Mateo Radman
884b4c27f5
Fixed #32604 -- Made file upload respect group id when uploading to a temporary file.
2022-04-11 13:32:27 +02:00
Mariusz Felisiak
b8759093d8
Removed DatabaseFeatures.validates_explain_options.
...
Always True since 6723a26e59
.
2022-04-11 12:58:01 +02:00
Mariusz Felisiak
b54fd0e36e
Added stub release notes for 4.0.5.
2022-04-11 10:45:57 +02:00
Mariusz Felisiak
78eeff8d33
Added CVE-2022-28346 and CVE-2022-28347 to security archive.
2022-04-11 10:32:22 +02:00
Mariusz Felisiak
6723a26e59
Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL.
2022-04-11 08:59:58 +02:00
Mariusz Felisiak
93cae5cb2f
Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
...
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
2022-04-11 08:59:33 +02:00
Manel Clos
62739b6e26
Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes.
...
Regression in 68357b2ca9
.
2022-04-11 07:37:30 +02:00
Simon Charette
0b31e02487
Fixed #33618 -- Fixed MTI updates outside of primary key chain.
2022-04-07 07:54:56 +02:00
Carlton Gibson
9ffd4eae2c
Fixed #33611 -- Allowed View subclasses to define async method handlers.
2022-04-07 07:05:59 +02:00
Mariusz Felisiak
2ee4caf56b
Refs #33173 -- Fixed test_runner/test_utils tests on Python 3.11+.
...
Python 3.11 uses fully qualified test name in unittest output. See
755be9b150
2022-04-07 07:02:21 +02:00
Mariusz Felisiak
bfe9665502
Skipped SchemaTests.test_alter_field_type_and_db_collation on databases that don't support collation on TextField.
2022-04-06 16:52:13 +02:00
sarahboyce
65effbdb10
Fixed #33471 -- Made AlterField operation a noop when changing "choices".
...
This also allows customizing attributes of fields that don't affect
a column definition.
2022-04-06 13:05:57 +02:00
David Smith
6991880109
Refs #31617 -- Added an id for helptext in admin forms.
2022-04-06 12:42:43 +02:00
Baptiste Mispelon
50e1e7ef8e
Fixed #33348 -- Changed SimpleTestCase.assertFormError()/assertFormsetErrors() to take form/formset.
...
Instead of taking a response object and a context name for
the form/formset, the two methods now take the object directly.
2022-04-06 07:58:52 +02:00
Mariusz Felisiak
1a7d75cf77
Moved remaining SimpleTestCase.assertFormError()/assertFormsetErrors() tests to test_utils.
...
This also removes redundant tests in test_client_regress.
Follow up to 68144f4049
.
2022-04-05 08:37:28 +02:00
Mariusz Felisiak
78277faafd
Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28.
2022-04-04 10:31:57 +02:00
Brian Helba
2d5215c675
Fixed #33605 -- Fixed migration crash when altering RegexValidator to pre-compiled regular expression.
2022-04-04 07:38:15 +02:00
Lucidiot
13a9cde133
Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD when using Meta.constraints.
2022-04-01 11:39:41 +02:00
sarahboyce
ae506181f7
Fixed #32129 -- Adjusted the docs for session expiry helpers.
...
Updated the docs for `get_session_cookie_age`, `get_expiry_age`, and
`get_expiry_date` to clarify their intended usage by session backends
when saving the session.
2022-03-31 17:06:14 +02:00
Luke Plant
40b8a6174f
Fixed #33397 -- Corrected resolving output_field for DateField/DateTimeField/TimeField/DurationFields.
...
This includes refactoring of CombinedExpression._resolve_output_field()
so it no longer uses the behavior inherited from Expression of guessing
same output type if argument types match, and instead we explicitly
define the output type of all supported operations.
This also makes nonsensical operations involving dates
(e.g. date + date) raise a FieldError, and adds support for
automatically inferring output_field for cases such as:
* date - date
* date + duration
* date - duration
* time + duration
* time - time
2022-03-31 11:05:23 +02:00
Luke Plant
1efea11808
Refs #33397 -- Added register_combinable_fields().
2022-03-31 11:02:46 +02:00
Mariusz Felisiak
d7eb500338
Removed unnecessary Query.get_loaded_field_names_cb() and Query.deferred_to_data()'s callback argument.
2022-03-31 10:54:59 +02:00
Mariusz Felisiak
0a3c6fe6b2
Refs #24020 -- Removed redundant Query.get_loaded_field_names().
...
get_loaded_field_names() is no longer called in multiple places
(see 0c7633178f
) and it's redundant
with SQLCompiler.deferred_to_columns().
2022-03-31 10:54:59 +02:00
Mariusz Felisiak
0db0a25d84
Updated select_related_descend() comment.
...
Outdated since 0c7633178f
.
2022-03-31 08:50:25 +02:00
David
c8459708a7
Refs #32339 -- Added use_fieldset to Widget.
2022-03-30 16:28:14 +02:00
Luke Plant
04ad0f26ba
Refs #33397 -- Added extra tests for resolving an output_field of CombinedExpression.
2022-03-30 11:03:48 +02:00
Mariusz Felisiak
fac662f479
Fixed #33598 -- Reverted "Removed unnecessary reuse_with_filtered_relation argument from Query methods."
...
Thanks lind-marcus for the report.
This reverts commit 0c71e0f9cf
.
Regression in 0c71e0f9cf
.
2022-03-30 07:31:56 +02:00
Carlton Gibson
59ab3fd0e9
Refs #32365 -- Deprecated django.utils.timezone.utc.
2022-03-29 14:47:44 +02:00
Alokik Vijay
baf9604ed8
Fixed #16406 -- Added ResolveMatch.captured_kwargs and extra_kwargs.
...
Thanks Florian Apolloner for the review and implementation idea.
2022-03-29 10:27:40 +02:00
Mariusz Felisiak
83c803f161
Updated Oracle docs links to Oracle 21c.
2022-03-29 09:41:57 +02:00
Mariusz Felisiak
d407340e7f
Bumped versions in pre-commit and npm configurations.
2022-03-29 09:18:22 +02:00
Mariusz Felisiak
010a9d8a4f
Updated various links to HTTPS and new locations.
2022-03-29 07:46:08 +02:00
René Fleschenberg
eb07b5be0c
Fixed #15619 -- Deprecated log out via GET requests.
...
Thanks Florian Apolloner for the implementation idea.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
Sih Sîng-hông薛丞宏
d4bf3b4c75
Corrected models.FileField signature in docs.
2022-03-28 13:25:39 +02:00
Mariusz Felisiak
abfdb4d7f3
Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+."
...
This reverts commit 1d9d082acf
.
2022-03-26 12:27:30 +01:00
David Smith
379bb201ed
Fixed #33564 -- Confirmed support for PROJ 9.X.
2022-03-25 13:09:15 +01:00
David Smith
510c4e465c
Used Cmake in GEOS installation docs.
2022-03-25 11:56:22 +01:00
adontz
2bee0b4328
Fixed #7497 -- Allowed overriding the order of apps and models in admin.
2022-03-25 10:33:44 +01:00
Mariusz Felisiak
d44951b36e
Refs #7497 -- Added assertion for the default order of models in AdminSite.app_index().
2022-03-25 10:29:59 +01:00
Mariusz Felisiak
1d9d082acf
Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+.
...
See https://github.com/pallets/jinja/pull/1621 .
2022-03-25 08:48:32 +01:00
Mariusz Felisiak
94d8ed55fa
Refs #15619 -- Logged out with POST requests in admin.
2022-03-24 17:41:53 +01:00
Mariusz Felisiak
1b695fbbc2
Refs #33577 -- Used addCleanup() to remove .aux file in GDALBandTests.
...
Follow up to 970f5bf503
.
2022-03-24 09:13:24 +01:00
Carlton Gibson
bb61f0186d
Refs #32365 -- Removed internal uses of utils.timezone.utc alias.
...
Remaining test case ensures that uses of the alias are mapped
canonically by the migration writer.
2022-03-24 06:29:50 +01:00
Thomas Schmidt
1cf60ce601
Fixed #33569 -- Added SECURE_PROXY_SSL_HEADER support for list of protocols in the header value.
2022-03-23 19:33:36 +01:00
Carlton Gibson
d46e158ee2
Refs #32365 -- Made migration writer use datetime.timezone.utc.
2022-03-23 12:43:43 +01:00
Samuel Hartmann
5cc9464e4d
Fixed #33544 -- Expanded the TEMPLATES section of the Deployment checklist.
...
Clarified that the cached template loader is enabled by default when
DEBUG = False.
2022-03-22 12:37:38 +01:00
Carlton Gibson
9fed515a25
Fixed #33585 -- Made example git repo URLs use HTTPS protocol.
...
The SSH-based checkout requires additional configuration, which is
beneficial to defer for new contributors.
Follow up to 3c6a4fdb6d
. This commit
updates the remaining examples.
2022-03-22 11:57:44 +01:00
Mariusz Felisiak
653daaa60c
Refs #31676 -- Used term "merger" instead of "committer" in docs.
...
Follow up to caa2dd08c4
.
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2022-03-22 11:13:36 +01:00
Gagaro
7325d29152
Refs #30581 -- Fixed DatabaseFeatures.bare_select_suffix on MySQL < 8 and MariaDB < 10.4.
2022-03-22 09:45:59 +01:00
Tomas McNamer
f77216bd1a
Refs #28592 -- Improved some headings in CSRF how-to.
2022-03-22 06:05:34 +01:00