Commit Graph

12352 Commits

Author SHA1 Message Date
Mariusz Felisiak 6723a26e59 Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 2022-04-11 08:59:58 +02:00
Mariusz Felisiak 93cae5cb2f Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
2022-04-11 08:59:33 +02:00
Manel Clos 62739b6e26 Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes.
Regression in 68357b2ca9.
2022-04-11 07:37:30 +02:00
Simon Charette 0b31e02487 Fixed #33618 -- Fixed MTI updates outside of primary key chain. 2022-04-07 07:54:56 +02:00
Carlton Gibson 9ffd4eae2c
Fixed #33611 -- Allowed View subclasses to define async method handlers. 2022-04-07 07:05:59 +02:00
Mariusz Felisiak 2ee4caf56b
Refs #33173 -- Fixed test_runner/test_utils tests on Python 3.11+.
Python 3.11 uses fully qualified test name in unittest output. See
755be9b150
2022-04-07 07:02:21 +02:00
Mariusz Felisiak bfe9665502
Skipped SchemaTests.test_alter_field_type_and_db_collation on databases that don't support collation on TextField. 2022-04-06 16:52:13 +02:00
sarahboyce 65effbdb10 Fixed #33471 -- Made AlterField operation a noop when changing "choices".
This also allows customizing attributes of fields that don't affect
a column definition.
2022-04-06 13:05:57 +02:00
David Smith 6991880109 Refs #31617 -- Added an id for helptext in admin forms. 2022-04-06 12:42:43 +02:00
Baptiste Mispelon 50e1e7ef8e Fixed #33348 -- Changed SimpleTestCase.assertFormError()/assertFormsetErrors() to take form/formset.
Instead of taking a response object and a context name for
the form/formset, the two methods now take the object directly.
2022-04-06 07:58:52 +02:00
Mariusz Felisiak 1a7d75cf77
Moved remaining SimpleTestCase.assertFormError()/assertFormsetErrors() tests to test_utils.
This also removes redundant tests in test_client_regress.

Follow up to 68144f4049.
2022-04-05 08:37:28 +02:00
Brian Helba 2d5215c675 Fixed #33605 -- Fixed migration crash when altering RegexValidator to pre-compiled regular expression. 2022-04-04 07:38:15 +02:00
Lucidiot 13a9cde133 Fixed #33613 -- Made createsuperuser detect uniqueness of USERNAME_FIELD when using Meta.constraints. 2022-04-01 11:39:41 +02:00
Luke Plant 40b8a6174f Fixed #33397 -- Corrected resolving output_field for DateField/DateTimeField/TimeField/DurationFields.
This includes refactoring of CombinedExpression._resolve_output_field()
so it no longer uses the behavior inherited from Expression of guessing
same output type if argument types match, and instead we explicitly
define the output type of all supported operations.

This also makes nonsensical operations involving dates
(e.g. date + date) raise a FieldError, and adds support for
automatically inferring output_field for cases such as:
* date - date
* date + duration
* date - duration
* time + duration
* time - time
2022-03-31 11:05:23 +02:00
David c8459708a7 Refs #32339 -- Added use_fieldset to Widget. 2022-03-30 16:28:14 +02:00
Luke Plant 04ad0f26ba Refs #33397 -- Added extra tests for resolving an output_field of CombinedExpression. 2022-03-30 11:03:48 +02:00
Mariusz Felisiak fac662f479
Fixed #33598 -- Reverted "Removed unnecessary reuse_with_filtered_relation argument from Query methods."
Thanks lind-marcus for the report.

This reverts commit 0c71e0f9cf.

Regression in 0c71e0f9cf.
2022-03-30 07:31:56 +02:00
Carlton Gibson 59ab3fd0e9 Refs #32365 -- Deprecated django.utils.timezone.utc. 2022-03-29 14:47:44 +02:00
Alokik Vijay baf9604ed8 Fixed #16406 -- Added ResolveMatch.captured_kwargs and extra_kwargs.
Thanks Florian Apolloner for the review and implementation idea.
2022-03-29 10:27:40 +02:00
René Fleschenberg eb07b5be0c Fixed #15619 -- Deprecated log out via GET requests.
Thanks Florian Apolloner for the implementation idea.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-29 06:42:14 +02:00
Mariusz Felisiak abfdb4d7f3
Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+."
This reverts commit 1d9d082acf.
2022-03-26 12:27:30 +01:00
adontz 2bee0b4328 Fixed #7497 -- Allowed overriding the order of apps and models in admin. 2022-03-25 10:33:44 +01:00
Mariusz Felisiak d44951b36e Refs #7497 -- Added assertion for the default order of models in AdminSite.app_index(). 2022-03-25 10:29:59 +01:00
Mariusz Felisiak 1d9d082acf
Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+.
See https://github.com/pallets/jinja/pull/1621.
2022-03-25 08:48:32 +01:00
Mariusz Felisiak 94d8ed55fa
Refs #15619 -- Logged out with POST requests in admin. 2022-03-24 17:41:53 +01:00
Mariusz Felisiak 1b695fbbc2
Refs #33577 -- Used addCleanup() to remove .aux file in GDALBandTests.
Follow up to 970f5bf503.
2022-03-24 09:13:24 +01:00
Carlton Gibson bb61f0186d Refs #32365 -- Removed internal uses of utils.timezone.utc alias.
Remaining test case ensures that uses of the alias are mapped
canonically by the migration writer.
2022-03-24 06:29:50 +01:00
Thomas Schmidt 1cf60ce601 Fixed #33569 -- Added SECURE_PROXY_SSL_HEADER support for list of protocols in the header value. 2022-03-23 19:33:36 +01:00
Carlton Gibson d46e158ee2 Refs #32365 -- Made migration writer use datetime.timezone.utc. 2022-03-23 12:43:43 +01:00
Gagaro 7325d29152 Refs #30581 -- Fixed DatabaseFeatures.bare_select_suffix on MySQL < 8 and MariaDB < 10.4. 2022-03-22 09:45:59 +01:00
likecodingloveproblems 4b66a5e617 Fixed #33256 -- Fixed schema test failures when using --keepdb. 2022-03-21 20:54:48 +01:00
Stefan Wehrmeyer 561761c660 Fixed #33592 -- Fixed "View on Site" links in custom admin site. 2022-03-21 10:07:32 +01:00
François Granade 4b8e4f5060 Fixed #33582 -- Fixed deserializing natural keys with foreing key dependencies in a multiple database setup. 2022-03-18 20:57:08 +01:00
Mariusz Felisiak ed6db53542 Fixed isolation of FeaturesTests.test_supports_json_field_operational_error(). 2022-03-18 20:57:08 +01:00
David Smith ba298a32b3 Refs #31169 -- Prevented infinite loop in parallel tests with custom test runner when using spawn.
Regression in 3b3f38b3b0.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-03-17 10:20:13 +01:00
Florian Apolloner 4f92cf87b0 Prevented initialization of unused database connections. 2022-03-17 07:40:57 +01:00
Florian Apolloner 13378ad952 Moved ensure_defaults() and prepare_test_settings() logic to ConnectionHandler.configure_settings(). 2022-03-17 07:36:34 +01:00
Florian Apolloner 58ad9a99a7 Removed usage of django.db.utils.ConnectionHandler.databases. 2022-03-17 07:36:34 +01:00
Gagaro bf524d229f Refs #30581 -- Allowed sql.Query to be used without model. 2022-03-16 09:33:16 +01:00
Mariusz Felisiak 970f5bf503
Fixed #33577 -- Confirmed support for GDAL 3.4. 2022-03-16 09:07:01 +01:00
David Smith 3b3f38b3b0 Fixed #31169 -- Adapted the parallel test runner to use spawn.
Co-authored-by: Valz <ahmadahussein0@gmail.com>
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
2022-03-15 16:23:55 +01:00
Sage Abdullah a88fab1bca Fixed #33552 -- Fixed JSONField has key lookups with numeric keys on MariaDB, MySQL, Oracle, and SQLite. 2022-03-15 06:37:35 +01:00
Biel Frontera 859a87d873 Fixed #31357 -- Fixed get_for_models() crash for stale content types when model with the same name exists in another app. 2022-03-14 12:52:26 +01:00
Adam Johnson 8f7cda0831
Fixed #33572 -- Implemented CreateModel/AlterModelManagers reduction. 2022-03-11 07:03:51 +01:00
Collin Anderson 71017a68a6
Fixed #33571 -- Fixed static serving views crash when If-Modified-Since is empty.
Regression in d6aff369ad.
2022-03-11 06:19:01 +01:00
Adrian Torres d90e34c61b Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend. 2022-03-10 12:57:19 +01:00
Claude Paroz 93803a1b5f Fixed #33567 -- Avoided setting default text/html content type on responses. 2022-03-09 14:50:52 +01:00
Adam Johnson a45f28f0ec Rewrote strip_tags test file to lorem ipsum. 2022-03-08 14:50:06 +01:00
Adam Johnson a8c15481f4 Rewrote some references to "master".
Following d9a266d657.
2022-03-08 14:50:06 +01:00
Mariusz Felisiak d4fd31684a
Refs #33173 -- Used locale.getlocale() instead of getdefaultlocale().
locale.getdefaultlocale() was deprecated in Python 3.11, see
https://bugs.python.org/issue46659.
2022-03-08 13:17:05 +01:00
Hameed Gifford 58d357fc65
Fixed #33563 -- Fixed contenttype reverse data migration crash with a multiple databases setup. 2022-03-08 06:22:03 +01:00
Luke Plant f3bf6c4218 Refs #33562 -- Made HttpResponse.set_cookie() raise ValueError when both "expires" and "max_age" are passed.
This fixes the case where you might pass set_cookie(expires=val, max_age=val)
and max_age is silently ignored.
2022-03-07 08:04:18 +01:00
Luke Plant ae2da5ba65 Fixed #33562 -- Made HttpResponse.set_cookie() support timedelta for the max_age argument. 2022-03-07 07:57:14 +01:00
Luke Plant 1882f6567d Refs #33562 -- Added tests HttpRequest.get_signed_cookie() with timedeltas. 2022-03-07 07:29:43 +01:00
Ryan Heard c6b4d62fa2 Fixed #29865 -- Added logical XOR support for Q() and querysets. 2022-03-04 12:55:37 +01:00
Mariusz Felisiak a46bc327e7
Refs #11293 -- Added test for filtering aggregates with negated & operator. 2022-03-04 09:51:52 +01:00
Adam Johnson b811364421 Refs #33446 -- Allowed variable whitespace in CSS source map references.
Follow up to dc8bb35e39.

The Webpack default is to output CSS source map comments like
`/*# sourceMappingURL=main.css.map*/`. Also, Chromium allows tabs.
2022-03-04 06:22:28 +01:00
Keryn Knight 9bde906fb2 Refs #10188 -- Added tests for BadHeaderErrors when HTTP header with newlines cannot be encoded/decoded. 2022-03-02 20:23:39 +01:00
Mariusz Felisiak 445b075def
Fixed #33547 -- Fixed error when rendering invalid inlines with readonly fields in admin.
Regression in de95c82667.

Thanks David Glenck for the report.
2022-03-01 08:09:58 +01:00
Hrushikesh Vaidya 119f227aa6 Fixed #33524 -- Allowed overriding empty_label for ForeignKey in ModelAdmin.radio_fields. 2022-02-28 13:28:21 +01:00
Mariusz Felisiak 26c166c3b0
Added test for removing through model from ManyToManyField. 2022-02-25 22:01:27 +01:00
Albert Defler 2b6a3baebe Fixed #31486 -- Deprecated passing unsaved objects to related filters.
Co-Authored-By: Hasan Ramezani <hasan.r67@gmail.com>
2022-02-25 07:51:37 +01:00
Shubh1815 11cc227344 Fixed #33267 -- Added link to related item to related widget wrapper in admin. 2022-02-25 06:33:05 +01:00
Albert Defler 18245b948b Refs #7488, Refs #19524 -- Removed obsolete ModelInheritanceTest.test_issue_7488() test.
Obsolete since e9c24bef74.
2022-02-24 09:55:02 +01:00
Anders Kaseorg 7f4fc5cbd4 Fixed #33539 -- Fixed spaces in WITH SQL for indexes on PostgreSQL. 2022-02-24 09:03:58 +01:00
mgaligniana fe7dbef586 Fixed #28889 -- Prevented double submission of admin forms.
Added a JavaScript confirm() to catch double-submissions, when the
change form has already been submitted.

Thanks to Adam Johnson, Claude Paroz, Keryn Knight, and Thibaud Colas
for review.
2022-02-23 14:57:34 +01:00
Mariusz Felisiak d11944be34
Refs #33476 -- Added warning to optimizemigration/squashmigrations commands when black cannot be applied. 2022-02-23 07:29:15 +01:00
David Wobrock 7c318a8bdd Fixed #27844 -- Added optimizemigration management command. 2022-02-22 10:30:40 +01:00
Nick Pope 847f46e9bf
Removed redundant QuerySet.all() calls in docs and tests.
Most QuerySet methods are mapped onto the Manager and, in general,
it isn't necessary to call .all() on the manager.
2022-02-22 10:29:38 +01:00
Albert Defler 7ba6ebe914 Fixed #19580 -- Unified behavior of reverse foreign key and many-to-many relations for unsaved instances. 2022-02-22 09:16:40 +01:00
nabil-rady b7f263551c Refs #33517 -- Prevented __second lookup from returning fractional seconds on PostgreSQL. 2022-02-22 07:26:44 +01:00
Theo Alexiou 659d2421c7 Fixed #20296 -- Prevented mark_safe() from evaluating lazy objects. 2022-02-21 10:11:26 +01:00
Mariusz Felisiak 1299bc33e1
Refs #33526 -- Made CSRF_COOKIE_SECURE/SESSION_COOKIE_SECURE/SESSION_COOKIE_HTTPONLY don't pass on truthy values. 2022-02-21 07:54:47 +01:00
saeedblanchette e559070a7a Fixed #33518 -- Added RemovedAfterNextVersionWarning. 2022-02-21 06:23:41 +01:00
David Smith fac3dd7f39
Refs #33173 -- Fixed MailTests.test_backend_arg() on Windows and Python 3.11+. 2022-02-19 20:36:01 +01:00
Hasan Ramezani 9ac3ef59f9 Fixed #33379 -- Added minimum database version checks.
Thanks Tim Graham for the review.
2022-02-18 13:37:49 +01:00
My-Name-Is-Nabil 3079133c73 Fixed #33514 -- Added fallbacks to subsequent language codes in Select2 translations. 2022-02-18 08:34:49 +01:00
Matthias Kestenholz b2ed0d78f2 Refs #28358 -- Fixed infinite recursion in LazyObject.__getattribute__().
Regression in 97d7990abd.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Theo Alexiou <theofilosalexiou@gmail.com>
2022-02-17 14:52:17 +01:00
Mariusz Felisiak 1e2e1be02b
Fixed #33515 -- Prevented recreation of migration for ManyToManyField to lowercased swappable setting.
Thanks Chris Lee for the report.

Regression in 4328970780.

Refs #23916.
2022-02-16 21:09:24 +01:00
Theo Alexiou 97d7990abd Fixed #28358 -- Prevented LazyObject from mimicking nonexistent attributes.
Thanks Sergey Fedoseev for the initial patch.
2022-02-16 10:51:15 +01:00
Carlton Gibson 236e6cb588 Refs #31407 -- Handled potential exception in test cleanup.
The test view may not be called when running the tests with
--parallel=2 or greater. Catch the AttributeError for this case.
2022-02-15 14:38:19 +01:00
Baptiste Mispelon f7e0bffa2e Refs #33348 -- Made SimpleTestCase.assertFormError() raise ValueError when "field" is passed without "form_index". 2022-02-15 10:30:20 +01:00
Mariusz Felisiak d4c9dab74b Refs #33348 -- Fixed SimpleTestCase.assertFormError() error message raised for unbound forms. 2022-02-15 10:16:06 +01:00
Baptiste Mispelon d84cd91e90 Refs #33348 -- Improved messages raised by SimpleTestCase.assertFormError()/assertFormsetErrors().
This makes messages use BaseFormSet/BaseForm.__repr__() instead of
context, and adds the _assert_form_error() helper.
2022-02-15 07:15:44 +01:00
Baptiste Mispelon 9bb13def5d Refs #33348 -- Made SimpleTestCase.assertFormsetErrors() raise an error when form_index is too big. 2022-02-14 12:46:46 +01:00
Baptiste Mispelon 261885e4c1 Simplified SimpleTestCase.assertFormError()/assertFormsetErrors() calls in admin_views tests. 2022-02-14 11:34:58 +01:00
Baptiste Mispelon 1f749d6f12 Fixed field name in admin_views.tests.UserAdminTest.test_password_mismatch() assertion. 2022-02-14 11:29:45 +01:00
Baptiste Mispelon 7986028e3f Refs #33348 -- Made SimpleTestCase.assertFormError()/assertFormsetErrors() raise an error for unbound forms/formsets. 2022-02-14 08:43:46 +01:00
rafrafek cdd4ff67d2 Refs #25684 -- Removed double newline from request/response output of runserver.
Follow up to 0bc5cd6280.
2022-02-14 06:55:34 +01:00
Mariusz Felisiak 3702819227
Refs #32502 -- Avoided table rebuild when removing fields on SQLite 3.35.5+.
ALTER TABLE ... DROP COLUMN was introduced in SQLite 3.35+ however
a data corruption issue was fixed in SQLite 3.35.5.
2022-02-11 22:21:58 +01:00
Carlton Gibson d113b5a837 Refs #33476 -- Made management commands use black.
Run black on generated files, if it is available on PATH.
2022-02-11 12:23:26 +01:00
Theo Alexiou f9ec777a82 Fixed #26287 -- Added support for addition operations to SimpleLazyObject. 2022-02-10 11:24:51 +01:00
Claude Paroz 4c76ffc2d6 Fixed #29490 -- Added support for object-based Media CSS and JS paths. 2022-02-10 08:48:27 +01:00
Damian Posener 09e499a39e Fixed #33501 -- Made order_with_respect_to respect database routers. 2022-02-09 13:31:49 +01:00
Aaron Chong 2d472ad05c Fixed #33495 -- Improved debug logging message about adapting handlers for middlewares.
It's the wrapped handler that's adapted to the wrapping middleware.
2022-02-09 12:10:26 +01:00
Simon Charette d35ce682e3 Fixed #33506 -- Made QuerySet.bulk_update() perform atomic writes against write database.
The lack of _for_write = True assignment in bulk_update prior to
accessing self.db resulted in the db_for_read database being used to
wrap batched UPDATEs in a transaction.

Also tweaked the batch queryset creation to also ensure they are
executed against the same database as the opened transaction under all
circumstances.

Refs #23646, #33501.
2022-02-09 11:14:50 +01:00
Mariusz Felisiak 7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot 9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Mariusz Felisiak f68fa8b45d Refs #33476 -- Changed quotation marks in DebugViewTests.test_template_exceptions().
This prevents a failure after reformatting the code with Black.
2022-02-07 20:36:04 +01:00
Mariusz Felisiak 6f185a53a2
Refs #33482 -- Fixed QuerySet selecting and filtering againts negated Exists() with empty queryset.
Regression in b7d1da5a62.
2022-02-07 20:34:21 +01:00