innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
29,642 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

17816 Commits

Author SHA1 Message Date
Mariusz Felisiak e1d787f1b3 Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses. 
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.

[1] https://bugs.python.org/issue36384
 2021-06-02 10:58:39 +02:00
Florian Apolloner 46572de2e9 Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView. 2021-06-02 10:58:39 +02:00
Mariusz Felisiak e703b152c6
Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL. 
Regression in 1e38f1191d.

Thanks Mohsen Tamiz for the report.
 2021-06-01 15:11:42 +02:00
Daniyal a0410ffe8f Refs #32552 -- Added DiscoverRunner.log() to allow customization. 
Thanks Carlton Gibson, Chris Jerdonek, and David Smith for reviews.
 2021-06-01 13:31:44 +02:00
Chris Jerdonek cd19db10df Fixed #32796 -- Changed CsrfViewMiddleware to fail earlier on badly formatted cookie tokens. 2021-06-01 09:02:27 +02:00
abhiabhi94 c609d5149c Refs #24121 -- Added __repr__() to Engine 2021-06-01 07:44:36 +02:00
Chris Jerdonek 55775891fb Fixed #32795 -- Changed CsrfViewMiddleware to fail earlier on badly formatted tokens. 2021-05-31 21:12:21 +02:00
Gildardo Adrian Maravilla Jacome 91e21836f6 Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage. 2021-05-31 11:09:48 +02:00
Gildardo Adrian Maravilla Jacome 781b44240a Refs #32319 -- Changed HashedFilesMixin to use named groups in patterns. 2021-05-31 10:40:21 +02:00
Chris Jerdonek d270dd584e
Refs #32778 -- Improved the name of the regex object detecting invalid CSRF token characters. 
This also improves the comments near where the variable is used.
 2021-05-29 12:53:50 +02:00
David Sanders 5685b7cd73
Fixed typos in comments and docs. 2021-05-29 12:51:14 +02:00
David Wobrock b9df2b74b9 Fixed #32676 -- Prevented migrations from rendering related field attributes when not passed during initialization. 
Thanks Simon Charette for the implementation idea.
 2021-05-28 20:25:59 +02:00
Hannes Ljungberg b746596f5f Refs #32779 -- Changed DatabaseSchemaEditor._unique_sql()/_create_unique_sql() to take fields as second parameter. 2021-05-28 10:50:27 +02:00
abhiabhi94 22da686ca9 Refs #24121 -- Added __repr__() to PermWrapper. 2021-05-28 08:03:23 +02:00
Chris Jerdonek 214b36f50a Refs #32596 -- Added early return on safe methods in CsrfViewMiddleware.process_view(). 2021-05-28 07:32:01 +02:00
Chris Jerdonek cfd8c91839 Refs #32596 -- Optimized CsrfViewMiddleware._check_referer() to delay computing good_referer. 2021-05-28 07:32:01 +02:00
Chris Jerdonek 71179a6124 Fixed #32596 -- Added CsrfViewMiddleware._check_referer(). 
This encapsulates CsrfViewMiddleware's referer logic into a method and
updates existing tests to check the "seam" introduced by the refactor,
when doing so would improve the test.
 2021-05-28 07:31:56 +02:00
Mohammadreza Varasteh e93eb3d971 Fixed #32789 -- Made feeds emit elements with no content as self-closing tags. 2021-05-27 21:05:28 +02:00
Moriyoshi Koizumi 9e4780deda Fixed #32669 -- Fixed detection when started non-django modules which aren't packages with "python -m" in autoreloader. 2021-05-26 12:29:43 +02:00
Michael Lissner 5a8e8f80bb Fixed #32772 -- Made database cache count size once per set. 2021-05-26 11:21:11 +02:00
Mariusz Felisiak 12b19a1d76
Fixed #32783 -- Fixed crash of autoreloader when __main__ module doesn't have __spec__ attribute. 
Regression in ec6d2531c5.

Thanks JonathanNickelson for the report.
 2021-05-26 11:19:47 +02:00
Hasan Ramezani 1143f3bb5e Fixed #32543 -- Added search_help_text to ModelAdmin. 2021-05-26 10:20:13 +02:00
Hasan Ramezani 68357b2ca9 Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for template changes. 2021-05-26 09:41:29 +02:00
Hannes Ljungberg 3e0fdf5546
Fixed #32780 -- Made Add/RemoveConstraint operations a noop for covering/deferrable unique constraints on SQLite. 2021-05-25 11:34:25 +02:00
abhiabhi94 866dccb650 Fixed #32778 -- Avoided unnecessary recompilation of token regex in _sanitize_token(). 2021-05-25 09:56:09 +02:00
saeedblanchette d3d95d645f Refs #24121 -- Added __repr__() to Lookup. 2021-05-24 07:32:25 +02:00
Mariusz Felisiak f0a9413bd2 Refs #24121 -- Improved Value.__repr__(). 2021-05-24 07:26:53 +02:00
Hannes Ljungberg 7ef2398e81 Fixed #32777 -- Passed table reference as a string to DatabaseSchemaEditor._index_columns(). 2021-05-24 06:31:48 +02:00
Yuekui Li 5e04e84d67 Fixed #32503 -- Fixed altering BLOB/TEXT field to non-nullable with default on MySQL 8.0.13+. 
MySQL 8.0.13+ supports defaults for BLOB/TEXT but not in the
ALTER COLUMN statement.

Regression in 6b16c91157.

Thanks Matt Westcott for the report.
 2021-05-21 13:34:37 +02:00
Rohith PR 7cca22964c Fixed #32375 -- Started deprecation toward changing the default sitemap protocol to https. 
The default sitemap protocol, when it is built outside the context of
a request, will be changed from 'http' to 'https' in Django 5.0.
 2021-05-21 11:00:54 +02:00
David Sanders 736bb9868a Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods. 2021-05-20 07:29:16 +02:00
David Sanders 2978c63a34 Fixed #32771 -- Used IS_POPUP_VAR constant instead of hard-coded value. 2021-05-20 07:04:26 +02:00
David Sanders 536c155e67 Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget. 
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
 2021-05-19 20:34:57 +02:00
Carlton Gibson c2e6047c72 Fixed #32740 -- Caught possible exception when initializing colorama. 2021-05-19 10:33:15 +02:00
David Sanders 127fd927d0
Fixed #32766 -- Removed unused ORDER_TYPE_VAR. 
Unused since 5434ce231d.
 2021-05-19 07:51:13 +02:00
Claude Paroz 8cd55021bc Fixed #32379 -- Started deprecation toward changing default USE_TZ to True. 
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2021-05-18 20:26:44 +02:00
Mariusz Felisiak 958cdf65ae Fixed #32747 -- Prevented initialization of unused caches. 
Thanks Alexander Ebral for the report.

Regression in 98e05ccde4.
 2021-05-18 18:24:19 +02:00
Rust Saiargaliev a24fed399c Fixed #32733 -- Skipped system check for specifying type of auto-created primary keys on abstract models. 
Regression in b5e12d490a.
 2021-05-18 13:02:33 +02:00
Slava Skvortsov f7691d4812 Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME. 
Regression in ba31b01034.
 2021-05-18 09:14:05 +02:00
William Schwartz de32fe83a2 Fixed #32317 -- Refactored loaddata command to make it extensible. 
Moved deeply nested blocks out of inner loops to improve readability
and maintainability.

Thanks to Mariusz Felisiak, Shreyas Ravi, and Paolo Melchiorre for
feedback.
 2021-05-18 07:05:33 +02:00
Artur Beltsov 3954bf50fb Fixed #32750 -- Fixed crash of Extract() transform on OuterRef() expressions. 
Thanks Simon Charette for the review.
 2021-05-17 17:51:39 +02:00
William Schwartz 1557778121 Refs #32317 -- Simplified find_fixtures() in loaddata command. 
This always replaces 'fixture_name' with its base name, which preserves
the previous behavior, because os.path.basename() was not called only on
relative paths without os.path.sep i.e. when base name was equal to the
file name.

This also changes os.path.dirname() and os.path.basename() calls to the
equivalent os.path.split() call.
 2021-05-14 20:45:04 +02:00
William Schwartz 1e655d35ad Refs #32317 -- Cleaned up try/except blocks in loaddata command. 
This moves code unable to trigger relevant exceptions outside of
try/except blocks, and changes 'objects' to 'objects_in_fixture'
which is equal to the length of 'objects'.
 2021-05-14 20:45:04 +02:00
Rohith PR 530f58caaa Fixed #32734 -- Fixed validation of startapp's directory with trailing slash. 
Regression in fc9566d42d.
 2021-05-14 12:45:00 +02:00
snowman2 29345aecf6 Fixed #32721 -- Fixed migrations crash when adding namespaced spatial indexes on PostGIS. 2021-05-14 07:10:28 +02:00
snowman2 99bc67a9e7 Refs #32721 -- Made PostGISSchemaEditor._create_index_sql() call super()._create_index_sql(). 2021-05-13 13:13:16 +02:00
Mariusz Felisiak b55699968f
Fixed #32718 -- Relaxed file name validation in FileField. 
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
 2021-05-13 08:53:44 +02:00
Simon Charette b81c7562fc Fixed #32717 -- Fixed filtering of querysets combined with the | operator. 
Address a long standing bug in a Where.add optimization to discard
equal nodes that was surfaced by implementing equality for Lookup
instances in bbf141bcdc.

Thanks Shaheed Haque for the report.
 2021-05-13 07:26:52 +02:00
Raffaele Salmaso 3733ae8957 Fixed #32031 -- Added model class for each model to AdminSite.each_context(). 2021-05-13 06:57:09 +02:00
Nick Pope 29e4ccb1a2 Fixed #32738 -- Deprecated django.utils.datetime_safe module. 2021-05-12 14:42:17 +02:00