b8759093d8
Removed DatabaseFeatures.validates_explain_options.
...
Always True since 6723a26e59
2022-04-11 12:58:01 +02:00
6723a26e59
Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL.
2022-04-11 08:59:58 +02:00
93cae5cb2f
Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
...
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
2022-04-11 08:59:33 +02:00
62739b6e26
Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes.
...
Regression in 68357b2ca9
2022-04-11 07:37:30 +02:00
0b31e02487
Fixed #33618 -- Fixed MTI updates outside of primary key chain.
2022-04-07 07:54:56 +02:00
9ffd4eae2c
Fixed #33611 -- Allowed View subclasses to define async method handlers.
2022-04-07 07:05:59 +02:00
65effbdb10
Fixed #33471 -- Made AlterField operation a noop when changing "choices".
...
This also allows customizing attributes of fields that don't affect
a column definition.
2022-04-06 13:05:57 +02:00
6991880109
Refs #31617 -- Added an id for helptext in admin forms.
2022-04-06 12:42:43 +02:00
50e1e7ef8e
Fixed #33348 -- Changed SimpleTestCase.assertFormError()/assertFormsetErrors() to take form/formset.
...
Instead of taking a response object and a context name for
the form/formset, the two methods now take the object directly.
2022-04-06 07:58:52 +02:00
2d5215c675
Fixed #33605 -- Fixed migration crash when altering RegexValidator to pre-compiled regular expression.
2022-04-04 07:38:15 +02:00
13a9cde133
Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD when using Meta.constraints.
2022-04-01 11:39:41 +02:00
40b8a6174f
Fixed #33397 -- Corrected resolving output_field for DateField/DateTimeField/TimeField/DurationFields.
...
This includes refactoring of CombinedExpression._resolve_output_field()
so it no longer uses the behavior inherited from Expression of guessing
same output type if argument types match, and instead we explicitly
define the output type of all supported operations.
This also makes nonsensical operations involving dates
(e.g. date + date) raise a FieldError, and adds support for
automatically inferring output_field for cases such as:
* date - date
* date + duration
* date - duration
* time + duration
* time - time
2022-03-31 11:05:23 +02:00
1efea11808
Refs #33397 -- Added register_combinable_fields().
2022-03-31 11:02:46 +02:00
d7eb500338
Removed unnecessary Query.get_loaded_field_names_cb() and Query.deferred_to_data()'s callback argument.
2022-03-31 10:54:59 +02:00
0a3c6fe6b2
Refs #24020 -- Removed redundant Query.get_loaded_field_names().
...
get_loaded_field_names() is no longer called in multiple places
(see 0c7633178f
2022-03-31 10:54:59 +02:00
0db0a25d84
Updated select_related_descend() comment.
...
Outdated since 0c7633178f
2022-03-31 08:50:25 +02:00
c8459708a7
Refs #32339 -- Added use_fieldset to Widget.
2022-03-30 16:28:14 +02:00
fac662f479
Fixed #33598 -- Reverted "Removed unnecessary reuse_with_filtered_relation argument from Query methods."
...
Thanks lind-marcus for the report.
This reverts commit 0c71e0f9cf0c71e0f9cf
2022-03-30 07:31:56 +02:00
59ab3fd0e9
Refs #32365 -- Deprecated django.utils.timezone.utc.
2022-03-29 14:47:44 +02:00
baf9604ed8
Fixed #16406 -- Added ResolveMatch.captured_kwargs and extra_kwargs.
...
Thanks Florian Apolloner for the review and implementation idea.
2022-03-29 10:27:40 +02:00
83c803f161
Updated Oracle docs links to Oracle 21c.
2022-03-29 09:41:57 +02:00
eb07b5be0c
Fixed #15619 -- Deprecated log out via GET requests.
...
Thanks Florian Apolloner for the implementation idea.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
2bee0b4328
Fixed #7497 -- Allowed overriding the order of apps and models in admin.
2022-03-25 10:33:44 +01:00
94d8ed55fa
Refs #15619 -- Logged out with POST requests in admin.
2022-03-24 17:41:53 +01:00
bb61f0186d
Refs #32365 -- Removed internal uses of utils.timezone.utc alias.
...
Remaining test case ensures that uses of the alias are mapped
canonically by the migration writer.
2022-03-24 06:29:50 +01:00
1cf60ce601
Fixed #33569 -- Added SECURE_PROXY_SSL_HEADER support for list of protocols in the header value.
2022-03-23 19:33:36 +01:00
d46e158ee2
Refs #32365 -- Made migration writer use datetime.timezone.utc.
2022-03-23 12:43:43 +01:00
7325d29152
Refs #30581 -- Fixed DatabaseFeatures.bare_select_suffix on MySQL < 8 and MariaDB < 10.4.
2022-03-22 09:45:59 +01:00
561761c660
Fixed #33592 -- Fixed "View on Site" links in custom admin site.
2022-03-21 10:07:32 +01:00
4b8e4f5060
Fixed #33582 -- Fixed deserializing natural keys with foreing key dependencies in a multiple database setup.
2022-03-18 20:57:08 +01:00
ba298a32b3
Refs #31169 -- Prevented infinite loop in parallel tests with custom test runner when using spawn.
...
Regression in 3b3f38b3b0
2022-03-17 10:20:13 +01:00
4f92cf87b0
Prevented initialization of unused database connections.
2022-03-17 07:40:57 +01:00
13378ad952
Moved ensure_defaults() and prepare_test_settings() logic to ConnectionHandler.configure_settings().
2022-03-17 07:36:34 +01:00
58ad9a99a7
Removed usage of django.db.utils.ConnectionHandler.databases.
2022-03-17 07:36:34 +01:00
4bd494db42
Made BaseConstraint importable from django.db.models.
2022-03-16 16:21:10 +01:00
5f9ad17201
Fixed #33580 -- Fixed crash when checking support for terminal colors on Wine.
...
Regression in f1585c54d0
2022-03-16 16:16:10 +01:00
1ea7e3157d
Used sets for field names for exclusion.
...
They are used only for containment checks.
2022-03-16 11:05:09 +01:00
bf524d229f
Refs #30581 -- Allowed sql.Query to be used without model.
2022-03-16 09:33:16 +01:00
970f5bf503
Fixed #33577 -- Confirmed support for GDAL 3.4.
2022-03-16 09:07:01 +01:00
3b3f38b3b0
Fixed #31169 -- Adapted the parallel test runner to use spawn.
...
Co-authored-by: Valz <ahmadahussein0@gmail.com>
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
2022-03-15 16:23:55 +01:00
3eaba13a47
Removed unnecessary _connector from Q construction in get_for_models().
...
Q._connector defaults to Q.AND.
Follow up to 859a87d873
2022-03-15 16:13:28 +01:00
be80aa55ec
Removed outdated handling of length parameter to If-Modified-Since header.
...
The length parameter is not described in RFC-7232 and it's against
HTTP/1.0 and HTTP/1.1 specifications. It was an old and unofficial
extension set by some ancient versions of IE.
2022-03-15 13:07:44 +01:00
a88fab1bca
Fixed #33552 -- Fixed JSONField has key lookups with numeric keys on MariaDB, MySQL, Oracle, and SQLite.
2022-03-15 06:37:35 +01:00
859a87d873
Fixed #31357 -- Fixed get_for_models() crash for stale content types when model with the same name exists in another app.
2022-03-14 12:52:26 +01:00
8f7cda0831
Fixed #33572 -- Implemented CreateModel/AlterModelManagers reduction.
2022-03-11 07:03:51 +01:00
71017a68a6
Fixed #33571 -- Fixed static serving views crash when If-Modified-Since is empty.
...
Regression in d6aff369ad
2022-03-11 06:19:01 +01:00
d90e34c61b
Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend.
2022-03-10 12:57:19 +01:00
93803a1b5f
Fixed #33567 -- Avoided setting default text/html content type on responses.
2022-03-09 14:50:52 +01:00
a8c15481f4
Rewrote some references to "master".
...
Following d9a266d657
2022-03-08 14:50:06 +01:00
d4fd31684a
Refs #33173 -- Used locale.getlocale() instead of getdefaultlocale().
...
locale.getdefaultlocale() was deprecated in Python 3.11, see
https://bugs.python.org/issue46659 .
2022-03-08 13:17:05 +01:00
Mariusz Felisiak
Manel Clos
Simon Charette
Carlton Gibson
sarahboyce
David Smith
Baptiste Mispelon
Brian Helba
Lucidiot
Luke Plant
Alokik Vijay
René Fleschenberg
adontz
Thomas Schmidt
Gagaro
Stefan Wehrmeyer
François Granade
Florian Apolloner
jochemfranken
Sage Abdullah
Biel Frontera
Adam Johnson
Collin Anderson
Adrian Torres
Claude Paroz