Jacob Walls
ec2727efef
Fixed #28154 -- Prevented infinite loop in FileSystemStorage.save() when a broken symlink with the same name exists.
2021-06-02 12:20:22 +02:00
Mariusz Felisiak
e1d787f1b3
Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
...
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.
[1] https://bugs.python.org/issue36384
2021-06-02 10:58:39 +02:00
Florian Apolloner
46572de2e9
Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView.
2021-06-02 10:58:39 +02:00
Mariusz Felisiak
e703b152c6
Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.
...
Regression in 1e38f1191d
.
Thanks Mohsen Tamiz for the report.
2021-06-01 15:11:42 +02:00
Daniyal
a0410ffe8f
Refs #32552 -- Added DiscoverRunner.log() to allow customization.
...
Thanks Carlton Gibson, Chris Jerdonek, and David Smith for reviews.
2021-06-01 13:31:44 +02:00
Chris Jerdonek
cd19db10df
Fixed #32796 -- Changed CsrfViewMiddleware to fail earlier on badly formatted cookie tokens.
2021-06-01 09:02:27 +02:00
Chris Jerdonek
623cec0879
Refs #32796 -- Added CsrfViewMiddleware tests for incorrectly formatted cookie tokens.
2021-06-01 09:02:23 +02:00
abhiabhi94
c609d5149c
Refs #24121 -- Added __repr__() to Engine
2021-06-01 07:44:36 +02:00
Chris Jerdonek
55775891fb
Fixed #32795 -- Changed CsrfViewMiddleware to fail earlier on badly formatted tokens.
2021-05-31 21:12:21 +02:00
Chris Jerdonek
ffdee8d264
Refs #32795 -- Added CsrfViewMiddleware tests for rejecting invalid or missing tokens.
...
This also improves test names for test_process_request_no_csrf_cookie
and test_process_request_csrf_cookie_no_token. The logic being tested
is actually in process_view() rather than process_request(), and it's
not necessary to include the method name.
2021-05-31 21:12:17 +02:00
Gildardo Adrian Maravilla Jacome
91e21836f6
Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage.
2021-05-31 11:09:48 +02:00
Gildardo Adrian Maravilla Jacome
781b44240a
Refs #32319 -- Changed HashedFilesMixin to use named groups in patterns.
2021-05-31 10:40:21 +02:00
David Wobrock
b9df2b74b9
Fixed #32676 -- Prevented migrations from rendering related field attributes when not passed during initialization.
...
Thanks Simon Charette for the implementation idea.
2021-05-28 20:25:59 +02:00
Hannes Ljungberg
b746596f5f
Refs #32779 -- Changed DatabaseSchemaEditor._unique_sql()/_create_unique_sql() to take fields as second parameter.
2021-05-28 10:50:27 +02:00
abhiabhi94
22da686ca9
Refs #24121 -- Added __repr__() to PermWrapper.
2021-05-28 08:03:23 +02:00
Chris Jerdonek
71179a6124
Fixed #32596 -- Added CsrfViewMiddleware._check_referer().
...
This encapsulates CsrfViewMiddleware's referer logic into a method and
updates existing tests to check the "seam" introduced by the refactor,
when doing so would improve the test.
2021-05-28 07:31:56 +02:00
Mohammadreza Varasteh
e93eb3d971
Fixed #32789 -- Made feeds emit elements with no content as self-closing tags.
2021-05-27 21:05:28 +02:00
Chris Jerdonek
02c59b7a43
Refs #32596 -- Added extra tests for CsrfViewMiddleware's referer logic.
2021-05-27 10:53:20 +02:00
Nilo César Teixeira
0d67481a66
Fixed #32762 -- Fixed locale reset in compilemessages test.
...
Reset the `LC_ALL` override value in the test environment to ensure that locale
values the calling environment are not used.
2021-05-26 15:37:42 +02:00
Moriyoshi Koizumi
9e4780deda
Fixed #32669 -- Fixed detection when started non-django modules which aren't packages with "python -m" in autoreloader.
2021-05-26 12:29:43 +02:00
Michael Lissner
5a8e8f80bb
Fixed #32772 -- Made database cache count size once per set.
2021-05-26 11:21:11 +02:00
Mariusz Felisiak
12b19a1d76
Fixed #32783 -- Fixed crash of autoreloader when __main__ module doesn't have __spec__ attribute.
...
Regression in ec6d2531c5
.
Thanks JonathanNickelson for the report.
2021-05-26 11:19:47 +02:00
Hasan Ramezani
1143f3bb5e
Fixed #32543 -- Added search_help_text to ModelAdmin.
2021-05-26 10:20:13 +02:00
Hasan Ramezani
68357b2ca9
Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for template changes.
2021-05-26 09:41:29 +02:00
Mariusz Felisiak
7e51893911
Refs #32379 -- Added USE_TZ settings to AdminScriptTestCase.write_settings().
2021-05-25 13:22:40 +02:00
Hannes Ljungberg
3e0fdf5546
Fixed #32780 -- Made Add/RemoveConstraint operations a noop for covering/deferrable unique constraints on SQLite.
2021-05-25 11:34:25 +02:00
saeedblanchette
d3d95d645f
Refs #24121 -- Added __repr__() to Lookup.
2021-05-24 07:32:25 +02:00
Mariusz Felisiak
f0a9413bd2
Refs #24121 -- Improved Value.__repr__().
2021-05-24 07:26:53 +02:00
Mariusz Felisiak
3f6d4e22f8
Fixed typo in tests/expressions/tests.py.
2021-05-24 07:26:53 +02:00
Hannes Ljungberg
7ef2398e81
Fixed #32777 -- Passed table reference as a string to DatabaseSchemaEditor._index_columns().
2021-05-24 06:31:48 +02:00
Yuekui Li
5e04e84d67
Fixed #32503 -- Fixed altering BLOB/TEXT field to non-nullable with default on MySQL 8.0.13+.
...
MySQL 8.0.13+ supports defaults for BLOB/TEXT but not in the
ALTER COLUMN statement.
Regression in 6b16c91157
.
Thanks Matt Westcott for the report.
2021-05-21 13:34:37 +02:00
Rohith PR
7cca22964c
Fixed #32375 -- Started deprecation toward changing the default sitemap protocol to https.
...
The default sitemap protocol, when it is built outside the context of
a request, will be changed from 'http' to 'https' in Django 5.0.
2021-05-21 11:00:54 +02:00
Rohith PR
56003b21ea
Added tests for Sitemap.get_protocol().
2021-05-21 10:55:05 +02:00
David Sanders
736bb9868a
Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods.
2021-05-20 07:29:16 +02:00
David Sanders
2978c63a34
Fixed #32771 -- Used IS_POPUP_VAR constant instead of hard-coded value.
2021-05-20 07:04:26 +02:00
David Sanders
536c155e67
Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget.
...
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
2021-05-19 20:34:57 +02:00
Claude Paroz
8cd55021bc
Fixed #32379 -- Started deprecation toward changing default USE_TZ to True.
...
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-18 20:26:44 +02:00
Mariusz Felisiak
958cdf65ae
Fixed #32747 -- Prevented initialization of unused caches.
...
Thanks Alexander Ebral for the report.
Regression in 98e05ccde4
.
2021-05-18 18:24:19 +02:00
Rust Saiargaliev
a24fed399c
Fixed #32733 -- Skipped system check for specifying type of auto-created primary keys on abstract models.
...
Regression in b5e12d490a
.
2021-05-18 13:02:33 +02:00
Rust Saiargaliev
f07723aa0a
Refs #31007 -- Added test for check for specifying type of auto-created primary keys from abstract models.
2021-05-18 12:54:51 +02:00
Slava Skvortsov
f7691d4812
Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME.
...
Regression in ba31b01034
.
2021-05-18 09:14:05 +02:00
Artur Beltsov
3954bf50fb
Fixed #32750 -- Fixed crash of Extract() transform on OuterRef() expressions.
...
Thanks Simon Charette for the review.
2021-05-17 17:51:39 +02:00
Rohith PR
530f58caaa
Fixed #32734 -- Fixed validation of startapp's directory with trailing slash.
...
Regression in fc9566d42d
.
2021-05-14 12:45:00 +02:00
snowman2
29345aecf6
Fixed #32721 -- Fixed migrations crash when adding namespaced spatial indexes on PostGIS.
2021-05-14 07:10:28 +02:00
Mariusz Felisiak
c6d88a1872
Refs #16455 -- Added test for using opclasses on indexes for multidimensional geometry fields on PostGIS.
2021-05-13 13:13:12 +02:00
Mariusz Felisiak
b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
...
- Validate filename returned by FileField.upload_to() not a filename
passed to the FileField.generate_filename() (upload_to() may
completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.
Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.
Regression in 0b79eb3691
.
2021-05-13 08:53:44 +02:00
Simon Charette
b81c7562fc
Fixed #32717 -- Fixed filtering of querysets combined with the | operator.
...
Address a long standing bug in a Where.add optimization to discard
equal nodes that was surfaced by implementing equality for Lookup
instances in bbf141bcdc
.
Thanks Shaheed Haque for the report.
2021-05-13 07:26:52 +02:00
Raffaele Salmaso
3733ae8957
Fixed #32031 -- Added model class for each model to AdminSite.each_context().
2021-05-13 06:57:09 +02:00
Nick Pope
29e4ccb1a2
Fixed #32738 -- Deprecated django.utils.datetime_safe module.
2021-05-12 14:42:17 +02:00
Nick Pope
46346f8ea0
Refs #32738 -- Added sanitize_strftime_format() to replace datetime_safe.
2021-05-12 14:42:17 +02:00