Commit Graph

3200 Commits

Author SHA1 Message Date
Tim Graham 162ae9c914 Added CVE-2019-3498 to the security release archive. 2019-01-04 09:24:47 -05:00
Tom Hacohen 1ecc0a395b Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page.
Co-Authored-By: Tim Graham <timograham@gmail.com>
2019-01-03 21:21:55 -05:00
Tim Graham 02c07be95c Fixed #30050 -- Fixed InlineModelAdmin.has_change_permission() called with non-None obj during add.
Thanks andreage for the report and suggested fix.
2019-01-01 09:42:14 -05:00
Paveł Tyślacki 0123b67f6b Fixed #30060 -- Moved SQL generation for indexes and constraints to SchemaEditor. 2019-01-01 09:39:58 -05:00
Jon Dufresne 6fe9c45b72 Fixed #30024 -- Made urlencode() and Client raise TypeError when None is passed as data. 2018-12-27 11:19:55 -05:00
Nick Pope 83677faf86 Fixed #30056 -- Added SQLite support for StdDev and Variance functions. 2018-12-24 11:14:58 -05:00
Tim Graham d5af14aa84 Fixed #30055 -- Dropped support for SQLite < 3.8.3. 2018-12-22 16:59:28 -05:00
Simon Charette c5b58d7767 Refs #29928 -- Adjusted release notes of SQLite test constraint checking. 2018-12-22 14:32:40 -05:00
François Freitag e671337e8b Fixed #29750 -- Added View.setup() hook for class-based views. 2018-12-21 19:01:11 -05:00
Carlton Gibson bbe28fa076 Refs #30015 -- Added 2.1.5 release note and removed 'we' in comments. 2018-12-20 21:30:13 -05:00
Dakota Hawkins 8d3147e130 Fixed #30031 -- Added --no-header option to makemigrations/squashmigrations. 2018-12-19 12:41:31 +01:00
Simon Charette 1939dd49d1 Fixed #29928 -- Enabled deferred constraint checks on SQLite 3.20+.
Refs #11665, #14204.

Thanks Michel Samia for the report.
2018-12-17 11:03:44 +01:00
Simon Charette 315357ad25 Fixed #30023 -- Prevented SQLite schema alterations while foreign key checks are enabled.
Prior to this change foreign key constraint references could be left pointing
at tables dropped during operations simulating unsupported table alterations
because of an unexpected failure to disable foreign key constraint checks.

SQLite3 does not allow disabling such checks while in a transaction so they
must be disabled beforehand.

Thanks ezaquarii for the report and Carlton and Tim for the review.
2018-12-15 18:51:59 -05:00
Jon Dufresne c5568340a5 Added blank line in docs/releases/2.2.txt. 2018-12-09 10:26:55 -05:00
Simon Charette c8ffdbe514 Fixed #29182 -- Fixed schema table alteration on SQLite 3.26+.
SQLite 3.26 repoints foreign key constraints on table renames even when
foreign_keys pragma is off which breaks every operation that requires
a table rebuild to simulate unsupported ALTER TABLE statements.

The newly introduced legacy_alter_table pragma disables this behavior
and restores the previous schema editor assumptions.

Thanks Florian Apolloner, Christoph Trassl, Chris Lamb for the report and
troubleshooting assistance.
2018-12-07 13:32:37 -05:00
Benjamin Wohlwend 79c196cfb2 Fixed #28766 -- Added ResolverMatch.route.
Co-Authored-By: Xavier Fernandez <xavier.fernandez@polyconseil.fr>
2018-12-06 18:05:40 -05:00
Tim Graham 88619e6129
Bumped mysqlclient requirement to >= 1.3.13.
There are test failures with older versions.
2018-12-06 14:49:27 -05:00
Tim Graham 284b3221a2 Fixed #30013 -- Fixed DatabaseOperations.last_executed_query() with mysqlclient 1.3.14+. 2018-12-05 14:46:23 -05:00
Carlton Gibson 196b420fcb Added stub release notes for 2.1.5 release. 2018-12-04 16:21:38 +01:00
Carlton Gibson 346721a038 Added release date for 2.1.4. 2018-12-03 17:29:46 +01:00
Carlton Gibson 8245c99ee6
Fixed #29930 -- Allowed editing in admin with view-only inlines.
Co-authored-by: Tim Graham <timograham@gmail.com>
2018-12-03 07:44:18 -08:00
Carlton Gibson 950112548e Added release date for 1.11.17. 2018-12-03 15:14:58 +01:00
Basil Dubyk 7d1123e5ad Fixed #29929 -- Fixed admin view-only change form crash when using ModelAdmin.prepopulated_fields. 2018-11-28 15:40:14 -05:00
Mariusz Felisiak f091ea3515
Refs #29722 -- Added introspection of materialized views for Oracle.
Thanks Tim Graham for the review.
2018-11-26 19:45:05 +01:00
Mariusz Felisiak d5f4ce9849
Fixed #29949 -- Refactored db introspection identifier converters.
Removed DatabaseIntrospection.table_name_converter()/column_name_converter()
and use instead DatabaseIntrospection.identifier_converter().

Removed DatabaseFeatures.uppercases_column_names.

Thanks Tim Graham for the initial patch and review and Simon Charette
for the review.
2018-11-21 09:06:50 +01:00
redodo 2e4776196d Fixed #29953 -- Added CSS class to column headers in tabular inlines.
The class name is the same as one given to the fields in the change list.
2018-11-20 18:17:53 -05:00
Tim Graham 5d327a63ef Refs #29849 -- Forwardported 2.1.4 release note. 2018-11-20 17:45:29 -05:00
Nick Pope ebd270627c Refs #29722 -- Added introspection of partitions for PostgreSQL. 2018-11-19 14:06:01 -05:00
Thomas Grainger 0607699902 Fixed #29478 -- Added support for mangled names to cached_property.
Co-Authored-By: Sergey Fedoseev <fedoseev.sergey@gmail.com>
2018-11-19 13:40:49 -05:00
Tim Graham f436c82637 Doc'd purpose of "Database backend API" backwards incompatible changes section. 2018-11-17 15:58:10 -05:00
Tim Graham 2fd21a1858 Refs #28814 -- Doc'd Python 3.7 compatibility in Django 1.11.x. 2018-11-17 15:40:35 -05:00
Claude Paroz e7e5505902 Fixed #29959 -- Cached GEOS version in WKBWriter class.
Regression in f185d929fa.
2018-11-16 14:45:21 -05:00
Tim Graham 97cec6f75d Removed release date for 2.0.10 and 1.11.17. 2018-11-16 09:34:10 -05:00
Prabakaran Kumaresshan 8250538bfc Fixed #29864 -- Added link targets for low-level cache API. 2018-11-15 17:32:41 -05:00
Mathew Payne 26bb2611a5 Fixed #29952 -- Lowercased all passwords in contrib.auth's auth/common-passwords.txt.gz. 2018-11-15 14:11:03 -05:00
Timothy Allen e819554018 Fixed #29939 -- Increased Group.name max_length to 150 characters. 2018-11-14 15:13:34 -05:00
Basil Dubyk 35a08b8541 Fixed #17210 -- Made NullBooleanSelect use unknown/true/false as query data. 2018-11-14 13:43:34 -05:00
Mariusz Felisiak ff8020ed49 Fixed #29788 -- Added support for Oracle Managed File (OMF) tablespaces. 2018-11-13 18:22:41 -05:00
Simon Charette db13bca60a Fixed #29641 -- Added support for unique constraints in Meta.constraints.
This constraint is similar to Meta.unique_together but also allows
specifying a name.

Co-authored-by: Ian Foote <python@ian.feete.org>
2018-11-13 17:57:27 -05:00
Simon Charette 8eae094638 Generalized check constraint docs for other constraints. 2018-11-13 17:57:27 -05:00
Simon Charette dba4a634ba Refs #29641 -- Refactored database schema constraint creation.
Added a test for constraint names in the database.

Updated SQLite introspection to use sqlparse to allow reading the
constraint name for table check and unique constraints.

Co-authored-by: Ian Foote <python@ian.feete.org>
2018-11-13 15:25:44 -05:00
Tim Graham f82be9ebc7
Fixed #29934 -- Added sqlparse as a require dependency. 2018-11-09 19:09:36 -05:00
Matthias Kestenholz f9ff1df1da Fixed #29917 -- Stopped collecting ModelAdmin.actions from base ModelAdmins. 2018-11-09 18:52:30 -05:00
romgar b3b1d3d45f Fixed #25251 -- Made data migrations available in TransactionTestCase when using --keepdb.
Data loaded in migrations were restored at the beginning of each
TransactionTestCase and all the tables are truncated at the end of
these test cases. If there was a TransactionTestCase at the end of
the test suite, the migrated data weren't restored in the database
(especially unexpected when using --keepdb). Now data is restored
at the end of each TransactionTestCase.
2018-11-06 16:57:50 -05:00
Carlton Gibson 7e5cb46330 Updated expected date for 2.1.4 release. 2018-11-01 16:19:21 +01:00
Carlton Gibson 74ddd0e83b Added stub release notes for 2.1.4 release. 2018-11-01 15:48:28 +01:00
Carlton Gibson eb13e6cb9a Added release date for 2.1.2 release. 2018-11-01 15:02:22 +01:00
Tim Graham 98ef3829e9 Fixed #29890 -- Fixed FileSystemStorage crash if concurrent saves try to create the same directory.
Regression in 632c4ffd9c.
2018-10-31 19:28:11 -04:00
Mads Jensen a906c98982 Fixed #29547 -- Added support for partial indexes.
Thanks to Ian Foote, Mariusz Felisiak, Simon Charettes, and
Markus Holtermann for comments and feedback.
2018-10-29 19:34:54 -04:00
Tim Graham f77fc56c96
Fixed #29896 -- Fixed incorrect Model.save() cache relation clearing for foreign keys that use to_field.
Regression in ee49306176.
2018-10-28 22:54:02 -04:00
Tim Graham f892781b95 Fixed #28606 -- Deprecated CachedStaticFilesStorage. 2018-10-27 11:58:29 -04:00
Mariusz Felisiak c6525bea9e Fixed #29534 -- Made dbshell use rlwrap on Oracle if available. 2018-10-25 19:39:42 -04:00
Sergey Fedoseev 9a88c6dd6a Fixed #29827 -- Fixed reuse of test databases with --keepdb on MySQL.
Regression in e1253bc26f.
2018-10-25 19:37:41 -04:00
Tim Graham 9b52bd6575 Made DatabaseFeatures.uses_savepoints default to True. 2018-10-25 10:02:47 -04:00
buzzi 24cae0bedc Fixed #29860 -- Allowed BaseValidator to accept a callable limit_value. 2018-10-22 10:26:54 -04:00
Mariusz Felisiak 328f5627dd
Fixed #29870 -- Added DurationField introspection for Oracle and PostgreSQL.
Thanks Tim Graham for the review.
2018-10-21 09:08:05 +02:00
Adam Allred 4e78e389b1 Fixed #29774 -- Fixed django-admin shell hang on startup.
sys.stdin.read() blocks waiting for EOF in shell.py which will
likely never come if the user provides input on stdin via the
keyboard before the shell starts. Added check for a tty to
skip reading stdin if it's not present.

This still allows piping of code into the shell (which should
have no TTY and should have an EOF) but also doesn't cause it
to hang if multi-line input is provided.
2018-10-19 20:00:12 -04:00
aspalding dc5e75d419 Fixed #29838 -- Fixed crash when combining Q objects with __in lookups and lists.
Regression in fc6528b25a.
2018-10-17 11:34:49 -04:00
Florian Apolloner bc7dd8490b Fixed #21171 -- Avoided starting a transaction when a single (or atomic queries) are executed.
Checked the following locations:

 * Model.save(): If there are parents involved, take the safe way and use
   transactions since this should be an all or nothing operation.

   If the model has no parents:

    * Signals are executed before and after the previous existing
      transaction -- they were never been part of the transaction.

    * if `force_insert` is set then only one query is executed -> atomic
      by definition and no transaction needed.

    * same applies to `force_update`.

    * If a primary key is set and no `force_*` is set Django will try an
      UPDATE and if that returns zero rows it tries an INSERT. The first
      case is completly save (single query). In the second case a
      transaction should not produce different results since the update
      query is basically a no-op then (might miss something though).

 * QuerySet.update(): no signals issued, single query -> no transaction
   needed.

 * Model/Collector.delete(): This one is fun due to the fact that is
   does many things at once.

   Most importantly though: It does send signals as part of the
   transaction, so for maximum backwards compatibility we need to be
   conservative.

   To ensure maximum compatibility the transaction here is removed only
   if the following holds true:

     * A single instance is being deleted.
     * There are no signal handlers attached to that instance.
     * There are no deletions/updates to cascade.
     * There are no parents which also need deletion.
2018-10-17 12:19:02 +02:00
Jon Dufresne 0cd465b63a Fixed #29817 -- Deprecated settings.FILE_CHARSET. 2018-10-15 17:15:41 -04:00
Patrik Sletmo adfdb9f169 Fixed #29814 -- Added support for NoneType serialization in migrations. 2018-10-11 09:02:14 -04:00
Mariusz Felisiak 52fec5d18f
Fixed #29836 -- Bumped required cx_Oracle to 6.0. 2018-10-11 11:43:16 +02:00
Jon Dufresne c82893cb8c Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.

As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-10-10 14:38:22 -04:00
Jon Dufresne e90af8bad4 Capitalized "Python" in docs and comments. 2018-10-09 09:26:07 -04:00
Stefano Chiodino 6de7f9ec60 Fixed #29598 -- Deprecated FloatRangeField in favor of DecimalRangeField. 2018-10-02 19:17:23 -04:00
Nick Pope bf8b625a3b Refs #29722 -- Added introspection of materialized views for PostgreSQL. 2018-10-02 14:02:04 -04:00
Nick Pope 45ef3df7d0 Fixed #29719 -- Added introspection of foreign tables for PostgreSQL.
Thanks infinite-l00p for the initial patch.
2018-10-02 14:01:24 -04:00
Carlton Gibson 92ccc39170 Adjusted text for CVE-2018-16984 in security release archive. 2018-10-01 14:58:23 +02:00
Carlton Gibson 0b3b7c4b0a Added CVE-2018-16984 to the security release archive. 2018-10-01 11:54:31 +02:00
Carlton Gibson dc28c0faf3 Added stub release notes for 2.1.3 release. 2018-10-01 11:48:11 +02:00
Carlton Gibson 2e86710dac Added stub release notes for 2.0.10 release. 2018-10-01 11:46:38 +02:00
Carlton Gibson 7040e638b9 Added stub release notes for 1.11.17 release. 2018-10-01 11:44:36 +02:00
Carlton Gibson fb7fd884a1 Added release date for 2.1.2 release. 2018-10-01 10:10:48 +02:00
Tim Graham a7284cc0c3 Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin user change form. 2018-10-01 10:09:50 +02:00
Carlton Gibson bf39978a53 Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" users.
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
2018-10-01 10:05:01 +02:00
Carlton Gibson a4932be483 Added release date for 2.0.9 release. 2018-10-01 09:55:56 +02:00
Carlton Gibson d37ed40048 Added release date for 1.11.16. 2018-10-01 09:34:57 +02:00
Claude Paroz 033d842e84 Updated translations from Transifex
Forward port of d5ed08263b from master.
2018-09-29 17:11:49 +02:00
Mariusz Felisiak 024abe5b82
Fixed #29630 -- Fixed crash of sliced queries with multiple columns with the same name on Oracle 12.1.
Regression in 0899d583bd.

Thanks Tim Graham for the review and Jani Tiainen for help.
2018-09-26 20:18:48 +02:00
Jon Dufresne 82f286cf6f Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
Oleg d1d5c97bc2 Fixed #29778 -- Fixed quoting of unique index names.
Regression in 3b429c9673.
2018-09-25 16:00:20 -04:00
Jon Dufresne bb81c22d90 Refs #27795 -- Removed force_bytes() usage in utils/_os.py. 2018-09-25 11:27:36 -04:00
Tom Forbes 9cbdb44014 Fixed #23646 -- Added QuerySet.bulk_update() to efficiently update many models. 2018-09-18 16:14:44 -04:00
Tim Graham 0192e9a976 Fixed typo in docs/releases/2.1.txt. 2018-09-18 15:46:38 -04:00
Claude Paroz f5e347a640 Fixed #27899 -- Added support for phrase/raw searching in SearchQuery.
Thanks Tim Graham, Nick Pope, and Claude Paroz for contribution and review.
2018-09-17 12:03:52 -04:00
Mariusz Felisiak da92ec7962
Fixed #29759 -- Fixed crash on Oracle when fetching a returned insert id with cx_Oracle 7. 2018-09-16 12:45:34 +02:00
Simon Charette a4495f4b98 Fixed #29755 -- Made migrations detect changes to Meta.default_related_name. 2018-09-14 09:09:17 -04:00
Ramiro Morales 1b1f64ee5a Refs #14357 -- Deprecated Meta.ordering affecting GROUP BY queries.
Thanks Ramiro Morales for contributing to the patch.
2018-09-13 12:29:48 -04:00
Tim Graham 32fbccab40
Fixed #29749 -- Made the migrations loader ignore files starting with a tilde or underscore.
Regression in 29150d5da8.
2018-09-11 12:51:11 -04:00
Hasan Ramezani 5195b99e2c Fixed #29560 -- Added --force-color management command option. 2018-09-11 11:15:42 -04:00
Curtis Maloney c49ea6f591 Refs #20910 -- Replaced snippet directive with code-block. 2018-09-10 13:00:34 -04:00
Alexander Holmbäck f315d0423a Fixed #29727 -- Made nonexistent joins in F() raise FieldError.
Regression in 2162f0983d.
2018-09-08 09:40:33 -04:00
Josh Schneier 3509fb54bb Refs #29426 -- Fixed typo in docs/releases/2.2.txt. 2018-08-31 10:22:42 -04:00
Carlton Gibson 728ee98cd3 Added stub release notes for 2.1.2. 2018-08-31 11:01:29 +02:00
Carlton Gibson fff25d6d0c Added release date for 2.1.1. 2018-08-31 10:12:51 +02:00
Tim Graham fd8a7a5313 Fixed #29723 -- Fixed crash if InlineModelAdmin.has_add_permission() doesn't accept the obj argument.
* Refs #27991 -- Added testing for ModelAdmin.get_inline_instances() if the inline's has_add_permission() doesn't accept 'obj'.

* Fixed #29723 -- Fixed crash if InlineModelAdmin.has_add_permission() doesn't accept the obj argument.
2018-08-30 11:22:50 +02:00
Mariusz Felisiak 39461a83c3
Fixed #29694 -- Fixed column mismatch crash with QuerySet.values() or values_list() after combining querysets with extra() with union(), difference(), or intersection().
Regression in 0b66c3b442.
2018-08-29 10:00:15 +02:00
Tim Graham 166dec8406
Fixed #29718 -- Doc'd admin template collision backwards incompatibility in Django 2.1. 2018-08-28 14:40:08 -04:00
Nick Pope ed4bfacb3c Fixed #29703 -- Deprecated QuerySetPaginator alias.
Unused since 4406d283e1.
2018-08-27 16:23:43 -04:00
Dan Palmer e181666973 Fixed #29687 -- Allowed the test client to serialize list/tuple as JSON. 2018-08-25 10:57:05 -04:00