p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
32,829 Commits 28 Branches 411 Tags 641 MiB
Commit Graph

32829 Commits

Author SHA1 Message Date
Devin Cox e03083917d Fixed #35586 -- Added support for set-returning database functions. 
Aggregation optimization didn't account for not referenced set-returning annotations on Postgres.

Co-authored-by: Simon Charette <charette.s@gmail.com>
 2024-08-12 15:35:19 +02:00
Mark Gensler 228128618b Fixed #35575 -- Added support for constraint validation on GeneratedFields. 2024-08-12 13:45:57 +02:00
Mariusz Felisiak f883bef054 Refs #35591 -- Removed hardcoded "stable" version in runserver warning. 2024-08-12 10:57:02 +02:00
lucasesposito f16a9a556f Fixed #35658 -- Initialized InMemoryFileNode instances with a name. 2024-08-09 12:27:15 +02:00
Andrew Miller 69aa13ffb9 Fixed #35591 -- Added unsuitable for production console warning to runserver. 2024-08-09 10:34:10 +02:00
Adam Johnson 9582745257 Fixed #35622 -- Made unittest ignore Django assertions in traceback frames. 
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
 2024-08-08 21:34:01 -03:00
Natalia e1606d27b4 Added test for acheck_password() to ensure make_password is called for unusable passwords. 
This is a follow up for the fix of CVE-2024-39329
(5d86458579) where the timing of
verify_password() was standardized when checking unusable passwords.
 2024-08-08 12:53:36 -03:00
Jure Cuhalev f8ef4579ea Doc'd that SessionMiddleware is required for the admin site. 
The system check "admin.E410" was already checking for this, but the
requirement was not listed in docs/ref/contrib/admin/index.txt.
 2024-08-08 08:48:41 -03:00
Andrew Miller cec62fb99e Refs #35591 -- Emphasized that runserver is not suitable for production. 2024-08-08 10:08:53 +02:00
Adam Johnson 49815f70e4 Refs #31405 -- Improved LoginRequiredMiddleware documentation. 
co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-08-08 10:05:31 +02:00
Mariusz Felisiak 7fb15ad5bc Fixed #35661 -- Fixed test_too_many_digits_to_rander() test crash on PyPy. 
Thanks Michał Górny for the report.
 2024-08-08 09:53:04 +02:00
Matthias Kestenholz 54888408a1
Fixed #35639 -- Improved admin's delete confirmation page title. 2024-08-07 18:10:49 -03:00
Natalia 790f0f8868 Added stub release notes for 5.1.1. 2024-08-07 10:38:36 -03:00
Natalia a05187fce6 Fixed i18n.tests.TranslationTests.test_plural to use correct French translation. 
Forwardport of d5ad743e79 from stable/5.1.x.
 2024-08-07 10:10:28 -03:00
Natalia bdcf789553 Updated translations from Transifex. 
Forwardport of 380c6e6ddd from stable/5.1.x.
 2024-08-07 10:09:42 -03:00
Natalia 8ad6dc636b Finalized release notes for Django 5.1. 2024-08-07 10:04:18 -03:00
Farhan 6993c9d8c9 Fixed #35553 -- Handled import*as in HashedFilesMixin. 2024-08-07 11:01:56 +02:00
Sarah Boyce fdc638bf4a Added CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and CVE-2024-42005 to security archive. 2024-08-06 17:22:46 +02:00
Simon Charette c87bfaacf8 Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields. 
Thanks Eyal (eyalgabay) for the report.
 2024-08-06 08:50:08 +02:00
Mariusz Felisiak 5f1757142f Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget. 
Thanks Seokchan Yoon for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-08-06 08:50:08 +02:00
Sarah Boyce ecf1f8fb90 Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thanks to MProgrammer for the report.
 2024-08-06 08:50:08 +02:00
Sarah Boyce c19465ad87 Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat. 
Thanks Elias Myllymäki for the report.

Co-authored-by: Shai Berger <shai@platonix.com>
 2024-08-06 08:50:08 +02:00
Sarah Boyce 8deb6bb1fc
Fixed #35657 -- Made FileField handle db_default values. 2024-08-05 16:36:49 -03:00
nessita e9e14709ff
Extended script to manage translations to support fetching new translations since a given date. 2024-08-05 13:51:28 -03:00
David Sanders 509763c799 Fixed #35638 -- Updated validate_constraints to consider db_default. 2024-08-05 17:33:12 +02:00
David Sanders 91a038754b Refs #35638 -- Avoided wrapping expressions with Value in _get_field_value_map() and renamed to _get_field_expression_map(). 2024-08-05 17:33:12 +02:00
Mariusz Felisiak 304d256674
Used :pypi: role in docs where appropriate. 2024-08-05 10:35:50 -03:00
John Parton 7f8d839722 Fixed #35628 -- Allowed compatible GeneratedFields for ModelAdmin.date_hierarchy. 2024-08-05 15:27:20 +02:00
Natalia 90adba85b2 Refs #35380 -- Updated screenshots in admin docs. 2024-08-05 09:02:01 -03:00
Natalia fb6050e784 Refs #35380 -- Updated screenshots in intro docs. 2024-08-05 09:02:01 -03:00
Natalia 6e66c77089 Fixed #35645, Refs #35558 -- Added "medium" color in the admin CSS to improve accessibility of headings. 2024-08-05 09:02:01 -03:00
Jake Howard d5bebc1c26 Refs #35537 -- Improved documentation and test coverage for email attachments and alternatives. 2024-08-05 09:21:44 +02:00
Sarah Boyce 5424151f96 Fixed #35655 -- Reverted "Fixed #35295 -- Used INSERT with multiple rows on Oracle 23c." 
This reverts commit 175b04942a due to a crash when Oracle > 23.3.
 2024-08-03 09:05:30 +02:00
Mariusz Felisiak 6d3464cff0
Refs #35601, Refs #35599 -- Made cosmetic edits to TelInput/ColorInput docs. 2024-08-02 17:40:53 -03:00
Simon Charette a16f13a866
Fixed #35643 -- Fixed a crash when ordering a QuerySet by a reference containing "__". 
Regression in b0ad41198b.

Refs #34013. The initial logic did not consider that annotation aliases
can include lookup or transform separators.

Thanks Gert Van Gool for the report and Mariusz Felisiak for the review.
 2024-08-02 16:21:12 -03:00
lucasesposito b478cae006 Fixed #35601 -- Added TelInput widget. 2024-08-02 11:31:54 +02:00
arjunomray 946c3cf734 Fixed #35599 -- Added ColorInput widget. 2024-08-02 09:51:49 +02:00
Vaarun Sinha 54e8b4e582 Fixed #35489 -- Fixed vertical alignment of raw_id_fields widget. 
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-08-02 08:56:54 +02:00
Markus Holtermann aa90795050 Fixed #35646 -- Extended SafeExceptionReporterFilter.hidden_settings to treat `AUTH` as a sensitive match. 
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
 2024-08-01 15:02:00 -03:00
Natalia 615c80aba6 Improved view_tests.tests.test_debug.ExceptionReporterFilterTests. 2024-08-01 15:02:00 -03:00
Bendeguz Csirmaz 1eac690d25 Refs #373 -- Added tuple lookups. 2024-08-01 17:26:09 +02:00
Sarah Boyce 3dac3271d2 Reverted "Fixed #28646 -- Prevented duplicate index when unique is set to True on PostgreSQL." 
This reverts commit 9cf9c796be due to a crash on Oracle
as it didn't allow multiple indexes on the same field.
 2024-08-01 09:25:33 +02:00
nessita 8cf931dd2f
Removed GitHub Actions for creating and checking reminders. 2024-07-31 10:07:57 -03:00
Jeremy Thompson 30a60e8492 Fixed #35598 -- Added SearchInput widget. 2024-07-31 13:11:45 +02:00
Sarah Boyce 3f88089069 Added stub release notes and release date for 5.0.8 and 4.2.15. 2024-07-31 11:21:32 +02:00
Ben Cail 9cf9c796be Fixed #28646 -- Prevented duplicate index when unique is set to True on PostgreSQL. 2024-07-30 17:27:10 +02:00
Maryam Yusuf 7e00fee3bd Fixed #35546 -- Emphasised accepted ticket requirement in contributing docs. 2024-07-29 15:12:43 +02:00
Maryam Yusuf 9d10c7ab33 Referenced joining the triage and review team as motivation to do PR reviews. 2024-07-29 14:46:10 +02:00
Mariusz Felisiak e3de574c1e Refs #35074 -- Simplified and unified adding spatial indexes on MySQL and Oracle. 
This uses `deferred_sql` and `_field_indexes_sql()` instead of custom
hooks on MySQL.
 2024-07-29 12:31:32 +02:00
Tim Graham b6ad8b687a Added missing skips in constraint tests. 2024-07-26 18:59:12 +02:00