innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
django1/tests/queries
History
Simon Charette 0bd57a879a [3.1.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.order_by(). 
Regression introduced in 513948735b
by marking the raw SQL column reference feature for deprecation in
Django 4.0 while lifting the column format validation.

In retrospective the validation should have been kept around and the
user should have been pointed at using RawSQL expressions during the
deprecation period.

The main branch is not affected because the raw SQL column reference
support has been removed in 06eec31970
per the 4.0 deprecation life cycle.

Thanks Joel Saunders for the report.
 		2021-07-01 08:36:17 +02:00
..
__init__.py
models.py [3.1.x] Fixed #31664 -- Reallowed using non-expressions having filterable attribute as rhs in queryset filters. 2020-06-08 09:18:32 +02:00
test_bulk_update.py Fixed #12990, Refs #27694 -- Added JSONField model field. 2020-05-08 07:23:31 +02:00
test_db_returning.py Refs #29444 -- Removed redundant DatabaseFeatures.can_return_multiple_columns_from_insert. 2019-09-24 10:37:22 +02:00
test_deprecation.py Fixed #30988 -- Deprecated the InvalidQuery exception. 2019-11-18 14:06:51 +01:00
test_explain.py Refs #30897 -- Added support for ANALYZE option to Queryset.explain() on MariaDB and MySQL 8.0.18+. 2019-10-24 15:13:26 +02:00
test_iterator.py Refs #29563 -- Fixed SQLCompiler.execute_sql() to respect DatabaseFeatures.can_use_chunked_reads. 2018-07-25 18:08:57 -04:00
test_q.py Added test for combining Q objects with non-Q objects. 2018-03-29 13:58:55 -04:00
test_qs_combinators.py [3.1.x] Fixed #31614 -- Fixed aliases ordering by OrderBy() expressions of combined queryset. 2020-05-26 23:35:34 +02:00
test_query.py Refs #25367 -- Made Query.build_filter() raise TypeError on non-conditional expressions. 2019-11-21 11:56:35 +01:00
tests.py [3.1.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.order_by(). 2021-07-01 08:36:17 +02:00