Commit Graph

11806 Commits

Author SHA1 Message Date
Mariusz Felisiak 8f89454bbc Refs #32195 -- Added path() test for invalid view. 2021-06-09 08:58:41 +02:00
Jacob Walls c0e29cec83 Fixed #25255 -- Recorded unapplied squashed migrations. 2021-06-08 08:40:34 +02:00
Sanskar Jaiswal 8c3bd0b708 Fixed #31653 -- Added AddConstraintNotValid()/ValidateConstraint() operations for PostgreSQL. 2021-06-08 07:46:51 +02:00
luzpaz bbf09254a3
Fixed typos in test comments. 2021-06-07 20:54:28 +02:00
Chris Jerdonek 87bb746ea6 Refs #32668 -- Renamed setup()/teardown() to setup_run_tests()/teardown_run_tests() in runtests.py. 2021-06-07 09:04:27 +02:00
Chris Jerdonek 9389d4d3db Refs #32668 -- Changed bisect_tests() and paired_tests() to use only setup_collect_tests(). 2021-06-07 09:04:27 +02:00
Chris Jerdonek e96e93618c Refs #32668 -- Passed setup()'s return value to run_tests() instead of get_installed(). 2021-06-07 09:04:27 +02:00
Chris Jerdonek b3083d5bd2 Refs #32668 -- Refactored out setup_collect_tests() in runtests.py. 2021-06-07 09:04:24 +02:00
Chris Jerdonek 9b9cea04b9 Refs #32668 -- Added gis_enabled argument to get_test_modules(). 2021-06-07 08:54:15 +02:00
aryabartar 651e527f9b Fixed #32716 -- Fixed ManifestStaticFilesStorage crash when max_post_process_passes is 0. 2021-06-07 07:56:20 +02:00
Chris Jerdonek 7272e1963f Fixed #32821 -- Updated os.scandir() uses to use a context manager. 2021-06-07 06:52:42 +02:00
saeedblanchette 7dd502b0e1 Refs #24121 -- Added __repr__() to ChangeList and BaseStorage. 2021-06-07 06:31:50 +02:00
Chris Jerdonek 9812b486b5
Refs #32668 -- Simplified start_at/start_after logic in runtests.py's setup(). 2021-06-05 16:46:37 +02:00
Mariusz Felisiak 213850b4b9
Refs #32355 -- Used addClassCleanup() in tests.
Inspired by Adam Johnson talk on DjangoCon Europe 2021.
2021-06-04 12:53:11 +02:00
Adam Johnson 2e4711c611 Made SerializeMixin check lockfile attr at import time. 2021-06-04 12:29:09 +02:00
Takayuki Hirayama 0393b9262d Fixed #32812 -- Restored immutability of named values from QuerySet.values_list().
Regression in 981a072dd4.

Thanks pirelle for the report.
2021-06-04 07:23:16 +02:00
Chris Jerdonek 0d2816133c Refs #32668 -- Simplified get_test_modules() in runtests.py.
This simplifies runtests.py's get_test_modules() in a few ways.  For
example, it changes the function to yield strings instead of returning
pairs of strings, which simplifies the calling code.

This commit also changes SUBDIRS_TO_SKIP from a list to a dict since
the directories to skip depend on the parent directory.
2021-06-03 09:20:47 +02:00
Chris Jerdonek ffc0d57a04 Refs #32668 -- Refactored away module_found_in_labels in runtests.py's setup(). 2021-06-03 09:20:47 +02:00
Chris Jerdonek 90f41c2d91 Refs #32668 -- Made setup()'s test_labels argument optional in runtests.py. 2021-06-03 09:20:47 +02:00
Mariusz Felisiak 62e8f369c3
Fixed #32808 -- Prevented DiscoverRunner.build_suite() from mutating test loader patterns.
Thanks Chris Jerdonek for the report and reviews.
2021-06-03 08:59:37 +02:00
Chris Jerdonek 1b4d1675b2
Refs #32641 -- Made DiscoverRunner's "Found X tests" message work for finding one test.
This also removes passing level to log() as logging.INFO is the default.
2021-06-02 12:53:09 +02:00
Jacob Walls ec2727efef Fixed #28154 -- Prevented infinite loop in FileSystemStorage.save() when a broken symlink with the same name exists. 2021-06-02 12:20:22 +02:00
Mariusz Felisiak e1d787f1b3 Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.

[1] https://bugs.python.org/issue36384
2021-06-02 10:58:39 +02:00
Florian Apolloner 46572de2e9 Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView. 2021-06-02 10:58:39 +02:00
Mariusz Felisiak e703b152c6
Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.
Regression in 1e38f1191d.

Thanks Mohsen Tamiz for the report.
2021-06-01 15:11:42 +02:00
Daniyal a0410ffe8f Refs #32552 -- Added DiscoverRunner.log() to allow customization.
Thanks Carlton Gibson, Chris Jerdonek, and David Smith for reviews.
2021-06-01 13:31:44 +02:00
Chris Jerdonek cd19db10df Fixed #32796 -- Changed CsrfViewMiddleware to fail earlier on badly formatted cookie tokens. 2021-06-01 09:02:27 +02:00
Chris Jerdonek 623cec0879 Refs #32796 -- Added CsrfViewMiddleware tests for incorrectly formatted cookie tokens. 2021-06-01 09:02:23 +02:00
abhiabhi94 c609d5149c Refs #24121 -- Added __repr__() to Engine 2021-06-01 07:44:36 +02:00
Chris Jerdonek 55775891fb Fixed #32795 -- Changed CsrfViewMiddleware to fail earlier on badly formatted tokens. 2021-05-31 21:12:21 +02:00
Chris Jerdonek ffdee8d264 Refs #32795 -- Added CsrfViewMiddleware tests for rejecting invalid or missing tokens.
This also improves test names for test_process_request_no_csrf_cookie
and test_process_request_csrf_cookie_no_token. The logic being tested
is actually in process_view() rather than process_request(), and it's
not necessary to include the method name.
2021-05-31 21:12:17 +02:00
Gildardo Adrian Maravilla Jacome 91e21836f6 Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage. 2021-05-31 11:09:48 +02:00
Gildardo Adrian Maravilla Jacome 781b44240a Refs #32319 -- Changed HashedFilesMixin to use named groups in patterns. 2021-05-31 10:40:21 +02:00
David Wobrock b9df2b74b9 Fixed #32676 -- Prevented migrations from rendering related field attributes when not passed during initialization.
Thanks Simon Charette for the implementation idea.
2021-05-28 20:25:59 +02:00
Hannes Ljungberg b746596f5f Refs #32779 -- Changed DatabaseSchemaEditor._unique_sql()/_create_unique_sql() to take fields as second parameter. 2021-05-28 10:50:27 +02:00
abhiabhi94 22da686ca9 Refs #24121 -- Added __repr__() to PermWrapper. 2021-05-28 08:03:23 +02:00
Chris Jerdonek 71179a6124 Fixed #32596 -- Added CsrfViewMiddleware._check_referer().
This encapsulates CsrfViewMiddleware's referer logic into a method and
updates existing tests to check the "seam" introduced by the refactor,
when doing so would improve the test.
2021-05-28 07:31:56 +02:00
Mohammadreza Varasteh e93eb3d971 Fixed #32789 -- Made feeds emit elements with no content as self-closing tags. 2021-05-27 21:05:28 +02:00
Chris Jerdonek 02c59b7a43 Refs #32596 -- Added extra tests for CsrfViewMiddleware's referer logic. 2021-05-27 10:53:20 +02:00
Nilo César Teixeira 0d67481a66 Fixed #32762 -- Fixed locale reset in compilemessages test.
Reset the `LC_ALL` override value in the test environment to ensure that locale
values the calling environment are not used.
2021-05-26 15:37:42 +02:00
Moriyoshi Koizumi 9e4780deda Fixed #32669 -- Fixed detection when started non-django modules which aren't packages with "python -m" in autoreloader. 2021-05-26 12:29:43 +02:00
Michael Lissner 5a8e8f80bb Fixed #32772 -- Made database cache count size once per set. 2021-05-26 11:21:11 +02:00
Mariusz Felisiak 12b19a1d76
Fixed #32783 -- Fixed crash of autoreloader when __main__ module doesn't have __spec__ attribute.
Regression in ec6d2531c5.

Thanks JonathanNickelson for the report.
2021-05-26 11:19:47 +02:00
Hasan Ramezani 1143f3bb5e Fixed #32543 -- Added search_help_text to ModelAdmin. 2021-05-26 10:20:13 +02:00
Hasan Ramezani 68357b2ca9 Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for template changes. 2021-05-26 09:41:29 +02:00
Mariusz Felisiak 7e51893911
Refs #32379 -- Added USE_TZ settings to AdminScriptTestCase.write_settings(). 2021-05-25 13:22:40 +02:00
Hannes Ljungberg 3e0fdf5546
Fixed #32780 -- Made Add/RemoveConstraint operations a noop for covering/deferrable unique constraints on SQLite. 2021-05-25 11:34:25 +02:00
saeedblanchette d3d95d645f Refs #24121 -- Added __repr__() to Lookup. 2021-05-24 07:32:25 +02:00
Mariusz Felisiak f0a9413bd2 Refs #24121 -- Improved Value.__repr__(). 2021-05-24 07:26:53 +02:00
Mariusz Felisiak 3f6d4e22f8 Fixed typo in tests/expressions/tests.py. 2021-05-24 07:26:53 +02:00
Hannes Ljungberg 7ef2398e81 Fixed #32777 -- Passed table reference as a string to DatabaseSchemaEditor._index_columns(). 2021-05-24 06:31:48 +02:00
Yuekui Li 5e04e84d67 Fixed #32503 -- Fixed altering BLOB/TEXT field to non-nullable with default on MySQL 8.0.13+.
MySQL 8.0.13+ supports defaults for BLOB/TEXT but not in the
ALTER COLUMN statement.

Regression in 6b16c91157.

Thanks Matt Westcott for the report.
2021-05-21 13:34:37 +02:00
Rohith PR 7cca22964c Fixed #32375 -- Started deprecation toward changing the default sitemap protocol to https.
The default sitemap protocol, when it is built outside the context of
a request, will be changed from 'http' to 'https' in Django 5.0.
2021-05-21 11:00:54 +02:00
Rohith PR 56003b21ea Added tests for Sitemap.get_protocol(). 2021-05-21 10:55:05 +02:00
David Sanders 736bb9868a Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods. 2021-05-20 07:29:16 +02:00
David Sanders 2978c63a34 Fixed #32771 -- Used IS_POPUP_VAR constant instead of hard-coded value. 2021-05-20 07:04:26 +02:00
David Sanders 536c155e67 Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget.
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
2021-05-19 20:34:57 +02:00
Claude Paroz 8cd55021bc Fixed #32379 -- Started deprecation toward changing default USE_TZ to True.
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-18 20:26:44 +02:00
Mariusz Felisiak 958cdf65ae Fixed #32747 -- Prevented initialization of unused caches.
Thanks Alexander Ebral for the report.

Regression in 98e05ccde4.
2021-05-18 18:24:19 +02:00
Rust Saiargaliev a24fed399c Fixed #32733 -- Skipped system check for specifying type of auto-created primary keys on abstract models.
Regression in b5e12d490a.
2021-05-18 13:02:33 +02:00
Rust Saiargaliev f07723aa0a Refs #31007 -- Added test for check for specifying type of auto-created primary keys from abstract models. 2021-05-18 12:54:51 +02:00
Slava Skvortsov f7691d4812 Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME.
Regression in ba31b01034.
2021-05-18 09:14:05 +02:00
Artur Beltsov 3954bf50fb Fixed #32750 -- Fixed crash of Extract() transform on OuterRef() expressions.
Thanks Simon Charette for the review.
2021-05-17 17:51:39 +02:00
Rohith PR 530f58caaa Fixed #32734 -- Fixed validation of startapp's directory with trailing slash.
Regression in fc9566d42d.
2021-05-14 12:45:00 +02:00
snowman2 29345aecf6 Fixed #32721 -- Fixed migrations crash when adding namespaced spatial indexes on PostGIS. 2021-05-14 07:10:28 +02:00
Mariusz Felisiak c6d88a1872 Refs #16455 -- Added test for using opclasses on indexes for multidimensional geometry fields on PostGIS. 2021-05-13 13:13:12 +02:00
Mariusz Felisiak b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
2021-05-13 08:53:44 +02:00
Simon Charette b81c7562fc Fixed #32717 -- Fixed filtering of querysets combined with the | operator.
Address a long standing bug in a Where.add optimization to discard
equal nodes that was surfaced by implementing equality for Lookup
instances in bbf141bcdc.

Thanks Shaheed Haque for the report.
2021-05-13 07:26:52 +02:00
Raffaele Salmaso 3733ae8957 Fixed #32031 -- Added model class for each model to AdminSite.each_context(). 2021-05-13 06:57:09 +02:00
Nick Pope 29e4ccb1a2 Fixed #32738 -- Deprecated django.utils.datetime_safe module. 2021-05-12 14:42:17 +02:00
Nick Pope 46346f8ea0 Refs #32738 -- Added sanitize_strftime_format() to replace datetime_safe. 2021-05-12 14:42:17 +02:00
Nick Pope 44accb066a Refs #32738, Refs #29600, Refs #29595 -- Removed unused django.utils.datetime_safe.time().
Unused since c72dde41e6.
2021-05-12 14:42:17 +02:00
Nick Pope 1061f52436 Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection options in MySQL backend.
The 'db' and 'passwd' connection options have been deprecated, use
'database' and 'password' instead (available since mysqlclient >= 1.3.8).

This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.
2021-05-12 12:21:57 +02:00
Nick Pope d06c5b3581 Fixed #32366 -- Updated datetime module usage to recommended approach.
- Replaced datetime.utcnow() with datetime.now().
- Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp().
- Replaced datetime.utctimetuple() with datetime.timetuple().
- Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
2021-05-12 11:08:41 +02:00
Nick Pope 6b7960188b Added extra assertion to migrations.test_writer.WriterTests.test_serialize_datetime.
This checks that datetime.timezone.utc serializes correctly.
2021-05-12 11:06:30 +02:00
saeedblanchette e6406853c3 Refs #24121 -- Added__repr__() to StaticNode. 2021-05-12 08:41:52 +02:00
Nick Pope 34363a391b Fixed #32735 -- Made DateFormat.Y() return a zero-padded year. 2021-05-12 08:17:06 +02:00
Mariusz Felisiak b1a4b1f0bd Fixed #32722 -- Fixed comparing to TruncTime() on Oracle. 2021-05-11 09:19:25 +02:00
Jordi Castells 205c36b58f Fixed #32670 -- Allowed GDALRasters to use any GDAL virtual filesystem. 2021-05-07 20:03:46 +02:00
Hasan Ramezani 028f10fac6 Fixed #32712 -- Deprecated django.utils.baseconv module. 2021-05-07 11:57:40 +02:00
Alex Hill c4ee3b208a Fixed #32699 -- Fixed comparing to TruncTime() with 0 microseconds on MySQL. 2021-05-07 08:13:40 +02:00
Mariusz Felisiak 65a9d0013d
Removed unused TestHashedFiles._max_post_process_passes.
Unused since f1894bae30
2021-05-06 12:26:25 +02:00
Mariusz Felisiak e1e81aa1c4
Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
Carlton Gibson a708f39ce6 Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows.
The validate_file_name() sanitation introduced in
0b79eb3691 correctly rejects the example
file name as containing path elements on Windows. This breaks the test
introduced in 914c72be2a to allow path
components for storages that may allow them.

Test is skipped pending a discussed storage refactoring to support this
use-case.
2021-05-06 07:04:52 +02:00
ecogels a0a5e0f4c8 Fixed #32705 -- Prevented database cache backend from checking .rowcount on closed cursor.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-05 12:41:59 +02:00
Simon Charette 136ff592ad Fixed #32690 -- Fixed __in lookup crash when combining with filtered aggregates.
Having lookups group by subquery right-hand-sides is likely unnecessary
in the first place but relatively large amount of work would be needed
to achieve that such as making Lookup instances proper resolvable
expressions.

Regression in 3543129822.

Thanks James A. Munsch for the report.
2021-05-05 11:41:35 +02:00
Maxim Beder 06fd4df41a Fixed #32479 -- Added fallbacks to subsequent language codes in translations.
Thanks Claude Paroz and Nick Pope for reviews.
2021-05-05 09:37:54 +02:00
Simon Charette 96f55ccf79 Fixed #32714 -- Prevented recreation of migration for Meta.ordering with OrderBy expressions.
Regression in c8b6594305.

Thanks Kevin Marsh for the report.
2021-05-05 08:43:57 +02:00
Karthikeyan Singaravelan f9f6bd63c9 Refs #32074 -- Removed usage of deprecated Thread.setDaemon().
Thread.setDaemon() was deprecated in Python 3.10 and will be removed in
Python 3.12.
2021-05-04 12:07:18 +02:00
Florian Apolloner 0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Hasan Ramezani 8de4ca74ba Fixed #32693 -- Quoted and lowercased generated column aliases. 2021-05-04 07:36:56 +02:00
Mariusz Felisiak 1f643c28b5
Fixed #32653 -- Made quoting names in the Oracle backend consistent with db_table. 2021-04-30 12:59:07 +02:00
Tim Graham 54da6e2ac2 Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. 2021-04-30 12:32:52 +02:00
Hasan Ramezani 8bcb00858e Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ExceptionReporter._get_raw_insecure_uri(). 2021-04-30 08:05:42 +02:00
Nick Pope 2161db0792
Fixed capitalization of "ECMAScript" and "JavaScript". 2021-04-29 20:29:08 +02:00
Simon Charette c8b6594305 Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery deconstruction.
Subquery deconstruction support required implementing complex and
expensive equality rules for sql.Query objects for little benefit as
the latter cannot themselves be made deconstructible to their reference
to model classes.

Making Expression @deconstructible and not BaseExpression allows
interested parties to conform to the "expression" API even if they are
not deconstructible as it's only a requirement for expressions allowed
in Model fields and meta options (e.g. constraints, indexes).

Thanks Phillip Cutter for the report.

This also fixes a performance regression in bbf141bcdc.
2021-04-28 12:13:55 +02:00
Mariusz Felisiak 4f600673d7 Refs #32632 -- Added tests for returning a copy when combining Q() objects. 2021-04-28 11:31:17 +02:00
Konstantin Alekseev 6e742dabc9 Fixed #32687 -- Restored passing process’ environment to underlying tool in dbshell on PostgreSQL.
Regression in bbe6fbb876.
2021-04-27 10:43:35 +02:00
Mariusz Felisiak 1871182031 Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for preventing duplicates.
Thanks Zain Patel for the report and Simon Charette for reviews.

The exception introduced in 6307c3f1a1
revealed a possible data loss issue in the admin.
2021-04-27 10:34:47 +02:00
Mariusz Felisiak cd74aad90e Refs #32682 -- Renamed use_distinct variable to may_have_duplicates.
QuerySet.distinct() is not the only way to avoid duplicate, it's also
not preferred.
2021-04-27 10:34:47 +02:00