p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
29,324 Commits 28 Branches 411 Tags 641 MiB
Commit Graph

29324 Commits

Author SHA1 Message Date
Mike Lissner d5c675ac7c [3.2.x] Added note about culling in database cache backend docs. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>

Backport of 6e155d280d from main
 2021-05-20 07:02:56 +02:00
David D Lowe 33dec7b13b [3.2.x] Doc'd that HttpRequest.path doesn't contain a query string. 
Backport of fa4e963ee7 from main
 2021-05-19 11:58:35 +02:00
Carlton Gibson a173202dd4 [3.2.x] Fixed #32740 -- Caught possible exception when initializing colorama. 
Backport of c2e6047c72 from main
 2021-05-19 11:16:13 +02:00
David Sanders d743c37326 [3.2.x] Fixed typo in docs/ref/contrib/admin/index.txt. 
Backport of dacc307d93 from main
 2021-05-19 07:29:23 +02:00
Mariusz Felisiak 41e2aa7eb2 [3.2.x] Fixed #32747 -- Prevented initialization of unused caches. 
Thanks Alexander Ebral for the report.

Regression in 98e05ccde4.

Backport of 958cdf65ae from main
 2021-05-18 20:23:26 +02:00
Rust Saiargaliev 349bb58b8a [3.2.x] Fixed #32733 -- Skipped system check for specifying type of auto-created primary keys on abstract models. 
Regression in b5e12d490a.

Backport of a24fed399c from main
 2021-05-18 13:20:55 +02:00
Girish Sontakke 65b680a99a [3.2.x] Fixed #32755 -- Corrected Model.get_absolute_url() example in docs. 
Backport of 27d4573d35 from main
 2021-05-18 11:31:03 +02:00
Slava Skvortsov ce78bc9808 [3.2.x] Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME. 
Regression in ba31b01034.

Backport of f7691d4812 from main
 2021-05-18 09:58:49 +02:00
Nick Pope cb91b2d9e3 [3.2.x] Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. 
Backport of c156e36955 from main
 2021-05-17 12:16:09 +02:00
Nick Pope 55b89e8cac [3.2.x] Refs #32720 -- Fixed some broken links in docs. 
Backport of 7c4ee487c7 from main
 2021-05-17 12:14:20 +02:00
Nick Pope 0c19b075b2 [3.2.x] Refs #32720 -- Used full hashes in security archive. 
Backport of 1c3bbcf802 from main
 2021-05-17 12:13:57 +02:00
Mariusz Felisiak f844c0c33a [3.2.x] Corrected commit hashes for security patches. 
Backport of df5c96299a from main
 2021-05-17 12:13:44 +02:00
Nick Pope 80cf193d32 [3.2.x] Refs #32720 -- Used :commit: and :source: role in old release notes. 
Backport of 8c4caee76a from main
 2021-05-17 12:13:31 +02:00
Mariusz Felisiak 1037825eed [3.2.x] Added stub release notes for Django 3.2.4. 
Backport of 820408d842 from main
 2021-05-13 09:45:39 +02:00
Mariusz Felisiak 18525ad872 [3.2.x] Post-release version bump. 2021-05-13 09:15:40 +02:00
Mariusz Felisiak 9385fa275a [3.2.x] Bumped version for 3.2.3 release. 2021-05-13 09:11:39 +02:00
Mariusz Felisiak 224b8e5a5a [3.2.x] Fixed #32718 -- Relaxed file name validation in FileField. 
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
Backport of b55699968f from main
 2021-05-13 08:55:00 +02:00
Simon Charette 386caa5445 [3.2.x] Fixed #32717 -- Fixed filtering of querysets combined with the | operator. 
Address a long standing bug in a Where.add optimization to discard
equal nodes that was surfaced by implementing equality for Lookup
instances in bbf141bcdc.

Thanks Shaheed Haque for the report.

Backport of b81c7562fc from main
 2021-05-13 07:53:56 +02:00
David Smith d6b6eda4ed [3.2.x] Fixed #26721 -- Doc'd setting UTF-8 on Windows. 
Backport of 0456d3e427 from main
 2021-05-12 20:46:31 +02:00
Nick Pope 4318e60a80 [3.2.x] Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection options in MySQL backend. 
The 'db' and 'passwd' connection options have been deprecated, use
'database' and 'password' instead (available since mysqlclient >= 1.3.8).

This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.

Backport of 1061f52436 from main
 2021-05-12 13:35:13 +02:00
Nick Pope cd84f7acfa [3.2.x] Refs #32366 -- Avoided use of datetime.utcnow() in the documentation. 
Backport of 69ffb1acf3 from main
 2021-05-12 12:12:28 +02:00
Nick Pope fab710d3ff [3.2.x] Fixed a typo in docs/ref/models/fields.txt. 
datetime.date.utcnow() doesn't exist, should be .today().

Backport of 88b3982af3 from main
 2021-05-12 12:12:10 +02:00
Mariusz Felisiak dc7b495dae [3.2.x] Refs #32718 -- Corrected CVE-2021-31542 release notes. 
Backport of d1f1417cae from main
 2021-05-12 10:42:32 +02:00
Nick Pope bdd565422d [3.2.x] Fixed typo in docs/internals/contributing/writing-documentation.txt. 
Backport of c240ceea7d from main
 2021-05-06 20:02:11 +02:00
Mariusz Felisiak 8afb677ce7 [3.2.x] Added stub release notes for Django 3.2.3. 
Backport of 29779075d7 from main
 2021-05-06 10:11:32 +02:00
Mariusz Felisiak 0262579f2e [3.2.x] Added CVE-2021-32052 to security archive. 
Backport of efebcc429f from main
 2021-05-06 10:03:45 +02:00
Mariusz Felisiak 40ad501425 [3.2.x] Post-release version bump. 2021-05-06 09:03:32 +02:00
Mariusz Felisiak 26e033b1b7 [3.2.x] Bumped version for 3.2.2 release. 2021-05-06 08:59:30 +02:00
Mariusz Felisiak 2d2c1d0c97 [3.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+. 
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603

Backport of e1e81aa1c4 from main.
 2021-05-06 08:48:22 +02:00
Carlton Gibson a937d7f214 [3.2.x] Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows. 
The validate_file_name() sanitation introduced in
0b79eb3691 correctly rejects the example
file name as containing path elements on Windows. This breaks the test
introduced in 914c72be2a to allow path
components for storages that may allow them.

Test is skipped pending a discussed storage refactoring to support this
use-case.

Backport of a708f39ce6 from main
 2021-05-06 07:42:21 +02:00
Simon Charette 364098fdac [3.2.x] Fixed #32714 -- Prevented recreation of migration for Meta.ordering with OrderBy expressions. 
Regression in c8b6594305.

Thanks Kevin Marsh for the report.

Backport of 96f55ccf79 from main
 2021-05-05 08:44:37 +02:00
Carlton Gibson df801dde33 [3.2.x] Added CVE-2021-31542 to security archive. 
Backport of 607ebbfba9 and
62b2e8b37e from main
 2021-05-04 11:10:50 +02:00
Carlton Gibson 04d8ed3660 [3.2.x] Added stub release notes for Django 3.2.2. 
Backport of 5a43cfe245 from main
 2021-05-04 11:02:11 +02:00
Carlton Gibson 0d57264e36 [3.2.x] Post-release version bump. 2021-05-04 10:43:26 +02:00
Carlton Gibson 8b300f3fab [3.2.x] Bumped version for 3.2.1 release. 2021-05-04 10:37:31 +02:00
Florian Apolloner c98f446c18 [3.2.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:43:52 +02:00
Susan Wright 8e1900d4f3 [3.2.x] Added spelling option to make.bat. 
Backport of 7582d913e7 from main
 2021-04-30 14:09:59 +02:00
Hasan Ramezani ce130749d5 [3.2.x] Refs #32178 -- Doc'd DatabaseFeatures.django_test_skips/django_test_expected_failures in contributing guide. 
Backport of ca34db4650 from main
 2021-04-29 20:56:08 +02:00
Carlton Gibson bac416972d [3.2.x] Refs #32674 -- Noted that auto-created through table PKs cannot be automatically migrated. 
Backport of 907d3a7ff4 from main
 2021-04-29 15:14:15 +02:00
Carlton Gibson d716d30a19 [3.2.x] Refs #32694 -- Clarified when colorama requirement is needed in Windows how-to. 
Backport of 4f128fcf5d from main
 2021-04-29 11:27:39 +02:00
Adam Johnson 263ee4434f [3.2.x] Corrected introduction to range field lookups docs. 
Follow up to 24b9f50823.
Backport of 68e876c095 from main
 2021-04-28 20:35:28 +02:00
Simon Charette d5add5d3a2 [3.2.x] Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery deconstruction. 
Subquery deconstruction support required implementing complex and
expensive equality rules for sql.Query objects for little benefit as
the latter cannot themselves be made deconstructible to their reference
to model classes.

Making Expression @deconstructible and not BaseExpression allows
interested parties to conform to the "expression" API even if they are
not deconstructible as it's only a requirement for expressions allowed
in Model fields and meta options (e.g. constraints, indexes).

Thanks Phillip Cutter for the report.

This also fixes a performance regression in bbf141bcdc.

Backport of c8b6594305 from main
 2021-04-28 20:27:42 +02:00
Konstantin Alekseev 55cb3c8ac1 [3.2.x] Fixed #32687 -- Restored passing process’ environment to underlying tool in dbshell on PostgreSQL. 
Regression in bbe6fbb876.

Backport of 6e742dabc9 from main.
 2021-04-27 12:02:06 +02:00
Mariusz Felisiak 34981f399a [3.2.x] Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for preventing duplicates. 
Thanks Zain Patel for the report and Simon Charette for reviews.

The exception introduced in 6307c3f1a1
revealed a possible data loss issue in the admin.

Backport of 1871182031 from main
 2021-04-27 10:39:55 +02:00
Mariusz Felisiak fbea64b8ce [3.2.x] Refs #32682 -- Renamed use_distinct variable to may_have_duplicates. 
QuerySet.distinct() is not the only way to avoid duplicate, it's also
not preferred.

Backport of cd74aad90e from main
 2021-04-27 10:37:13 +02:00
Mariusz Felisiak 7ad7034054 [3.2.x] Refs #32682 -- Fixed QuerySet.delete() crash on querysets with self-referential subqueries on MySQL. 
Backport of 4074f38e1d from main
 2021-04-27 10:35:42 +02:00
Mariusz Felisiak 727a154094 [3.2.x] Refs 32637 -- Made technical 404 debug page display exception message when URL is resolved. 
Follow up to 3b8527e32b.
Backport of d68be0494b from main
 2021-04-27 08:41:11 +02:00
Zain Patel 0dfe88eaba [3.2.x] Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin template. 
Regression in 84609b3205.

Backport of 4e5bbb6ef2 from main.
 2021-04-26 12:52:33 +02:00
Clumart.G fc9cbad880 [3.2.x] Refs #28034 -- Corrected docs example in contributing tutorial. 
Backport of 67bb1f516c from main
 2021-04-23 15:25:12 +02:00
Mariusz Felisiak 1cf0989b06 [3.2.x] Used assertCountEqual() in ExcludeTests.test_exclude_subquery(). 
Backport of c3278bb71f from main
 2021-04-22 14:42:47 +02:00