Commit Graph

30792 Commits

Author SHA1 Message Date
Mateo Radman 884b4c27f5 Fixed #32604 -- Made file upload respect group id when uploading to a temporary file. 2022-04-11 13:32:27 +02:00
Mariusz Felisiak b8759093d8
Removed DatabaseFeatures.validates_explain_options.
Always True since 6723a26e59.
2022-04-11 12:58:01 +02:00
Mariusz Felisiak b54fd0e36e Added stub release notes for 4.0.5. 2022-04-11 10:45:57 +02:00
Mariusz Felisiak 78eeff8d33 Added CVE-2022-28346 and CVE-2022-28347 to security archive. 2022-04-11 10:32:22 +02:00
Mariusz Felisiak 6723a26e59 Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 2022-04-11 08:59:58 +02:00
Mariusz Felisiak 93cae5cb2f Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
2022-04-11 08:59:33 +02:00
Manel Clos 62739b6e26 Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes.
Regression in 68357b2ca9.
2022-04-11 07:37:30 +02:00
Simon Charette 0b31e02487 Fixed #33618 -- Fixed MTI updates outside of primary key chain. 2022-04-07 07:54:56 +02:00
Carlton Gibson 9ffd4eae2c
Fixed #33611 -- Allowed View subclasses to define async method handlers. 2022-04-07 07:05:59 +02:00
Mariusz Felisiak 2ee4caf56b
Refs #33173 -- Fixed test_runner/test_utils tests on Python 3.11+.
Python 3.11 uses fully qualified test name in unittest output. See
755be9b150
2022-04-07 07:02:21 +02:00
Mariusz Felisiak bfe9665502
Skipped SchemaTests.test_alter_field_type_and_db_collation on databases that don't support collation on TextField. 2022-04-06 16:52:13 +02:00
sarahboyce 65effbdb10 Fixed #33471 -- Made AlterField operation a noop when changing "choices".
This also allows customizing attributes of fields that don't affect
a column definition.
2022-04-06 13:05:57 +02:00
David Smith 6991880109 Refs #31617 -- Added an id for helptext in admin forms. 2022-04-06 12:42:43 +02:00
Baptiste Mispelon 50e1e7ef8e Fixed #33348 -- Changed SimpleTestCase.assertFormError()/assertFormsetErrors() to take form/formset.
Instead of taking a response object and a context name for
the form/formset, the two methods now take the object directly.
2022-04-06 07:58:52 +02:00
Mariusz Felisiak 1a7d75cf77
Moved remaining SimpleTestCase.assertFormError()/assertFormsetErrors() tests to test_utils.
This also removes redundant tests in test_client_regress.

Follow up to 68144f4049.
2022-04-05 08:37:28 +02:00
Mariusz Felisiak 78277faafd Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28. 2022-04-04 10:31:57 +02:00
Brian Helba 2d5215c675 Fixed #33605 -- Fixed migration crash when altering RegexValidator to pre-compiled regular expression. 2022-04-04 07:38:15 +02:00
Lucidiot 13a9cde133 Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD when using Meta.constraints. 2022-04-01 11:39:41 +02:00
sarahboyce ae506181f7 Fixed #32129 -- Adjusted the docs for session expiry helpers.
Updated the docs for `get_session_cookie_age`, `get_expiry_age`, and
`get_expiry_date` to clarify their intended usage by session backends
when saving the session.
2022-03-31 17:06:14 +02:00
Luke Plant 40b8a6174f Fixed #33397 -- Corrected resolving output_field for DateField/DateTimeField/TimeField/DurationFields.
This includes refactoring of CombinedExpression._resolve_output_field()
so it no longer uses the behavior inherited from Expression of guessing
same output type if argument types match, and instead we explicitly
define the output type of all supported operations.

This also makes nonsensical operations involving dates
(e.g. date + date) raise a FieldError, and adds support for
automatically inferring output_field for cases such as:
* date - date
* date + duration
* date - duration
* time + duration
* time - time
2022-03-31 11:05:23 +02:00
Luke Plant 1efea11808 Refs #33397 -- Added register_combinable_fields(). 2022-03-31 11:02:46 +02:00
Mariusz Felisiak d7eb500338 Removed unnecessary Query.get_loaded_field_names_cb() and Query.deferred_to_data()'s callback argument. 2022-03-31 10:54:59 +02:00
Mariusz Felisiak 0a3c6fe6b2 Refs #24020 -- Removed redundant Query.get_loaded_field_names().
get_loaded_field_names() is no longer called in multiple places
(see 0c7633178f) and it's redundant
with SQLCompiler.deferred_to_columns().
2022-03-31 10:54:59 +02:00
Mariusz Felisiak 0db0a25d84
Updated select_related_descend() comment.
Outdated since 0c7633178f.
2022-03-31 08:50:25 +02:00
David c8459708a7 Refs #32339 -- Added use_fieldset to Widget. 2022-03-30 16:28:14 +02:00
Luke Plant 04ad0f26ba Refs #33397 -- Added extra tests for resolving an output_field of CombinedExpression. 2022-03-30 11:03:48 +02:00
Mariusz Felisiak fac662f479
Fixed #33598 -- Reverted "Removed unnecessary reuse_with_filtered_relation argument from Query methods."
Thanks lind-marcus for the report.

This reverts commit 0c71e0f9cf.

Regression in 0c71e0f9cf.
2022-03-30 07:31:56 +02:00
Carlton Gibson 59ab3fd0e9 Refs #32365 -- Deprecated django.utils.timezone.utc. 2022-03-29 14:47:44 +02:00
Alokik Vijay baf9604ed8 Fixed #16406 -- Added ResolveMatch.captured_kwargs and extra_kwargs.
Thanks Florian Apolloner for the review and implementation idea.
2022-03-29 10:27:40 +02:00
Mariusz Felisiak 83c803f161
Updated Oracle docs links to Oracle 21c. 2022-03-29 09:41:57 +02:00
Mariusz Felisiak d407340e7f
Bumped versions in pre-commit and npm configurations. 2022-03-29 09:18:22 +02:00
Mariusz Felisiak 010a9d8a4f
Updated various links to HTTPS and new locations. 2022-03-29 07:46:08 +02:00
René Fleschenberg eb07b5be0c Fixed #15619 -- Deprecated log out via GET requests.
Thanks Florian Apolloner for the implementation idea.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
Sih Sîng-hông薛丞宏 d4bf3b4c75 Corrected models.FileField signature in docs. 2022-03-28 13:25:39 +02:00
Mariusz Felisiak abfdb4d7f3
Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+."
This reverts commit 1d9d082acf.
2022-03-26 12:27:30 +01:00
David Smith 379bb201ed Fixed #33564 -- Confirmed support for PROJ 9.X. 2022-03-25 13:09:15 +01:00
David Smith 510c4e465c Used Cmake in GEOS installation docs. 2022-03-25 11:56:22 +01:00
adontz 2bee0b4328 Fixed #7497 -- Allowed overriding the order of apps and models in admin. 2022-03-25 10:33:44 +01:00
Mariusz Felisiak d44951b36e Refs #7497 -- Added assertion for the default order of models in AdminSite.app_index(). 2022-03-25 10:29:59 +01:00
Mariusz Felisiak 1d9d082acf
Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+.
See https://github.com/pallets/jinja/pull/1621.
2022-03-25 08:48:32 +01:00
Mariusz Felisiak 94d8ed55fa
Refs #15619 -- Logged out with POST requests in admin. 2022-03-24 17:41:53 +01:00
Mariusz Felisiak 1b695fbbc2
Refs #33577 -- Used addCleanup() to remove .aux file in GDALBandTests.
Follow up to 970f5bf503.
2022-03-24 09:13:24 +01:00
Carlton Gibson bb61f0186d Refs #32365 -- Removed internal uses of utils.timezone.utc alias.
Remaining test case ensures that uses of the alias are mapped
canonically by the migration writer.
2022-03-24 06:29:50 +01:00
Thomas Schmidt 1cf60ce601 Fixed #33569 -- Added SECURE_PROXY_SSL_HEADER support for list of protocols in the header value. 2022-03-23 19:33:36 +01:00
Carlton Gibson d46e158ee2 Refs #32365 -- Made migration writer use datetime.timezone.utc. 2022-03-23 12:43:43 +01:00
Samuel Hartmann 5cc9464e4d Fixed #33544 -- Expanded the TEMPLATES section of the Deployment checklist.
Clarified that the cached template loader is enabled by default when
DEBUG = False.
2022-03-22 12:37:38 +01:00
Carlton Gibson 9fed515a25
Fixed #33585 -- Made example git repo URLs use HTTPS protocol.
The SSH-based checkout requires additional configuration, which is
beneficial to defer for new contributors.

Follow up to 3c6a4fdb6d. This commit
updates the remaining examples.
2022-03-22 11:57:44 +01:00
Mariusz Felisiak 653daaa60c
Refs #31676 -- Used term "merger" instead of "committer" in docs.
Follow up to caa2dd08c4.

Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2022-03-22 11:13:36 +01:00
Gagaro 7325d29152 Refs #30581 -- Fixed DatabaseFeatures.bare_select_suffix on MySQL < 8 and MariaDB < 10.4. 2022-03-22 09:45:59 +01:00
Tomas McNamer f77216bd1a
Refs #28592 -- Improved some headings in CSRF how-to. 2022-03-22 06:05:34 +01:00