Mariusz Felisiak
93cae5cb2f
Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
...
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
2022-04-11 08:59:33 +02:00
Luke Plant
40b8a6174f
Fixed #33397 -- Corrected resolving output_field for DateField/DateTimeField/TimeField/DurationFields.
...
This includes refactoring of CombinedExpression._resolve_output_field()
so it no longer uses the behavior inherited from Expression of guessing
same output type if argument types match, and instead we explicitly
define the output type of all supported operations.
This also makes nonsensical operations involving dates
(e.g. date + date) raise a FieldError, and adds support for
automatically inferring output_field for cases such as:
* date - date
* date + duration
* date - duration
* time + duration
* time - time
2022-03-31 11:05:23 +02:00
Luke Plant
04ad0f26ba
Refs #33397 -- Added extra tests for resolving an output_field of CombinedExpression.
2022-03-30 11:03:48 +02:00
Ryan Heard
c6b4d62fa2
Fixed #29865 -- Added logical XOR support for Q() and querysets.
2022-03-04 12:55:37 +01:00
Mariusz Felisiak
7119f40c98
Refs #33476 -- Refactored code to strictly match 88 characters line length.
2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7
Refs #33476 -- Reformatted code with Black.
2022-02-07 20:37:05 +01:00
Mariusz Felisiak
6f185a53a2
Refs #33482 -- Fixed QuerySet selecting and filtering againts negated Exists() with empty queryset.
...
Regression in b7d1da5a62
.
2022-02-07 20:34:21 +01:00
Mariusz Felisiak
c5cd878382
Refs #33476 -- Refactored problematic code before reformatting by Black.
...
In these cases Black produces unexpected results, e.g.
def make_random_password(
self,
length=10,
allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):
or
cursor.execute("""
SELECT ...
""",
[table name],
)
2022-02-03 11:20:46 +01:00
Simon Charette
b7d1da5a62
Fixed #33482 -- Fixed QuerySet filtering againts negated Exists() with empty queryset.
...
Thanks Tobias Bengfort for the report.
2022-02-02 07:54:19 +01:00
My-Name-Is-Nabil
f37face331
Fixed #33435 -- Fixed invalid SQL generatered by Subquery.as_sql().
2022-01-17 09:00:46 +01:00
Allen Jonathan David
28c98d4113
Fixed #33216 -- Simpilified deconstructed paths for some expressions.
2022-01-07 11:19:29 +01:00
Keryn Knight
0ed2919814
Fixed #33406 -- Avoided creation of MaxLengthValidator(None) when resolving Value.output_field for strings.
...
This brings the behaviour in line with Field subclasses which append to
the validators within __init__(), like BinaryField, and prevents the
creation of a validator which incorrectly throws a TypeError, if it
were used.
2022-01-04 05:51:00 +01:00
Keryn Knight
b894199eb0
Refs #33406 -- Added test for not creating broken validators when resolving Value.output_field.
2022-01-04 05:51:00 +01:00
Adam Johnson
a8fa3e5cd7
Refs #33355 -- Added missing tests for database functions and expression on null values.
2021-12-22 11:46:18 +01:00
Matthijs Kooijman
1a5023883b
Fixed #33257 -- Fixed Case() and ExpressionWrapper() with decimal values on SQLite.
2021-11-08 18:02:56 +01:00
Hasan Ramezani
c069ee0b9d
Fixed #33224 -- Removed DatabaseFeatures.supports_mixed_date_datetime_comparisons.
2021-11-02 07:30:38 +01:00
Tim Graham
cbd9f8531d
Removed duplicated lines in test_in_lookup_allows_F_expressions_and_expressions_for_datetimes().
2021-10-26 07:22:20 +02:00
Adam Johnson
45f48ed4f7
Made F deconstruction omit 'expressions' in the path.
2021-10-21 09:40:52 +02:00
Mariusz Felisiak
e703b152c6
Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.
...
Regression in 1e38f1191d
.
Thanks Mohsen Tamiz for the report.
2021-06-01 15:11:42 +02:00
Mariusz Felisiak
f0a9413bd2
Refs #24121 -- Improved Value.__repr__().
2021-05-24 07:26:53 +02:00
Mariusz Felisiak
3f6d4e22f8
Fixed typo in tests/expressions/tests.py.
2021-05-24 07:26:53 +02:00
Simon Charette
96f55ccf79
Fixed #32714 -- Prevented recreation of migration for Meta.ordering with OrderBy expressions.
...
Regression in c8b6594305
.
Thanks Kevin Marsh for the report.
2021-05-05 08:43:57 +02:00
Tobias Bengfort
54e94640ac
Refs #25287 -- Added support for multiplying and dividing DurationField by scalar values on SQLite.
2021-04-20 11:44:41 +02:00
Hasan Ramezani
ed0cc52dc3
Fixed #32585 -- Fixed Value() crash with DecimalField on SQLite.
2021-03-29 06:22:36 +02:00
Jonathan Richards
00b0786de5
Fixed #32548 -- Fixed crash when combining Q() objects with boolean expressions.
2021-03-17 21:53:39 +01:00
Mariusz Felisiak
54f60bc85d
Refs #32548 -- Added tests for passing conditional expressions to Q().
2021-03-17 21:53:36 +01:00
Hasan Ramezani
f2bef2b7bc
Fixed #32455 -- Allowed right combining Q() with boolean expressions.
2021-02-18 22:20:36 +01:00
Mariusz Felisiak
efce21497c
Refs #32455 -- Added tests for left combining an empty Q() with boolean expressions.
2021-02-18 22:19:56 +01:00
Mariusz Felisiak
b989d21336
Refs #26602 -- Added tests for aggregating over a RawSQL() annotation.
...
Fixed in 3f32154f40
.
Thanks Manav Agarwal for initial test.
2021-01-26 10:59:05 +01:00
Mariusz Felisiak
5e33ec80d1
Refs #30158 -- Made alias argument required in signature of Expression.get_group_by_cols() subclasses.
...
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
Hasan Ramezani
275dd4ebba
Fixed #32178 -- Allowed database backends to skip tests and mark expected failures.
...
Co-authored-by: Tim Graham <timograham@gmail.com>
2020-12-10 18:00:57 +01:00
Ian Foote
8b040e3cbb
Fixed #25534 , Fixed #31639 -- Added support for transform references in expressions.
...
Thanks Mariusz Felisiak and Simon Charette for reviews.
2020-11-27 20:42:04 +01:00
Hasan Ramezani
3f7b327562
Fixed #31235 -- Made assertQuerysetEqual() compare querysets directly.
...
This also replaces assertQuerysetEqual() to
assertSequenceEqual()/assertCountEqual() where appropriate.
Co-authored-by: Peter Inglesby <peter.inglesby@gmail.com>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-11-06 09:24:50 +01:00
Adam Johnson
a56586eafe
Fixed #32134 -- Fixed crash of __range lookup with namedtuple.
...
Regression in 8be79984dc
.
Thanks Gordon Wrigley for the report.
2020-10-23 18:01:31 +02:00
Tim Graham
afcad0f1b1
Relaxed some query ordering assertions in expressions tests.
...
It accounts for differences seen on CockroachDB.
2020-10-19 19:21:31 +02:00
Nick Pope
06c5d3fafc
Fixed #32060 -- Added Random database function.
2020-10-02 06:58:03 +02:00
Simon Charette
38fce49c82
Fixed #31919 -- Resolved output_field of IntegerField subclasses combinations.
2020-08-31 06:42:40 +02:00
Simon Charette
40894f2967
Refs #30446 -- Added tests for resolving output_field of CombinedExpression.
2020-08-31 06:40:39 +02:00
Simon Charette
51297a9232
Fixed #31792 -- Made Exists() reuse QuerySet.exists() optimizations.
...
The latter is already optimized to limit the number of results, avoid
selecting unnecessary fields, and drop ordering if possible without
altering the semantic of the query.
2020-08-13 14:10:36 +02:00
Simon Charette
156a2138db
Refs #30446 -- Removed unnecessary Value(..., output_field) in docs and tests.
2020-07-15 10:58:38 +02:00
Simon Charette
1e38f1191d
Fixed #30446 -- Resolved Value.output_field for stdlib types.
...
This required implementing a limited form of dynamic dispatch to combine
expressions with numerical output. Refs #26355 should eventually provide
a better interface for that.
2020-07-15 10:58:29 +02:00
Simon Charette
f783a99072
Refs #25425 -- Allowed unresolved Value() instances to be compiled.
...
Previously unresolved Value() instances were only allowed to be
compiled if they weren't initialized with an output_field.
Given the usage of unresolved Value() instances is relatively common in
as_sql() overrides it's less controversial to add explicit support for
this previously undefined behavior now and revisit whether or not it
should be deprecated in the future.
2020-07-14 07:20:20 +02:00
Sergey Fedoseev
9d519d3dc4
Fixed #31755 -- Made temporal subtraction resolve output field.
2020-07-01 23:02:27 +02:00
Sergey Fedoseev
ed6b14d459
Refs #28621 -- Fixed crash of annotations with nested OuterRef.
2020-07-01 11:01:46 +02:00
Sergey Fedoseev
dd5aa8cb5f
Fixed #28925 -- Fixed durations-only expressions crash on SQLite and MySQL.
...
This removes also unused DatabaseOperations.date_interval_sql().
2020-06-30 07:04:55 +02:00
Mariusz Felisiak
aeb8996a67
Fixed #31659 -- Made ExpressionWrapper preserve output_field for combined expressions.
...
Regression in df32fd42b8
.
Thanks Simon Charette for the review.
2020-06-12 07:20:06 +02:00
Thodoris Sotiropoulos
df32fd42b8
Fixed #31651 -- Made ExpressionWrapper use grouping columns from wrapped expression.
2020-06-03 07:29:41 +02:00
Mariusz Felisiak
a125da6a7c
Fixed #31607 -- Fixed evaluated Subquery equality.
...
Regression in 691def10a0
.
2020-05-19 22:44:57 +02:00
Nick Pope
8f10ceaa90
Changed `'%s' % value` pattern to `str(value)`.
2020-05-04 08:27:18 +02:00
Mariusz Felisiak
555e3a848e
Removed unused __str__() methods in tests models.
...
Follow up to 6461583b6c
.
2020-04-30 09:13:23 +02:00