Commit Graph

30983 Commits

Author SHA1 Message Date
Hannes Ljungberg 6f311c7e35 Refs #33508 -- Corrected note about MySQL/MariaDB support of index ordering. 2022-04-20 17:45:23 +02:00
Carlton Gibson 6b53114dd8 Refs #33646 -- Added example for async cross-thread connection access. 2022-04-20 14:07:14 +02:00
Aymeric Augustin 5dfa6fca96 Refactored out RedirectURLMixin.get_success_url().
This also adds a default implementation of get_default_redirect_url().
2022-04-20 10:04:29 +02:00
Aymeric Augustin 04bc2564b6 Simplified LogoutView.get_success_url().
This preserves the behavior of redirecting to the logout URL without
query string parameters when an insecure ?next=... parameter is given.

It changes the behavior of a POST to the logout URL, as shown by the
test that is changed. Currently, this results in a GET to the logout
URL. However, such GET requests are deprecated. This change would be
necessary in Django 5.0 anyway. This commit merely anticipates it.
2022-04-20 10:04:29 +02:00
Aymeric Augustin 5fcd9b8c33 Unified LoginView/LogoutView.get_default_redirect_url() methods.
This might change the behavior when self.next_page == "". However,
resolve_url(self.next_page) would almost certainly fail in that case.

It is technically possible to define a logout URLpattern whose name is
"": path('logout/', LogoutView.as_view(), name=''), and then to refer to
this pattern with next_page = "". However this feels like a pathological
case, so we decided not to handle it.

Most checks on next_page, LOGIN_REDIRECT_URL, and LOGOUT_REDIRECT_URL
are performed with boolean evaluation rather than comparison with None.
That's why we standardizing that way.
2022-04-20 10:04:29 +02:00
Aymeric Augustin 5b8699e723 Renamed LogoutView.get_next_page() to get_success_url().
This aligns it with LoginView. Also, it removes confusion with the
get_next_page() method of paginators. get_next_page() was a private
API, therefore this refactoring is allowed.
2022-04-20 10:04:29 +02:00
Aymeric Augustin 12576bd371 Refactored out RedirectURLMixin.get_redirect_url().
This also renames SuccessURLAllowedHostsMixin to RedirectURLMixin.

This doesn't change the behavior of LogoutView.get_next_page() because
next_page == "" implies url_is_safe == False before the refactoring.
2022-04-20 10:04:29 +02:00
Andrey Otto 420d13edee
Fixed #33654 -- Added localdate to utils.timezone.__all__. 2022-04-20 09:59:48 +02:00
Xiang Zhang c8c6a51a38
Added TiDB to list of third-party DB backends. 2022-04-20 08:11:17 +02:00
Theofilos Alexiou 470708f50d
Updated note about ListView pagination example in CBV docs.
Follow up to 0f0abc20be.
2022-04-19 21:38:49 +02:00
Dominik 7d26d5f8f1 Fixed #33644 -- Corrected FAQ about displaying ManyToManyField in list_filter. 2022-04-19 18:56:04 +02:00
Carlton Gibson bf7c51a5f4 Fixed #33639 -- Enabled cached template loader in development. 2022-04-19 12:13:27 +02:00
Mariusz Felisiak f4f2afeb45
Refs #32226 -- Fixed JSON format of QuerySet.explain() on PostgreSQL when format is uppercased.
Follow up to aba9c2de66.
2022-04-19 08:24:24 +02:00
Aymeric Augustin 903702dfb1 Removed unnecessary default argument from GET.get() call in LoginView.get_redirect_url().
The default argument is unnecessary because
url_has_allowed_host_and_scheme() returns False when its first argument
is "" or None, so get_redirect_url() still returns "".

This also aligns LoginView.get_redirect_url() and LogoutView.get_next_page().
2022-04-19 06:25:38 +02:00
Aymeric Augustin 5591a72571
Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page when LOGOUT_REDIRECT_URL is set. 2022-04-18 16:33:10 +02:00
Claude Paroz fe7cb34544
Refs #33328 -- Corrected JS check for event.detail presence in docs. 2022-04-18 15:19:58 +02:00
Mariusz Felisiak 8e89dfe1c2 Fixed various tests on MySQL with MyISAM storage engine. 2022-04-18 07:05:52 +02:00
Mariusz Felisiak 331a460f8f Fixed DatabaseFeatures.uses_savepoints/can_release_savepoints and related tests with MyISAM storage engine. 2022-04-18 07:05:52 +02:00
Scott e12670016b
Fixed #33643 -- Fixed inspectdb crash on functional unique constraints on Oracle. 2022-04-16 15:29:51 +02:00
Alexandru Mărășteanu a1e4e86f92
Fixed #33607 -- Made PostgresIndex.create_sql() respect the "using" argument. 2022-04-15 22:00:28 +02:00
mgaligniana c72f6f36c1 Fixed #11803 -- Allowed admin select widgets to display new related objects.
Adjusted admin javascript to add newly created related objects to
already loaded select widgets.

In this version, applies only where limit_choices_to is not set.
2022-04-15 07:46:37 +02:00
Carlton Gibson deedf5bbc3 Refs #31169 -- Added release note for parallel test running changes. 2022-04-14 12:38:31 +02:00
Mariusz Felisiak 1760ad4e8c
Relaxed some query ordering assertions in various tests.
It accounts for differences seen on MySQL with MyISAM storage engine.
2022-04-14 12:12:13 +02:00
Claude Paroz 08f30d1b6a
Fixed #33637 -- Improved initial zoom level in MapWidget. 2022-04-14 11:50:31 +02:00
Carlton Gibson 5c67d906fd Removed stale Windows asyncio test skips.
Underlying issue was fixed in Python 3.8.1, now many versions ago.
https://bugs.python.org/issue38563
2022-04-14 10:43:34 +02:00
Mariusz Felisiak a0bd006306
Made select_for_update() don't raise TransactionManagementError on databases that don't support transactions. 2022-04-14 07:53:15 +02:00
Tim Graham db83ac48d4 Expanded QuerySet.explain() error message if a backend supports no formats. 2022-04-14 06:46:42 +02:00
Tim Graham a32876606f Removed unneeded code in explain_query_prefix() 2022-04-14 06:46:42 +02:00
Florian Apolloner 2eea361eff Fixed #30511 -- Used identity columns instead of serials on PostgreSQL. 2022-04-13 21:51:51 +02:00
Nick Pope 62ffc9883a
Updated bpo link to use redirect URI.
Mirrors the change made in python/cpython#32342.
2022-04-13 13:27:41 +02:00
Mariusz Felisiak fdfb3086fc Fixed DatabaseFeatures.supports_index_column_ordering and related tests with MyISAM storage engine. 2022-04-13 11:56:24 +02:00
Mariusz Felisiak 1bdfde0857 Fixed typo in SchemaIndexesMySQLTests.test_no_index_for_foreignkey(). 2022-04-13 11:56:24 +02:00
Mariusz Felisiak a65547c04a
Fixed tests on databases that don't support introspecting foreign keys. 2022-04-13 11:52:40 +02:00
Mariusz Felisiak 0b63124c84
Improved ExplainTests.test_basic().
QuerySet.select_for_update() is not supported by all databases.
Moreover it cannot be used outside of a transaction.
2022-04-13 10:17:14 +02:00
SanderBeekhuis 27d52158b2
Fixed #33627 -- Improved nonexistent pk in ModelMultipleChoiceFieldTests.test_model_multiple_choice_field(). 2022-04-13 08:31:23 +02:00
David Smith 856b528801
Removed unnecessary tuple call in SQLInsertCompiler. 2022-04-13 08:10:52 +02:00
zhangyangyu 1bb9bd9724 Fixed #33633 -- Skipped some test_utils tests on databases that don't support transactions. 2022-04-12 13:37:44 +02:00
Mariusz Felisiak 24f442b91d
Fixed DatabaseFeatures.supports_expression_indexes on MySQL with MyISAM. 2022-04-12 12:26:51 +02:00
mgaligniana 0ad5316f22 Fixed #24296 -- Made QuerySet.exists() clear selected columns for not sliced distinct querysets. 2022-04-12 08:18:22 +02:00
mgaligniana d2263b7b87 Refs #18414 -- Added tests for selected columns of sliced distinct querysets. 2022-04-12 08:18:22 +02:00
Himanshu-Balasamanta 06ebaa9e28 Fixed #33626 -- Cleared cache when unregistering a lookup. 2022-04-12 06:24:02 +02:00
Mateo Radman 884b4c27f5 Fixed #32604 -- Made file upload respect group id when uploading to a temporary file. 2022-04-11 13:32:27 +02:00
Mariusz Felisiak b8759093d8
Removed DatabaseFeatures.validates_explain_options.
Always True since 6723a26e59.
2022-04-11 12:58:01 +02:00
Mariusz Felisiak b54fd0e36e Added stub release notes for 4.0.5. 2022-04-11 10:45:57 +02:00
Mariusz Felisiak 78eeff8d33 Added CVE-2022-28346 and CVE-2022-28347 to security archive. 2022-04-11 10:32:22 +02:00
Mariusz Felisiak 6723a26e59 Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 2022-04-11 08:59:58 +02:00
Mariusz Felisiak 93cae5cb2f Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
2022-04-11 08:59:33 +02:00
Manel Clos 62739b6e26 Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes.
Regression in 68357b2ca9.
2022-04-11 07:37:30 +02:00
Simon Charette 0b31e02487 Fixed #33618 -- Fixed MTI updates outside of primary key chain. 2022-04-07 07:54:56 +02:00
Carlton Gibson 9ffd4eae2c
Fixed #33611 -- Allowed View subclasses to define async method handlers. 2022-04-07 07:05:59 +02:00