Mariusz Felisiak
6723a26e59
Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL.
2022-04-11 08:59:58 +02:00
Mariusz Felisiak
93cae5cb2f
Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
...
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
2022-04-11 08:59:33 +02:00
Manel Clos
62739b6e26
Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes.
...
Regression in 68357b2ca9
.
2022-04-11 07:37:30 +02:00
Simon Charette
0b31e02487
Fixed #33618 -- Fixed MTI updates outside of primary key chain.
2022-04-07 07:54:56 +02:00
Carlton Gibson
9ffd4eae2c
Fixed #33611 -- Allowed View subclasses to define async method handlers.
2022-04-07 07:05:59 +02:00
Mariusz Felisiak
2ee4caf56b
Refs #33173 -- Fixed test_runner/test_utils tests on Python 3.11+.
...
Python 3.11 uses fully qualified test name in unittest output. See
755be9b150
2022-04-07 07:02:21 +02:00
Mariusz Felisiak
bfe9665502
Skipped SchemaTests.test_alter_field_type_and_db_collation on databases that don't support collation on TextField.
2022-04-06 16:52:13 +02:00
sarahboyce
65effbdb10
Fixed #33471 -- Made AlterField operation a noop when changing "choices".
...
This also allows customizing attributes of fields that don't affect
a column definition.
2022-04-06 13:05:57 +02:00
David Smith
6991880109
Refs #31617 -- Added an id for helptext in admin forms.
2022-04-06 12:42:43 +02:00
Baptiste Mispelon
50e1e7ef8e
Fixed #33348 -- Changed SimpleTestCase.assertFormError()/assertFormsetErrors() to take form/formset.
...
Instead of taking a response object and a context name for
the form/formset, the two methods now take the object directly.
2022-04-06 07:58:52 +02:00
Mariusz Felisiak
1a7d75cf77
Moved remaining SimpleTestCase.assertFormError()/assertFormsetErrors() tests to test_utils.
...
This also removes redundant tests in test_client_regress.
Follow up to 68144f4049
.
2022-04-05 08:37:28 +02:00
Brian Helba
2d5215c675
Fixed #33605 -- Fixed migration crash when altering RegexValidator to pre-compiled regular expression.
2022-04-04 07:38:15 +02:00
Lucidiot
13a9cde133
Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD when using Meta.constraints.
2022-04-01 11:39:41 +02:00
Luke Plant
40b8a6174f
Fixed #33397 -- Corrected resolving output_field for DateField/DateTimeField/TimeField/DurationFields.
...
This includes refactoring of CombinedExpression._resolve_output_field()
so it no longer uses the behavior inherited from Expression of guessing
same output type if argument types match, and instead we explicitly
define the output type of all supported operations.
This also makes nonsensical operations involving dates
(e.g. date + date) raise a FieldError, and adds support for
automatically inferring output_field for cases such as:
* date - date
* date + duration
* date - duration
* time + duration
* time - time
2022-03-31 11:05:23 +02:00
David
c8459708a7
Refs #32339 -- Added use_fieldset to Widget.
2022-03-30 16:28:14 +02:00
Luke Plant
04ad0f26ba
Refs #33397 -- Added extra tests for resolving an output_field of CombinedExpression.
2022-03-30 11:03:48 +02:00
Mariusz Felisiak
fac662f479
Fixed #33598 -- Reverted "Removed unnecessary reuse_with_filtered_relation argument from Query methods."
...
Thanks lind-marcus for the report.
This reverts commit 0c71e0f9cf
.
Regression in 0c71e0f9cf
.
2022-03-30 07:31:56 +02:00
Carlton Gibson
59ab3fd0e9
Refs #32365 -- Deprecated django.utils.timezone.utc.
2022-03-29 14:47:44 +02:00
Alokik Vijay
baf9604ed8
Fixed #16406 -- Added ResolveMatch.captured_kwargs and extra_kwargs.
...
Thanks Florian Apolloner for the review and implementation idea.
2022-03-29 10:27:40 +02:00
René Fleschenberg
eb07b5be0c
Fixed #15619 -- Deprecated log out via GET requests.
...
Thanks Florian Apolloner for the implementation idea.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
Mariusz Felisiak
abfdb4d7f3
Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+."
...
This reverts commit 1d9d082acf
.
2022-03-26 12:27:30 +01:00
adontz
2bee0b4328
Fixed #7497 -- Allowed overriding the order of apps and models in admin.
2022-03-25 10:33:44 +01:00
Mariusz Felisiak
d44951b36e
Refs #7497 -- Added assertion for the default order of models in AdminSite.app_index().
2022-03-25 10:29:59 +01:00
Mariusz Felisiak
1d9d082acf
Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+.
...
See https://github.com/pallets/jinja/pull/1621 .
2022-03-25 08:48:32 +01:00
Mariusz Felisiak
94d8ed55fa
Refs #15619 -- Logged out with POST requests in admin.
2022-03-24 17:41:53 +01:00
Mariusz Felisiak
1b695fbbc2
Refs #33577 -- Used addCleanup() to remove .aux file in GDALBandTests.
...
Follow up to 970f5bf503
.
2022-03-24 09:13:24 +01:00
Carlton Gibson
bb61f0186d
Refs #32365 -- Removed internal uses of utils.timezone.utc alias.
...
Remaining test case ensures that uses of the alias are mapped
canonically by the migration writer.
2022-03-24 06:29:50 +01:00
Thomas Schmidt
1cf60ce601
Fixed #33569 -- Added SECURE_PROXY_SSL_HEADER support for list of protocols in the header value.
2022-03-23 19:33:36 +01:00
Carlton Gibson
d46e158ee2
Refs #32365 -- Made migration writer use datetime.timezone.utc.
2022-03-23 12:43:43 +01:00
Gagaro
7325d29152
Refs #30581 -- Fixed DatabaseFeatures.bare_select_suffix on MySQL < 8 and MariaDB < 10.4.
2022-03-22 09:45:59 +01:00
likecodingloveproblems
4b66a5e617
Fixed #33256 -- Fixed schema test failures when using --keepdb.
2022-03-21 20:54:48 +01:00
Stefan Wehrmeyer
561761c660
Fixed #33592 -- Fixed "View on Site" links in custom admin site.
2022-03-21 10:07:32 +01:00
François Granade
4b8e4f5060
Fixed #33582 -- Fixed deserializing natural keys with foreing key dependencies in a multiple database setup.
2022-03-18 20:57:08 +01:00
Mariusz Felisiak
ed6db53542
Fixed isolation of FeaturesTests.test_supports_json_field_operational_error().
2022-03-18 20:57:08 +01:00
David Smith
ba298a32b3
Refs #31169 -- Prevented infinite loop in parallel tests with custom test runner when using spawn.
...
Regression in 3b3f38b3b0
.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-17 10:20:13 +01:00
Florian Apolloner
4f92cf87b0
Prevented initialization of unused database connections.
2022-03-17 07:40:57 +01:00
Florian Apolloner
13378ad952
Moved ensure_defaults() and prepare_test_settings() logic to ConnectionHandler.configure_settings().
2022-03-17 07:36:34 +01:00
Florian Apolloner
58ad9a99a7
Removed usage of django.db.utils.ConnectionHandler.databases.
2022-03-17 07:36:34 +01:00
Gagaro
bf524d229f
Refs #30581 -- Allowed sql.Query to be used without model.
2022-03-16 09:33:16 +01:00
Mariusz Felisiak
970f5bf503
Fixed #33577 -- Confirmed support for GDAL 3.4.
2022-03-16 09:07:01 +01:00
David Smith
3b3f38b3b0
Fixed #31169 -- Adapted the parallel test runner to use spawn.
...
Co-authored-by: Valz <ahmadahussein0@gmail.com>
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
2022-03-15 16:23:55 +01:00
Sage Abdullah
a88fab1bca
Fixed #33552 -- Fixed JSONField has key lookups with numeric keys on MariaDB, MySQL, Oracle, and SQLite.
2022-03-15 06:37:35 +01:00
Biel Frontera
859a87d873
Fixed #31357 -- Fixed get_for_models() crash for stale content types when model with the same name exists in another app.
2022-03-14 12:52:26 +01:00
Adam Johnson
8f7cda0831
Fixed #33572 -- Implemented CreateModel/AlterModelManagers reduction.
2022-03-11 07:03:51 +01:00
Collin Anderson
71017a68a6
Fixed #33571 -- Fixed static serving views crash when If-Modified-Since is empty.
...
Regression in d6aff369ad
.
2022-03-11 06:19:01 +01:00
Adrian Torres
d90e34c61b
Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend.
2022-03-10 12:57:19 +01:00
Claude Paroz
93803a1b5f
Fixed #33567 -- Avoided setting default text/html content type on responses.
2022-03-09 14:50:52 +01:00
Adam Johnson
a45f28f0ec
Rewrote strip_tags test file to lorem ipsum.
2022-03-08 14:50:06 +01:00
Adam Johnson
a8c15481f4
Rewrote some references to "master".
...
Following d9a266d657
.
2022-03-08 14:50:06 +01:00
Mariusz Felisiak
d4fd31684a
Refs #33173 -- Used locale.getlocale() instead of getdefaultlocale().
...
locale.getdefaultlocale() was deprecated in Python 3.11, see
https://bugs.python.org/issue46659 .
2022-03-08 13:17:05 +01:00
Hameed Gifford
58d357fc65
Fixed #33563 -- Fixed contenttype reverse data migration crash with a multiple databases setup.
2022-03-08 06:22:03 +01:00
Luke Plant
f3bf6c4218
Refs #33562 -- Made HttpResponse.set_cookie() raise ValueError when both "expires" and "max_age" are passed.
...
This fixes the case where you might pass set_cookie(expires=val, max_age=val)
and max_age is silently ignored.
2022-03-07 08:04:18 +01:00
Luke Plant
ae2da5ba65
Fixed #33562 -- Made HttpResponse.set_cookie() support timedelta for the max_age argument.
2022-03-07 07:57:14 +01:00
Luke Plant
1882f6567d
Refs #33562 -- Added tests HttpRequest.get_signed_cookie() with timedeltas.
2022-03-07 07:29:43 +01:00
Ryan Heard
c6b4d62fa2
Fixed #29865 -- Added logical XOR support for Q() and querysets.
2022-03-04 12:55:37 +01:00
Mariusz Felisiak
a46bc327e7
Refs #11293 -- Added test for filtering aggregates with negated & operator.
2022-03-04 09:51:52 +01:00
Adam Johnson
b811364421
Refs #33446 -- Allowed variable whitespace in CSS source map references.
...
Follow up to dc8bb35e39
.
The Webpack default is to output CSS source map comments like
`/*# sourceMappingURL=main.css.map*/`. Also, Chromium allows tabs.
2022-03-04 06:22:28 +01:00
Keryn Knight
9bde906fb2
Refs #10188 -- Added tests for BadHeaderErrors when HTTP header with newlines cannot be encoded/decoded.
2022-03-02 20:23:39 +01:00
Mariusz Felisiak
445b075def
Fixed #33547 -- Fixed error when rendering invalid inlines with readonly fields in admin.
...
Regression in de95c82667
.
Thanks David Glenck for the report.
2022-03-01 08:09:58 +01:00
Hrushikesh Vaidya
119f227aa6
Fixed #33524 -- Allowed overriding empty_label for ForeignKey in ModelAdmin.radio_fields.
2022-02-28 13:28:21 +01:00
Mariusz Felisiak
26c166c3b0
Added test for removing through model from ManyToManyField.
2022-02-25 22:01:27 +01:00
Albert Defler
2b6a3baebe
Fixed #31486 -- Deprecated passing unsaved objects to related filters.
...
Co-Authored-By: Hasan Ramezani <hasan.r67@gmail.com>
2022-02-25 07:51:37 +01:00
Shubh1815
11cc227344
Fixed #33267 -- Added link to related item to related widget wrapper in admin.
2022-02-25 06:33:05 +01:00
Albert Defler
18245b948b
Refs #7488 , Refs #19524 -- Removed obsolete ModelInheritanceTest.test_issue_7488() test.
...
Obsolete since e9c24bef74
.
2022-02-24 09:55:02 +01:00
Anders Kaseorg
7f4fc5cbd4
Fixed #33539 -- Fixed spaces in WITH SQL for indexes on PostgreSQL.
2022-02-24 09:03:58 +01:00
mgaligniana
fe7dbef586
Fixed #28889 -- Prevented double submission of admin forms.
...
Added a JavaScript confirm() to catch double-submissions, when the
change form has already been submitted.
Thanks to Adam Johnson, Claude Paroz, Keryn Knight, and Thibaud Colas
for review.
2022-02-23 14:57:34 +01:00
Mariusz Felisiak
d11944be34
Refs #33476 -- Added warning to optimizemigration/squashmigrations commands when black cannot be applied.
2022-02-23 07:29:15 +01:00
David Wobrock
7c318a8bdd
Fixed #27844 -- Added optimizemigration management command.
2022-02-22 10:30:40 +01:00
Nick Pope
847f46e9bf
Removed redundant QuerySet.all() calls in docs and tests.
...
Most QuerySet methods are mapped onto the Manager and, in general,
it isn't necessary to call .all() on the manager.
2022-02-22 10:29:38 +01:00
Albert Defler
7ba6ebe914
Fixed #19580 -- Unified behavior of reverse foreign key and many-to-many relations for unsaved instances.
2022-02-22 09:16:40 +01:00
nabil-rady
b7f263551c
Refs #33517 -- Prevented __second lookup from returning fractional seconds on PostgreSQL.
2022-02-22 07:26:44 +01:00
Theo Alexiou
659d2421c7
Fixed #20296 -- Prevented mark_safe() from evaluating lazy objects.
2022-02-21 10:11:26 +01:00
Mariusz Felisiak
1299bc33e1
Refs #33526 -- Made CSRF_COOKIE_SECURE/SESSION_COOKIE_SECURE/SESSION_COOKIE_HTTPONLY don't pass on truthy values.
2022-02-21 07:54:47 +01:00
saeedblanchette
e559070a7a
Fixed #33518 -- Added RemovedAfterNextVersionWarning.
2022-02-21 06:23:41 +01:00
David Smith
fac3dd7f39
Refs #33173 -- Fixed MailTests.test_backend_arg() on Windows and Python 3.11+.
2022-02-19 20:36:01 +01:00
Hasan Ramezani
9ac3ef59f9
Fixed #33379 -- Added minimum database version checks.
...
Thanks Tim Graham for the review.
2022-02-18 13:37:49 +01:00
My-Name-Is-Nabil
3079133c73
Fixed #33514 -- Added fallbacks to subsequent language codes in Select2 translations.
2022-02-18 08:34:49 +01:00
Matthias Kestenholz
b2ed0d78f2
Refs #28358 -- Fixed infinite recursion in LazyObject.__getattribute__().
...
Regression in 97d7990abd
.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Theo Alexiou <theofilosalexiou@gmail.com>
2022-02-17 14:52:17 +01:00
Mariusz Felisiak
1e2e1be02b
Fixed #33515 -- Prevented recreation of migration for ManyToManyField to lowercased swappable setting.
...
Thanks Chris Lee for the report.
Regression in 4328970780
.
Refs #23916 .
2022-02-16 21:09:24 +01:00
Theo Alexiou
97d7990abd
Fixed #28358 -- Prevented LazyObject from mimicking nonexistent attributes.
...
Thanks Sergey Fedoseev for the initial patch.
2022-02-16 10:51:15 +01:00
Carlton Gibson
236e6cb588
Refs #31407 -- Handled potential exception in test cleanup.
...
The test view may not be called when running the tests with
--parallel=2 or greater. Catch the AttributeError for this case.
2022-02-15 14:38:19 +01:00
Baptiste Mispelon
f7e0bffa2e
Refs #33348 -- Made SimpleTestCase.assertFormError() raise ValueError when "field" is passed without "form_index".
2022-02-15 10:30:20 +01:00
Mariusz Felisiak
d4c9dab74b
Refs #33348 -- Fixed SimpleTestCase.assertFormError() error message raised for unbound forms.
2022-02-15 10:16:06 +01:00
Baptiste Mispelon
d84cd91e90
Refs #33348 -- Improved messages raised by SimpleTestCase.assertFormError()/assertFormsetErrors().
...
This makes messages use BaseFormSet/BaseForm.__repr__() instead of
context, and adds the _assert_form_error() helper.
2022-02-15 07:15:44 +01:00
Baptiste Mispelon
9bb13def5d
Refs #33348 -- Made SimpleTestCase.assertFormsetErrors() raise an error when form_index is too big.
2022-02-14 12:46:46 +01:00
Baptiste Mispelon
261885e4c1
Simplified SimpleTestCase.assertFormError()/assertFormsetErrors() calls in admin_views tests.
2022-02-14 11:34:58 +01:00
Baptiste Mispelon
1f749d6f12
Fixed field name in admin_views.tests.UserAdminTest.test_password_mismatch() assertion.
2022-02-14 11:29:45 +01:00
Baptiste Mispelon
7986028e3f
Refs #33348 -- Made SimpleTestCase.assertFormError()/assertFormsetErrors() raise an error for unbound forms/formsets.
2022-02-14 08:43:46 +01:00
rafrafek
cdd4ff67d2
Refs #25684 -- Removed double newline from request/response output of runserver.
...
Follow up to 0bc5cd6280
.
2022-02-14 06:55:34 +01:00
Mariusz Felisiak
3702819227
Refs #32502 -- Avoided table rebuild when removing fields on SQLite 3.35.5+.
...
ALTER TABLE ... DROP COLUMN was introduced in SQLite 3.35+ however
a data corruption issue was fixed in SQLite 3.35.5.
2022-02-11 22:21:58 +01:00
Carlton Gibson
d113b5a837
Refs #33476 -- Made management commands use black.
...
Run black on generated files, if it is available on PATH.
2022-02-11 12:23:26 +01:00
Theo Alexiou
f9ec777a82
Fixed #26287 -- Added support for addition operations to SimpleLazyObject.
2022-02-10 11:24:51 +01:00
Claude Paroz
4c76ffc2d6
Fixed #29490 -- Added support for object-based Media CSS and JS paths.
2022-02-10 08:48:27 +01:00
Damian Posener
09e499a39e
Fixed #33501 -- Made order_with_respect_to respect database routers.
2022-02-09 13:31:49 +01:00
Aaron Chong
2d472ad05c
Fixed #33495 -- Improved debug logging message about adapting handlers for middlewares.
...
It's the wrapped handler that's adapted to the wrapping middleware.
2022-02-09 12:10:26 +01:00
Simon Charette
d35ce682e3
Fixed #33506 -- Made QuerySet.bulk_update() perform atomic writes against write database.
...
The lack of _for_write = True assignment in bulk_update prior to
accessing self.db resulted in the db_for_read database being used to
wrap batched UPDATEs in a transaction.
Also tweaked the batch queryset creation to also ensure they are
executed against the same database as the opened transaction under all
circumstances.
Refs #23646 , #33501 .
2022-02-09 11:14:50 +01:00
Mariusz Felisiak
7119f40c98
Refs #33476 -- Refactored code to strictly match 88 characters line length.
2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7
Refs #33476 -- Reformatted code with Black.
2022-02-07 20:37:05 +01:00
Mariusz Felisiak
f68fa8b45d
Refs #33476 -- Changed quotation marks in DebugViewTests.test_template_exceptions().
...
This prevents a failure after reformatting the code with Black.
2022-02-07 20:36:04 +01:00
Mariusz Felisiak
6f185a53a2
Refs #33482 -- Fixed QuerySet selecting and filtering againts negated Exists() with empty queryset.
...
Regression in b7d1da5a62
.
2022-02-07 20:34:21 +01:00