test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
django/tests/queries
History
Simon Charette a34a5f724c [3.2.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.order_by(). 
Regression introduced in 513948735b
by marking the raw SQL column reference feature for deprecation in
Django 4.0 while lifting the column format validation.

In retrospective the validation should have been kept around and the
user should have been pointed at using RawSQL expressions during the
deprecation period.

The main branch is not affected because the raw SQL column reference
support has been removed in 06eec31970
per the 4.0 deprecation life cycle.

Thanks Joel Saunders for the report.
 		2021-07-01 08:29:23 +02:00
..
__init__.py
models.py Fixed some queries tests when primary key values are large. 2020-10-27 06:39:52 +01:00
test_bulk_update.py Refs #31395 -- Relied on setUpTestData() test data isolation in various tests. 2020-05-15 20:22:56 +02:00
test_db_returning.py Refs #29444 -- Removed redundant DatabaseFeatures.can_return_multiple_columns_from_insert. 2019-09-24 10:37:22 +02:00
test_deprecation.py Fixed #30988 -- Deprecated the InvalidQuery exception. 2019-11-18 14:06:51 +01:00
test_explain.py Fixed #32178 -- Allowed database backends to skip tests and mark expected failures. 2020-12-10 18:00:57 +01:00
test_iterator.py Refs #29563 -- Fixed SQLCompiler.execute_sql() to respect DatabaseFeatures.can_use_chunked_reads. 2018-07-25 18:08:57 -04:00
test_q.py [3.2.x] Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery deconstruction. 2021-04-28 20:27:42 +02:00
test_qs_combinators.py [3.2.x] Fixed #32627 -- Fixed QuerySet.values()/values_list() crash on combined querysets ordered by unannotated columns. 2021-04-13 06:16:19 +02:00
test_query.py [3.2.x] Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery deconstruction. 2021-04-28 20:27:42 +02:00
tests.py [3.2.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.order_by(). 2021-07-01 08:29:23 +02:00