68b8eda788
Refs #33060 -- Added .make_key() in .touch() for dummy cache backend.
...
All cache operations should use make_key().
2021-09-03 10:36:14 +02:00
dca4c2ff76
Refs #33012 -- Moved PickleSerializer to django.core.serializers.base and added tests.
2021-09-02 11:24:55 +02:00
d0ea01af28
Fixed #33079 -- Fixed get_image_dimensions() on nonexistent images.
...
Thanks Nick Pope for the review.
2021-09-02 07:08:50 +02:00
84c7c4a477
Fixed #32309 -- Added --exclude option to startapp/startproject management commands.
2021-09-01 12:08:02 +02:00
b667ac24ea
Fixed #25264 -- Allowed suppressing base command options in --help output.
...
This also suppresses -verbosity and --trackback options in the
runserver's help.
2021-08-31 11:04:02 +02:00
93e06f2978
Refs #33061 -- Removed unnecessary BaseMemcachedCache.decr().
2021-08-31 10:37:59 +02:00
2c912c3488
Fixed #33061 -- Fixed handling nonexistent keys with negative deltas in incr()/decr() in memcached backends.
...
Thanks Chris Jerdonek for the review.
2021-08-31 07:34:53 +02:00
36714be874
Refs #31621 -- Fixed handling --parallel option in test management command and runtests.py.
...
Regression in ae89daf46f
2021-08-19 09:18:32 +02:00
ee46722cb9
Fixed typo in regex for IPv6 literals in EmailValidator.
2021-08-06 12:58:55 +02:00
910ecd1b8d
Fixed #29063 -- Fixed migrate crash when specifying a name of partially applied squashed migrations.
2021-08-04 09:57:32 +02:00
202d3e193a
Fixed typos in migrations tests, comments, and error message.
2021-08-04 09:28:23 +02:00
1024b5e74a
Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate.
2021-07-29 06:24:12 +02:00
65b880b726
Fixed #32930 -- Fixed URLValidator when port numbers < 10.
2021-07-22 11:58:28 +02:00
bbf93efa19
Refs #23359 -- Corrected showmigrations help text for the --database option.
2021-07-13 06:29:21 +02:00
36fa071d6e
Fixed #32889 -- Allowed per-request sync_to_async context in ASGIHandler .
...
By using a asgiref's ThreadSensitiveContext context manager, requests
will be able to execute independently of other requests when sync work
is involved.
Prior to this commit, a single global thread was used to execute any
sync work independent of the request from which that work was scheduled.
This could result in contention for the global sync thread in the case
of a slow sync function.
Requests are now isolated to their own sync thread.
2021-07-01 12:13:19 +02:00
4af162d4de
Refs #32144 -- Made makemessages remove temporary files on preprocessing error.
...
Co-authored-by: Anders Hovmöller <anders.hovmoller@dryft.se>
2021-07-01 10:11:10 +02:00
dfa7781033
Fixed #32144 -- Made makemessages remove temporary files when locale path doesn't exist.
2021-07-01 10:11:10 +02:00
1bbb98d9a4
Fixed #32363 -- Ensured sys.__interactivehook__ is called in shell
...
By default, this means that readline is properly registered, so that
.python_history is used.
sys.__interactivehook__ may be set by a $PYTHONSTARTUP file.
2021-06-23 14:53:41 +02:00
501a371411
Fixed typo in makemessages error message.
2021-06-21 21:23:59 +02:00
2dfc1066a0
Fixed #25250 -- Clarified partially recorded state of squashed migrations in showmigrations --list.
2021-06-11 09:35:42 +02:00
7272e1963f
Fixed #32821 -- Updated os.scandir() uses to use a context manager.
2021-06-07 06:52:42 +02:00
ec2727efef
Fixed #28154 -- Prevented infinite loop in FileSystemStorage.save() when a broken symlink with the same name exists.
2021-06-02 12:20:22 +02:00
e1d787f1b3
Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
...
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.
[1] https://bugs.python.org/issue36384
2021-06-02 10:58:39 +02:00
5a8e8f80bb
Fixed #32772 -- Made database cache count size once per set.
2021-05-26 11:21:11 +02:00
c2e6047c72
Fixed #32740 -- Caught possible exception when initializing colorama.
2021-05-19 10:33:15 +02:00
958cdf65ae
Fixed #32747 -- Prevented initialization of unused caches.
...
Thanks Alexander Ebral for the report.
Regression in 98e05ccde4
2021-05-18 18:24:19 +02:00
de32fe83a2
Fixed #32317 -- Refactored loaddata command to make it extensible.
...
Moved deeply nested blocks out of inner loops to improve readability
and maintainability.
Thanks to Mariusz Felisiak, Shreyas Ravi, and Paolo Melchiorre for
feedback.
2021-05-18 07:05:33 +02:00
1557778121
Refs #32317 -- Simplified find_fixtures() in loaddata command.
...
This always replaces 'fixture_name' with its base name, which preserves
the previous behavior, because os.path.basename() was not called only on
relative paths without os.path.sep i.e. when base name was equal to the
file name.
This also changes os.path.dirname() and os.path.basename() calls to the
equivalent os.path.split() call.
2021-05-14 20:45:04 +02:00
1e655d35ad
Refs #32317 -- Cleaned up try/except blocks in loaddata command.
...
This moves code unable to trigger relevant exceptions outside of
try/except blocks, and changes 'objects' to 'objects_in_fixture'
which is equal to the length of 'objects'.
2021-05-14 20:45:04 +02:00
530f58caaa
Fixed #32734 -- Fixed validation of startapp's directory with trailing slash.
...
Regression in fc9566d42d
2021-05-14 12:45:00 +02:00
b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
...
- Validate filename returned by FileField.upload_to() not a filename
passed to the FileField.generate_filename() (upload_to() may
completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.
Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.
Regression in 0b79eb3691
2021-05-13 08:53:44 +02:00
d06c5b3581
Fixed #32366 -- Updated datetime module usage to recommended approach.
...
- Replaced datetime.utcnow() with datetime.now().
- Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp().
- Replaced datetime.utctimetuple() with datetime.timetuple().
- Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
2021-05-12 11:08:41 +02:00
028f10fac6
Fixed #32712 -- Deprecated django.utils.baseconv module.
2021-05-07 11:57:40 +02:00
e1e81aa1c4
Fixed #32713 , Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
...
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.
[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
a0a5e0f4c8
Fixed #32705 -- Prevented database cache backend from checking .rowcount on closed cursor.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-05 12:41:59 +02:00
0b79eb3691
Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-05-04 08:44:42 +02:00
54da6e2ac2
Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.
2021-04-30 12:32:52 +02:00
34d1905712
Fixed #32665 -- Fixed caches system check crash when STATICFILES_DIRS is a list of 2-tuples.
...
Thanks Jared Lockhart for the report.
Regression in c36075ac1d
2021-04-21 09:41:37 +02:00
823a9e6bac
Fixed #32416 -- Made ThreadedWSGIServer close connections after each thread.
...
ThreadedWSGIServer is used by LiveServerTestCase.
2021-04-12 10:23:56 +02:00
db5b75f10f
Fixed #31840 -- Added support for Cross-Origin Opener Policy header.
...
Thanks Adam Johnson and Tim Graham for the reviews.
Co-authored-by: Tim Graham <timograham@gmail.com>
2021-03-30 19:59:24 +02:00
474cc420bf
Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.core.
2021-03-19 08:04:37 +01:00
dba44a7a7a
Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme.
2021-03-18 20:00:22 +01:00
ec0ff40631
Fixed #32355 -- Dropped support for Python 3.6 and 3.7
2021-02-10 10:20:54 +01:00
9c6ba87692
Fixed #32145 -- Improved makemessages error message when app's locale directory doesn't exist.
2021-02-09 20:00:20 +01:00
8e90560aa8
Fixed #32420 -- Fixed detecting primary key values in deserialization when PK is also a FK.
2021-02-05 12:33:43 +01:00
3f8979e37b
Fixed #32350 -- Fixed showmigrations crash for applied squashed migrations.
...
Thanks Simon Charette for reviews.
2021-02-04 21:17:26 +01:00
f23b05696e
Fixed #32395 -- Allowed capturing stdout of migration signals.
2021-02-04 11:19:49 +01:00
b1821fbad5
Fixed #32360 -- Added system check for FILE_UPLOAD_TEMP_DIR setting.
2021-01-22 07:51:00 +01:00
8c7ff7b8cf
Removed unreachable SystemExit check.
...
This check dates back to Python <2.5, before Python introduced
BaseException to prevent exactly unwarranted catching of SystemExit
(and others).
response_for_exception() is only called under `except Exception` or
`except Http404` so it's now impossible for a SystemExit instance to
reach the branch.
2021-01-19 07:04:53 +01:00
34aa4f1997
Fixed #32296 -- Added --skip-checks option to runserver command.
2021-01-18 12:51:35 +01:00
88e972e46d
Fixed #32265 , Refs #32355 -- Removed unnecessary ServerHandler.handle_error().
...
ConnectionAbortedError, BrokenPipeError, ConnectionResetError raised
from SocketServer.BaseServer.finish_request() are already suppressed
by wsgiref.handlers.BaseHandler.run() in Python 3.7+, see
47ffc1a9f6
2021-01-16 17:37:53 +01:00
0aa6a602b2
Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.
...
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
d32a232fe9
Refs #27468 -- Removed support for the pre-Django 3.1 signatures in Signer and signing.dumps()/loads().
...
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
52a238ddf2
Refs #30165 -- Removed ugettext(), ugettext_lazy(), ugettext_noop(), ungettext(), and ungettext_lazy() per deprecation timeline.
2021-01-14 17:50:04 +01:00
c412d9af7e
Fixed #32291 -- Added fixtures compression support to dumpdata.
2021-01-12 15:47:58 +01:00
ba3fb2e4d0
Refs #32311 -- Fixed CSRF_FAILURE_VIEW system check errors code.
2021-01-12 11:22:13 +01:00
64331419c8
Fixed #32311 -- Added system check for CSRF_FAILURE_VIEW setting.
2021-01-12 09:44:36 +01:00
102d92fc09
Refs #32191 -- Added Signer.sign_object()/unsign_object().
...
Co-authored-by: Craig Smith <hello@craigiansmith.com.au>
2021-01-06 20:16:47 +01:00
b41d38ae26
Fixed #32298 -- Fixed URLValidator hostname length validation.
...
URLValidator now validates the maximum length of a hostname without
the userinfo and port.
2021-01-04 09:25:40 +01:00
98ad327864
Fixed #32299 -- Prevented mutating handlers when processing middlewares marking as unused in an async context.
...
Thanks Hubert Bielenia for the report.
2020-12-29 09:04:35 +01:00
ce30e750e6
Used model's Options.label where applicable.
...
Follow up to b7a3a6c9ef
2020-12-29 08:56:39 +01:00
bb64b99b78
Fixed #29867 -- Added support for storing None value in caches.
...
Many of the cache operations make use of the default argument to the
.get() operation to determine whether the key was found in the cache.
The default value of the default argument is None, so this results in
these operations assuming that None is not stored in the cache when it
actually is. Adding a sentinel object solves this issue.
Unfortunately the unmaintained python-memcached library does not support
a default argument to .get(), so the previous behavior is preserved for
the deprecated MemcachedCache backend.
2020-12-17 09:57:21 +01:00
593829a5ab
Fixed typo in django/core/cache/backends/base.py docstring.
2020-12-15 07:05:02 +01:00
772eca0b02
Fixed #32240 -- Made runserver suppress ConnectionAbortedError/ConnectionResetError errors.
...
See https://bugs.python.org/issue27682 and
https://github.com/python/cpython/pull/9713
2020-12-14 20:46:18 +01:00
cf2ca22a57
Ensured that registered checks accept keyword arguments.
2020-12-14 18:08:37 +01:00
5ce31d6a71
Fixed #32193 -- Deprecated MemcachedCache.
2020-12-09 21:27:32 +01:00
98e05ccde4
Fixed #32233 -- Cleaned-up duplicate connection functionality.
2020-12-08 08:55:44 +01:00
148702e725
Refs #21012 -- Removed unnecessary _create_cache() hook.
...
This removes unused (since d038c547b5
2020-12-07 17:44:16 +01:00
f63f3cdf09
Fixed #29712 -- Made makemessages warn if locales have hyphens and skip them.
2020-11-13 09:25:42 +01:00
f1585c54d0
Fixed #31216 -- Added support for colorama terminal colors on Windows.
...
Modern setups on Windows support terminal colors.
The colorama library may also be used, as an
alternative to the ANSICON library.
2020-11-11 14:27:10 +01:00
b7f500396e
Fixed #31757 -- Adjusted system check for SECRET_KEY to warn about autogenerated default keys.
...
Thanks Nick Pope, René Fleschenberg, and Carlton Gibson for reviews.
2020-11-11 12:45:34 +01:00
721c95ba0b
Fixed #32180 -- Added system check for file system caches absolute location.
2020-11-11 11:04:52 +01:00
c0fc5ba380
Fixed #32183 -- Fixed shell crash when passing code with nested scopes.
2020-11-11 09:18:26 +01:00
cc22693505
Fixed #32177 -- Made execute_from_command_line() use program name from the argv argument.
...
This caused crash in environments where sys.argv[0] is incorrectly set
to None.
2020-11-10 08:16:53 +01:00
c36075ac1d
Fixed #31983 -- Added system check for file system caches location.
...
Thanks Johannes Maron and Nick Pope for reviews.
2020-11-04 20:30:23 +01:00
f06beea929
Fixed #32153 -- Fixed management commands when using required list options.
...
Thanks Mark Gajdosik for the report and initial patch.
2020-10-30 12:01:33 +01:00
302caa40e4
Made small readability improvements.
2020-10-28 20:20:20 +01:00
e17ee44688
Fixed #32128 -- Added asgiref 3.3 compatibility.
...
Thread sensitive parameter is True by default from asgiref v3.3.0.
Added an explicit thread_sensitive=False to previously implicit uses.
2020-10-27 11:24:07 +01:00
f1f24539d8
Fixed #32094 -- Fixed flush() calls on management command self.stdout/err proxies.
2020-10-09 12:59:00 +02:00
4c675523bd
Refs #29838 , Refs #28507 -- Made make_hashable() ignore key order.
2020-10-05 20:42:46 +02:00
6eb3f53bdd
Fixed #32047 -- Fixed call_command() crash if a constant option from required mutually exclusive group is passed in options.
2020-09-30 20:10:38 +02:00
11c4a4412b
Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads.
...
This patch allows upload handlers to handle interrupted uploads.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-09-30 10:30:43 +02:00
e387f191f7
Fixed #31777 -- Added support for database collations to Char/TextFields.
...
Thanks Simon Charette and Mariusz Felisiak for reviews.
2020-09-21 18:24:56 +02:00
b376297d6c
Tweaked loaddata command to re-use a calculated value.
...
Removed a dublicated call to get_public_serializer_formats which
had already populated self.serialization_formats.
Thanks to Nick Pope for review.
2020-09-17 10:49:54 +02:00
b4d46df5ca
Fixed #29887 -- Added a cache backend for pymemcache.
2020-09-16 09:40:30 +02:00
7be6a6a4d6
Fixed #31989 -- Fixed return value of django.core.files.locks.lock()/unlock() on POSIX systems.
2020-09-15 10:21:26 +02:00
2808cdc8fb
Fixed #31962 -- Made SessionMiddleware raise SessionInterrupted when session destroyed while request is processing.
2020-09-09 09:04:28 +02:00
a629139425
Refs #29887 , Refs #24212 -- Added servers configuration hook for memcached backends.
...
The servers property can be overridden to allow memcached backends to
alter the server configuration prior to it being passed to instantiate
the client. This allows avoidance of documentation for per-backend
differences, e.g. stripping the 'unix:' prefix for pylibmc.
2020-09-02 08:51:17 +02:00
cc1f2c6a19
Refs #29887 -- Simplified memcached client instantiation.
2020-09-01 10:51:00 +02:00
1853724aca
Fixed CVE-2020-24584 -- Fixed permission escalation in intermediate-level directories of the file system cache on Python 3.7+.
2020-09-01 09:17:23 +02:00
8d7271578d
Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level static and storage directories on Python 3.7+.
...
Thanks WhiteSage for the report.
2020-09-01 09:17:23 +02:00
b5acb9db75
Fixed #31907 -- Fixed missing validate_key() calls in cache backends.
2020-08-24 09:41:21 +02:00
e2013b260a
Refs #29887 , #27480 -- Moved touch() to BaseMemcachedCache.
2020-08-20 09:00:21 +02:00
0cb0d59b23
Fixed comments related to nonexistent keys for incr()/decr() in memcached backends.
2020-08-20 08:58:50 +02:00
61a0ba43cf
Refs #31811 -- Added optional timing outputs to the test runner.
2020-08-13 17:17:15 +02:00
0a306f7da6
Fixed #25513 -- Extracted admin pagination to Paginator.get_elided_page_range().
2020-08-06 12:38:56 +02:00
d907371ef9
Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.
...
It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.
Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review.
2020-08-04 09:35:24 +02:00
e74b3d724e
Bumped minimum isort version to 5.1.0.
...
Fixed inner imports per isort 5.
isort 5.0.0 to 5.1.0 was unstable.
2020-07-30 10:58:59 +02:00
95da207bdb
Fixed #28507 -- Made ValidationError.__eq__() ignore messages and params ordering.
...
Co-authored-by: caleb logan <clogan202@gmail.com>
2020-07-29 12:04:13 +02:00
948a874425
Fixed #29324 -- Made SECRET_KEY validation lazy (on first access).
2020-07-29 09:06:54 +02:00
Nick Pope
Daniyal Abbasi
Stefanos I. Tsaklidis
sage
Jan Szoja
Mariusz Felisiak
Sondre Lillebø Gundersen
qimingmafan
Jacob Walls
David Smith
Wu Haotian
Wilhelm Klopp
Allan Feldman
Carlton Gibson
Peter Inglesby
Chris Jerdonek
Michael Lissner
William Schwartz
Rohith PR
Hasan Ramezani
ecogels
Florian Apolloner
Tim Graham
bankc
Josh Santos
Mikolaj Rybinski
Daniel Ebrahimian
Simon Charette
Timothy McCurrach
Adam Johnson
Paolo Melchiorre
Akshat1Nar
Nick Pope
Abhishek Ghaskata
Petter Strandmark
manav014
MinchinWeb
Artem Kosenko
Carles Pina i Estany
christa
Martin Thoma
Thomas Riccardi
aryan
Tom Carrick
Владимир Лысенко
Ahmad A. Hussein
Florian Apolloner