mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-11-07 07:15:35 +00:00
Code Issues 32 Releases Wiki Activity
34,015 Commits 30 Branches 463 Tags
main
Commit Graph

14160 Commits

Author SHA1 Message Date
us77ipis
6d4d99b3ce Fixed #36702 -- Made bulk_create() return pk values set by an expression. 2025-11-06 11:58:01 -05:00
Mehraz Hossain Rumman
125b63ca74 Fixed #36710 -- Fixed a regression in urlize for multipart domain names. 
Thanks Mehraz Hossain Rumman for the report and Bruno Alla for the triage.

Regression in a9fe98d5bd.
 2025-11-05 17:05:54 -05:00
Harsh Jain
dfcc662cf8 Fixed #36709 -- Included static methods in system check for UserModel.is_anonymous/is_authenticated methods. 2025-11-05 16:56:15 -05:00
Jacob Walls
3c3f463577 Refs CVE-2025-64459 -- Avoided propagating invalid arguments to Q on dictionary expansion. 2025-11-05 09:20:57 -03:00
Jacob Walls
98e642c691 Fixed CVE-2025-64459 -- Prevented SQL injections in Q/QuerySet via the _connector kwarg. 
Thanks cyberstan for the report, Sarah Boyce, Adam Johnson, Simon
Charette, and Jake Howard for the reviews.
 2025-11-05 09:20:57 -03:00
Jacob Walls
c880530ddd Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedirect/HttpResponsePermanentRedirect on Windows. 
Thanks Seokchan Yoon for the report, Markus Holtermann for the
triage, and Jake Howard for the review.

Follow-up to CVE-2025-27556 and 39e2297210.
 2025-11-05 09:20:57 -03:00
Hal Blackburn
74564946c3 Fixed #36704 -- Fixed system check error for proxy model with a composite pk. 
Proxy models subclassing a model with a CompositePrimaryKey were
incorrectly reporting check errors because the check that requires only
local fields to be used in a composite pk was evaluated against the proxy
subclass, which has no fields.

To fix this, composite pk field checks are not evaluated against
proxy subclasses, as none of the checks are applicable to proxy
subclasses. This also has the benefit of not double-reporting real check
errors from an invalid superclass pk.

Thanks Clifford Gama for the review.
 2025-11-04 11:59:21 -05:00
Jayden Kneller
e27cff68a3 Fixed #36652 -- Increased determinism when loading migrations from disk. 
Ordering still depends on pkgutil.iter_modules, which does not guarantee
order, but at least now Django is not introducing additional indeterminism,
causing CircularDependencyError to appear or not appear in some edge cases.

Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
 2025-11-04 08:15:22 -05:00
Augusto Pontes
8af79e2c0c Fixed #36695 -- Fixed handling of parameterized generics in migration serialization. 
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
 2025-11-03 20:45:48 -05:00
Mariusz Felisiak
05ba1a9228 Fixed #36661 -- Added introspection of database-level delete options. 2025-10-31 14:33:27 +01:00
Patrick Rauscher
6019147229 Fixed #36696 -- Fixed NameError when inspecting functions with deferred annotations. 
In Python 3.14, annotations are deferred by default, so we should not
assume that the names in them have been imported unconditionally.
 2025-10-31 08:44:37 -04:00
Mariusz Felisiak
3939cd2795 Refs #36680 -- Fixed admin_scripts tests crash when black is not installed. 
Regression in 6436ec3210.
 2025-10-30 08:38:17 -03:00
Clifford Gama
348ca84538 Refs #35381 -- Deprecated using None in JSONExact rhs to mean JSON null. 
Key and index lookups are exempt from the deprecation.

Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
 2025-10-29 15:00:52 -04:00
Clifford Gama
be7f68422d Refs #35381 -- Delegated ArrayField element prepping to base_field.get_db_prep_save. 
Previously, ArrayField always used base_field.get_db_prep_value when saving,
which could differ from how base_field prepares data for save. This change
overrides ArrayField.get_db_prep_save to delegate to the base_field's
get_db_prep_save, ensuring elements like None in JSONField arrays are saved
correctly as SQL NULL instead of JSON null.
 2025-10-29 15:00:52 -04:00
Clifford Gama
adc25a9a66 Fixed #35381 -- Added JSONNull() expression. 
Thanks Jacob Walls for the review.
 2025-10-29 15:00:52 -04:00
Jacob Walls
1aa69a7491 Fixed #36678 -- Limited retries in ParallelTestRunner. 
Thanks Natalia Bidart for the review.
 2025-10-29 09:11:31 -03:00
Jacob Walls
787cc96ef6 Refs #35972 -- Returned params in a tuple in further lookups. 2025-10-29 07:38:20 -04:00
Jacob Walls
43933a1dca Reverted "Fixed #26434 -- Removed faulty clearing of ordering field when missing from explicit grouping." 
This reverts commit ea3a71c2d0.

The implementation was flawed, as self.group_by contains Cols, not aliases.
 2025-10-28 11:40:01 -04:00
Jacob Walls
6436ec3210 Fixed #36680 -- Parametrized formatter discovery in AdminScriptTestCase. 2025-10-28 08:02:10 -04:00
Michal Mládek
ea3a71c2d0 Fixed #26434 -- Removed faulty clearing of ordering field when missing from explicit grouping. 
Co-authored-by: Simon Charette <charette.s@gmail.com>
 2025-10-27 15:11:19 -04:00
Mariusz Felisiak
c87daabbf3 Fixed #36624 -- Dropped support for MySQL < 8.4. 2025-10-27 15:05:23 +01:00
Matthew Shirley
4744e9939b Fixed #36683 -- Added error message on QuerySet.update() following distinct(*fields). 2025-10-25 12:21:27 -04:00
Ken Nzioka
3ff32c50d1 Fixed #36674 -- Fixed memory leak in select_related(). 2025-10-24 15:51:39 -04:00
Natalia
6fcbbe0b85 Fixed IntegrityError in bulk_create.tests.BulkCreateTransactionTests due to duplicate primary keys. 
Some tests in BulkCreateTransactionTests were inserting Country objects
with hardcoded primary keys, which could conflict with existing rows
(if the sequence value wasn't bumped by another test).

Updated the tests to dynamically select an unused primary key instead.

Thanks to Simon Charette for the exhaustive and enlightening review.
 2025-10-24 11:33:40 -03:00
Mariusz Felisiak
5e2bbebed9 Refs #36664 -- Added Python 3.15 to daily builds. 2025-10-22 15:36:10 +02:00
Mariusz Felisiak
185b049e9e Refs #36499 -- Made TestUtilsHtml.test_strip_tags() assume behavior change in X.Y.0 version for Python 3.14+. 
This also removes unsupported versions of Python from the test dict.
 2025-10-22 10:04:38 +02:00
Mariusz Felisiak
548209e620 Made RemoteTestResultTest.test_pickle_errors_detection() compatible with tblib 3.2+. 
tblib 3.2+ makes exception subclasses with __init__() and the default
__reduce__() picklable. This broke the test for
RemoteTestResult._confirm_picklable(), which expects a specific
exception to fail unpickling.

https://github.com/ionelmc/python-tblib/blob/master/CHANGELOG.rst#320-2025-10-21

This fix defines ExceptionThatFailsUnpickling.__reduce__() in a way
that pickle.dumps(obj) succeeds, but pickle.loads(pickle.dumps(obj))
raises TypeError.

Refs #27301. This preserves the intent of the regression test from
52188a5ca6 without skipping it.
 2025-10-21 23:10:31 -03:00
Adam Johnson
a0323a0c44 Fixed #36656 -- Avoided truncating async streaming responses in GZipMiddleware. 2025-10-21 10:45:12 -04:00
YashRaj1506
9bb83925d6 Fixed #36470 -- Prevented log injection in runserver when handling NOT FOUND. 
Migrated `WSGIRequestHandler.log_message()` to use a more robust
`log_message()` helper, which was based of `log_response()` via factoring out
the common bits.

Refs CVE-2025-48432.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
 2025-10-20 16:21:32 -03:00
Emmanuel Ferdman
5625bd5907 Removed duplicate display_raw key in expected data in GeometryWidgetTests. 
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
 2025-10-20 14:52:02 -03:00
Mariusz Felisiak
344ae16e1e Fixed RelatedGeoModelTest.test_related_union_aggregate() test on Oracle and GEOS 3.12+. 2025-10-20 16:03:39 +02:00
Mariusz Felisiak
ca3e0484ef Refs #36005 -- Bumped minimum supported versions of docutils to 0.22. 2025-10-19 20:13:16 +02:00
Mariusz Felisiak
d506e4a528 Fixed #36671 -- Dropped support for SQLite < 3.37. 2025-10-18 21:04:11 +02:00
Mariusz Felisiak
0c487aa3a7 Fixed #21961 -- Added support for database-level delete options for ForeignKey. 
Thanks Simon Charette for pair programming.

Co-authored-by: Nick Stefan <NickStefan12@gmail.com>
Co-authored-by: Akash Kumar Sen <71623442+Akash-Kumar-Sen@users.noreply.github.com>
Co-authored-by: Simon Charette <charette.s@gmail.com>
 2025-10-18 15:03:50 +02:00
Mariusz Felisiak
56977b466c Refs #35844 -- Doc'd Python 3.14 compatibility. 2025-10-17 19:25:02 +02:00
Mariusz Felisiak
2d9c194d5a Refs #35844 -- Relaxed GEOSIOTest.test02_wktwriter() test assertion. 2025-10-17 19:25:02 +02:00
Jacob Walls
d980d68609 Bumped minimum isort version to 7.0.0. 
Added ignores relating to https://github.com/PyCQA/isort/issues/2352.
 2025-10-16 14:59:02 -04:00
Adam Johnson
e244d8bbb7 Refs #28586 - Copied fetch mode in QuerySet.create(). 
This change allows the pattern `MyModel.objects.fetch_mode(...).create(...)` to
set the fetch mode for a new object.
 2025-10-16 14:52:22 -04:00
Adam Johnson
6dc9b04018 Refs #28586 -- Copied fetch modes to related objects. 
This change ensures that behavior and performance remain consistent when
traversing relationships.
 2025-10-16 14:52:22 -04:00
Adam Johnson
a321d961b0 Refs #28586 -- Made fetch modes pickle as singletons. 
This change ensures that we don’t create new instances of fetch modes
when pickling and unpickling, saving memory and preserving their singleton
nature.
 2025-10-16 14:52:22 -04:00
Adam Johnson
e097e8a12f Fixed #28586 -- Added model field fetch modes. 
May your database queries be much reduced with minimal effort.

co-authored-by: Andreas Pelme <andreas@pelme.se>
co-authored-by: Simon Charette <charette.s@gmail.com>
co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
 2025-10-16 14:52:22 -04:00
Jacob Walls
bee64561a6 Refs #36648 -- Removed hardcoded pk in CompositePKAggregateTests. 2025-10-15 23:44:14 -04:00
Clifford Gama
6862d46dd9 Fixed 36622 -- Prevented LazyObject FileField storages from evaluating at boot time. 
Co-authored-by: Fabien MICHEL <fmichel@adista.fr>
 2025-10-15 18:25:08 -03:00
Mariusz Felisiak
5a2490a19d Skipped GISFunctionsTests.test_geometry_type() test for MultiPoint on MariaDB and GEOS 3.12+. 
GEOSWKTWriter_write() behavior was changed in GEOS 3.12+ to include
parentheses for sub-members (https://github.com/libgeos/geos/pull/903).

MariaDB doesn't accept WKT representations with additional parentheses
for MultiPoint. This is an accepted bug (MDEV-36166) in MariaDB that
should be fixed in the future:

- https://jira.mariadb.org/browse/MDEV-36166
 2025-10-15 15:03:07 +02:00
Mariusz Felisiak
118df57d8d Moved object creation to subTest() in GISFunctionsTests.test_geometry_type() test. 2025-10-15 15:03:07 +02:00
Jacob Walls
02eed4f378 Fixed #36648, Refs #33772 -- Accounted for composite pks in first()/last() when aggregating. 2025-10-14 15:48:29 -04:00
Thibaut Decombe
d0c8f89c94 Refs #31223 -- Added __class_getitem__() to SetPasswordMixin. 2025-10-14 08:13:52 -04:00
antoliny0919
bc03f1064e Fixed #34041 -- Added aria-current attribute to admin breadcrumbs. 
Co-authored by: farita1699 <uwanjerry25@gmail.com>
 2025-10-14 08:10:43 -04:00
Jacob Walls
1ae8a42af1 Removed reference to "manager" in ForeignKeyTests. 
Follow-up to 0de89b6f8d.
 2025-10-13 16:12:44 -04:00
Sarah Boyce
5b51e6f759 Fixed #36611, Refs #36580 -- Added system check for multicolumn ForeignObject in Meta.indexes/constraints/unique_together. 
ForeignObjects with multiple `from_fields` are not supported in these
options.

Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
 2025-10-13 14:53:39 -03:00