Florian Apolloner
46572de2e9
Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView.
2021-06-02 10:58:39 +02:00
Carlton Gibson
f66ae7a2d5
Confirmed release date for Django 3.2.4, 3.1.12, and 2.2.24.
2021-06-02 10:19:19 +02:00
Jacob Walls
1443b5e9ac
Fixed typo in docs/internals/contributing/writing-code/coding-style.txt.
2021-06-02 08:14:57 +02:00
Mariusz Felisiak
e703b152c6
Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.
...
Regression in 1e38f1191d
.
Thanks Mohsen Tamiz for the report.
2021-06-01 15:11:42 +02:00
Daniyal
a0410ffe8f
Refs #32552 -- Added DiscoverRunner.log() to allow customization.
...
Thanks Carlton Gibson, Chris Jerdonek, and David Smith for reviews.
2021-06-01 13:31:44 +02:00
Chris Jerdonek
cd19db10df
Fixed #32796 -- Changed CsrfViewMiddleware to fail earlier on badly formatted cookie tokens.
2021-06-01 09:02:27 +02:00
Chris Jerdonek
623cec0879
Refs #32796 -- Added CsrfViewMiddleware tests for incorrectly formatted cookie tokens.
2021-06-01 09:02:23 +02:00
abhiabhi94
c609d5149c
Refs #24121 -- Added __repr__() to Engine
2021-06-01 07:44:36 +02:00
Chris Jerdonek
55775891fb
Fixed #32795 -- Changed CsrfViewMiddleware to fail earlier on badly formatted tokens.
2021-05-31 21:12:21 +02:00
Chris Jerdonek
ffdee8d264
Refs #32795 -- Added CsrfViewMiddleware tests for rejecting invalid or missing tokens.
...
This also improves test names for test_process_request_no_csrf_cookie
and test_process_request_csrf_cookie_no_token. The logic being tested
is actually in process_view() rather than process_request(), and it's
not necessary to include the method name.
2021-05-31 21:12:17 +02:00
Gildardo Adrian Maravilla Jacome
91e21836f6
Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage.
2021-05-31 11:09:48 +02:00
Gildardo Adrian Maravilla Jacome
781b44240a
Refs #32319 -- Changed HashedFilesMixin to use named groups in patterns.
2021-05-31 10:40:21 +02:00
Chris Jerdonek
d270dd584e
Refs #32778 -- Improved the name of the regex object detecting invalid CSRF token characters.
...
This also improves the comments near where the variable is used.
2021-05-29 12:53:50 +02:00
David Sanders
5685b7cd73
Fixed typos in comments and docs.
2021-05-29 12:51:14 +02:00
David Wobrock
b9df2b74b9
Fixed #32676 -- Prevented migrations from rendering related field attributes when not passed during initialization.
...
Thanks Simon Charette for the implementation idea.
2021-05-28 20:25:59 +02:00
Hannes Ljungberg
b746596f5f
Refs #32779 -- Changed DatabaseSchemaEditor._unique_sql()/_create_unique_sql() to take fields as second parameter.
2021-05-28 10:50:27 +02:00
abhiabhi94
22da686ca9
Refs #24121 -- Added __repr__() to PermWrapper.
2021-05-28 08:03:23 +02:00
Chris Jerdonek
214b36f50a
Refs #32596 -- Added early return on safe methods in CsrfViewMiddleware.process_view().
2021-05-28 07:32:01 +02:00
Chris Jerdonek
cfd8c91839
Refs #32596 -- Optimized CsrfViewMiddleware._check_referer() to delay computing good_referer.
2021-05-28 07:32:01 +02:00
Chris Jerdonek
71179a6124
Fixed #32596 -- Added CsrfViewMiddleware._check_referer().
...
This encapsulates CsrfViewMiddleware's referer logic into a method and
updates existing tests to check the "seam" introduced by the refactor,
when doing so would improve the test.
2021-05-28 07:31:56 +02:00
Mohammadreza Varasteh
e93eb3d971
Fixed #32789 -- Made feeds emit elements with no content as self-closing tags.
2021-05-27 21:05:28 +02:00
Chris Jerdonek
02c59b7a43
Refs #32596 -- Added extra tests for CsrfViewMiddleware's referer logic.
2021-05-27 10:53:20 +02:00
Nick Pope
e513fb0e77
Fixed typo in MiddlewareMixin deprecation note.
2021-05-27 06:17:30 +02:00
Nilo César Teixeira
0d67481a66
Fixed #32762 -- Fixed locale reset in compilemessages test.
...
Reset the `LC_ALL` override value in the test environment to ensure that locale
values the calling environment are not used.
2021-05-26 15:37:42 +02:00
Moriyoshi Koizumi
9e4780deda
Fixed #32669 -- Fixed detection when started non-django modules which aren't packages with "python -m" in autoreloader.
2021-05-26 12:29:43 +02:00
Michael Lissner
5a8e8f80bb
Fixed #32772 -- Made database cache count size once per set.
2021-05-26 11:21:11 +02:00
Mariusz Felisiak
12b19a1d76
Fixed #32783 -- Fixed crash of autoreloader when __main__ module doesn't have __spec__ attribute.
...
Regression in ec6d2531c5
.
Thanks JonathanNickelson for the report.
2021-05-26 11:19:47 +02:00
Hasan Ramezani
1143f3bb5e
Fixed #32543 -- Added search_help_text to ModelAdmin.
2021-05-26 10:20:13 +02:00
Carlton Gibson
b46dbd4e3e
Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24.
2021-05-26 10:16:05 +02:00
Hasan Ramezani
68357b2ca9
Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for template changes.
2021-05-26 09:41:29 +02:00
Mariusz Felisiak
7e51893911
Refs #32379 -- Added USE_TZ settings to AdminScriptTestCase.write_settings().
2021-05-25 13:22:40 +02:00
Hannes Ljungberg
3e0fdf5546
Fixed #32780 -- Made Add/RemoveConstraint operations a noop for covering/deferrable unique constraints on SQLite.
2021-05-25 11:34:25 +02:00
abhiabhi94
866dccb650
Fixed #32778 -- Avoided unnecessary recompilation of token regex in _sanitize_token().
2021-05-25 09:56:09 +02:00
saeedblanchette
d3d95d645f
Refs #24121 -- Added __repr__() to Lookup.
2021-05-24 07:32:25 +02:00
Mariusz Felisiak
f0a9413bd2
Refs #24121 -- Improved Value.__repr__().
2021-05-24 07:26:53 +02:00
Mariusz Felisiak
3f6d4e22f8
Fixed typo in tests/expressions/tests.py.
2021-05-24 07:26:53 +02:00
Hannes Ljungberg
7ef2398e81
Fixed #32777 -- Passed table reference as a string to DatabaseSchemaEditor._index_columns().
2021-05-24 06:31:48 +02:00
Yuekui Li
5e04e84d67
Fixed #32503 -- Fixed altering BLOB/TEXT field to non-nullable with default on MySQL 8.0.13+.
...
MySQL 8.0.13+ supports defaults for BLOB/TEXT but not in the
ALTER COLUMN statement.
Regression in 6b16c91157
.
Thanks Matt Westcott for the report.
2021-05-21 13:34:37 +02:00
Rohith PR
7cca22964c
Fixed #32375 -- Started deprecation toward changing the default sitemap protocol to https.
...
The default sitemap protocol, when it is built outside the context of
a request, will be changed from 'http' to 'https' in Django 5.0.
2021-05-21 11:00:54 +02:00
Rohith PR
56003b21ea
Added tests for Sitemap.get_protocol().
2021-05-21 10:55:05 +02:00
yyyyyyyan
e197dcca36
Clarified docs about increasing the work factor for bcrypt hasher.
2021-05-20 20:24:51 +02:00
Mariusz Felisiak
66491f08fe
Changed IRC references to Libera.Chat.
2021-05-20 12:23:36 +02:00
Ben Sturmfels
31b6ce9ff9
Fixed note about ISP caching in docs.
...
Regression in 7aabd62380
.
2021-05-20 10:55:42 +02:00
David Sanders
736bb9868a
Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods.
2021-05-20 07:29:16 +02:00
David Sanders
2978c63a34
Fixed #32771 -- Used IS_POPUP_VAR constant instead of hard-coded value.
2021-05-20 07:04:26 +02:00
Mike Lissner
6e155d280d
Added note about culling in database cache backend docs.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-20 06:24:48 +02:00
David Sanders
536c155e67
Fixed #32765 -- Removed "for" HTML attribute from ReadOnlyPasswordHashWidget.
...
ReadOnlyPasswordHashWidget doesn't have any labelable elements.
2021-05-19 20:34:57 +02:00
David D Lowe
fa4e963ee7
Doc'd that HttpRequest.path doesn't contain a query string.
2021-05-19 11:23:56 +02:00
Carlton Gibson
c2e6047c72
Fixed #32740 -- Caught possible exception when initializing colorama.
2021-05-19 10:33:15 +02:00
David Sanders
127fd927d0
Fixed #32766 -- Removed unused ORDER_TYPE_VAR.
...
Unused since 5434ce231d
.
2021-05-19 07:51:13 +02:00