The migrations loader prevents the use of PEP-420 namespace packages
for holding apps' migrations modules. Previously the loader tested for
this only by checking that app.migrations.__file__ is present. This
prevented migrations' being found in frozen Python environments that
don't set __file__ on any modules. Now the loader *additionally* checks
whether app.migrations.__path__ is a list because namespace packages
use a different type for __path__. Namespace packages continue to be
forbidden, and, in fact, users of normal Python environments should
experience no change whatsoever.
Argon2 encodes the salt as base64 for representation in the final hash
output. To be able to accurately return the used salt from decode(),
add padding, b64decode, and decode from latin1 (for the remote
possibility that someone supplied a custom hash consisting solely of
bytes -- this would require a manual construction of the hash though,
Django's interface does not allow for that).
Many of the cache operations make use of the default argument to the
.get() operation to determine whether the key was found in the cache.
The default value of the default argument is None, so this results in
these operations assuming that None is not stored in the cache when it
actually is. Adding a sentinel object solves this issue.
Unfortunately the unmaintained python-memcached library does not support
a default argument to .get(), so the previous behavior is preserved for
the deprecated MemcachedCache backend.
This removes unused (since d038c547b5)
workaround to load a cache backend with its dotted import path and
moves remaining logic to the CacheHandler.
Thanks Tim Graham for the review.
This reverts commit e286711879 which
caused permission errors when users didn't have permissions to all
intermediate directories in a Django installation path.
Thanks Jakub Szafrański for the report.
- Add lang attribute.
- Use the same text for the page’s main heading, and title.
- Add underlines for all links in copy.
- Stop using h2 for link to the Django page.
- Use h1 for the main heading.
- Remove useless type attribute on style element.
- Remove grey text that fails contrast checks.
- Use a shade of grey that passes AAA contrast requirements.
- Stop using h4 for footer links.
- Add full stop in block-level links so VoiceOver correctly pauses
between runs of text.
- Hide main artwork for screen reader users.
- Update SVG icons markup to be screen-reader friendly.
- Switch options to be block-level links.
- Remove unused markup.
This was implemented with a property getter and setter when introduced
in 0207bdd2d4.
There is nothing special occurring here though - a simple read from and
assign to the underlying private attribute.
Actions added to AdminSite.actions would not have the first character
of their description capitalized.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
This also replaces assertQuerysetEqual() to
assertSequenceEqual()/assertCountEqual() where appropriate.
Co-authored-by: Peter Inglesby <peter.inglesby@gmail.com>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Regression was introduced by fff5186 but was due a long standing issue.
AggregateQuery was abusing Query.subquery: bool by stashing its
compiled inner query's SQL for later use in its compiler which made
select_format checks for Query.subquery wrongly assume the provide
query was a subquery.
This patch prevents that from happening by using a dedicated
inner_query attribute which is compiled at a later time by
SQLAggregateCompiler.
Moving the inner query's compilation to SQLAggregateCompiler.compile
had the side effect of addressing a long standing issue with
aggregation subquery pushdown which prevented converters from being
run. This is now fixed as the aggregation_regress adjustments
demonstrate.
Refs #25367.
Thanks Eran Keydar for the report.
With an error in the loop above (e.g. using query without args), this
would trigger a busy loop. While this was caused due to changes to the
loop itself, it seems to be just good practice to protect against this.
Changes in behavior include:
- Accepting iteration over empty sequences, updating nothing.
- Accepting iterable of 2-tuples providing key-value pairs.
- Failing with the same or comparable exceptions for invalid input.
Notably this replaces the previous attempt to catch TypeError which was
unreachable as the call to .items() resulted in AttributeError on
non-dict objects.
If the warning provided was an instance of Exception, then it would be
used as-is. In practice this is untested, unused and ImmutableList is
an undocumented internal datastructure.
The usage of the --password flag when invoking the mysql CLI has the
potential of exposing the password in plain text if the command happens
to crash due to the inclusion of args provided to
subprocess.run(check=True) in the string representation of the
subprocess.CalledProcessError exception raised on non-zero return code.
Since this has the potential of leaking the password to logging
facilities configured to capture crashes (e.g. sys.excepthook, Sentry)
it's safer to rely on the MYSQL_PWD environment variable instead even
if its usage is discouraged due to potential leak through the ps
command on old flavors of Unix.
Thanks Charlie Denton for reporting the issue to the security team.
Refs #24999.
Tim Graham
Mariusz Felisiak
manav014
William Schwartz
Florian Apolloner
François Freitag
Chinmoy Chakraborty
Jacob Walls
Hannes Ljungberg
Hasan Ramezani
starryrbs
Nick Pope
Alexey Nigin
Tom Forbes
Ayush Bansal
Abhishek Ghaskata
Petter Strandmark
Adam Johnson
sage
ᴙɘɘᴙgYmɘᴙɘj
Timo Ludwig
Artur Beltsov
Giannis Adamopoulos
Ian Foote
Hannes Ljungberg
Thibaud Colas
Daniel Hahler
Carlton Gibson
Seamus Quinn
David-Wobrock
Sam
MinchinWeb
Artem Kosenko
Carles Pina i Estany
Vishnu Ks
Claude Paroz
Jon Dufresne
christa
Simon Charette
Patrick Arminio
Vitaliy Yelnik
Christian Klus
Martin Thoma