Used inspect.cleandoc() which implements PEP-257 instead of an internal
hook.
2019-11-29 12:47:42 +01:00
Mariusz Felisiak e8fcdaad5c Fixed #31021 -- Fixed proxy model permissions data migration crash with a multiple databases setup.
Regression in 98296f86b3.
2019-11-29 08:23:01 +01:00
Jon Dufresne 46a0edc3ba Fixed #31028 -- Used classList API to check, add and remove DOM classes.
Thanks to Claude Paroz for review.
2019-11-28 15:21:37 +01:00
Jon Dufresne c8bd37a860 Fixed #31042 -- Removed AdminSeleniumTestCase.get_css_value() in favor of Selenium .is_displayed().
All instances of AdminSeleniumTestCase.get_css_value() were used to
inspect the display property.
2019-11-28 15:10:13 +01:00
Johannes Hoppe 249a6190ae Fixed #30975 -- Replaced custom get_select_option with Selenium's select_by_value. 2019-11-27 16:34:07 +01:00
Johannes Hoppe 69dbb6b708 Fixed #30973 -- Converted selenium tests wait_page_loaded to context manager. 2019-11-27 14:36:26 +01:00
Jon Dufresne cab3661832 Fixed #31027 -- Replaced .getAttribute()/.setAttribute() usage with DOM properties. 2019-11-27 07:53:04 +01:00
Baptiste Mispelon 52936eface Fixed #31031 -- Fixed data loss in admin changelist view when formset's prefix contains regex special chars.
Regression in b18650a263.
2019-11-26 08:48:10 +01:00
Johannes Hoppe ef93fd4683 Fixed #31013 -- Removed jQuery usage in SelectBox.js. 2019-11-25 13:35:20 +01:00
Simon Charette 0290e01d5a Fixed #31002 -- Fixed GIS lookups crash against a subquery annotation.
Thanks Vasileios Bouzas for the report.
2019-11-25 12:30:33 +01:00
Sergey Fedoseev a5855c8f0f Fixed #30996 -- Added AsWKB and AsWKT GIS functions. 2019-11-22 13:40:48 +01:00
Jon Dufresne 62254c5202 Simplified TemplateDetailView with pathlib.Path.read_text(). 2019-11-21 15:14:03 +01:00
Simon Charette 306b687520 Refs #11964 -- Removed SimpleCol in favor of Query(alias_cols).
This prevent having to pass simple_col through multiple function calls
by defining whether or not references should be resolved with aliases
at the Query level.
2019-11-21 11:56:35 +01:00
Hasan Ramezani 0284a26af9 Fixed #30981 -- Fixed admin changelist crash when using F() or OrderBy() expressions in admin_order_field. 2019-11-19 15:40:04 +01:00
Daniel Izquierdo 89abecc75d Fixed #27272 -- Added an on_delete RESTRICT handler to allow cascading deletions while protecting direct ones. 2019-11-19 10:55:05 +01:00
Caio Ariede 555bebe774 Fixed #30987 -- Added models.PositiveBigIntegerField. 2019-11-19 09:34:11 +01:00
Jon Dufresne aa12cf07c9 Removed unnecessary numeric indexes in format strings. 2019-11-19 08:29:47 +01:00
Sergey Fedoseev f95b59a1b3 Fixed #30994 -- Added Oracle support for AsGeoJSON GIS function. 2019-11-18 15:32:44 +01:00
Jon Dufresne e649d691f8 Removed unnecessary parentheses in various code. 2019-11-18 15:25:59 +01:00
Dulmandakh 24b9f50823 Fixed #29916 -- Added lower_inc, lower_inf, upper_inc, and upper_inf lookups for RangeFields.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-11-14 22:27:29 +01:00
Mariusz Felisiak 6e99585c19 Fixed #30941 -- Reverted "Simplified AuthenticationMiddleware a bit."
This reverts commit 2f010795e6.
2019-11-13 16:33:25 +01:00
Hasan Ramezani 4cec3cc82a Fixed #30977 -- Optimized PasswordResetForm.save() a bit.
Moved site variables assignment outside of the loop.
2019-11-11 10:40:04 +01:00
Nick Pope 02983c5242 Fixed #30943 -- Added BloomIndex to django.contrib.postgres. 2019-11-07 11:23:53 +01:00
Jon Dufresne 77aa74cb70 Refs #29983 -- Added support for using pathlib.Path in all settings. 2019-11-07 10:26:22 +01:00
Mariusz Felisiak 4c45b627f8 Removed unused import of ACTION_CHECKBOX_NAME in django.contrib.admin.
Unused since e651b3095c.
2019-11-06 12:49:42 +01:00
Jon Dufresne edeec1247e Passed strict=True to Path.resolve() to enforce that the path must exist. 2019-11-05 14:22:20 +01:00
Hasan Ramezani 47379d027b Fixed #30095 -- Fixed system check for RangeField/ArrayField.choices with lists and tuples. 2019-11-05 11:48:44 +01:00
Jon Dufresne b9fe7f9294 Fixed #30947 -- Changed tuples to lists in model Meta options in django.contrib modules.
The Django "Model Meta options" docs provide examples and generally
point the reader to use lists for the unique_together and ordering
options. Follow our own advice for contrib models.

More generally, lists should be used for homogeneous sequences of
arbitrary lengths of which both unique_together and ordering are.
2019-11-05 08:16:31 +01:00
Jon Dufresne 607004f81a Simplified consecutive calls to pathlib.Path.parent. 2019-11-04 09:59:34 +01:00
Sergey Fedoseev 2f010795e6 Simplified AuthenticationMiddleware a bit.
SimpleLazyObject already caches value in _wrapped.
2019-10-29 13:20:13 +01:00
Erwin Junge a6cb8ec389 Fixed #30922 -- Fixed ModelAdmin.date_hierarchy queries with DST changes.
There was an issue where admin date_hierarchy didn't render last day of
a month in DST-switch month.
2019-10-29 11:21:03 +01:00
Hasan Ramezani e3d0b4d550 Fixed #30899 -- Lazily compiled import time regular expressions. 2019-10-29 09:22:26 +01:00
Pavel Dedik 711a7d4d50 Fixed #30907 -- Fixed SplitArrayField.has_changed() with removal of empty trailing values. 2019-10-28 10:32:34 +01:00
Pavel Dedik bcfbb71c63 Refs #30907 -- Added SplitArrayField._remove_trailing_nulls() hook. 2019-10-28 10:32:09 +01:00
Sergey Fedoseev 6bbf9a20e2 Fixed #29770 -- Added LinearRing.is_counterclockwise property. 2019-10-25 14:28:26 +02:00
Carlton Gibson 24e540fbd7 Fixed #29087 -- Added delete buttons for unsaved admin inlines on validation error. 2019-10-25 13:28:08 +02:00
Carlton Gibson 6ea3aadd17 Refs #29087 -- Refactored admin inlines.js.
Split logic into separate functions to clarify and allow reuse.
2019-10-25 13:28:08 +02:00
Sergey Fedoseev 0315c18fe1 Refs #26601 -- Removed obsolete workarounds for MIDDLEWARE_CLASSES setting. 2019-10-23 08:18:48 +02:00
Sergey Fedoseev 909c59f290 Fixed typo in XViewMiddleware.process_view() docstring. 2019-10-22 14:30:52 +02:00
Sergey Fedoseev af8dbbe0d5 Updated link to GEOS C API header. 2019-10-21 15:25:49 +02:00
Mariusz Felisiak 3a8af298b9 Fixed #30890 -- Added MariaDB support for the relate lookup. 2019-10-18 07:46:31 +02:00
sage 6f82df69ef Refs #12990 -- Moved CheckFieldDefaultMixin to the django.db.models.fields.mixins. 2019-10-17 12:30:29 +02:00
Louise Grandjonc 7d1bf29977 Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform.
Regression in 6c3dfba892.
2019-10-11 10:55:22 +02:00
Simon Charette 26c66f4519 Fixed #30856 -- Combined fast-delete queries by model during cascade deletion.
Reduced the number of queries required when performing cascade deletion
for a model referenced multiple time by another one by performing an
union of reference lookups.
2019-10-09 09:49:53 +02:00
ElizabethU 54ea290e5b Fixed #30651 -- Made __eq__() methods return NotImplemented for not implemented comparisons.
Changed __eq__ to return NotImplemented instead of False if compared to
an object of the same type, as is recommended by the Python data model
reference. Now these models can be compared to ANY (or other objects
with __eq__ overwritten) without returning False automatically.
2019-10-01 17:58:19 +02:00
pablo fa8fe09e4e Fixed #30802 -- Prevented manifest creation when running collectstatic in dry run mode. 2019-09-27 23:01:41 +02:00
Hasan Ramezani 226ebb1729 Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS. 2019-09-20 13:52:04 +02:00
Sam Reynolds 6c9778a58e Fixed #30776 -- Restored max length validation on AuthenticationForm.UsernameField.
Regression in 5ceaf14686.

Thanks gopackgo90 for the report and Mariusz Felisiak for tests.
2019-09-18 11:37:38 +02:00
Min ho Kim b1d6b35e14 Fixed #30725 -- Fixed width of DateTimeField inputs in admin tabular inline.
"width" of DateTimeField inputs in admin tabular inline wasn't set
correctly what caused displaying too small inputs with responsive CSS
when timezone warning wasn't present.
2019-09-17 14:30:33 +02:00
Nasir Hussain faf4b988fe Fixed #30758 -- Made RangeFields use multiple hidden inputs for initial data. 2019-09-17 12:08:49 +02:00
Hasan Ramezani b9db423d3c Fixed #29376 -- Allowed hiding "Save and Add Another" button in admin. 2019-09-16 11:37:09 +02:00
Simon Charette 6c3dfba892 Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.
This was a regression introduced by 7deeabc7c7
to address CVE-2019-14234.

Thanks Tim Kleinschmidt for the report and Mariusz for the tests.
2019-09-16 08:24:40 +02:00
Carlton Gibson b5db65c4fb Increased the default PBKDF2 iterations for Django 3.1. 2019-09-12 17:24:01 +02:00
Mads Jensen b616908ce1 Used Statement in PostGISSchemaEditor._create_index_sql(). 2019-09-11 07:51:31 +02:00
Mariusz Felisiak d17be88afd Refs #30037 -- Required the RemoteUserBackend.configure_user() to have request as the first positional argument.
Per deprecation timeline.
2019-09-10 12:01:00 +02:00
Mariusz Felisiak f1894bae30 Refs #28606 -- Removed CachedStaticFilesStorage per deprecation timeline. 2019-09-10 12:01:00 +02:00
Mariusz Felisiak 3d716467a9 Refs #29817 -- Removed settings.FILE_CHARSET per deprecation timeline. 2019-09-10 12:01:00 +02:00
Mariusz Felisiak b47bb4c4a7 Refs #29598 -- Removed FloatRangeField per deprecation timeline. 2019-09-10 12:01:00 +02:00
Claude Paroz 5495ea3ae0 Updated translation catalogs 2019-09-08 17:35:32 +02:00
Carlton Gibson 4f61810751 Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme(). 2019-09-02 15:32:23 +02:00
Nick Pope 999891bd80 Refs #29379 -- Moved autocomplete attribute to UsernameField.
Moving the autocomplete attribute into UsernameField allows this to work
for custom forms making use of UsernameField, removes some duplication
in the code, and keeps consistency with the autocapitalize attribute
that is already defined on UsernameField.
2019-09-02 10:50:56 +02:00
Alan Crosswell 03fa846c6a Fixed #30731 -- Fixed handling trailing groups in simplify_regex().
Previously simplify_regex() didn't handle trailing groups for regexp
without the end of string character ("$").
2019-08-30 12:43:39 +02:00
Berker Peksag 400ec5125e Fixed #18763 -- Added ModelBackend/UserManager.with_perm() methods.
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-29 19:32:12 +02:00
daniel a rios b5a5c92c72 Fixed #30066 -- Enabled super user creation without email and password 2019-08-29 12:49:16 +02:00
Jon Dufresne a44d80f88e Adjusted subprocess.run() calls to use arg list, rather than string.
The Python docs recommend passing a sequence to subprocess.run() when
possible. Doing so allows for automatic escaping and quoting of
arguments.

https://docs.python.org/3/library/subprocess.html#frequently-used-arguments

> args is required for all calls and should be a string, or a sequence
> of program arguments. Providing a sequence of arguments is generally
> preferred, as it allows the module to take care of any required
> escaping and quoting of arguments (e.g. to permit spaces in file
> names).

Also removed `shell=True` where unnecessary.
2019-08-28 10:19:30 +02:00
Federico Jaramillo Martínez 8f6860863e Fixed #30722 -- Added default rate-limiting requests to admin's Select2 widget. 2019-08-27 13:47:36 +02:00
Hasan Ramezani 03dbdfd9bb Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS. 2019-08-26 14:48:40 +02:00
Simon Charette bb9e82f274 Fixed #29955 -- Added support for distance expression to the dwithin lookup.
This was missed when adding support to other distance lookups in
refs #25499.

Thanks Peter Bex for the report and Mariusz for testcases.
2019-08-23 21:28:28 +02:00
Dulmandakh 06372a8d27 Fixed #30507 -- Updated admin's jQuery to 3.4.1. 2019-08-23 11:00:16 +02:00
Claude Paroz 9386586f31 Replaced subprocess commands by run() wherever possible. 2019-08-23 10:53:36 +02:00
Mariusz Felisiak 521308e575 Fixed #30715 -- Fixed crash of ArrayField lookups on ArrayAgg annotations over AutoField. 2019-08-23 10:43:08 +02:00
Mariusz Felisiak b1f669406f Reduced code duplication in ArrayField's lookups. 2019-08-23 10:43:08 +02:00
Carlton Gibson 5b4c6b58a0
Fixed #30064 -- Added form to validate admin search fields query input. 2019-08-22 14:09:49 +02:00
Nasir Hussain 6b16c91157 Fixed #30712 -- Allowed BLOB/TEXT defaults on MySQL 8.0.13+. 2019-08-22 12:23:10 +02:00
Mads Jensen 85ac838d9e Fixed #21039 -- Added AddIndexConcurrently/RemoveIndexConcurrently operations for PostgreSQL.
Thanks to Simon Charettes for review.

Co-Authored-By: Daniel Tao <daniel.tao@gmail.com>
2019-08-21 13:10:06 +02:00
Adam Johnson 7da6a28a44 Fixed #27676 -- Allowed BLOB/TEXT defaults on MariaDB 10.2.1+. 2019-08-16 11:39:37 +02:00
zeyneloz 8289fc55ff Refs #30449 -- Made RelatedOnlyFieldListFilter respect ModelAdmin.ordering. 2019-08-15 10:29:10 +02:00
Mariusz Felisiak 1f8382d34d
Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params.
Regression in 4f5b58f5cd.

Thanks Florian Apolloner for the report and helping with tests.
2019-08-14 15:25:35 +02:00
Claude Paroz eed2e740f7 Fixed #30461 -- Made GeoIP2 and GEOIP_PATH setting accept pathlib.Path as library path.
Thanks Nikita Krokosh for the initial patch.
2019-08-13 19:44:10 +02:00
Mariusz Felisiak c19ad2da4b
Fixed #30704 -- Fixed crash of JSONField nested key and index transforms on expressions with params.
Thanks Florian Apolloner for the report and helping with tests.
2019-08-13 08:42:17 +02:00
Simon Charette fff5186d32 Refs #25367 -- Moved select_format hook to BaseExpression.
This will expose an intermediary hook for expressions that need special
formatting when used in a SELECT clause.
2019-08-13 06:48:14 +02:00
Jon Dufresne 5b57798513 Removed unnecessary StatAggregate.resolve_expression().
This method only calls the parent method, but without the for_save
argument. The parent class, Aggregate, already ignores the for_save
argument so there is no need for special handling.

Unnecessary since its introduction in e4cf8c8420.
2019-08-08 22:34:25 +02:00
Min ho Kim 65e86948b8 Corrected several typos in string literals and test names. 2019-08-07 11:23:14 +02:00
Mariusz Felisiak 05964b2198 Moved indexes in ArrayField's Index and Slice transforms to SQL params.
Follow up to 7deeabc7c7.

These lookups aren't vulnerable to SQL injection because both accept
only integer indexes. It is a part of good practices.
2019-08-05 14:16:35 +02:00
Nick Pope 194d1dfc18 Fixed #30661 -- Added models.SmallAutoField. 2019-08-02 11:39:01 +02:00
zeyneloz 955b382600 Fixed #30599 -- Prevented ManifestFilesMixin.read_manifest() from silencing errors other than FileNotFoundError. 2019-08-02 08:35:28 +02:00
Mariusz Felisiak 7deeabc7c7 Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-08-01 09:24:54 +02:00
Claude Paroz 3c6d32e0b2 Fixed #30552 -- Fixed loss of SRID when calling reverse() on LineString/Point.
Thanks Mariusz Felisiak for contributing the Point part.
2019-07-27 20:12:46 +02:00
Jon Dufresne 93ffa81bc5 Refs #30657 -- Made DeferredAttribute.__init__() to take a field instance instead of a field name. 2019-07-25 07:24:52 +02:00
Min ho Kim 9f11939dd1 Fixed typos in comments and a test name. 2019-07-19 18:24:06 +02:00
Mads Jensen a3417282ac Fixed #29824 -- Added support for database exclusion constraints on PostgreSQL.
Thanks to Nick Pope and Mariusz Felisiak for review.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-07-16 18:04:41 +02:00
Mads Jensen 7174cf0b00 Refs #29824 -- Added RangeOperators helper class. 2019-07-16 16:57:46 +02:00
Mariusz Felisiak 858cfd74e9
Simplified RangeContainedBy by making it subclass PostgresSimpleLookup. 2019-07-13 10:55:19 +02:00
Mariusz Felisiak 70c2b90d95
Simplified DateTimeRangeContains by making it subclass PostgresSimpleLookup. 2019-07-12 17:27:49 +02:00
Johannes Hoppe 00d4e6f8b5 Updated Select2 to version 4.0.7. 2019-07-10 12:31:16 +02:00
Hasan Ramezani ed668796f6 Fixed #30543 -- Fixed checks of ModelAdmin.list_display for fields accessible only via instance.
Co-Authored-By: Andrew Simons <andrewsimons@bubblegroup.com>
2019-07-10 10:37:34 +02:00
Mariusz Felisiak 7991111af1
Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type.
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson the review.

Regression in 6b048b364c.
2019-07-10 10:33:36 +02:00
Chason Chaffin c238e65e29 Fixed #30596 -- Fixed SplitArrayField.has_changed() for non-string base fields.
Thanks to Evgeniy Krysanov for the report and the idea to use to_python.
Thanks to Mariusz Felisiak for the test case.
2019-07-03 13:35:51 +02:00
Hasan Ramezani a5308514fb Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields. 2019-07-02 12:55:09 +02:00
Min ho Kim fbb83fefd4 Fixed typos in comments and docs. 2019-07-02 09:36:17 +02:00
Claude Paroz d54baf6970 Updated translations from Transifex
Forward port of b3f7262e6e from stable/2.2.x
2019-06-29 16:17:16 +02:00
Jon Dufresne 42b9a23267 Fixed #30400 -- Improved typography of user facing strings.
Thanks Claude Paroz for assistance with translations.
2019-06-28 16:46:18 +02:00
Markus Holtermann ad7b438002 Bumped minimum ESLint version to 4.18.2. 2019-06-21 17:57:35 +02:00
Andrew Godwin a415ce70be Fixed #30451 -- Added ASGI handler and coroutine-safety.
This adds an ASGI handler, asgi.py file for the default project layout,
a few async utilities and adds async-safety to many parts of Django.
2019-06-20 12:29:43 +02:00
Sanyam Khurana 87f5d07eed Fixed #12952 -- Adjusted admin log change messages to use form labels instead of field names. 2019-06-14 18:20:29 +02:00
Mariusz Felisiak b616f65855
Added missing support for PointOnSurface function on MariaDB. 2019-06-12 10:51:43 +02:00
Jon Dufresne 9e38ed0536 Fixed #27486 -- Fixed Python 3.7 DeprecationWarning in intword and filesizeformat filters.
intword and filesizeformat passed floats to ngettext() which is
deprecated in Python 3.7. The rationale for this warning is documented
in BPO-28692: https://bugs.python.org/issue28692.

For filesizeformat, the filesize value is expected to be an int -- it
fills %d string formatting placeholders. It was likely coerced to a
float to ensure floating point division on Python 2. Python 3 always
does floating point division, so coerce to an int instead of a float to
fix the warning.

For intword, the number may contain a decimal component. In English, a
decimal component makes the noun plural. A helper function,
round_away_from_one(), was added to convert the float to an integer that
is appropriate for ngettext().
2019-06-11 20:34:59 +02:00
Aymeric Augustin 3ee0834a46 Fixed #30556 -- Avoided useless query and hasher call in ModelBackend.authenticate() when credentials aren't provided.
There's no need to fetch a user instance from the database unless
a username and a password are provided as credentials.
2019-06-10 11:12:31 +02:00
Hasan Ramezani dcb8f00d06 Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields.
Thank you to Nick Pope for review.

Co-authored-by: CHI Cheng <cloudream@gmail.com>
2019-06-07 12:44:39 +02:00
Hasan Ramezani 661e6cc2c9 Fixed #29706 -- Made RenameContentType._rename() save to the correct database. 2019-06-06 12:09:01 +02:00