Commit Graph

18077 Commits

Author SHA1 Message Date
David Smith 1024b5e74a Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate. 2021-07-29 06:24:12 +02:00
Keryn Knight 9662193aea Refs #32946 -- Changed internal usage of dynamic Q() objects construction to use non-kwargs initialization.
This prefers non-kwargs construction of dynamically generated Q()
objects to create a single Q() object instead of many and then
combining them, where possible.
2021-07-28 09:38:46 +02:00
Keryn Knight 5b8ef8aa5b Refs #32946 -- Changed Query.add_filter() to take two arguments. 2021-07-28 09:38:42 +02:00
Chris Jerdonek 5fee36973c
Optimized BaseDatabaseSchemaEditor._effective_default() a bit,
This eliminates an unneeded call to datetime.now() when
field.get_internal_type() equals "DateTimeField".
2021-07-28 08:12:01 +02:00
Chris Jerdonek fe074c96a3 Refs #32962 -- Simplified NULL logic in BaseDatabaseSchemaEditor._iter_column_sql(). 2021-07-27 20:10:25 +02:00
Chris Jerdonek 809c45ea3c Fixed #32962 -- Consolidated string concatenations in BaseDatabaseSchemaEditor.column_sql(). 2021-07-27 20:10:20 +02:00
David Smith 1cba320786
Refs #32956 -- Changed "afterwards" to "afterward" in docs and comments.
This also removes unnecessary comments with the previous spelling.

AP Stylebook has a short entry to advise the preferred spelling for
"en-us". "Afterwards" is preferred in British English.
2021-07-27 10:41:51 +02:00
Jordan Bae 3d9040a50b Refs #32743 -- Fixed recreation of foreign key constraints when altering type of referenced primary key with MTI.
Follow up to 325d7710ce.
2021-07-27 07:30:33 +02:00
David Wobrock 325d7710ce Fixed #32743 -- Added foreign key altering when altering type of referenced primary key with MTI. 2021-07-26 08:51:56 +02:00
Tom Wojcik 20226fcd46 Fixed #32947 -- Fixed hash() crash on reverse M2M relation when through_fields is a list.
Regression in c32d8f33d8.
2021-07-26 06:09:29 +02:00
Virtosu Bogdan 00ea883ef5 Fixed #32329 -- Made CsrfViewMiddleware catch more specific UnreadablePostError.
Thanks Chris Jerdonek for the review.
2021-07-23 13:10:41 +02:00
Chris Jerdonek a2e1f1e295 Fixed #32902 -- Fixed CsrfViewMiddleware.process_response()'s cookie reset logic.
Thanks Florian Apolloner and Shai Berger for reviews.
2021-07-23 07:08:45 +02:00
ryowright 1783b3cb24 Fixed #32275 -- Added scrypt password hasher.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22 12:40:33 +02:00
Wu Haotian 65b880b726 Fixed #32930 -- Fixed URLValidator when port numbers < 10. 2021-07-22 11:58:28 +02:00
Mariusz Felisiak 83022d279c
Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in encode() methods of some password hashers. 2021-07-22 09:42:07 +02:00
Nick Pope c35b81b864 Fixed #32951 -- Removed Query.where_class & co.
Unused since 3caf957ed5.
2021-07-22 08:49:20 +02:00
yakimka c542d0a072 Fixed #32949 -- Restored invalid number handling in DecimalField.validate().
DecimalField must itself validate() values, such as NaN, which cannot be
passed to validators, such as MaxValueValidator, during the
run_validators() phase.

Regression in cc3d24d7d5.
2021-07-21 10:20:24 +02:00
David Wobrock fd999318ad Fixed #32704 -- Fixed list of deferred fields when chaining QuerySet.defer() after only(). 2021-07-20 12:15:29 +02:00
Keryn Knight 6a970a8b46
Fixed #32944 -- Avoided unnecessary WhereNode.add() calls.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-20 11:59:21 +02:00
Keryn Knight ff661dbd50 Refs #32940 -- Removed unnecessary branch in Node.add().
The "data in self.children" branch was causing data.__eq__ to be
called for each entries in "self.children" which resulted in a huge
slowdown during queryset construction.

It's purpose was to prevent queries of the form
    Model.objects.filter(foo='bar').filter(foo='bar')
from resulting in
    WHERE foo='bar' AND foo='bar'
but it's not covered by the suite and has arguable performance benefits
since it's not very common and SQL engines are usually very good at
folding/optimizing these.

See also #32632 for prior discussion around comparing data to the
Node's children.

Co-authored-by: Nick Pope <nick@nickpope.me.uk>
2021-07-20 07:19:28 +02:00
Keryn Knight fb35e0a2fe Refs #32940 -- Removed Node.add()'s unused squash parameter.
Unused since its introduction in d3f00bd570.

Co-authored-by: Nick Pope <nick@nickpope.me.uk>
2021-07-20 07:19:28 +02:00
Nick Pope fee8734596 Refs #10929 -- Deprecated forced empty result value for PostgreSQL aggregates.
This deprecates forcing a return value for ArrayAgg, JSONBAgg, and
StringAgg when there are no rows in the query. Now that we have a
``default`` argument for aggregates, we want to revert to returning the
default of ``None`` which most aggregate functions return and leave it
up to the user to decide what they want to be returned by default.
2021-07-19 13:41:16 +02:00
Nick Pope 501a8db465 Fixed #10929 -- Added default argument to aggregates.
Thanks to Simon Charette and Adam Johnson for the reviews.
2021-07-19 13:04:27 +02:00
Keryn Knight 59942a66ce Fixed #32941 -- Removed get_format_modules()'s unused reverse argument.
Unused since 0d8b523422.
2021-07-19 11:42:20 +02:00
Nick Pope e21daa4e4c
Removed unnecessary tuple construction in Node.__eq__(). 2021-07-19 06:38:35 +02:00
Jacob Walls 56f9579105 Fixed #32655 -- Deprecated extra_tests argument for DiscoverRunner.build_suite()/run_tests(). 2021-07-16 20:46:41 +02:00
Chris Jerdonek 0dc25526d8 Fixed #32924 -- Changed BaseForm.get_initial_for_field() to remove microseconds when needed. 2021-07-16 15:51:20 +02:00
Nick Pope 304f6ff46a
Prevented SQLCompiler.execute_sql() from closing cursor twice.
cursor_iter() helper calls cursor.close() in a finally block.
2021-07-16 13:11:46 +02:00
David Smith f51a792c41
Fixed #32928 -- Confirmed support for GDAL 3.3. 2021-07-16 09:36:53 +02:00
Mariusz Felisiak a56531ab1b
Fixed #32910 -- Unified different plural equations for the same language in contrib apps.
Thanks Martin Svoboda for the report and initial patch.
2021-07-15 20:42:17 +02:00
pochangl f6d3557aa1
Fixed #32929 -- Fixed handling query strings in AsyncRequestFactory. 2021-07-15 13:09:29 +02:00
Daniyal f479df7f8d Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.db.models.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-15 11:43:33 +02:00
Chris Jerdonek 08f0778885 Refs #32920 -- Added BoundField._has_changed() for use in BaseForm.changed_data(). 2021-07-15 10:47:02 +02:00
Chris Jerdonek 90a33ab2ce Fixed #32920 -- Changed BaseForm to access its values through bound fields. 2021-07-15 10:47:02 +02:00
Ties Jan Hefting 84400d2e9d Fixed #32905 -- Added CSS class for non-form errors of formsets. 2021-07-15 07:00:39 +02:00
Carlton Gibson 3a45fea083 Fixed #21936 -- Allowed DeleteView to work with custom Forms and SuccessMessageMixin.
Thanks to Mariusz Felisiak for review.

Co-authored-by: Demetris Stavrou <demestav@gmail.com>
Co-authored-by: Caroline Simpson <github@hoojiboo.com>
2021-07-14 09:47:03 +02:00
Nick Pope 1f4908b01a Simplified django.utils.dateformat methods.
This removes unnecessary format('O') call, remove unnecessary method
calls for simple cases in TimeFormat, and simplifies time zone handling
in TimeFormat.
2021-07-13 13:27:01 +02:00
Chris Jerdonek 4be58fcc36
Fixed #32917 -- Added BaseForm._widget_data_value()/_field_data_value(). 2021-07-13 06:32:46 +02:00
Wilhelm Klopp bbf93efa19
Refs #23359 -- Corrected showmigrations help text for the --database option. 2021-07-13 06:29:21 +02:00
Mariusz Felisiak 0250340e37
Refs #32074 -- Used Enum.repr() format proposed for Python 3.10.
The Python's Steering Council decided to revert changes in the Enum
module (see https://bugs.python.org/issue44559) and moved them to
Python 3.11.

Follow up to 5d9b065d3f.

Thanks Nick Pope for the review.
2021-07-12 11:46:37 +02:00
Chris Jerdonek 5848b3a1d7 Fixed #32914 -- Prevented test --shuffle from skipping test methods.
"test --shuffle" skipped test methods when test classes were mixed.
This changes runner.py's reorder_tests() to group by TestCase class.

Regression in 90ba716bf0.
2021-07-12 06:36:12 +02:00
Ian Foote f42ccdd835 Fixed #27021 -- Allowed lookup expressions in annotations, aggregations, and QuerySet.filter().
Thanks Hannes Ljungberg and Simon Charette for reviews.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-09 11:43:06 +02:00
Chris Jerdonek f5dccbafb9
Refs #24522 -- Fixed code comment about seeds in Shuffler.__init__(). 2021-07-09 08:20:16 +02:00
Chris Jerdonek 90ba716bf0 Fixed #24522 -- Added a --shuffle option to DiscoverRunner. 2021-07-08 07:29:04 +02:00
Mariusz Felisiak 77b88fe621
Fixed #32908 -- Allowed select_for_update(skip_locked) on MariaDB 10.6+. 2021-07-08 06:51:10 +02:00
Keryn Knight 5013798fe9
Fixed #32840 -- Optimized Field.get_col().
get_col() used "self" as "output_field" when it was not given, and
unnecessarily compared "self" to "self".

Co-authored-by: Chris Jerdonek <chris.jerdonek@gmail.com>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-07 20:32:57 +02:00
Mariusz Felisiak 355ecd1416
Fixed inspectdb and schema tests on MariaDB 10.6+.
The utf8 character set (and related collations) is by default an alias
for utf8mb3 on MariaDB 10.6+.
2021-07-07 17:02:20 +02:00
abhiabhi94 cf6774a53b Fixed #32904 -- Made parse_time() more strict.
Thanks Keryn Knight for the report.
2021-07-07 12:08:43 +02:00
Shipeng Feng 68cc04887b
Fixed #32866 -- Fixed trimming trailing punctuation from escaped string in urlize(). 2021-07-07 11:19:33 +02:00
Keryn Knight f35ab74752 Fixed #32892 -- Optimized django.utils.dateparse functions by using fromisoformat(). 2021-07-06 08:57:17 +02:00
Hannes Ljungberg a06b977a91 Fixed #32776 -- Added support for Array subqueries on PostgreSQL. 2021-07-06 07:36:52 +02:00
Chris Jerdonek edde2a0699
Fixed #32901 -- Optimized BaseForm.__getitem__(). 2021-07-05 15:21:23 +02:00
Mateo Radman 2231429991 Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using "assert". 2021-07-05 13:31:03 +02:00
Wu Haotian aba9c2de66 Fixed #32226 -- Fixed JSON format of QuerySet.explain() on PostgreSQL. 2021-07-05 09:08:39 +02:00
Eduardo Aldair Ahumada Garcia Jurado e4da365436 Refs #24121 -- Added __repr__() to AdminSite, DefaultAdminSite, and ModelAdmin.
Thanks tlebrize for the initial patch.
2021-07-05 08:15:58 +02:00
Nick Pope fa35c8bdbc
Fixed #30934 -- Included database alias in django.db.backends log messages.
This is useful when working with database routing as you want to know
where each query is being executed.

Co-authored-by: David Winterbottom <david.winterbottom@gmail.com>
2021-07-02 15:36:53 +02:00
cammil 313c3d1aa1 Fixed #28935 -- Fixed display of errors in extended blocks.
Get the template that caused the exception and get the
exception info from that template, using the node that
caused the exception.
2021-07-02 11:38:15 +02:00
Simon Charette 9f3cce172f Refs #26430 -- Re-introduced empty aggregation optimization.
The introduction of the Expression.empty_aggregate_value interface
allows the compilation stage to enable the EmptyResultSet optimization
if all the aggregates expressions implement it.

This also removes unnecessary RegrCount/Count.convert_value() methods.
Disabling the empty result set aggregation optimization when it wasn't
appropriate prevented None returned for a Count aggregation value.

Thanks Nick Pope for the review.
2021-07-02 07:25:42 +02:00
Simon Charette f3112fde98 Fixed #26430 -- Fixed coalesced aggregation of empty result sets.
Disable the EmptyResultSet optimization when performing aggregation as
it might interfere with coalescence.
2021-07-02 06:40:54 +02:00
abhiabhi94 fde6fb2898 Fixed #32893 -- Fixed serialization of models.Model class in migrations.
Migrations assumed that an import of the models.Model class must
already be included when it's serialized, but for models with only
custom fields this was not necessarily the case.

Thanks Jaap Joris Vens for the report.
2021-07-01 12:42:32 +02:00
Allan Feldman 36fa071d6e Fixed #32889 -- Allowed per-request sync_to_async context in ASGIHandler .
By using a asgiref's ThreadSensitiveContext context manager, requests
will be able to execute independently of other requests when sync work
is involved.

Prior to this commit, a single global thread was used to execute any
sync work independent of the request from which that work was scheduled.
This could result in contention for the global sync thread in the case
of a slow sync function.

Requests are now isolated to their own sync thread.
2021-07-01 12:13:19 +02:00
Carlton Gibson 4af162d4de Refs #32144 -- Made makemessages remove temporary files on preprocessing error.
Co-authored-by: Anders Hovmöller <anders.hovmoller@dryft.se>
2021-07-01 10:11:10 +02:00
Carlton Gibson dfa7781033 Fixed #32144 -- Made makemessages remove temporary files when locale path doesn't exist. 2021-07-01 10:11:10 +02:00
Hannes Ljungberg d8c90d4c22 Fixed #32786 -- Moved subquery ordering clearing optimization to the _in lookup.
Co-Authored-By: Simon Charette <charette.s@gmail.com>
2021-06-30 10:08:55 +02:00
Hannes Ljungberg 053141d31f Refs #32786 -- Made Query.clear_ordering() not to cause side effects by default. 2021-06-30 08:52:27 +02:00
Daniele Procida e3d55eeb14 Refs #32880 -- Moved logging reference to new document.
Completed a first step in moving reference and how-to material out of
the topic document.
2021-06-30 07:21:52 +02:00
Chris Jerdonek 8bca838f4a Refs #32655 -- Improved error if iter_test_cases() is passed a string. 2021-06-29 20:41:40 +02:00
manav014 503ee41497 Refs #29898 -- Moved state_forwards()'s logic from migration operations to ProjectState.
Thanks Simon Charette and Markus Holtermann for reviews.
2021-06-29 12:03:30 +02:00
Lou Huang 7ba9da815d
Fixed #32884 -- Fixed centering of the header on admin login page. 2021-06-29 07:41:52 +02:00
abhiabhi94 cd124295d8 Fixed #32381 -- Made QuerySet.bulk_update() return the number of objects updated.
Co-authored-by: Diego Lima <diego.lima@lais.huol.ufrn.br>
2021-06-29 06:58:46 +02:00
Dan Strokirk f5ea9aa2f3 Fixed #32807 -- Fixed JSONField crash when redisplaying None values.
Thanks to Alex Hill for the initial patch.
2021-06-28 11:02:08 +02:00
Claude Paroz 495083e3e1 Updated translations from Transifex.
Forwardport of 04b744050f from stable/3.2.x.
2021-06-28 07:08:39 +02:00
Mateo Radman 8a7ac78b70 Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using "assert" in various code. 2021-06-25 06:55:47 +02:00
Ben Wilber fff4870bfa Fixed #32727 -- Allowed spaces before time zone offset in parse_datetime(). 2021-06-24 10:07:55 +02:00
Chris Jerdonek fcb75651f9 Fixed #32817 -- Added the token source to CsrfViewMiddleware's bad token error messages. 2021-06-23 16:07:15 +02:00
Peter Inglesby 1bbb98d9a4 Fixed #32363 -- Ensured sys.__interactivehook__ is called in shell
By default, this means that readline is properly registered, so that
.python_history is used.

sys.__interactivehook__ may be set by a $PYTHONSTARTUP file.
2021-06-23 14:53:41 +02:00
tomhamiltonstubber 1e5aa8e1c7 Fixed #32790 -- Ensured test Client handles redirects to domain indexes without a specified trailing slash. 2021-06-23 12:32:29 +02:00
Adam Johnson d54059ebce
Removed options parameter from djangoAdminSelect2.
It seems this parameter has never been used internally, so to avoid
exposing a large surface area in the admin, remove it. As discussed in:
https://groups.google.com/g/django-developers/c/G-fDkNxhxsE/m/--RtGwmtAQAJ
2021-06-23 06:08:10 +02:00
Nicolas Restrepo bbb3965826 Refs #24121 -- Added __repr__() to StreamingHttpResponse and subclasses. 2021-06-22 21:28:48 +02:00
Hasan Ramezani 7a9745fed4 Fixed #32863 -- Skipped system check for specifying type of auto-created primary keys on models with invalid app_label.
Regression in b5e12d490a.

Thanks Iuri de Silvio for the report.
2021-06-22 20:47:15 +02:00
David Smith b9e872b593 Refs #32338 -- Removed 'for ="..."' from RadioSelect's <label>.
This improves accessibility for screen reader users.

Co-authored-by: Thibaud Colas <thibaudcolas@gmail.com>
2021-06-22 10:59:29 +02:00
manav014 d718d99017 Refs #29898 -- Moved django.db.migrations.operations.utils to django.db.migrations.utils. 2021-06-22 09:26:18 +02:00
Igor Fernandes e85d9c02ad Fixed #32870 -- Improved error message when URLconf is empty. 2021-06-22 08:09:53 +02:00
Chris Jerdonek ee408309d2
Fixed #32842 -- Refactored out CsrfViewMiddleware._check_token(). 2021-06-22 07:42:28 +02:00
Mariusz Felisiak e07609a0d1 Refs #32858, Refs #32392 -- Restored using :: shortcut syntax in Cast() on PostgreSQL.
This partly reverts commit fdfbc66331
unnecessary since b69b0c3fe8.
2021-06-22 06:28:42 +02:00
Lucidiot b69b0c3fe8 Fixed #32858 -- Fixed ExclusionConstraint crash with index transforms in expressions. 2021-06-22 06:09:16 +02:00
Jacob Walls 501a371411 Fixed typo in makemessages error message. 2021-06-21 21:23:59 +02:00
Illia Volochii 5a468b4c08 Fixed #32859 -- Simplified compress_string() by using gzip.compress(). 2021-06-21 13:19:11 +02:00
Carlton Gibson 225d96533a Fixed #30427, Fixed #16176 -- Corrected setting descriptor in Field.contribute_to_class().
Co-authored-by: Jarek Glowacki <jarekwg@gmail.com>
2021-06-15 12:01:28 +02:00
Chris Jerdonek 316cc34d04 Fixed comment in CsrfViewMiddleware to say _reject instead of reject. 2021-06-12 16:46:42 +02:00
Keryn Knight 854e9b0668 Fixed #32824 -- Improved performance of NodeList.render().
This avoids the following:
 - checking that each item in the nodelist is a subclass of Node,
 - calling str() on the render_annotated() output, because it's
   documented that Node.render() must return a string,
 - calling mark_safe() on the output, when the value to be wrapped is
   definitively known to be a string because the result of ''.join()
   is always of that type,
 - using an intermediate list to store each individual string.
2021-06-11 12:22:06 +02:00
Jacob Walls 2dfc1066a0 Fixed #25250 -- Clarified partially recorded state of squashed migrations in showmigrations --list. 2021-06-11 09:35:42 +02:00
Chris Jerdonek de4f620183 Fixed #32609 -- Updated runtests.py to support directory path test labels.
For example, with this change, the following now works from the tests
directory:

    $ ./runtests.py view_tests/tests/
2021-06-10 20:19:30 +02:00
Mariusz Felisiak fa0433d05f Fixed #32832 -- Fixed adding BLOB/TEXT nullable field with default on MySQL 8.0.13+.
Regression in d4ac23bee1.

Thanks Omkar Deshpande for the report.
2021-06-10 20:03:43 +02:00
saeedblanchette 66ed03e7c9 Refs #24121 -- Added __repr__() to AdminForm, BlockContext, BlockTranslateNode, and IncludeNode. 2021-06-10 12:47:53 +02:00
Ceesjan Luiten cb6c19749d Refs #27734 -- Prevented creation of more parallel workers than TestCases.
The parallel test runner uses multiple workers to distribute the
workload. These workers are assigned a worker ID using a globally
incremented variable, which determines what test database to connect
to. When the worker ID surpasses the test database IDs Django will
crash.

This reduce likelihood of crashing parallel tests because
ParallelTestSuite will no longer create more workers than TestCases.

It won't eliminate the problem completely though because there are
other circumstances in which new workers can be created which can then
be assigned an "illegal" worker ID.
2021-06-10 07:32:15 +02:00
Hasan Ramezani ed3af3ff4b
Fixed #32829 -- Updated help text for clearsessions management command.
Obsolete since 5fec97b9df.
2021-06-09 12:08:59 +02:00
Angus Holder 3e73c65ffc Fixed #32195 -- Added system check for invalid view in path() and improved error messages. 2021-06-09 09:06:42 +02:00
Mariusz Felisiak faba5b702a
Refs #32355 -- Used addClassCleanup() in SimpleTestCase and SerializeMixin. 2021-06-08 11:35:05 +02:00
Jacob Walls c0e29cec83 Fixed #25255 -- Recorded unapplied squashed migrations. 2021-06-08 08:40:34 +02:00
Sanskar Jaiswal 8c3bd0b708 Fixed #31653 -- Added AddConstraintNotValid()/ValidateConstraint() operations for PostgreSQL. 2021-06-08 07:46:51 +02:00
Keryn Knight 7f6a41d3d9
Fixed #32814 -- Improved performance of TextNode.
This avoids calling render() and handling exceptions, which is not
necessary for text nodes.
2021-06-07 21:02:00 +02:00
aryabartar 651e527f9b Fixed #32716 -- Fixed ManifestStaticFilesStorage crash when max_post_process_passes is 0. 2021-06-07 07:56:20 +02:00
Chris Jerdonek 7272e1963f Fixed #32821 -- Updated os.scandir() uses to use a context manager. 2021-06-07 06:52:42 +02:00
saeedblanchette 7dd502b0e1 Refs #24121 -- Added __repr__() to ChangeList and BaseStorage. 2021-06-07 06:31:50 +02:00
Mateo Radman d6f3b58589 Fixed #32810 -- Optimized django.utils.formats.number_format() a bit.
Pre-calculate use_l10n for get_format() calls.
2021-06-05 13:48:26 +02:00
Adam Johnson 2e4711c611 Made SerializeMixin check lockfile attr at import time. 2021-06-04 12:29:09 +02:00
Takayuki Hirayama 0393b9262d Fixed #32812 -- Restored immutability of named values from QuerySet.values_list().
Regression in 981a072dd4.

Thanks pirelle for the report.
2021-06-04 07:23:16 +02:00
Mariusz Felisiak 62e8f369c3
Fixed #32808 -- Prevented DiscoverRunner.build_suite() from mutating test loader patterns.
Thanks Chris Jerdonek for the report and reviews.
2021-06-03 08:59:37 +02:00
Chris Jerdonek 1b4d1675b2
Refs #32641 -- Made DiscoverRunner's "Found X tests" message work for finding one test.
This also removes passing level to log() as logging.INFO is the default.
2021-06-02 12:53:09 +02:00
Jacob Walls ec2727efef Fixed #28154 -- Prevented infinite loop in FileSystemStorage.save() when a broken symlink with the same name exists. 2021-06-02 12:20:22 +02:00
Mariusz Felisiak e1d787f1b3 Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.

[1] https://bugs.python.org/issue36384
2021-06-02 10:58:39 +02:00
Florian Apolloner 46572de2e9 Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView. 2021-06-02 10:58:39 +02:00
Mariusz Felisiak e703b152c6
Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.
Regression in 1e38f1191d.

Thanks Mohsen Tamiz for the report.
2021-06-01 15:11:42 +02:00
Daniyal a0410ffe8f Refs #32552 -- Added DiscoverRunner.log() to allow customization.
Thanks Carlton Gibson, Chris Jerdonek, and David Smith for reviews.
2021-06-01 13:31:44 +02:00
Chris Jerdonek cd19db10df Fixed #32796 -- Changed CsrfViewMiddleware to fail earlier on badly formatted cookie tokens. 2021-06-01 09:02:27 +02:00
abhiabhi94 c609d5149c Refs #24121 -- Added __repr__() to Engine 2021-06-01 07:44:36 +02:00
Chris Jerdonek 55775891fb Fixed #32795 -- Changed CsrfViewMiddleware to fail earlier on badly formatted tokens. 2021-05-31 21:12:21 +02:00
Gildardo Adrian Maravilla Jacome 91e21836f6 Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage. 2021-05-31 11:09:48 +02:00
Gildardo Adrian Maravilla Jacome 781b44240a Refs #32319 -- Changed HashedFilesMixin to use named groups in patterns. 2021-05-31 10:40:21 +02:00
Chris Jerdonek d270dd584e
Refs #32778 -- Improved the name of the regex object detecting invalid CSRF token characters.
This also improves the comments near where the variable is used.
2021-05-29 12:53:50 +02:00
David Sanders 5685b7cd73
Fixed typos in comments and docs. 2021-05-29 12:51:14 +02:00
David Wobrock b9df2b74b9 Fixed #32676 -- Prevented migrations from rendering related field attributes when not passed during initialization.
Thanks Simon Charette for the implementation idea.
2021-05-28 20:25:59 +02:00
Hannes Ljungberg b746596f5f Refs #32779 -- Changed DatabaseSchemaEditor._unique_sql()/_create_unique_sql() to take fields as second parameter. 2021-05-28 10:50:27 +02:00
abhiabhi94 22da686ca9 Refs #24121 -- Added __repr__() to PermWrapper. 2021-05-28 08:03:23 +02:00
Chris Jerdonek 214b36f50a Refs #32596 -- Added early return on safe methods in CsrfViewMiddleware.process_view(). 2021-05-28 07:32:01 +02:00
Chris Jerdonek cfd8c91839 Refs #32596 -- Optimized CsrfViewMiddleware._check_referer() to delay computing good_referer. 2021-05-28 07:32:01 +02:00
Chris Jerdonek 71179a6124 Fixed #32596 -- Added CsrfViewMiddleware._check_referer().
This encapsulates CsrfViewMiddleware's referer logic into a method and
updates existing tests to check the "seam" introduced by the refactor,
when doing so would improve the test.
2021-05-28 07:31:56 +02:00
Mohammadreza Varasteh e93eb3d971 Fixed #32789 -- Made feeds emit elements with no content as self-closing tags. 2021-05-27 21:05:28 +02:00
Moriyoshi Koizumi 9e4780deda Fixed #32669 -- Fixed detection when started non-django modules which aren't packages with "python -m" in autoreloader. 2021-05-26 12:29:43 +02:00
Michael Lissner 5a8e8f80bb Fixed #32772 -- Made database cache count size once per set. 2021-05-26 11:21:11 +02:00
Mariusz Felisiak 12b19a1d76
Fixed #32783 -- Fixed crash of autoreloader when __main__ module doesn't have __spec__ attribute.
Regression in ec6d2531c5.

Thanks JonathanNickelson for the report.
2021-05-26 11:19:47 +02:00
Hasan Ramezani 1143f3bb5e Fixed #32543 -- Added search_help_text to ModelAdmin. 2021-05-26 10:20:13 +02:00
Hasan Ramezani 68357b2ca9 Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for template changes. 2021-05-26 09:41:29 +02:00
Hannes Ljungberg 3e0fdf5546
Fixed #32780 -- Made Add/RemoveConstraint operations a noop for covering/deferrable unique constraints on SQLite. 2021-05-25 11:34:25 +02:00
abhiabhi94 866dccb650 Fixed #32778 -- Avoided unnecessary recompilation of token regex in _sanitize_token(). 2021-05-25 09:56:09 +02:00
saeedblanchette d3d95d645f Refs #24121 -- Added __repr__() to Lookup. 2021-05-24 07:32:25 +02:00
Mariusz Felisiak f0a9413bd2 Refs #24121 -- Improved Value.__repr__(). 2021-05-24 07:26:53 +02:00
Hannes Ljungberg 7ef2398e81 Fixed #32777 -- Passed table reference as a string to DatabaseSchemaEditor._index_columns(). 2021-05-24 06:31:48 +02:00
Yuekui Li 5e04e84d67 Fixed #32503 -- Fixed altering BLOB/TEXT field to non-nullable with default on MySQL 8.0.13+.
MySQL 8.0.13+ supports defaults for BLOB/TEXT but not in the
ALTER COLUMN statement.

Regression in 6b16c91157.

Thanks Matt Westcott for the report.
2021-05-21 13:34:37 +02:00
Rohith PR 7cca22964c Fixed #32375 -- Started deprecation toward changing the default sitemap protocol to https.
The default sitemap protocol, when it is built outside the context of
a request, will be changed from 'http' to 'https' in Django 5.0.
2021-05-21 11:00:54 +02:00
David Sanders 736bb9868a Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods. 2021-05-20 07:29:16 +02:00
David Sanders 2978c63a34 Fixed #32771 -- Used IS_POPUP_VAR constant instead of hard-coded value. 2021-05-20 07:04:26 +02:00
David Sanders 536c155e67 Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget.
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
2021-05-19 20:34:57 +02:00
Carlton Gibson c2e6047c72 Fixed #32740 -- Caught possible exception when initializing colorama. 2021-05-19 10:33:15 +02:00
David Sanders 127fd927d0
Fixed #32766 -- Removed unused ORDER_TYPE_VAR.
Unused since 5434ce231d.
2021-05-19 07:51:13 +02:00
Claude Paroz 8cd55021bc Fixed #32379 -- Started deprecation toward changing default USE_TZ to True.
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-18 20:26:44 +02:00
Mariusz Felisiak 958cdf65ae Fixed #32747 -- Prevented initialization of unused caches.
Thanks Alexander Ebral for the report.

Regression in 98e05ccde4.
2021-05-18 18:24:19 +02:00
Rust Saiargaliev a24fed399c Fixed #32733 -- Skipped system check for specifying type of auto-created primary keys on abstract models.
Regression in b5e12d490a.
2021-05-18 13:02:33 +02:00
Slava Skvortsov f7691d4812 Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME.
Regression in ba31b01034.
2021-05-18 09:14:05 +02:00
William Schwartz de32fe83a2 Fixed #32317 -- Refactored loaddata command to make it extensible.
Moved deeply nested blocks out of inner loops to improve readability
and maintainability.

Thanks to Mariusz Felisiak, Shreyas Ravi, and Paolo Melchiorre for
feedback.
2021-05-18 07:05:33 +02:00
Artur Beltsov 3954bf50fb Fixed #32750 -- Fixed crash of Extract() transform on OuterRef() expressions.
Thanks Simon Charette for the review.
2021-05-17 17:51:39 +02:00
William Schwartz 1557778121 Refs #32317 -- Simplified find_fixtures() in loaddata command.
This always replaces 'fixture_name' with its base name, which preserves
the previous behavior, because os.path.basename() was not called only on
relative paths without os.path.sep i.e. when base name was equal to the
file name.

This also changes os.path.dirname() and os.path.basename() calls to the
equivalent os.path.split() call.
2021-05-14 20:45:04 +02:00
William Schwartz 1e655d35ad Refs #32317 -- Cleaned up try/except blocks in loaddata command.
This moves code unable to trigger relevant exceptions outside of
try/except blocks, and changes 'objects' to 'objects_in_fixture'
which is equal to the length of 'objects'.
2021-05-14 20:45:04 +02:00
Rohith PR 530f58caaa Fixed #32734 -- Fixed validation of startapp's directory with trailing slash.
Regression in fc9566d42d.
2021-05-14 12:45:00 +02:00
snowman2 29345aecf6 Fixed #32721 -- Fixed migrations crash when adding namespaced spatial indexes on PostGIS. 2021-05-14 07:10:28 +02:00
snowman2 99bc67a9e7 Refs #32721 -- Made PostGISSchemaEditor._create_index_sql() call super()._create_index_sql(). 2021-05-13 13:13:16 +02:00
Mariusz Felisiak b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
2021-05-13 08:53:44 +02:00
Simon Charette b81c7562fc Fixed #32717 -- Fixed filtering of querysets combined with the | operator.
Address a long standing bug in a Where.add optimization to discard
equal nodes that was surfaced by implementing equality for Lookup
instances in bbf141bcdc.

Thanks Shaheed Haque for the report.
2021-05-13 07:26:52 +02:00
Raffaele Salmaso 3733ae8957 Fixed #32031 -- Added model class for each model to AdminSite.each_context(). 2021-05-13 06:57:09 +02:00
Nick Pope 29e4ccb1a2 Fixed #32738 -- Deprecated django.utils.datetime_safe module. 2021-05-12 14:42:17 +02:00
Nick Pope 46346f8ea0 Refs #32738 -- Added sanitize_strftime_format() to replace datetime_safe. 2021-05-12 14:42:17 +02:00
Nick Pope 44accb066a Refs #32738, Refs #29600, Refs #29595 -- Removed unused django.utils.datetime_safe.time().
Unused since c72dde41e6.
2021-05-12 14:42:17 +02:00
Nick Pope 1061f52436 Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection options in MySQL backend.
The 'db' and 'passwd' connection options have been deprecated, use
'database' and 'password' instead (available since mysqlclient >= 1.3.8).

This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.
2021-05-12 12:21:57 +02:00
Nick Pope d06c5b3581 Fixed #32366 -- Updated datetime module usage to recommended approach.
- Replaced datetime.utcnow() with datetime.now().
- Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp().
- Replaced datetime.utctimetuple() with datetime.timetuple().
- Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
2021-05-12 11:08:41 +02:00
saeedblanchette e6406853c3 Refs #24121 -- Added__repr__() to StaticNode. 2021-05-12 08:41:52 +02:00
Nick Pope 34363a391b Fixed #32735 -- Made DateFormat.Y() return a zero-padded year. 2021-05-12 08:17:06 +02:00
Mariusz Felisiak b1a4b1f0bd Fixed #32722 -- Fixed comparing to TruncTime() on Oracle. 2021-05-11 09:19:25 +02:00
Jordi Castells 205c36b58f Fixed #32670 -- Allowed GDALRasters to use any GDAL virtual filesystem. 2021-05-07 20:03:46 +02:00
Hasan Ramezani 028f10fac6 Fixed #32712 -- Deprecated django.utils.baseconv module. 2021-05-07 11:57:40 +02:00
Alex Hill c4ee3b208a Fixed #32699 -- Fixed comparing to TruncTime() with 0 microseconds on MySQL. 2021-05-07 08:13:40 +02:00
Mariusz Felisiak e1e81aa1c4
Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
ecogels a0a5e0f4c8 Fixed #32705 -- Prevented database cache backend from checking .rowcount on closed cursor.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-05 12:41:59 +02:00
Simon Charette 136ff592ad Fixed #32690 -- Fixed __in lookup crash when combining with filtered aggregates.
Having lookups group by subquery right-hand-sides is likely unnecessary
in the first place but relatively large amount of work would be needed
to achieve that such as making Lookup instances proper resolvable
expressions.

Regression in 3543129822.

Thanks James A. Munsch for the report.
2021-05-05 11:41:35 +02:00
Maxim Beder 06fd4df41a Fixed #32479 -- Added fallbacks to subsequent language codes in translations.
Thanks Claude Paroz and Nick Pope for reviews.
2021-05-05 09:37:54 +02:00
Simon Charette 96f55ccf79 Fixed #32714 -- Prevented recreation of migration for Meta.ordering with OrderBy expressions.
Regression in c8b6594305.

Thanks Kevin Marsh for the report.
2021-05-05 08:43:57 +02:00
Karthikeyan Singaravelan f9f6bd63c9 Refs #32074 -- Removed usage of deprecated Thread.setDaemon().
Thread.setDaemon() was deprecated in Python 3.10 and will be removed in
Python 3.12.
2021-05-04 12:07:18 +02:00
Mariusz Felisiak 623c8cd8f4
Refs #32074 -- Used asyncio.get_running_loop() instead of get_event_loop().
Using asyncio.get_event_loop() when there is no running event loop was
deprecated in Python 3.10, see https://bugs.python.org/issue39529.
2021-05-04 11:29:23 +02:00
Florian Apolloner 0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Hasan Ramezani 8de4ca74ba Fixed #32693 -- Quoted and lowercased generated column aliases. 2021-05-04 07:36:56 +02:00
pythonwood 071cf68630
Fixed #32709 -- Corrected examples in django/utils/baseconv.py docstring. 2021-05-04 07:09:09 +02:00
Mariusz Felisiak 1f643c28b5
Fixed #32653 -- Made quoting names in the Oracle backend consistent with db_table. 2021-04-30 12:59:07 +02:00
Tim Graham 54da6e2ac2 Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. 2021-04-30 12:32:52 +02:00
Hasan Ramezani 8bcb00858e Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ExceptionReporter._get_raw_insecure_uri(). 2021-04-30 08:05:42 +02:00
Nick Pope 2161db0792
Fixed capitalization of "ECMAScript" and "JavaScript". 2021-04-29 20:29:08 +02:00
Mariusz Felisiak baba733dcc
Refs #32682 -- Renamed lookup_needs_distinct() to lookup_spawns_duplicates().
Follow up to 1871182031.
2021-04-29 12:04:30 +02:00
David Wobrock ee3b719a81 Refs #32675 -- Removed to_field from ForeignKeys in contrib apps' migrations.
Refs #22889.
2021-04-29 07:46:22 +02:00
Nick Pope 0c71e0f9cf Removed unnecessary reuse_with_filtered_relation argument from Query methods.
In Query.join() the argument reuse_with_filtered_relation was used to
determine whether to use == or .equals(). As this area of code is
related to aliases, we only expect an instance of Join or BaseTable to
be provided - the only two classes that provide .equals().

In both cases, the implementations of __eq__() and equals() are based
on use of the "identity" property. __eq__() performs an isinstance()
check first, returning NotImplemented if required. BaseTable.equals()
then does a straightforward equality check on "identity". Join.equals()
is a little bit different as it skips checking the last element of the
"identity" property: filtered_relation. This was only included
previously when the with_filtered_relation argument was True, impossible
since bbf141bcdc.
2021-04-28 21:19:42 +02:00
Nick Pope a6c79f4987 Removed unused with_filtered_relation argument from .equals()
Unused since bbf141bcdc.
2021-04-28 20:42:20 +02:00
Simon Charette c8b6594305 Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery deconstruction.
Subquery deconstruction support required implementing complex and
expensive equality rules for sql.Query objects for little benefit as
the latter cannot themselves be made deconstructible to their reference
to model classes.

Making Expression @deconstructible and not BaseExpression allows
interested parties to conform to the "expression" API even if they are
not deconstructible as it's only a requirement for expressions allowed
in Model fields and meta options (e.g. constraints, indexes).

Thanks Phillip Cutter for the report.

This also fixes a performance regression in bbf141bcdc.
2021-04-28 12:13:55 +02:00
Konstantin Alekseev 6e742dabc9 Fixed #32687 -- Restored passing process’ environment to underlying tool in dbshell on PostgreSQL.
Regression in bbe6fbb876.
2021-04-27 10:43:35 +02:00
Mariusz Felisiak 1871182031 Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for preventing duplicates.
Thanks Zain Patel for the report and Simon Charette for reviews.

The exception introduced in 6307c3f1a1
revealed a possible data loss issue in the admin.
2021-04-27 10:34:47 +02:00
Mariusz Felisiak cd74aad90e Refs #32682 -- Renamed use_distinct variable to may_have_duplicates.
QuerySet.distinct() is not the only way to avoid duplicate, it's also
not preferred.
2021-04-27 10:34:47 +02:00
Mariusz Felisiak 4074f38e1d Refs #32682 -- Fixed QuerySet.delete() crash on querysets with self-referential subqueries on MySQL. 2021-04-27 10:34:47 +02:00
Mariusz Felisiak d68be0494b
Refs 32637 -- Made technical 404 debug page display exception message when URL is resolved.
Follow up to 3b8527e32b.
2021-04-27 08:40:52 +02:00
Hannes Ljungberg eab71f7690 Fixed #32686 -- Removed unnecessary semicolon on collected multiline SQL for RunSQL. 2021-04-27 08:01:07 +02:00
Zain Patel 4e5bbb6ef2 Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin template.
Regression in 84609b3205.
2021-04-26 07:08:16 +02:00
Mariusz Felisiak 0aacbdcf27
Refs #32673 -- Fixed lookups crash when comparing against lookups on Oracle.
Follow up to 170b006ce8.
2021-04-23 16:32:53 +02:00
Simon Charette 170b006ce8 Fixed #32673 -- Fixed lookups crash when comparing against lookups on PostgreSQL.
Regression in 3a505c70e7.

Nonlitteral right-hand-sides of lookups need to be wrapped in
parentheses to avoid operator precedence ambiguities.

Thanks Charles Lirsac for the detailed report.
2021-04-23 15:38:32 +02:00
Chris Jerdonek 0461b7a6b6 Fixed #32662 -- Refactored a generator out of SQLCompiler.get_order_by().
This also renames the `asc` variable to `default_order`, markes the
`desc` variable as unused, fixes a typo in SQLCompiler.get_order_by()
docstring, and reorders some blocks in SQLCompiler._order_by_pairs().
2021-04-21 12:35:49 +02:00