Commit Graph

7 Commits

Author SHA1 Message Date
Tom Hacohen 1ecc0a395b Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page.
Co-Authored-By: Tim Graham <timograham@gmail.com>
2019-01-03 21:21:55 -05:00
Tim Graham 02c07be95c Fixed #30050 -- Fixed InlineModelAdmin.has_change_permission() called with non-None obj during add.
Thanks andreage for the report and suggested fix.
2019-01-01 09:42:14 -05:00
Carlton Gibson bbe28fa076 Refs #30015 -- Added 2.1.5 release note and removed 'we' in comments. 2018-12-20 21:30:13 -05:00
Simon Charette 315357ad25 Fixed #30023 -- Prevented SQLite schema alterations while foreign key checks are enabled.
Prior to this change foreign key constraint references could be left pointing
at tables dropped during operations simulating unsupported table alterations
because of an unexpected failure to disable foreign key constraint checks.

SQLite3 does not allow disabling such checks while in a transaction so they
must be disabled beforehand.

Thanks ezaquarii for the report and Carlton and Tim for the review.
2018-12-15 18:51:59 -05:00
Simon Charette c8ffdbe514 Fixed #29182 -- Fixed schema table alteration on SQLite 3.26+.
SQLite 3.26 repoints foreign key constraints on table renames even when
foreign_keys pragma is off which breaks every operation that requires
a table rebuild to simulate unsupported ALTER TABLE statements.

The newly introduced legacy_alter_table pragma disables this behavior
and restores the previous schema editor assumptions.

Thanks Florian Apolloner, Christoph Trassl, Chris Lamb for the report and
troubleshooting assistance.
2018-12-07 13:32:37 -05:00
Tim Graham 284b3221a2 Fixed #30013 -- Fixed DatabaseOperations.last_executed_query() with mysqlclient 1.3.14+. 2018-12-05 14:46:23 -05:00
Carlton Gibson 196b420fcb Added stub release notes for 2.1.5 release. 2018-12-04 16:21:38 +01:00