innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
27,594 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

5210 Commits

Author SHA1 Message Date
daniel a rios b5a5c92c72 Fixed #30066 -- Enabled super user creation without email and password 2019-08-29 12:49:16 +02:00
Jon Dufresne a44d80f88e Adjusted subprocess.run() calls to use arg list, rather than string. 
The Python docs recommend passing a sequence to subprocess.run() when
possible. Doing so allows for automatic escaping and quoting of
arguments.

https://docs.python.org/3/library/subprocess.html#frequently-used-arguments

> args is required for all calls and should be a string, or a sequence
> of program arguments. Providing a sequence of arguments is generally
> preferred, as it allows the module to take care of any required
> escaping and quoting of arguments (e.g. to permit spaces in file
> names).

Also removed `shell=True` where unnecessary.
 2019-08-28 10:19:30 +02:00
Federico Jaramillo Martínez 8f6860863e Fixed #30722 -- Added default rate-limiting requests to admin's Select2 widget. 2019-08-27 13:47:36 +02:00
Hasan Ramezani 03dbdfd9bb Fixed #29019 -- Added ManyToManyField support to REQUIRED_FIELDS. 2019-08-26 14:48:40 +02:00
Simon Charette bb9e82f274 Fixed #29955 -- Added support for distance expression to the dwithin lookup. 
This was missed when adding support to other distance lookups in
refs #25499.

Thanks Peter Bex for the report and Mariusz for testcases.
 2019-08-23 21:28:28 +02:00
Dulmandakh 06372a8d27 Fixed #30507 -- Updated admin's jQuery to 3.4.1. 2019-08-23 11:00:16 +02:00
Claude Paroz 9386586f31 Replaced subprocess commands by run() wherever possible. 2019-08-23 10:53:36 +02:00
Mariusz Felisiak 521308e575 Fixed #30715 -- Fixed crash of ArrayField lookups on ArrayAgg annotations over AutoField. 2019-08-23 10:43:08 +02:00
Mariusz Felisiak b1f669406f Reduced code duplication in ArrayField's lookups. 2019-08-23 10:43:08 +02:00
Carlton Gibson 5b4c6b58a0
Fixed #30064 -- Added form to validate admin search fields query input. 2019-08-22 14:09:49 +02:00
Nasir Hussain 6b16c91157 Fixed #30712 -- Allowed BLOB/TEXT defaults on MySQL 8.0.13+. 2019-08-22 12:23:10 +02:00
Mads Jensen 85ac838d9e Fixed #21039 -- Added AddIndexConcurrently/RemoveIndexConcurrently operations for PostgreSQL. 
Thanks to Simon Charettes for review.

Co-Authored-By: Daniel Tao <daniel.tao@gmail.com>
 2019-08-21 13:10:06 +02:00
Adam Johnson 7da6a28a44 Fixed #27676 -- Allowed BLOB/TEXT defaults on MariaDB 10.2.1+. 2019-08-16 11:39:37 +02:00
zeyneloz 8289fc55ff Refs #30449 -- Made RelatedOnlyFieldListFilter respect ModelAdmin.ordering. 2019-08-15 10:29:10 +02:00
Mariusz Felisiak 1f8382d34d
Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params. 
Regression in 4f5b58f5cd.

Thanks Florian Apolloner for the report and helping with tests.
 2019-08-14 15:25:35 +02:00
Claude Paroz eed2e740f7 Fixed #30461 -- Made GeoIP2 and GEOIP_PATH setting accept pathlib.Path as library path. 
Thanks Nikita Krokosh for the initial patch.
 2019-08-13 19:44:10 +02:00
Mariusz Felisiak c19ad2da4b
Fixed #30704 -- Fixed crash of JSONField nested key and index transforms on expressions with params. 
Thanks Florian Apolloner for the report and helping with tests.
 2019-08-13 08:42:17 +02:00
Simon Charette fff5186d32 Refs #25367 -- Moved select_format hook to BaseExpression. 
This will expose an intermediary hook for expressions that need special
formatting when used in a SELECT clause.
 2019-08-13 06:48:14 +02:00
Jon Dufresne 5b57798513 Removed unnecessary StatAggregate.resolve_expression(). 
This method only calls the parent method, but without the for_save
argument. The parent class, Aggregate, already ignores the for_save
argument so there is no need for special handling.

Unnecessary since its introduction in e4cf8c8420.
 2019-08-08 22:34:25 +02:00
Min ho Kim 65e86948b8 Corrected several typos in string literals and test names. 2019-08-07 11:23:14 +02:00
Mariusz Felisiak 05964b2198 Moved indexes in ArrayField's Index and Slice transforms to SQL params. 
Follow up to 7deeabc7c7.

These lookups aren't vulnerable to SQL injection because both accept
only integer indexes. It is a part of good practices.
 2019-08-05 14:16:35 +02:00
Nick Pope 194d1dfc18 Fixed #30661 -- Added models.SmallAutoField. 2019-08-02 11:39:01 +02:00
zeyneloz 955b382600 Fixed #30599 -- Prevented ManifestFilesMixin.read_manifest() from silencing errors other than FileNotFoundError. 2019-08-02 08:35:28 +02:00
Mariusz Felisiak 7deeabc7c7 Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection. 
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
 2019-08-01 09:24:54 +02:00
Claude Paroz 3c6d32e0b2 Fixed #30552 -- Fixed loss of SRID when calling reverse() on LineString/Point. 
Thanks Mariusz Felisiak for contributing the Point part.
 2019-07-27 20:12:46 +02:00
Jon Dufresne 93ffa81bc5 Refs #30657 -- Made DeferredAttribute.__init__() to take a field instance instead of a field name. 2019-07-25 07:24:52 +02:00
Min ho Kim 9f11939dd1 Fixed typos in comments and a test name. 2019-07-19 18:24:06 +02:00
Mads Jensen a3417282ac Fixed #29824 -- Added support for database exclusion constraints on PostgreSQL. 
Thanks to Nick Pope and Mariusz Felisiak for review.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2019-07-16 18:04:41 +02:00
Mads Jensen 7174cf0b00 Refs #29824 -- Added RangeOperators helper class. 2019-07-16 16:57:46 +02:00
Mariusz Felisiak 858cfd74e9
Simplified RangeContainedBy by making it subclass PostgresSimpleLookup. 2019-07-13 10:55:19 +02:00
Mariusz Felisiak 70c2b90d95
Simplified DateTimeRangeContains by making it subclass PostgresSimpleLookup. 2019-07-12 17:27:49 +02:00
Johannes Hoppe 00d4e6f8b5 Updated Select2 to version 4.0.7. 2019-07-10 12:31:16 +02:00
Hasan Ramezani ed668796f6 Fixed #30543 -- Fixed checks of ModelAdmin.list_display for fields accessible only via instance. 
Co-Authored-By: Andrew Simons <andrewsimons@bubblegroup.com>
 2019-07-10 10:37:34 +02:00
Mariusz Felisiak 7991111af1
Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type. 
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson the review.

Regression in 6b048b364c.
 2019-07-10 10:33:36 +02:00
Chason Chaffin c238e65e29 Fixed #30596 -- Fixed SplitArrayField.has_changed() for non-string base fields. 
Thanks to Evgeniy Krysanov for the report and the idea to use to_python.
Thanks to Mariusz Felisiak for the test case.
 2019-07-03 13:35:51 +02:00
Hasan Ramezani a5308514fb Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields. 2019-07-02 12:55:09 +02:00
Min ho Kim fbb83fefd4 Fixed typos in comments and docs. 2019-07-02 09:36:17 +02:00
Claude Paroz d54baf6970 Updated translations from Transifex 
Forward port of b3f7262e6e from stable/2.2.x
 2019-06-29 16:17:16 +02:00
Jon Dufresne 42b9a23267 Fixed #30400 -- Improved typography of user facing strings. 
Thanks Claude Paroz for assistance with translations.
 2019-06-28 16:46:18 +02:00
Markus Holtermann ad7b438002 Bumped minimum ESLint version to 4.18.2. 2019-06-21 17:57:35 +02:00
Andrew Godwin a415ce70be Fixed #30451 -- Added ASGI handler and coroutine-safety. 
This adds an ASGI handler, asgi.py file for the default project layout,
a few async utilities and adds async-safety to many parts of Django.
 2019-06-20 12:29:43 +02:00
Sanyam Khurana 87f5d07eed Fixed #12952 -- Adjusted admin log change messages to use form labels instead of field names. 2019-06-14 18:20:29 +02:00
Mariusz Felisiak b616f65855
Added missing support for PointOnSurface function on MariaDB. 2019-06-12 10:51:43 +02:00
Jon Dufresne 9e38ed0536 Fixed #27486 -- Fixed Python 3.7 DeprecationWarning in intword and filesizeformat filters. 
intword and filesizeformat passed floats to ngettext() which is
deprecated in Python 3.7. The rationale for this warning is documented
in BPO-28692: https://bugs.python.org/issue28692.

For filesizeformat, the filesize value is expected to be an int -- it
fills %d string formatting placeholders. It was likely coerced to a
float to ensure floating point division on Python 2. Python 3 always
does floating point division, so coerce to an int instead of a float to
fix the warning.

For intword, the number may contain a decimal component. In English, a
decimal component makes the noun plural. A helper function,
round_away_from_one(), was added to convert the float to an integer that
is appropriate for ngettext().
 2019-06-11 20:34:59 +02:00
Aymeric Augustin 3ee0834a46 Fixed #30556 -- Avoided useless query and hasher call in ModelBackend.authenticate() when credentials aren't provided. 
There's no need to fetch a user instance from the database unless
a username and a password are provided as credentials.
 2019-06-10 11:12:31 +02:00
Hasan Ramezani dcb8f00d06 Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields. 
Thank you to Nick Pope for review.

Co-authored-by: CHI Cheng <cloudream@gmail.com>
 2019-06-07 12:44:39 +02:00
Hasan Ramezani 661e6cc2c9 Fixed #29706 -- Made RenameContentType._rename() save to the correct database. 2019-06-06 12:09:01 +02:00
Tobias Bengfort 581a0f4545 Refs #30226 -- Added User.get_user_permissions() method. 
Added to mirror the existing User.get_group_permissions().
 2019-06-05 13:56:37 +02:00
Tobias Bengfort 75337a6050 Fixed #30226 -- Added BaseBackend for authentication. 2019-06-05 13:39:46 +02:00
Jones Ambrosi f9561144d7 Fixed #30520 -- Fixed crash of admin model inlines on custom fields without labels. 2019-06-04 10:27:12 +02:00
Nathan Gaberel b27c9c953b Fixed #28604 -- Prevented ManifestStaticFilesStorage from leaving intermediate files. 2019-06-03 13:11:55 +02:00
Carlton Gibson 34ec52269a Applied jQuery patch for CVE-2019-11358. 2019-06-03 11:36:12 +02:00
Carlton Gibson deeba6d920 Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before rendering clickable link. 2019-06-03 11:36:12 +02:00
can dffa3e1992 Fixed #30493 -- Fixed prefetch_related() for GenericRelation with different content types. 
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>

Thanks Simon Charette for the review.
 2019-05-31 18:11:55 +02:00
Mariusz Felisiak f66021f3f7 Refs #30493 -- Added GenericRelatedObjectManager.get_content_type() hook. 2019-05-31 18:11:51 +02:00
Daniel Hahler 59f04d6b8f Simplified SessionMiddleware.process_response() a bit. 2019-05-29 14:10:11 +02:00
Caio Ariede a3f91891d2 Fixed #30315 -- Fixed crash of ArrayAgg and StringAgg with ordering when used in Subquery. 2019-05-28 10:05:50 +02:00
Rob 58df8aa40f Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs. 
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
 2019-05-24 08:40:25 +02:00
Mariusz Felisiak 2007e11d70
Forced utf-8 encoding when loading common passwords in CommonPasswordValidator. 
Previously we used `decode()` which defaults to utf-8. This change
restores previous behavior.

Follow up to 28eac41510.
 2019-05-23 08:39:16 +02:00
Jon Dufresne b711eafd2a Refs #30116 -- Removed unnecessary str() calls in CommonPasswordValidator. 
open() and gzip.open() supports path-like objects since Python 3.6.
 2019-05-22 19:47:28 +02:00
Brad Solomon 28eac41510 Improved performance of loading common passwords in CommonPasswordValidator. 
CommonPasswordValidator.__init__ previously called either splitlines or
readlines, creating an unneeded intermediate list in memory. For large
custom password files, this could be burdensome.
 2019-05-22 06:55:21 +02:00
Hasan Ramezani 9d6f981a66 Fixed #28763 -- Allowed overriding the session cookie age with SessionStore.get_session_cookie_age(). 2019-05-21 08:50:09 +02:00
Thomasina Lee c38e7a79f4 Fixed #30488 -- Removed redundant Coalesce call in SQL generated by SearchVector. 
Regression in 405c836336.
 2019-05-20 08:34:06 +02:00
Claude Paroz e286987a27 Fixed #30459 -- Delegated hide/show JS toggle to parent div. 
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
 2019-05-17 07:46:45 +02:00
Tobias Bengfort 7619a33665 Refs #28593 -- Changed url() to path() in comments following URL routing changes. 2019-05-13 18:30:51 +02:00
Carlton Gibson 34f589ba88 Moved unnecessarily nested import. 2019-05-08 09:26:13 +02:00
Carlton Gibson 6a92bcf55b Removed redundant check from StaticFilesHandler. 2019-05-08 09:26:13 +02:00
Chris Adkins 705ef6cfeb Fixed #30447 -- Added 'is_in_european_union' in GeoIP2.city() dict. 2019-05-07 13:31:44 +02:00
Ben Muschol 8eb4133714 Always remove required attribute in SelectFilter2.js (#11331) 
Fixes bug on browsers which do support the required attribute but not the :valid pseudo-selector
 2019-05-07 08:16:30 +02:00
Tobias Kunze 3166880301 Fixed #29352 -- Allowed specifying a Feed language. 2019-05-06 15:10:54 +02:00
Carlton Gibson 98296f86b3
Fixed #30351 -- Handled pre-existing permissions in proxy model permissions data migration. 
Regression in 181fb60159.
 2019-04-27 20:18:22 +02:00
Aarni Koskela efeceba589
Fixed #30312 -- Relaxed admin check from django.contrib.sessions to SessionMiddleware subclasses. 2019-04-26 11:31:06 +02:00
Jon Dufresne 8b3f1c35dd Removed unnecessary assignments in various code. 2019-04-24 13:09:29 +02:00
Simon Charette 405c836336 Fixed #30385 -- Restored SearchVector(config) immutability. 
Regression in 1a28dc3887.

The usage of CONCAT to allow SearchVector to deal with non-text fields
made the generated expression non-IMMUTABLE which prevents a functional
index to be created for it.

Using a combination of COALESCE and ::text makes sure the expression
preserves its immutability.

Refs #29582. Thanks Andrew Brown for the report, Nick Pope for the
review.
 2019-04-23 08:11:33 +02:00
Dustin Neighly 49fb3f5f3e Fixed #30341 -- Added support for the furlong unit in Distance. 2019-04-19 08:54:23 +02:00
Hasan Ramezani 917fd9d03f
Fixed #27755 -- Added ModelAdmin.get_inlines() hook. 2019-04-17 07:16:04 +02:00
Simone Pellizzari d0315584b5
Fixed #30332 -- Fixed crash of ordering by expressions with params in ArrayAgg and StringAgg. 2019-04-06 14:23:29 +02:00
Mariusz Felisiak 7cbcf2e2cb
Fixed #30259 -- Fixed crash of admin views when properties don't have admin_order_field attribute. 2019-04-01 15:11:54 +02:00
Claude Paroz 3e01aab533 Updated contrib translations from Transifex. 
Forwardport of 7090cbf542 from 2.2.x.
 2019-04-01 12:22:15 +02:00
Tim Graham 8335d59200 Fixed #30289 -- Prevented admin inlines for a ManyToManyField's implicit through model from being editable if the user only has the view permission. 2019-03-30 16:49:16 -04:00
pmisteli 9410db9683 Fixed #30236 -- Made UsernameField render with autocapitalize="none" HTML attribute. 
This prevents automatic capitalization, which is the default behavior in
some browsers.
 2019-03-29 15:24:44 +01:00
Nick Pope d41a1005eb Removed unused timeparse.js. 
Unused since its introduction in dd5320d1d5.
 2019-03-27 09:24:09 -04:00
Nick Pope f0f3b30296 Removed obsolete ActiveXObject from admindocs bookmarklets. 
Required for IE<7.
 2019-03-27 09:13:39 -04:00
Nick Pope 3113957123 Simplified Date.prototype.getTwelveHours(). 2019-03-27 09:13:21 -04:00
Nick Pope a25029b336 Removed unused Date.prototype.getHourMinute(). 
Unused since d2180a6bf3.
 2019-03-27 09:12:44 -04:00
Nick Pope 8c694317f8 Removed unused Date.prototype.getHourMinuteSecond(). 
Unused since fa0653cd1d.
 2019-03-27 09:12:15 -04:00
Nick Pope 93d1f2d209 Removed unused String.prototype.pad_left(). 
Unused since its introduction in dd5320d1d5.
 2019-03-27 09:11:30 -04:00
Nick Pope 41e6ef28b0 Removed unneeded compatibility shim for getComputedStyle(). 
Required for IE<9.
 2019-03-27 09:10:56 -04:00
Hasan Ramezani d4df5e1b0b Fixed #27360 -- Added app or ModelAdmin details for AreadyRegistered exceptions. 2019-03-25 17:34:53 -04:00
Jani Tiainen 044cc54420
Fixed #30259 -- Added support for admin_order_field attribute on properties in ModelAdmin.list_display. 2019-03-24 20:43:56 +01:00
Ryan J Schave cbf7e71558 Fixed #30257 -- Made UsernameValidators prohibit trailing newlines. 2019-03-22 13:16:25 -04:00
Simon Charette 5935a9aead Removed obsolete Lookup hook to prepare rhs expressions. 
After 3a505c70e7, all _prepare() methods
return self.
 2019-03-21 20:54:21 -04:00
birthdaysgift dc740dde50 Fixed #29471 -- Added 'Vary: Cookie' to invalid/empty session cookie responses. 2019-03-21 18:02:49 -04:00
Francisco Couzo 0193bf874f Fixed #28738 -- Added the GeometryDistance function. 2019-03-20 12:54:42 -04:00
Herman S f976ab1b11 Fixed #30237 -- Made Authentication/SessionMiddleware and ModelBackend admin checks allow subclasses. 2019-03-14 20:09:57 -04:00
btknu 7c3a8b9db2 Fixed #30243 -- Simplified ModelAdmin.render_change_form()'s has_file_field. 2019-03-08 18:03:58 -05:00
Jon Dufresne 17455e924e Removed executable bit from static asset xregexp.js. 2019-03-04 10:35:08 -05:00
Mariusz Felisiak b435f82939
Reverted "Fixed relative paths imports per isort 4.3.5." 
This reverts commit 463fe11bc8 due to
restore of relative paths sorting from isort < 4.3.5 in isort 4.3.10.
 2019-03-03 19:33:48 +01:00
Dan Wilson fe65918dca Fixed #30229 -- Removed polyfill from inlines.min.js. 
find() is only called on jQuery objects, so the polyfill is necessary.
 2019-03-01 13:00:30 -05:00
Etienne Chové 4dcbe6eb2d Fixed #30221 -- Made label suffix of admin's read-only fields translatable. 2019-02-28 11:12:30 -05:00