Commit Graph

27211 Commits

Author SHA1 Message Date
Claude Paroz 88c0b907e7 Refs #30461 -- Added django.utils._os.to_path(). 2019-08-13 17:17:39 +02:00
Mariusz Felisiak c19ad2da4b
Fixed #30704 -- Fixed crash of JSONField nested key and index transforms on expressions with params.
Thanks Florian Apolloner for the report and helping with tests.
2019-08-13 08:42:17 +02:00
Simon Charette efa1908f66 Refs #25367 -- Moved Oracle Exists() handling to contextual methods.
Oracle requires the EXISTS expression to be wrapped in a CASE WHEN in
the following cases.

1. When part of a SELECT clause.
2. When part of a ORDER BY clause.
3. When compared against another expression in the WHERE clause.

This commit moves the systematic CASE WHEN wrapping of Exists.as_oracle
to contextual .select_format, Lookup.as_oracle, and OrderBy.as_oracle
methods in order to avoid unnecessary wrapping.
2019-08-13 06:48:14 +02:00
Simon Charette fff5186d32 Refs #25367 -- Moved select_format hook to BaseExpression.
This will expose an intermediary hook for expressions that need special
formatting when used in a SELECT clause.
2019-08-13 06:48:14 +02:00
Min ho Kim 4f7328ce8a Corrected multiple typos. 2019-08-12 12:53:36 +02:00
Min ho Kim d7673d9eda Switched to use `HTTP_X_FORWARDED_PROTO` custom header in tests.
This is the conventional name: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
2019-08-12 12:51:26 +02:00
Simon Charette f7e9db14bb Refs #25367 -- Added test for Exists() lookup rhs. 2019-08-12 09:39:26 +02:00
Simon Charette 088a6fab1c Refs #24793 -- Removed bogus connection argument from SQLCompiler.compile() calls.
The method doesn't expect a connection object to be passed as its second
argument.
2019-08-12 07:47:55 +02:00
Simon Charette 8b3e1b6e9e Refs #11964 -- Made constraint support check respect required_db_features.
This will notably silence the warnings issued when running the test
suite on MySQL.
2019-08-12 06:44:37 +02:00
Simon Charette 2fb872e56f Refs #23879 -- Made introspection respect required_db_features. 2019-08-12 06:33:46 +02:00
swatantra 73ac9e3f04 Fixed #30677 -- Improved error message for urlencode() and Client when None is passed as data. 2019-08-11 20:15:23 +02:00
Akash Agrawal c1b26c77a9 Fixed #30696 -- Removed obsolete mention of CheckConstraint in the AddConstraint docs.
Follow up to 8eae094638.
2019-08-11 15:39:48 +02:00
Akash Agrawal af08a54415 Fixed #30670 -- Doc'd SchemaEditor.add/remove_constraint(). 2019-08-11 03:26:44 +02:00
Ngalim Siregar 503f60ff57 Fixed #29008 -- Fixed crash of 404 debug page when URL path converter raises Http404. 2019-08-09 22:48:08 +02:00
Carlton Gibson 514efa3129 Fixed #30688 -- Clarified base_manager_name docs. 2019-08-09 10:08:06 +02:00
Jon Dufresne 5b57798513 Removed unnecessary StatAggregate.resolve_expression().
This method only calls the parent method, but without the for_save
argument. The parent class, Aggregate, already ignores the for_save
argument so there is no need for special handling.

Unnecessary since its introduction in e4cf8c8420.
2019-08-08 22:34:25 +02:00
Adnan Umer 8d3519071e Fixed #30673 -- Relaxed system check for db_table collision when database routers are installed by turning the error into a warning. 2019-08-08 21:14:06 +02:00
Min ho Kim 65e86948b8 Corrected several typos in string literals and test names. 2019-08-07 11:23:14 +02:00
Andrew Godwin 052388aba4 Fixed #30676 -- Added --pdb option to test runner. 2019-08-07 08:16:31 +02:00
Adnan Umer c5075360c5 Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER setting. 2019-08-05 18:44:08 +02:00
Mariusz Felisiak 05964b2198 Moved indexes in ArrayField's Index and Slice transforms to SQL params.
Follow up to 7deeabc7c7.

These lookups aren't vulnerable to SQL injection because both accept
only integer indexes. It is a part of good practices.
2019-08-05 14:16:35 +02:00
Mariusz Felisiak 0e02e496cd Added tests for using ArrayField's IndexTransform/SliceTransform on expressions with params. 2019-08-05 14:16:25 +02:00
Diederik van der Boor 25f21bd237 Fixed #28393 -- Added helpful error messages for invalid AutoField/FloatField/IntegerField values.
Co-authored-by: Diederik van der Boor <vdboor@edoburu.nl>
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-05 08:41:29 +02:00
Mariusz Felisiak 1af469e67f Added stub release notes for 2.2.5. 2019-08-02 20:32:21 +02:00
Nick Pope 4cf1f2f13e Simplified AlterModelTable by making it subclass ModelOptionOperation. 2019-08-02 18:19:55 +02:00
niauah 75f8264083 Corrected StreamingHttpResponse.streaming_content description in docs. 2019-08-02 16:37:49 +02:00
aaktsipetrov 4edad1ddf6 Fixed #30668 -- Made QuerySet.filter() raise NotSupportedError if any of source expressions is not filterable. 2019-08-02 15:06:00 +02:00
Nick Pope 194d1dfc18 Fixed #30661 -- Added models.SmallAutoField. 2019-08-02 11:39:01 +02:00
zeyneloz 955b382600 Fixed #30599 -- Prevented ManifestFilesMixin.read_manifest() from silencing errors other than FileNotFoundError. 2019-08-02 08:35:28 +02:00
zeyneloz 246689452d Added test for handling of non-existent manifest in ManifestFilesMixin.read_manifest(). 2019-08-02 08:35:25 +02:00
Mariusz Felisiak d14fa04ab3 Removed obsolete mentions of a check constraint in BaseDatabaseSchemaEditor.add_constraint()/remove_constraint() docstrings. 2019-08-02 07:09:37 +02:00
Jon Dufresne e8d0d2a5ef Removed unneeded ValueError catching in django.utils.text._replace_entity().
The html.entities.name2codepoint dict contains only valid Unicode
codepoints. Either the key exists and chr() will succeed or the key does
not exist.
2019-08-01 14:30:20 +02:00
Mariusz Felisiak ff111ea5e3 Refs #30664 -- Fixed migrations crash when altering AutoField/BigAutoField with quoted db_column on PostgreSQL. 2019-08-01 12:06:32 +02:00
Ngalim Siregar e4684220af Fixed #30664 -- Fixed migrations crash when altering table on SQLite or altering AutoField/BigAutoField on PostgreSQL for models with quoted db_table. 2019-08-01 12:06:32 +02:00
Carlton Gibson a5652eb795 Added CVE-2019-14235 to security release archive. 2019-08-01 12:01:27 +02:00
Carlton Gibson 3a6a2f5eaf Added CVE-2019-14234 to security release archive. 2019-08-01 11:59:45 +02:00
Carlton Gibson 9600f63885 Added CVE-2019-14233 to security release archive. 2019-08-01 11:57:24 +02:00
Carlton Gibson 87750787d1 Added CVE-2019-14232 to the security release archive. 2019-08-01 11:54:24 +02:00
Florian Apolloner 76ed1c49f8 Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Mariusz Felisiak 7deeabc7c7 Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-08-01 09:24:54 +02:00
Florian Apolloner 4b78420d25 Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Florian Apolloner 7f65974f82 Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Carlton Gibson eea0bf7bd5 Refs #30669 -- Removed incorrect branch in ASGIHander.read_body().
None is not valid for settings.FILE_UPLOAD_MAX_MEMORY_SIZE.
Always use SpooledTemporaryFile.
2019-07-31 13:33:01 +02:00
Étienne Beaulé 5f24e7158e Fixed #30665 -- Added support for distinct argument to Avg() and Sum(). 2019-07-31 11:22:50 +02:00
Étienne Beaulé cb3c2da128 Moved test for distinct Count() to a separate test case. 2019-07-31 10:41:17 +02:00
Nick Pope f618e033ac Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands. 2019-07-31 10:02:13 +02:00
Nick Pope c95d063e77 Refs #30160 -- Simplified and improved tests for django.utils.archive.
The file executable should have 0o775 permission not only u=x.
The file no_permissions should have 0o644 u=r.
2019-07-31 09:46:24 +02:00
Nick Pope 1692f69e37 Refs #30160 -- Doc'd startapp/startproject support for tarfile templates. 2019-07-31 09:46:24 +02:00
Nick Pope 69a30f620e Refs #30160 -- Simplified archive extension map and added other aliases. 2019-07-31 09:46:17 +02:00
Hasan Ramezani e3fc9af4ab Refs #30593 -- Fixed introspection of check constraints columns on MariaDB. 2019-07-30 16:32:13 +02:00