Commit Graph

27188 Commits

Author SHA1 Message Date
Mariusz Felisiak 1af469e67f Added stub release notes for 2.2.5. 2019-08-02 20:32:21 +02:00
Nick Pope 4cf1f2f13e Simplified AlterModelTable by making it subclass ModelOptionOperation. 2019-08-02 18:19:55 +02:00
niauah 75f8264083 Corrected StreamingHttpResponse.streaming_content description in docs. 2019-08-02 16:37:49 +02:00
aaktsipetrov 4edad1ddf6 Fixed #30668 -- Made QuerySet.filter() raise NotSupportedError if any of source expressions is not filterable. 2019-08-02 15:06:00 +02:00
Nick Pope 194d1dfc18 Fixed #30661 -- Added models.SmallAutoField. 2019-08-02 11:39:01 +02:00
zeyneloz 955b382600 Fixed #30599 -- Prevented ManifestFilesMixin.read_manifest() from silencing errors other than FileNotFoundError. 2019-08-02 08:35:28 +02:00
zeyneloz 246689452d Added test for handling of non-existent manifest in ManifestFilesMixin.read_manifest(). 2019-08-02 08:35:25 +02:00
Mariusz Felisiak d14fa04ab3 Removed obsolete mentions of a check constraint in BaseDatabaseSchemaEditor.add_constraint()/remove_constraint() docstrings. 2019-08-02 07:09:37 +02:00
Jon Dufresne e8d0d2a5ef Removed unneeded ValueError catching in django.utils.text._replace_entity().
The html.entities.name2codepoint dict contains only valid Unicode
codepoints. Either the key exists and chr() will succeed or the key does
not exist.
2019-08-01 14:30:20 +02:00
Mariusz Felisiak ff111ea5e3 Refs #30664 -- Fixed migrations crash when altering AutoField/BigAutoField with quoted db_column on PostgreSQL. 2019-08-01 12:06:32 +02:00
Ngalim Siregar e4684220af Fixed #30664 -- Fixed migrations crash when altering table on SQLite or altering AutoField/BigAutoField on PostgreSQL for models with quoted db_table. 2019-08-01 12:06:32 +02:00
Carlton Gibson a5652eb795 Added CVE-2019-14235 to security release archive. 2019-08-01 12:01:27 +02:00
Carlton Gibson 3a6a2f5eaf Added CVE-2019-14234 to security release archive. 2019-08-01 11:59:45 +02:00
Carlton Gibson 9600f63885 Added CVE-2019-14233 to security release archive. 2019-08-01 11:57:24 +02:00
Carlton Gibson 87750787d1 Added CVE-2019-14232 to the security release archive. 2019-08-01 11:54:24 +02:00
Florian Apolloner 76ed1c49f8 Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Mariusz Felisiak 7deeabc7c7 Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-08-01 09:24:54 +02:00
Florian Apolloner 4b78420d25 Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Florian Apolloner 7f65974f82 Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Carlton Gibson eea0bf7bd5 Refs #30669 -- Removed incorrect branch in ASGIHander.read_body().
None is not valid for settings.FILE_UPLOAD_MAX_MEMORY_SIZE.
Always use SpooledTemporaryFile.
2019-07-31 13:33:01 +02:00
Étienne Beaulé 5f24e7158e Fixed #30665 -- Added support for distinct argument to Avg() and Sum(). 2019-07-31 11:22:50 +02:00
Étienne Beaulé cb3c2da128 Moved test for distinct Count() to a separate test case. 2019-07-31 10:41:17 +02:00
Nick Pope f618e033ac Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands. 2019-07-31 10:02:13 +02:00
Nick Pope c95d063e77 Refs #30160 -- Simplified and improved tests for django.utils.archive.
The file executable should have 0o775 permission not only u=x.
The file no_permissions should have 0o644 u=r.
2019-07-31 09:46:24 +02:00
Nick Pope 1692f69e37 Refs #30160 -- Doc'd startapp/startproject support for tarfile templates. 2019-07-31 09:46:24 +02:00
Nick Pope 69a30f620e Refs #30160 -- Simplified archive extension map and added other aliases. 2019-07-31 09:46:17 +02:00
Hasan Ramezani e3fc9af4ab Refs #30593 -- Fixed introspection of check constraints columns on MariaDB. 2019-07-30 16:32:13 +02:00
Hasan Ramezani b2aad9ad4d Refs #30593 -- Added _parse_constraint_columns() hook to introspection on MariaDB. 2019-07-30 16:32:13 +02:00
Nick Pope 421c4cd2ee Removed redundant ArchiveTest.test_extract_method() test.
The extract() function has the same code as used in the test method
for Archive.extract().
2019-07-30 11:33:53 +02:00
Nick Pope 0509148c24 Refs #30160 -- Made destination path a required argument of extract(). 2019-07-30 11:27:56 +02:00
Jerrod Martin c7bef16a74 Fixed #30411 -- Improved formatting of text tracebacks in technical 500 templates.
Co-Authored-By: Daniel Hahler <git@thequod.de>
2019-07-29 11:09:54 +02:00
daniel a rios 68aeb90160 Fixed #30656 -- Added QuerySet.bulk_update() to the database optimization docs. 2019-07-29 09:52:29 +02:00
daniel a rios fe33fdc049 Refs #30656 -- Reorganized bulk methods in the database optimization docs. 2019-07-29 09:52:29 +02:00
Claude Paroz 3c6d32e0b2 Fixed #30552 -- Fixed loss of SRID when calling reverse() on LineString/Point.
Thanks Mariusz Felisiak for contributing the Point part.
2019-07-27 20:12:46 +02:00
Jon Dufresne 4122d9d3f1 Refs #28147 -- Fixed setting of OneToOne and Foreign Key fields to None when using attnames.
Regression in 519016e5f2.
2019-07-27 12:04:56 +02:00
Jon Dufresne 619c9a4f49 Added tests for using attnames to assign OneToOne and Foreign Key fields. 2019-07-27 12:03:45 +02:00
Piotr Domanski 4b4e68a7a6 Fixed #30567 -- Made WSGIHandler pass FileResponse.block_size to wsgi.file_wrapper. 2019-07-26 07:31:51 +02:00
Mariusz Felisiak 806ba19bbf
Added Query.is_sliced property.
Previously, we used Query.can_filter() mainly to check if a query is
sliced what was confusing.
2019-07-25 20:45:55 +02:00
Hasan Ramezani 1853383969 Fixed #27995 -- Added error messages on unsupported operations following union(), intersection(), and difference(). 2019-07-25 12:39:55 +02:00
Carlton Gibson f13147c8de Added stub release notes for security releases. 2019-07-25 10:49:30 +02:00
Jon Dufresne 5ed20b3aa3 Fixed #30657 -- Allowed customizing Field's descriptors with a descriptor_class attribute.
Allows model fields to override the descriptor class used on the model
instance attribute.
2019-07-25 08:15:20 +02:00
Jon Dufresne 93ffa81bc5 Refs #30657 -- Made DeferredAttribute.__init__() to take a field instance instead of a field name. 2019-07-25 07:24:52 +02:00
Tom Forbes fc75694257 Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved. 2019-07-24 14:08:37 +02:00
Mariusz Felisiak fed5e19369
Removed unused BaseReloader.watch_file().
Unused since its introduction in c8720e7696.
2019-07-24 13:32:02 +02:00
Jon Dufresne d89053585e Improved error message when index in __getitem__() is invalid. 2019-07-23 20:12:08 +02:00
terminator14 8323691de0 Fixed typo in docs/topics/http/sessions.txt. 2019-07-23 15:10:58 +02:00
Mariusz Felisiak 8d52a525c8
Refs #29548 -- Fixed DatabaseWrapper.display_name on MariaDB. 2019-07-23 13:34:06 +02:00
Tom Forbes 2ff517ccb6 Fixed #30506 -- Fixed crash of autoreloader when path contains null characters. 2019-07-23 10:03:23 +02:00
Jon Dufresne 60dc957a82 Removed unnecessary code in Model.__init__().
As is_related_object is True, the val variable is unused for the
remainder of the method.

Unnecessary since 53da1e4794.
2019-07-23 07:45:07 +02:00
Georgi Yanchev c6581a40be Fixed #30644 -- Made introspection use pg_table_is_visible() instead of filtering by public schema on PostgreSQL. 2019-07-22 08:14:53 +02:00