Ngalim Siregar
503f60ff57
Fixed #29008 -- Fixed crash of 404 debug page when URL path converter raises Http404.
2019-08-09 22:48:08 +02:00
Carlton Gibson
514efa3129
Fixed #30688 -- Clarified base_manager_name docs.
2019-08-09 10:08:06 +02:00
Jon Dufresne
5b57798513
Removed unnecessary StatAggregate.resolve_expression().
...
This method only calls the parent method, but without the for_save
argument. The parent class, Aggregate, already ignores the for_save
argument so there is no need for special handling.
Unnecessary since its introduction in e4cf8c8420
.
2019-08-08 22:34:25 +02:00
Adnan Umer
8d3519071e
Fixed #30673 -- Relaxed system check for db_table collision when database routers are installed by turning the error into a warning.
2019-08-08 21:14:06 +02:00
Min ho Kim
65e86948b8
Corrected several typos in string literals and test names.
2019-08-07 11:23:14 +02:00
Andrew Godwin
052388aba4
Fixed #30676 -- Added --pdb option to test runner.
2019-08-07 08:16:31 +02:00
Adnan Umer
c5075360c5
Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER setting.
2019-08-05 18:44:08 +02:00
Mariusz Felisiak
05964b2198
Moved indexes in ArrayField's Index and Slice transforms to SQL params.
...
Follow up to 7deeabc7c7
.
These lookups aren't vulnerable to SQL injection because both accept
only integer indexes. It is a part of good practices.
2019-08-05 14:16:35 +02:00
Mariusz Felisiak
0e02e496cd
Added tests for using ArrayField's IndexTransform/SliceTransform on expressions with params.
2019-08-05 14:16:25 +02:00
Diederik van der Boor
25f21bd237
Fixed #28393 -- Added helpful error messages for invalid AutoField/FloatField/IntegerField values.
...
Co-authored-by: Diederik van der Boor <vdboor@edoburu.nl>
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-05 08:41:29 +02:00
Mariusz Felisiak
1af469e67f
Added stub release notes for 2.2.5.
2019-08-02 20:32:21 +02:00
Nick Pope
4cf1f2f13e
Simplified AlterModelTable by making it subclass ModelOptionOperation.
2019-08-02 18:19:55 +02:00
niauah
75f8264083
Corrected StreamingHttpResponse.streaming_content description in docs.
2019-08-02 16:37:49 +02:00
aaktsipetrov
4edad1ddf6
Fixed #30668 -- Made QuerySet.filter() raise NotSupportedError if any of source expressions is not filterable.
2019-08-02 15:06:00 +02:00
Nick Pope
194d1dfc18
Fixed #30661 -- Added models.SmallAutoField.
2019-08-02 11:39:01 +02:00
zeyneloz
955b382600
Fixed #30599 -- Prevented ManifestFilesMixin.read_manifest() from silencing errors other than FileNotFoundError.
2019-08-02 08:35:28 +02:00
zeyneloz
246689452d
Added test for handling of non-existent manifest in ManifestFilesMixin.read_manifest().
2019-08-02 08:35:25 +02:00
Mariusz Felisiak
d14fa04ab3
Removed obsolete mentions of a check constraint in BaseDatabaseSchemaEditor.add_constraint()/remove_constraint() docstrings.
2019-08-02 07:09:37 +02:00
Jon Dufresne
e8d0d2a5ef
Removed unneeded ValueError catching in django.utils.text._replace_entity().
...
The html.entities.name2codepoint dict contains only valid Unicode
codepoints. Either the key exists and chr() will succeed or the key does
not exist.
2019-08-01 14:30:20 +02:00
Mariusz Felisiak
ff111ea5e3
Refs #30664 -- Fixed migrations crash when altering AutoField/BigAutoField with quoted db_column on PostgreSQL.
2019-08-01 12:06:32 +02:00
Ngalim Siregar
e4684220af
Fixed #30664 -- Fixed migrations crash when altering table on SQLite or altering AutoField/BigAutoField on PostgreSQL for models with quoted db_table.
2019-08-01 12:06:32 +02:00
Carlton Gibson
a5652eb795
Added CVE-2019-14235 to security release archive.
2019-08-01 12:01:27 +02:00
Carlton Gibson
3a6a2f5eaf
Added CVE-2019-14234 to security release archive.
2019-08-01 11:59:45 +02:00
Carlton Gibson
9600f63885
Added CVE-2019-14233 to security release archive.
2019-08-01 11:57:24 +02:00
Carlton Gibson
87750787d1
Added CVE-2019-14232 to the security release archive.
2019-08-01 11:54:24 +02:00
Florian Apolloner
76ed1c49f8
Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Mariusz Felisiak
7deeabc7c7
Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
...
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-08-01 09:24:54 +02:00
Florian Apolloner
4b78420d25
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Florian Apolloner
7f65974f82
Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Carlton Gibson
eea0bf7bd5
Refs #30669 -- Removed incorrect branch in ASGIHander.read_body().
...
None is not valid for settings.FILE_UPLOAD_MAX_MEMORY_SIZE.
Always use SpooledTemporaryFile.
2019-07-31 13:33:01 +02:00
Étienne Beaulé
5f24e7158e
Fixed #30665 -- Added support for distinct argument to Avg() and Sum().
2019-07-31 11:22:50 +02:00
Étienne Beaulé
cb3c2da128
Moved test for distinct Count() to a separate test case.
2019-07-31 10:41:17 +02:00
Nick Pope
f618e033ac
Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands.
2019-07-31 10:02:13 +02:00
Nick Pope
c95d063e77
Refs #30160 -- Simplified and improved tests for django.utils.archive.
...
The file executable should have 0o775 permission not only u=x.
The file no_permissions should have 0o644 u=r.
2019-07-31 09:46:24 +02:00
Nick Pope
1692f69e37
Refs #30160 -- Doc'd startapp/startproject support for tarfile templates.
2019-07-31 09:46:24 +02:00
Nick Pope
69a30f620e
Refs #30160 -- Simplified archive extension map and added other aliases.
2019-07-31 09:46:17 +02:00
Hasan Ramezani
e3fc9af4ab
Refs #30593 -- Fixed introspection of check constraints columns on MariaDB.
2019-07-30 16:32:13 +02:00
Hasan Ramezani
b2aad9ad4d
Refs #30593 -- Added _parse_constraint_columns() hook to introspection on MariaDB.
2019-07-30 16:32:13 +02:00
Nick Pope
421c4cd2ee
Removed redundant ArchiveTest.test_extract_method() test.
...
The extract() function has the same code as used in the test method
for Archive.extract().
2019-07-30 11:33:53 +02:00
Nick Pope
0509148c24
Refs #30160 -- Made destination path a required argument of extract().
2019-07-30 11:27:56 +02:00
Jerrod Martin
c7bef16a74
Fixed #30411 -- Improved formatting of text tracebacks in technical 500 templates.
...
Co-Authored-By: Daniel Hahler <git@thequod.de>
2019-07-29 11:09:54 +02:00
daniel a rios
68aeb90160
Fixed #30656 -- Added QuerySet.bulk_update() to the database optimization docs.
2019-07-29 09:52:29 +02:00
daniel a rios
fe33fdc049
Refs #30656 -- Reorganized bulk methods in the database optimization docs.
2019-07-29 09:52:29 +02:00
Claude Paroz
3c6d32e0b2
Fixed #30552 -- Fixed loss of SRID when calling reverse() on LineString/Point.
...
Thanks Mariusz Felisiak for contributing the Point part.
2019-07-27 20:12:46 +02:00
Jon Dufresne
4122d9d3f1
Refs #28147 -- Fixed setting of OneToOne and Foreign Key fields to None when using attnames.
...
Regression in 519016e5f2
.
2019-07-27 12:04:56 +02:00
Jon Dufresne
619c9a4f49
Added tests for using attnames to assign OneToOne and Foreign Key fields.
2019-07-27 12:03:45 +02:00
Piotr Domanski
4b4e68a7a6
Fixed #30567 -- Made WSGIHandler pass FileResponse.block_size to wsgi.file_wrapper.
2019-07-26 07:31:51 +02:00
Mariusz Felisiak
806ba19bbf
Added Query.is_sliced property.
...
Previously, we used Query.can_filter() mainly to check if a query is
sliced what was confusing.
2019-07-25 20:45:55 +02:00
Hasan Ramezani
1853383969
Fixed #27995 -- Added error messages on unsupported operations following union(), intersection(), and difference().
2019-07-25 12:39:55 +02:00
Carlton Gibson
f13147c8de
Added stub release notes for security releases.
2019-07-25 10:49:30 +02:00