Mariusz Felisiak
fc18f36c4a
Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
...
Thanks Alan Ryan for the report and initial patch.
2022-02-01 07:41:40 +01:00
Markus Holtermann
394517f078
Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.
...
Thanks Keryn Knight for the report.
Co-authored-by: Adam Johnson <me@adamj.eu>
2022-02-01 07:40:51 +01:00
Kirill Safronov
97a7274468
Fixed #33480 -- Fixed makemigrations crash when renaming field of renamed model.
...
Regression in aa4acc164d
.
2022-02-01 07:01:41 +01:00
Mariusz Felisiak
71e7c8e737
Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on aggregates with default.
...
Thanks Adam Johnson for the report.
2022-01-31 11:33:24 +01:00
Claude Paroz
beb7ddbcee
Updated translations from Transifex.
...
Updated Bulgarian, Czech, German, Uzbek, and Vietnamese translations.
Forwardport of 7a1c6533eb
from stable/4.0.x.
2022-01-29 19:01:15 +01:00
Keryn Knight
55022f75c1
Fixed #33465 -- Added empty __slots__ to SafeString and SafeData.
...
Despite inheriting from the str type, every SafeString instance gains
an empty __dict__ due to the normal, expected behaviour of type
subclassing in Python.
Adding __slots__ to SafeData is necessary, because otherwise inheriting
from that (as SafeString does) will give it a __dict__ and negate the
benefit added by modifying SafeString.
2022-01-29 13:50:34 +01:00
Mariusz Felisiak
67db54a5a7
Fixed #33452 -- Fixed admin change-form layout for submit buttons on mid-sized displays.
...
Thanks David Smith for reviews.
2022-01-29 11:59:08 +01:00
Keryn Knight
c5c7a15b09
Fixed #33461 -- Escaped template errors in the technical 500 debug page.
2022-01-28 07:07:12 +01:00
vgolubev
e87f57fdb8
Fixed #26142 -- Allowed model formsets to prevent new object creation.
...
Thanks Jacob Walls, David Smith, and Mariusz Felisiak for reviews.
Co-authored-by: parth <parthvin@gmail.com>
2022-01-27 20:45:21 +01:00
Jörg Breitbart
0af9a5fc7d
Fixed #33463 -- Fixed QuerySet.bulk_update() with F() expressions.
2022-01-27 19:03:26 +01:00
Mariusz Felisiak
e972620ada
Fixed #33462 -- Fixed migration crash when altering type of primary key with MTI and foreign key.
...
This prevents duplicated operations when altering type of primary key
with MTI and foreign key. Previously, a foreign key to the base model
was added twice, once directly and once by the inheritance model.
Thanks bcail for the report.
Regression in 325d7710ce
.
2022-01-27 18:51:39 +01:00
Mariusz Felisiak
2eed554c3f
Fixed wrapping of long messages in the admin.
2022-01-26 21:14:13 +01:00
Carlton Gibson
85f2a9fb0f
Fixed #33407 -- Fixed .radiolist admin CSS.
...
Regression in 5942ab5eb1
.
2022-01-26 09:26:48 +01:00
Ian Foote
a93a1ba347
Fixed broken link to cx_Oracle docs.
2022-01-25 20:14:24 +01:00
Collin Anderson
890bfa368c
Refs #20349 -- Avoided loading testing libraries when not needed.
2022-01-25 11:41:01 +01:00
Jacob Walls
edbf930287
Fixed #29984 -- Added QuerySet.iterator() support for prefetching related objects.
...
Co-authored-by: Raphael Kimmig <raphael.kimmig@ampad.de>
Co-authored-by: Simon Charette <charette.s@gmail.com>
2022-01-25 06:12:04 +01:00
Keryn Knight
c27932ec93
Fixed #33460 -- Used VALUES clause for insert in bulk on SQLite.
...
SQLite 3.7.11 introduced the ability to use multiple values directly.
SQLite 3.8.8 made multiple values not subject to the
SQLITE_LIMIT_COMPOUND_SELECT (500).
2022-01-24 20:51:32 +01:00
Mariusz Felisiak
4ac0bf6acd
Fixed wrapping of long values in technical 500 debug page.
...
Follow up to d5f2d5d604
.
2022-01-24 11:54:41 +01:00
Hrushikesh Vaidya
89d137f3be
Fixed #33457 -- Fixed "Local vars" scrolling in technical 500 debug page.
...
Thanks Keryn Knight for the report and the initial patch.
2022-01-24 07:42:52 +01:00
Timothy McCurrach
efb4478e48
Fixed #33458 -- Fixed encoding of messages with empty string as extra_tags.
2022-01-24 07:05:53 +01:00
Claude Paroz
7c4f396509
Stopped including type="text/css" attributes for CSS link tags.
2022-01-22 16:38:14 +01:00
Jacob Walls
2d8232fa71
Fixed #26760 -- Added --prune option to migrate command.
2022-01-21 17:10:31 +01:00
Fabian Büchler
eeff1787b0
Fixed #33449 -- Fixed makemigrations crash on models without Meta.order_with_respect_to but with _order field.
...
Regression in aa4acc164d
.
2022-01-21 06:44:53 +01:00
Mariusz Felisiak
f605e85af9
Fixed #33453 -- Dropped support for GDAL 2.1.
2022-01-20 18:54:29 +01:00
Hrushikesh Vaidya
3fadf141e6
Fixed #33062 -- Made MultiPartParser remove non-printable chars from file names.
2022-01-20 07:19:52 +01:00
sean_c_hsu
0f6946495a
Fixed #31685 -- Added support for updating conflicts to QuerySet.bulk_create().
...
Thanks Florian Apolloner, Chris Jerdonek, Hannes Ljungberg, Nick Pope,
and Mariusz Felisiak for reviews.
2022-01-19 20:17:42 +01:00
Moritz Duchêne
ba9de2e74e
Updated GEOS/GDAL links in docs and comments.
2022-01-19 19:06:12 +01:00
Adam Johnson
dc8bb35e39
Fixed #33446 -- Added CSS source map support to ManifestStaticFilesStorage.
2022-01-18 12:53:14 +01:00
Nick Pope
fac26684fd
Removed unused buf_size argument to LimitedStream().
...
Unused since its introduction in 269e921756
.
2022-01-18 05:55:14 +01:00
Mariusz Felisiak
30a0144134
Fixed #29338 -- Allowed using combined queryset in Subquery.
...
Thanks Eugene Kovalev for the initial patch, Simon Charette for the
review, and Chetan Khanna for help.
2022-01-17 18:01:07 +01:00
My-Name-Is-Nabil
f37face331
Fixed #33435 -- Fixed invalid SQL generatered by Subquery.as_sql().
2022-01-17 09:00:46 +01:00
Ayush Joshi
0a17666045
Fixed #28135 -- Made simplify_regex() handle non-capturing groups.
2022-01-14 11:01:02 +01:00
Adam Johnson
fdfa97fb16
Fixed #33441 -- Restored immutability of models.Field.__hash__().
...
Regression in 502e75f9ed
.
2022-01-14 07:00:48 +01:00
Ayush Joshi
827bc07047
Refs #28135 -- Refactored out _find_groups()/_get_group_start_end() hooks in admindocs.
2022-01-13 16:33:19 +01:00
Adam Johnson
45a42aabfa
Fixed #29708 -- Deprecated PickleSerializer.
2022-01-13 13:50:20 +01:00
Adam Johnson
c920387fab
Optimized SessionBase.get_expire_at_browser_close().
2022-01-13 13:05:46 +01:00
Adam Johnson
436862787c
Refs #29708 -- Made SessionBase store expiry as string.
2022-01-13 13:05:42 +01:00
Adam Johnson
c6cb5a0277
Refs #29708 -- Stopped inheriting from PickleSerializer by RedisSerializer.
2022-01-13 12:28:06 +01:00
Adam Johnson
08d8bccbf1
Improved Model.__init__() properties loop.
...
This improves readability, accumulates unrecognized arguments raise an
exception with all of them, and avoids refetching the values.
2022-01-13 11:09:37 +01:00
Mariusz Felisiak
0a4a5e5bac
Refs #32681 -- Fixed VariableDoesNotExist when rendering some admin template.
...
Regression in 84609b3205
.
Follow up to 4e5bbb6ef2
.
Thanks Sourav Kumar for the report.
2022-01-13 10:10:48 +01:00
Hrushikesh Vaidya
6815da6e94
Fixed #33396 -- Added view name to technical 500 debug page.
2022-01-13 07:02:41 +01:00
Hrushikesh Vaidya
4099e6e737
Refs #33396 -- Added django.views.debug.get_caller() hook.
2022-01-13 06:50:06 +01:00
Adam Johnson
90cf963264
Changed django.utils.log.log_response() to take exception instance.
...
There's little point retrieving a fresh reference to the exception in
the legacy tuple format, when it's all available via the exception
instance we already have.
2022-01-12 20:23:42 +01:00
Hrushikesh Vaidya
d05ab13c56
Refs #33426 -- Simplified technical_404_response() with ResolverMatch._func_path.
2022-01-12 15:56:59 +01:00
Adam Johnson
84e98ba194
Added exception to SuspiciousOperation logging.
...
This allows better debugging and filtering of errors.
2022-01-12 13:27:25 +01:00
Hrushikesh Vaidya
18a15bbc9c
Fixed #33433 -- Avoided unnecessary resolve() calls in technical_404_response().
...
Thanks Keryn Knight for the initial patch.
2022-01-12 08:23:38 +01:00
Jacob Walls
dc9deea8e8
Fixed #11715 -- Changed default value of ModelAdmin.actions/inlines to empty tuples.
...
This clarifies the intended pattern of overwriting the default value
rather than mutating it.
2022-01-11 12:22:49 +01:00
Mariusz Felisiak
b111b15c12
Refs #30141 -- Removed unused branch in parse_duration().
...
Unused since 99fc5dc13c
.
2022-01-11 11:09:08 +01:00
mgaligniana
fa235004dd
Fixed #13251 -- Made pre/post_delete signals dispatch the origin.
2022-01-11 08:06:18 +01:00
Jacob Walls
6f78cb6b13
Fixed #29026 -- Added --scriptable option to makemigrations.
2022-01-10 18:49:57 +01:00