Commit Graph

18303 Commits

Author SHA1 Message Date
Mariusz Felisiak fc18f36c4a Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
Thanks Alan Ryan for the report and initial patch.
2022-02-01 07:41:40 +01:00
Markus Holtermann 394517f078 Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.
Thanks Keryn Knight for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
2022-02-01 07:40:51 +01:00
Kirill Safronov 97a7274468 Fixed #33480 -- Fixed makemigrations crash when renaming field of renamed model.
Regression in aa4acc164d.
2022-02-01 07:01:41 +01:00
Mariusz Felisiak 71e7c8e737
Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on aggregates with default.
Thanks Adam Johnson for the report.
2022-01-31 11:33:24 +01:00
Claude Paroz beb7ddbcee Updated translations from Transifex.
Updated Bulgarian, Czech, German, Uzbek, and Vietnamese translations.

Forwardport of 7a1c6533eb from stable/4.0.x.
2022-01-29 19:01:15 +01:00
Keryn Knight 55022f75c1 Fixed #33465 -- Added empty __slots__ to SafeString and SafeData.
Despite inheriting from the str type, every SafeString instance gains
an empty __dict__ due to the normal, expected behaviour of type
subclassing in Python.

Adding __slots__ to SafeData is necessary, because otherwise inheriting
from that (as SafeString does) will give it a __dict__ and negate the
benefit added by modifying SafeString.
2022-01-29 13:50:34 +01:00
Mariusz Felisiak 67db54a5a7
Fixed #33452 -- Fixed admin change-form layout for submit buttons on mid-sized displays.
Thanks David Smith for reviews.
2022-01-29 11:59:08 +01:00
Keryn Knight c5c7a15b09 Fixed #33461 -- Escaped template errors in the technical 500 debug page. 2022-01-28 07:07:12 +01:00
vgolubev e87f57fdb8 Fixed #26142 -- Allowed model formsets to prevent new object creation.
Thanks Jacob Walls, David Smith, and Mariusz Felisiak for reviews.

Co-authored-by: parth <parthvin@gmail.com>
2022-01-27 20:45:21 +01:00
Jörg Breitbart 0af9a5fc7d Fixed #33463 -- Fixed QuerySet.bulk_update() with F() expressions. 2022-01-27 19:03:26 +01:00
Mariusz Felisiak e972620ada
Fixed #33462 -- Fixed migration crash when altering type of primary key with MTI and foreign key.
This prevents duplicated operations when altering type of primary key
with MTI and foreign key. Previously, a foreign key to the base model
was added twice, once directly and once by the inheritance model.

Thanks bcail for the report.

Regression in 325d7710ce.
2022-01-27 18:51:39 +01:00
Mariusz Felisiak 2eed554c3f
Fixed wrapping of long messages in the admin. 2022-01-26 21:14:13 +01:00
Carlton Gibson 85f2a9fb0f Fixed #33407 -- Fixed .radiolist admin CSS.
Regression in 5942ab5eb1.
2022-01-26 09:26:48 +01:00
Ian Foote a93a1ba347
Fixed broken link to cx_Oracle docs. 2022-01-25 20:14:24 +01:00
Collin Anderson 890bfa368c Refs #20349 -- Avoided loading testing libraries when not needed. 2022-01-25 11:41:01 +01:00
Jacob Walls edbf930287 Fixed #29984 -- Added QuerySet.iterator() support for prefetching related objects.
Co-authored-by: Raphael Kimmig <raphael.kimmig@ampad.de>
Co-authored-by: Simon Charette <charette.s@gmail.com>
2022-01-25 06:12:04 +01:00
Keryn Knight c27932ec93 Fixed #33460 -- Used VALUES clause for insert in bulk on SQLite.
SQLite 3.7.11 introduced the ability to use multiple values directly.
SQLite 3.8.8 made multiple values not subject to the
SQLITE_LIMIT_COMPOUND_SELECT (500).
2022-01-24 20:51:32 +01:00
Mariusz Felisiak 4ac0bf6acd
Fixed wrapping of long values in technical 500 debug page.
Follow up to d5f2d5d604.
2022-01-24 11:54:41 +01:00
Hrushikesh Vaidya 89d137f3be
Fixed #33457 -- Fixed "Local vars" scrolling in technical 500 debug page.
Thanks Keryn Knight for the report and the initial patch.
2022-01-24 07:42:52 +01:00
Timothy McCurrach efb4478e48 Fixed #33458 -- Fixed encoding of messages with empty string as extra_tags. 2022-01-24 07:05:53 +01:00
Claude Paroz 7c4f396509 Stopped including type="text/css" attributes for CSS link tags. 2022-01-22 16:38:14 +01:00
Jacob Walls 2d8232fa71 Fixed #26760 -- Added --prune option to migrate command. 2022-01-21 17:10:31 +01:00
Fabian Büchler eeff1787b0 Fixed #33449 -- Fixed makemigrations crash on models without Meta.order_with_respect_to but with _order field.
Regression in aa4acc164d.
2022-01-21 06:44:53 +01:00
Mariusz Felisiak f605e85af9
Fixed #33453 -- Dropped support for GDAL 2.1. 2022-01-20 18:54:29 +01:00
Hrushikesh Vaidya 3fadf141e6 Fixed #33062 -- Made MultiPartParser remove non-printable chars from file names. 2022-01-20 07:19:52 +01:00
sean_c_hsu 0f6946495a Fixed #31685 -- Added support for updating conflicts to QuerySet.bulk_create().
Thanks Florian Apolloner, Chris Jerdonek, Hannes Ljungberg, Nick Pope,
and Mariusz Felisiak for reviews.
2022-01-19 20:17:42 +01:00
Moritz Duchêne ba9de2e74e Updated GEOS/GDAL links in docs and comments. 2022-01-19 19:06:12 +01:00
Adam Johnson dc8bb35e39 Fixed #33446 -- Added CSS source map support to ManifestStaticFilesStorage. 2022-01-18 12:53:14 +01:00
Nick Pope fac26684fd
Removed unused buf_size argument to LimitedStream().
Unused since its introduction in 269e921756.
2022-01-18 05:55:14 +01:00
Mariusz Felisiak 30a0144134
Fixed #29338 -- Allowed using combined queryset in Subquery.
Thanks Eugene Kovalev for the initial patch, Simon Charette for the
review, and Chetan Khanna for help.
2022-01-17 18:01:07 +01:00
My-Name-Is-Nabil f37face331 Fixed #33435 -- Fixed invalid SQL generatered by Subquery.as_sql(). 2022-01-17 09:00:46 +01:00
Ayush Joshi 0a17666045 Fixed #28135 -- Made simplify_regex() handle non-capturing groups. 2022-01-14 11:01:02 +01:00
Adam Johnson fdfa97fb16 Fixed #33441 -- Restored immutability of models.Field.__hash__().
Regression in 502e75f9ed.
2022-01-14 07:00:48 +01:00
Ayush Joshi 827bc07047 Refs #28135 -- Refactored out _find_groups()/_get_group_start_end() hooks in admindocs. 2022-01-13 16:33:19 +01:00
Adam Johnson 45a42aabfa Fixed #29708 -- Deprecated PickleSerializer. 2022-01-13 13:50:20 +01:00
Adam Johnson c920387fab Optimized SessionBase.get_expire_at_browser_close(). 2022-01-13 13:05:46 +01:00
Adam Johnson 436862787c Refs #29708 -- Made SessionBase store expiry as string. 2022-01-13 13:05:42 +01:00
Adam Johnson c6cb5a0277 Refs #29708 -- Stopped inheriting from PickleSerializer by RedisSerializer. 2022-01-13 12:28:06 +01:00
Adam Johnson 08d8bccbf1 Improved Model.__init__() properties loop.
This improves readability, accumulates unrecognized arguments raise an
exception with all of them, and avoids refetching the values.
2022-01-13 11:09:37 +01:00
Mariusz Felisiak 0a4a5e5bac
Refs #32681 -- Fixed VariableDoesNotExist when rendering some admin template.
Regression in 84609b3205.

Follow up to 4e5bbb6ef2.

Thanks Sourav Kumar for the report.
2022-01-13 10:10:48 +01:00
Hrushikesh Vaidya 6815da6e94 Fixed #33396 -- Added view name to technical 500 debug page. 2022-01-13 07:02:41 +01:00
Hrushikesh Vaidya 4099e6e737 Refs #33396 -- Added django.views.debug.get_caller() hook. 2022-01-13 06:50:06 +01:00
Adam Johnson 90cf963264 Changed django.utils.log.log_response() to take exception instance.
There's little point retrieving a fresh reference to the exception in
the legacy tuple format, when it's all available via the exception
instance we already have.
2022-01-12 20:23:42 +01:00
Hrushikesh Vaidya d05ab13c56 Refs #33426 -- Simplified technical_404_response() with ResolverMatch._func_path. 2022-01-12 15:56:59 +01:00
Adam Johnson 84e98ba194
Added exception to SuspiciousOperation logging.
This allows better debugging and filtering of errors.
2022-01-12 13:27:25 +01:00
Hrushikesh Vaidya 18a15bbc9c Fixed #33433 -- Avoided unnecessary resolve() calls in technical_404_response().
Thanks Keryn Knight for the initial patch.
2022-01-12 08:23:38 +01:00
Jacob Walls dc9deea8e8 Fixed #11715 -- Changed default value of ModelAdmin.actions/inlines to empty tuples.
This clarifies the intended pattern of overwriting the default value
rather than mutating it.
2022-01-11 12:22:49 +01:00
Mariusz Felisiak b111b15c12
Refs #30141 -- Removed unused branch in parse_duration().
Unused since 99fc5dc13c.
2022-01-11 11:09:08 +01:00
mgaligniana fa235004dd Fixed #13251 -- Made pre/post_delete signals dispatch the origin. 2022-01-11 08:06:18 +01:00
Jacob Walls 6f78cb6b13 Fixed #29026 -- Added --scriptable option to makemigrations. 2022-01-10 18:49:57 +01:00