Despite inheriting from the str type, every SafeString instance gains
an empty __dict__ due to the normal, expected behaviour of type
subclassing in Python.
Adding __slots__ to SafeData is necessary, because otherwise inheriting
from that (as SafeString does) will give it a __dict__ and negate the
benefit added by modifying SafeString.
There's little point retrieving a fresh reference to the exception in
the legacy tuple format, when it's all available via the exception
instance we already have.
md5 is not an approved algorithm in FIPS mode, and trying to instantiate
a hashlib.md5() will fail when the system is running in FIPS mode.
md5 is allowed when in a non-security context. There is a plan to add a
keyword parameter (usedforsecurity) to hashlib.md5() to annotate whether
or not the instance is being used in a security context.
In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.
Some downstream python versions already support this parameter. To
support these versions, a new encapsulation of md5() has been added.
This encapsulation will pass through the usedforsecurity parameter in
the case where the parameter is supported, and strip it if it is not.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Switched the order of the checks to reduce the overhead. Async unsafe methods
are *normally* called syncrhonously, so we can avoid the overhead of checking
the environment variable in the regular path.
Elements yielded by _destruct_iterable_mapping_values are always
unpacked. Since unpacking can be done with any iterable, there is no
need to convert elements to tuples. Also, such elements can be used
directly in for loops, creating a dictionary of them is excessive.
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
This improves performance of import_string() by avoiding multiple
imports for the same path.
Thanks Andrew Godwin and Keryn Knight for the implementation idea.
The "data in self.children" branch was causing data.__eq__ to be
called for each entries in "self.children" which resulted in a huge
slowdown during queryset construction.
It's purpose was to prevent queries of the form
Model.objects.filter(foo='bar').filter(foo='bar')
from resulting in
WHERE foo='bar' AND foo='bar'
but it's not covered by the suite and has arguable performance benefits
since it's not very common and SQL engines are usually very good at
folding/optimizing these.
See also #32632 for prior discussion around comparing data to the
Node's children.
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
This removes unnecessary format('O') call, remove unnecessary method
calls for simple cases in TimeFormat, and simplifies time zone handling
in TimeFormat.
Keryn Knight
Adam Johnson
Mariusz Felisiak
Ad Timmering
Allen Jonathan David
mendespedro
mgaligniana
Florian Apolloner
Maxim Piskunov
Baptiste Mispelon
tim-mccurrach
Timothy McCurrach
Vinay Karanam
Claude Paroz
Ade Lee
Nick Pope
Chenyang Yan
Illia Volochii
Carlton Gibson
yujin
David Smith
Chris Jerdonek
David Smith
abhiabhi94
Shipeng Feng
Daniele Procida
Ben Wilber
Mateo Radman
David Sanders