Commit Graph

10332 Commits

Author SHA1 Message Date
Florian Apolloner 4b78420d25 Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Florian Apolloner 7f65974f82 Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Étienne Beaulé 5f24e7158e Fixed #30665 -- Added support for distinct argument to Avg() and Sum(). 2019-07-31 11:22:50 +02:00
Étienne Beaulé cb3c2da128 Moved test for distinct Count() to a separate test case. 2019-07-31 10:41:17 +02:00
Nick Pope f618e033ac Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands. 2019-07-31 10:02:13 +02:00
Nick Pope c95d063e77 Refs #30160 -- Simplified and improved tests for django.utils.archive.
The file executable should have 0o775 permission not only u=x.
The file no_permissions should have 0o644 u=r.
2019-07-31 09:46:24 +02:00
Hasan Ramezani e3fc9af4ab Refs #30593 -- Fixed introspection of check constraints columns on MariaDB. 2019-07-30 16:32:13 +02:00
Hasan Ramezani b2aad9ad4d Refs #30593 -- Added _parse_constraint_columns() hook to introspection on MariaDB. 2019-07-30 16:32:13 +02:00
Nick Pope 421c4cd2ee Removed redundant ArchiveTest.test_extract_method() test.
The extract() function has the same code as used in the test method
for Archive.extract().
2019-07-30 11:33:53 +02:00
Nick Pope 0509148c24 Refs #30160 -- Made destination path a required argument of extract(). 2019-07-30 11:27:56 +02:00
Jerrod Martin c7bef16a74 Fixed #30411 -- Improved formatting of text tracebacks in technical 500 templates.
Co-Authored-By: Daniel Hahler <git@thequod.de>
2019-07-29 11:09:54 +02:00
Claude Paroz 3c6d32e0b2 Fixed #30552 -- Fixed loss of SRID when calling reverse() on LineString/Point.
Thanks Mariusz Felisiak for contributing the Point part.
2019-07-27 20:12:46 +02:00
Jon Dufresne 4122d9d3f1 Refs #28147 -- Fixed setting of OneToOne and Foreign Key fields to None when using attnames.
Regression in 519016e5f2.
2019-07-27 12:04:56 +02:00
Jon Dufresne 619c9a4f49 Added tests for using attnames to assign OneToOne and Foreign Key fields. 2019-07-27 12:03:45 +02:00
Piotr Domanski 4b4e68a7a6 Fixed #30567 -- Made WSGIHandler pass FileResponse.block_size to wsgi.file_wrapper. 2019-07-26 07:31:51 +02:00
Hasan Ramezani 1853383969 Fixed #27995 -- Added error messages on unsupported operations following union(), intersection(), and difference(). 2019-07-25 12:39:55 +02:00
Jon Dufresne 5ed20b3aa3 Fixed #30657 -- Allowed customizing Field's descriptors with a descriptor_class attribute.
Allows model fields to override the descriptor class used on the model
instance attribute.
2019-07-25 08:15:20 +02:00
Tom Forbes fc75694257 Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved. 2019-07-24 14:08:37 +02:00
Mariusz Felisiak fed5e19369
Removed unused BaseReloader.watch_file().
Unused since its introduction in c8720e7696.
2019-07-24 13:32:02 +02:00
Jon Dufresne d89053585e Improved error message when index in __getitem__() is invalid. 2019-07-23 20:12:08 +02:00
Tom Forbes 2ff517ccb6 Fixed #30506 -- Fixed crash of autoreloader when path contains null characters. 2019-07-23 10:03:23 +02:00
Min ho Kim 9f11939dd1 Fixed typos in comments and a test name. 2019-07-19 18:24:06 +02:00
Hasan Ramezani 1fc2c70f76 Fixed #30593 -- Added support for check constraints on MariaDB 10.2+. 2019-07-19 11:05:06 +02:00
Mads Jensen a3417282ac Fixed #29824 -- Added support for database exclusion constraints on PostgreSQL.
Thanks to Nick Pope and Mariusz Felisiak for review.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-07-16 18:04:41 +02:00
Mariusz Felisiak cf79f92abe
Simplified tests for PostgreSQL constraints. 2019-07-16 16:56:44 +02:00
Yann Sionneau e47b8293a7 Fixed #30636 -- Fixed options ordering when cloning test database on MySQL.
--defaults-file must be given before other options.
2019-07-16 07:25:43 +02:00
Hasan Ramezani 402e6d292f Fixed #30602 -- Made Extract raise ValueError when using unsupported lookups for DurationField. 2019-07-12 08:08:35 +02:00
Mariusz Felisiak 7a42cfcfdc
Refs #30557 -- Fixed crash of ordering by ptr fields when Meta.ordering contains F() expressions.
Thanks Can Sarıgöl for the report.

Follow up to 8c5f9906c5.
2019-07-11 13:40:36 +02:00
Hasan Ramezani 8c5f9906c5 Fixed #30557 -- Fixed crash of ordering by ptr fields when Meta.ordering contains expressions. 2019-07-11 11:24:59 +02:00
can 52545e788d Fixed #28289 -- Fixed crash of RawSQL annotations on inherited model fields. 2019-07-11 08:27:15 +02:00
atsuo ishimoto a9c6ab0356 Fixed #30619 -- Made runserver --nothreading use single threaded WSGIServer.
Browsers often use multiple connections with Connection: keep-alive.
If --nothreading is specified, the WSGI server cannot accept new
connections until the old connection is closed, causing hangs.

Force Connection: close when --nothreading option is used.
2019-07-10 13:22:17 +02:00
Johannes Hoppe 00d4e6f8b5 Updated Select2 to version 4.0.7. 2019-07-10 12:31:16 +02:00
Hasan Ramezani ed668796f6 Fixed #30543 -- Fixed checks of ModelAdmin.list_display for fields accessible only via instance.
Co-Authored-By: Andrew Simons <andrewsimons@bubblegroup.com>
2019-07-10 10:37:34 +02:00
Mariusz Felisiak 7991111af1
Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type.
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson the review.

Regression in 6b048b364c.
2019-07-10 10:33:36 +02:00
Simon Charette ee6e93ec87 Fixed #30628 -- Adjusted expression identity to differentiate bound fields.
Expressions referring to different bound fields should not be
considered equal.

Thanks Julien Enselme for the detailed report.

Regression in bc7e288ca9.
2019-07-10 07:46:08 +02:00
can febe136d4c Fixed #30397 -- Added app_label/class interpolation for names of indexes and constraints. 2019-07-08 14:57:56 +02:00
Mariusz Felisiak 8233144ca0 Changed django.db.models.indexes.Index imports to django.db.models.Index. 2019-07-08 14:19:46 +02:00
Johannes Hoppe bc91f27a86 Refs #29444 -- Added support for fetching a returned non-integer insert values on Oracle.
This is currently not actively used, since the ORM will ask the
SQL compiler to only return auto fields.
2019-07-08 08:53:08 +02:00
can 53209f7830 Fixed #30613 -- Moved index name validation to system checks. 2019-07-05 09:30:21 +02:00
Chason Chaffin c238e65e29 Fixed #30596 -- Fixed SplitArrayField.has_changed() for non-string base fields.
Thanks to Evgeniy Krysanov for the report and the idea to use to_python.
Thanks to Mariusz Felisiak for the test case.
2019-07-03 13:35:51 +02:00
Benjamin Woodruff 54dcfbc367 Fixed #29744 -- Fixed caching of URLResolver for a default URLconf.
get_resolver() for a default URLconf (passing no argument) and for
settings.ROOT_URLCONF should return the same cached object.
2019-07-03 11:37:28 +02:00
Chason Chaffin 55b68de643 Fixed #30608 -- Fixed non-unicode EmailMessage crash when domain name for localhost is non-ASCII.
Assisted by felixxm.
2019-07-03 10:49:03 +02:00
Hasan Ramezani a5308514fb Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields. 2019-07-02 12:55:09 +02:00
Min ho Kim fbb83fefd4 Fixed typos in comments and docs. 2019-07-02 09:36:17 +02:00
Hasan Ramezani 090ca6512f Fixed #30604 -- Made mail_admins()/mail_managers() raise ValueError if ADMINS/MANAGERS is set incorrectly. 2019-07-02 07:34:07 +02:00
Hasan Ramezani 5d03f2bc01 Fixed #30595 -- Added error message when no objects found to sql* management commands. 2019-07-01 13:47:54 +02:00
Carlton Gibson 54d0f5e62f Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
Mariusz Felisiak 8fc8c958a5
Fixed broken selenium tests after 42b9a23267. 2019-06-30 20:35:05 +02:00
Jon Dufresne 42b9a23267 Fixed #30400 -- Improved typography of user facing strings.
Thanks Claude Paroz for assistance with translations.
2019-06-28 16:46:18 +02:00
Hasan Ramezani 2b03e8e9e8 Fixed #30584 -- Fixed management command when using subparsers with dest parameter. 2019-06-28 12:51:26 +02:00