Florian Apolloner
4b78420d25
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Florian Apolloner
7f65974f82
Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Étienne Beaulé
5f24e7158e
Fixed #30665 -- Added support for distinct argument to Avg() and Sum().
2019-07-31 11:22:50 +02:00
Étienne Beaulé
cb3c2da128
Moved test for distinct Count() to a separate test case.
2019-07-31 10:41:17 +02:00
Nick Pope
f618e033ac
Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands.
2019-07-31 10:02:13 +02:00
Nick Pope
c95d063e77
Refs #30160 -- Simplified and improved tests for django.utils.archive.
...
The file executable should have 0o775 permission not only u=x.
The file no_permissions should have 0o644 u=r.
2019-07-31 09:46:24 +02:00
Hasan Ramezani
e3fc9af4ab
Refs #30593 -- Fixed introspection of check constraints columns on MariaDB.
2019-07-30 16:32:13 +02:00
Hasan Ramezani
b2aad9ad4d
Refs #30593 -- Added _parse_constraint_columns() hook to introspection on MariaDB.
2019-07-30 16:32:13 +02:00
Nick Pope
421c4cd2ee
Removed redundant ArchiveTest.test_extract_method() test.
...
The extract() function has the same code as used in the test method
for Archive.extract().
2019-07-30 11:33:53 +02:00
Nick Pope
0509148c24
Refs #30160 -- Made destination path a required argument of extract().
2019-07-30 11:27:56 +02:00
Jerrod Martin
c7bef16a74
Fixed #30411 -- Improved formatting of text tracebacks in technical 500 templates.
...
Co-Authored-By: Daniel Hahler <git@thequod.de>
2019-07-29 11:09:54 +02:00
Claude Paroz
3c6d32e0b2
Fixed #30552 -- Fixed loss of SRID when calling reverse() on LineString/Point.
...
Thanks Mariusz Felisiak for contributing the Point part.
2019-07-27 20:12:46 +02:00
Jon Dufresne
4122d9d3f1
Refs #28147 -- Fixed setting of OneToOne and Foreign Key fields to None when using attnames.
...
Regression in 519016e5f2
.
2019-07-27 12:04:56 +02:00
Jon Dufresne
619c9a4f49
Added tests for using attnames to assign OneToOne and Foreign Key fields.
2019-07-27 12:03:45 +02:00
Piotr Domanski
4b4e68a7a6
Fixed #30567 -- Made WSGIHandler pass FileResponse.block_size to wsgi.file_wrapper.
2019-07-26 07:31:51 +02:00
Hasan Ramezani
1853383969
Fixed #27995 -- Added error messages on unsupported operations following union(), intersection(), and difference().
2019-07-25 12:39:55 +02:00
Jon Dufresne
5ed20b3aa3
Fixed #30657 -- Allowed customizing Field's descriptors with a descriptor_class attribute.
...
Allows model fields to override the descriptor class used on the model
instance attribute.
2019-07-25 08:15:20 +02:00
Tom Forbes
fc75694257
Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved.
2019-07-24 14:08:37 +02:00
Mariusz Felisiak
fed5e19369
Removed unused BaseReloader.watch_file().
...
Unused since its introduction in c8720e7696
.
2019-07-24 13:32:02 +02:00
Jon Dufresne
d89053585e
Improved error message when index in __getitem__() is invalid.
2019-07-23 20:12:08 +02:00
Tom Forbes
2ff517ccb6
Fixed #30506 -- Fixed crash of autoreloader when path contains null characters.
2019-07-23 10:03:23 +02:00
Min ho Kim
9f11939dd1
Fixed typos in comments and a test name.
2019-07-19 18:24:06 +02:00
Hasan Ramezani
1fc2c70f76
Fixed #30593 -- Added support for check constraints on MariaDB 10.2+.
2019-07-19 11:05:06 +02:00
Mads Jensen
a3417282ac
Fixed #29824 -- Added support for database exclusion constraints on PostgreSQL.
...
Thanks to Nick Pope and Mariusz Felisiak for review.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-07-16 18:04:41 +02:00
Mariusz Felisiak
cf79f92abe
Simplified tests for PostgreSQL constraints.
2019-07-16 16:56:44 +02:00
Yann Sionneau
e47b8293a7
Fixed #30636 -- Fixed options ordering when cloning test database on MySQL.
...
--defaults-file must be given before other options.
2019-07-16 07:25:43 +02:00
Hasan Ramezani
402e6d292f
Fixed #30602 -- Made Extract raise ValueError when using unsupported lookups for DurationField.
2019-07-12 08:08:35 +02:00
Mariusz Felisiak
7a42cfcfdc
Refs #30557 -- Fixed crash of ordering by ptr fields when Meta.ordering contains F() expressions.
...
Thanks Can Sarıgöl for the report.
Follow up to 8c5f9906c5
.
2019-07-11 13:40:36 +02:00
Hasan Ramezani
8c5f9906c5
Fixed #30557 -- Fixed crash of ordering by ptr fields when Meta.ordering contains expressions.
2019-07-11 11:24:59 +02:00
can
52545e788d
Fixed #28289 -- Fixed crash of RawSQL annotations on inherited model fields.
2019-07-11 08:27:15 +02:00
atsuo ishimoto
a9c6ab0356
Fixed #30619 -- Made runserver --nothreading use single threaded WSGIServer.
...
Browsers often use multiple connections with Connection: keep-alive.
If --nothreading is specified, the WSGI server cannot accept new
connections until the old connection is closed, causing hangs.
Force Connection: close when --nothreading option is used.
2019-07-10 13:22:17 +02:00
Johannes Hoppe
00d4e6f8b5
Updated Select2 to version 4.0.7.
2019-07-10 12:31:16 +02:00
Hasan Ramezani
ed668796f6
Fixed #30543 -- Fixed checks of ModelAdmin.list_display for fields accessible only via instance.
...
Co-Authored-By: Andrew Simons <andrewsimons@bubblegroup.com>
2019-07-10 10:37:34 +02:00
Mariusz Felisiak
7991111af1
Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type.
...
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson the review.
Regression in 6b048b364c
.
2019-07-10 10:33:36 +02:00
Simon Charette
ee6e93ec87
Fixed #30628 -- Adjusted expression identity to differentiate bound fields.
...
Expressions referring to different bound fields should not be
considered equal.
Thanks Julien Enselme for the detailed report.
Regression in bc7e288ca9
.
2019-07-10 07:46:08 +02:00
can
febe136d4c
Fixed #30397 -- Added app_label/class interpolation for names of indexes and constraints.
2019-07-08 14:57:56 +02:00
Mariusz Felisiak
8233144ca0
Changed django.db.models.indexes.Index imports to django.db.models.Index.
2019-07-08 14:19:46 +02:00
Johannes Hoppe
bc91f27a86
Refs #29444 -- Added support for fetching a returned non-integer insert values on Oracle.
...
This is currently not actively used, since the ORM will ask the
SQL compiler to only return auto fields.
2019-07-08 08:53:08 +02:00
can
53209f7830
Fixed #30613 -- Moved index name validation to system checks.
2019-07-05 09:30:21 +02:00
Chason Chaffin
c238e65e29
Fixed #30596 -- Fixed SplitArrayField.has_changed() for non-string base fields.
...
Thanks to Evgeniy Krysanov for the report and the idea to use to_python.
Thanks to Mariusz Felisiak for the test case.
2019-07-03 13:35:51 +02:00
Benjamin Woodruff
54dcfbc367
Fixed #29744 -- Fixed caching of URLResolver for a default URLconf.
...
get_resolver() for a default URLconf (passing no argument) and for
settings.ROOT_URLCONF should return the same cached object.
2019-07-03 11:37:28 +02:00
Chason Chaffin
55b68de643
Fixed #30608 -- Fixed non-unicode EmailMessage crash when domain name for localhost is non-ASCII.
...
Assisted by felixxm.
2019-07-03 10:49:03 +02:00
Hasan Ramezani
a5308514fb
Fixed #27801 -- Made createsuperuser fall back to environment variables for password and required fields.
2019-07-02 12:55:09 +02:00
Min ho Kim
fbb83fefd4
Fixed typos in comments and docs.
2019-07-02 09:36:17 +02:00
Hasan Ramezani
090ca6512f
Fixed #30604 -- Made mail_admins()/mail_managers() raise ValueError if ADMINS/MANAGERS is set incorrectly.
2019-07-02 07:34:07 +02:00
Hasan Ramezani
5d03f2bc01
Fixed #30595 -- Added error message when no objects found to sql* management commands.
2019-07-01 13:47:54 +02:00
Carlton Gibson
54d0f5e62f
Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
...
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
Mariusz Felisiak
8fc8c958a5
Fixed broken selenium tests after 42b9a23267
.
2019-06-30 20:35:05 +02:00
Jon Dufresne
42b9a23267
Fixed #30400 -- Improved typography of user facing strings.
...
Thanks Claude Paroz for assistance with translations.
2019-06-28 16:46:18 +02:00
Hasan Ramezani
2b03e8e9e8
Fixed #30584 -- Fixed management command when using subparsers with dest parameter.
2019-06-28 12:51:26 +02:00