Commit Graph

188 Commits

Author SHA1 Message Date
Bendeguz Csirmaz 9ca1f6eff6 Refs #373, Refs #24121 -- Added ColPairs.__repr__(). 2024-09-17 14:25:58 +02:00
Simon Charette 602fe961e6 Fixed #35665 -- Fixed a crash when passing an empty order_by to Window.
This also caused un-ordered sliced prefetches to crash as they rely on Window.

Regression in e16d0c176e that made OrderByList
piggy-back ExpressionList without porting the empty handling that the latter
provided.

Supporting explicit empty ordering on Window functions and slicing is arguably
a foot-gun design due to how backends will return undeterministic results but
this is a problem that requires a larger discussion.

Refs #35064.

Thanks Andrew Backer for the report and Mariusz for the review.
2024-08-13 11:26:17 +02:00
Simon Charette c87bfaacf8 Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields.
Thanks Eyal (eyalgabay) for the report.
2024-08-06 08:50:08 +02:00
Mariusz Felisiak 9f5e2306e2
Refs #29049 -- Fixed isolation of BasicExpressionsTests._test_slicing_of_f_expressions() subtests.
Thanks Tim Graham for the report.
2024-07-23 14:29:14 -03:00
Simon Charette 6b3f55446f Fixed #35603 -- Prevented F.__contains__() from hanging.
Regression in 94b6f101f7.
2024-07-18 08:39:10 +02:00
Tim Graham 7ba2a0db20
Fixed Number.__str__() crash when float/decimal_value is None in expressions tests models. 2024-06-21 16:51:41 -03:00
Mariusz Felisiak f030236a86 Fixed #35275 -- Fixed Meta.constraints validation crash on UniqueConstraint with OpClass().
This also introduces Expression.constraint_validation_compatible that
allows specifying that expression should be ignored during a constraint
validation.
2024-05-14 10:34:30 +02:00
sharonwoo 6a37e9bfae Fixed #35257 -- Corrected resolving output_field for IntegerField/DecimalField with NULL. 2024-03-21 10:13:54 +01:00
Mariusz Felisiak 305757aec1
Applied Black's 2024 stable style.
https://github.com/psf/black/releases/tag/24.1.0
2024-01-26 12:45:07 +01:00
Simon Charette 0fcee1676c Fixed #35111 -- Fixed compilation of DateField __in/__range rhs on SQLite and MySQL.
Also removed tests that ensured that adapt_(date)timefield backend
operations where able to deal with expressions when it's not the case
for any other adapt methods.
2024-01-16 08:34:14 +01:00
Simon Charette 561f770415 Refs #22288 -- Corrected __range lookup test names. 2024-01-16 08:34:06 +01:00
Nick Pope 94b6f101f7
Fixed #29049 -- Added slicing notation to F expressions.
Co-authored-by: Priyansh Saxena <askpriyansh@gmail.com>
Co-authored-by: Niclas Olofsson <n@niclasolofsson.se>
Co-authored-by: David Smith <smithdc@gmail.com>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Abhinav Yadav <abhinav.sny.2002@gmail.com>
2023-12-30 08:24:30 +01:00
Mariusz Felisiak de4884b114 Reverted "Refs #30446, Refs #34944 -- Fixed crash when adding GeneratedField with string Value()."
This reverts commit 8b1acc0440.
2023-11-14 15:45:43 +01:00
Simon Charette 8b1acc0440 Refs #30446, Refs #34944 -- Fixed crash when adding GeneratedField with string Value().
This should allow smarter output_field inferring in functions dealing
with text expressions.

Regression in f333e3513e.
2023-11-08 15:48:15 +03:00
Simon Charette ea596a52d9
Refs #33482 -- Fixed QuerySet selecting and filtering againts Exists() with empty queryset.
Thanks Tobias Bengfort for the report.
2023-10-04 21:30:50 +02:00
toan 4de31ec680 Fixed #34858 -- Corrected resolving output_field for PositiveIntegerField.
Regression in 40b8a6174f.
2023-09-22 09:33:50 +02:00
willzhao 9cc0d7f7f8 Fixed #34803 -- Fixed queryset crash when filtering againts deeply nested OuterRef annotations.
Thanks Pierre-Nicolas Rigal for the report.

Regression in c67ea79aa9.
2023-09-01 10:44:20 +02:00
Jingbei Li 9946f0b0d9 Fixed #33817 -- Added support for python-oracledb and deprecated cx_Oracle. 2023-08-10 10:11:53 +02:00
Mariusz Felisiak 94ad46e9d8 Refs #33543 -- Made Expression.asc()/desc() and OrderBy raise ValueError when nulls_first/nulls_last=False is passed.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
sarahboyce 05bcd5baaf Refs #30129 -- Added test for create() with F() expression in Subquery.
Fixed in 3543129822.
2023-01-16 08:26:34 +01:00
David Wobrock a320aab512 Fixed #16211 -- Added logical NOT support to F expressions. 2022-10-31 09:55:51 +01:00
Gregor Gärtner f0c06f8ab7 Refs #33990 -- Renamed TransactionTestCase.assertQuerysetEqual() to assertQuerySetEqual().
Co-Authored-By: Michael Howitz <mh@gocept.com>
2022-10-08 08:07:38 +02:00
Simon Charette c6350d594c Refs #30158 -- Removed alias argument for Expression.get_group_by_cols().
Recent refactors allowed GROUP BY aliasing allowed for aliasing to be
entirely handled by the sql.Query.set_group_by and compiler layers.
2022-10-06 12:04:00 +02:00
David Wobrock cff1f888e9
Fixed #33464 -- Resolved output_field for combined numeric expressions with MOD operator. 2022-09-27 20:41:10 +02:00
Mariusz Felisiak 68da6b389c
Fixed #33543 -- Deprecated passing nulls_first/nulls_last=False to OrderBy and Expression.asc()/desc().
Thanks Allen Jonathan David for the initial patch.
2022-05-12 11:30:03 +02:00
Mariusz Felisiak 1760ad4e8c
Relaxed some query ordering assertions in various tests.
It accounts for differences seen on MySQL with MyISAM storage engine.
2022-04-14 12:12:13 +02:00
Mariusz Felisiak 93cae5cb2f Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
2022-04-11 08:59:33 +02:00
Luke Plant 40b8a6174f Fixed #33397 -- Corrected resolving output_field for DateField/DateTimeField/TimeField/DurationFields.
This includes refactoring of CombinedExpression._resolve_output_field()
so it no longer uses the behavior inherited from Expression of guessing
same output type if argument types match, and instead we explicitly
define the output type of all supported operations.

This also makes nonsensical operations involving dates
(e.g. date + date) raise a FieldError, and adds support for
automatically inferring output_field for cases such as:
* date - date
* date + duration
* date - duration
* time + duration
* time - time
2022-03-31 11:05:23 +02:00
Luke Plant 04ad0f26ba Refs #33397 -- Added extra tests for resolving an output_field of CombinedExpression. 2022-03-30 11:03:48 +02:00
Ryan Heard c6b4d62fa2 Fixed #29865 -- Added logical XOR support for Q() and querysets. 2022-03-04 12:55:37 +01:00
Mariusz Felisiak 7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot 9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Mariusz Felisiak 6f185a53a2
Refs #33482 -- Fixed QuerySet selecting and filtering againts negated Exists() with empty queryset.
Regression in b7d1da5a62.
2022-02-07 20:34:21 +01:00
Mariusz Felisiak c5cd878382
Refs #33476 -- Refactored problematic code before reformatting by Black.
In these cases Black produces unexpected results, e.g.

def make_random_password(
    self,
    length=10,
    allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):

or

cursor.execute("""
SELECT ...
""",
    [table name],
)
2022-02-03 11:20:46 +01:00
Simon Charette b7d1da5a62 Fixed #33482 -- Fixed QuerySet filtering againts negated Exists() with empty queryset.
Thanks Tobias Bengfort for the report.
2022-02-02 07:54:19 +01:00
My-Name-Is-Nabil f37face331 Fixed #33435 -- Fixed invalid SQL generatered by Subquery.as_sql(). 2022-01-17 09:00:46 +01:00
Allen Jonathan David 28c98d4113 Fixed #33216 -- Simpilified deconstructed paths for some expressions. 2022-01-07 11:19:29 +01:00
Keryn Knight 0ed2919814 Fixed #33406 -- Avoided creation of MaxLengthValidator(None) when resolving Value.output_field for strings.
This brings the behaviour in line with Field subclasses which append to
the validators within __init__(), like BinaryField, and prevents the
creation of a validator which incorrectly throws a TypeError, if it
were used.
2022-01-04 05:51:00 +01:00
Keryn Knight b894199eb0 Refs #33406 -- Added test for not creating broken validators when resolving Value.output_field. 2022-01-04 05:51:00 +01:00
Adam Johnson a8fa3e5cd7 Refs #33355 -- Added missing tests for database functions and expression on null values. 2021-12-22 11:46:18 +01:00
Matthijs Kooijman 1a5023883b Fixed #33257 -- Fixed Case() and ExpressionWrapper() with decimal values on SQLite. 2021-11-08 18:02:56 +01:00
Hasan Ramezani c069ee0b9d Fixed #33224 -- Removed DatabaseFeatures.supports_mixed_date_datetime_comparisons. 2021-11-02 07:30:38 +01:00
Tim Graham cbd9f8531d
Removed duplicated lines in test_in_lookup_allows_F_expressions_and_expressions_for_datetimes(). 2021-10-26 07:22:20 +02:00
Adam Johnson 45f48ed4f7 Made F deconstruction omit 'expressions' in the path. 2021-10-21 09:40:52 +02:00
Mariusz Felisiak e703b152c6
Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.
Regression in 1e38f1191d.

Thanks Mohsen Tamiz for the report.
2021-06-01 15:11:42 +02:00
Mariusz Felisiak f0a9413bd2 Refs #24121 -- Improved Value.__repr__(). 2021-05-24 07:26:53 +02:00
Mariusz Felisiak 3f6d4e22f8 Fixed typo in tests/expressions/tests.py. 2021-05-24 07:26:53 +02:00
Simon Charette 96f55ccf79 Fixed #32714 -- Prevented recreation of migration for Meta.ordering with OrderBy expressions.
Regression in c8b6594305.

Thanks Kevin Marsh for the report.
2021-05-05 08:43:57 +02:00
Tobias Bengfort 54e94640ac Refs #25287 -- Added support for multiplying and dividing DurationField by scalar values on SQLite. 2021-04-20 11:44:41 +02:00
Hasan Ramezani ed0cc52dc3 Fixed #32585 -- Fixed Value() crash with DecimalField on SQLite. 2021-03-29 06:22:36 +02:00