Florian Apolloner
c98f446c18
[3.2.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-05-04 08:43:52 +02:00
Simon Charette
d5add5d3a2
[3.2.x] Fixed #32632 , Fixed #32657 -- Removed flawed support for Subquery deconstruction.
...
Subquery deconstruction support required implementing complex and
expensive equality rules for sql.Query objects for little benefit as
the latter cannot themselves be made deconstructible to their reference
to model classes.
Making Expression @deconstructible and not BaseExpression allows
interested parties to conform to the "expression" API even if they are
not deconstructible as it's only a requirement for expressions allowed
in Model fields and meta options (e.g. constraints, indexes).
Thanks Phillip Cutter for the report.
This also fixes a performance regression in bbf141bcdcc8b6594305
2021-04-28 20:27:42 +02:00
Konstantin Alekseev
55cb3c8ac1
[3.2.x] Fixed #32687 -- Restored passing process’ environment to underlying tool in dbshell on PostgreSQL.
...
Regression in bbe6fbb8766e742dabc9
2021-04-27 12:02:06 +02:00
Mariusz Felisiak
34981f399a
[3.2.x] Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for preventing duplicates.
...
Thanks Zain Patel for the report and Simon Charette for reviews.
The exception introduced in 6307c3f1a11871182031
2021-04-27 10:39:55 +02:00
Mariusz Felisiak
fbea64b8ce
[3.2.x] Refs #32682 -- Renamed use_distinct variable to may_have_duplicates.
...
QuerySet.distinct() is not the only way to avoid duplicate, it's also
not preferred.
Backport of cd74aad90e
2021-04-27 10:37:13 +02:00
Mariusz Felisiak
7ad7034054
[3.2.x] Refs #32682 -- Fixed QuerySet.delete() crash on querysets with self-referential subqueries on MySQL.
...
Backport of 4074f38e1d
2021-04-27 10:35:42 +02:00
Mariusz Felisiak
727a154094
[3.2.x] Refs 32637 -- Made technical 404 debug page display exception message when URL is resolved.
...
Follow up to 3b8527e32bd68be0494b
2021-04-27 08:41:11 +02:00
Zain Patel
0dfe88eaba
[3.2.x] Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin template.
...
Regression in 84609b32054e5bbb6ef2
2021-04-26 12:52:33 +02:00
Mariusz Felisiak
1cf0989b06
[3.2.x] Used assertCountEqual() in ExcludeTests.test_exclude_subquery().
...
Backport of c3278bb71f
2021-04-22 14:42:47 +02:00
Simon Charette
48e19bae49
[3.2.x] Fixed #32650 -- Fixed handling subquery aliasing on queryset combination.
...
This issue started manifesting itself when nesting a combined subquery
relying on exclude() since 8593e162c9#27149 ).
Thanks Raffaele Salmaso for the report.
Backport of 6d0cbe42c3
2021-04-21 10:32:39 +02:00
Mariusz Felisiak
1cc2eaf02d
[3.2.x] Fixed #32665 -- Fixed caches system check crash when STATICFILES_DIRS is a list of 2-tuples.
...
Thanks Jared Lockhart for the report.
Regression in c36075ac1d34d1905712
2021-04-21 09:42:43 +02:00
Carlton Gibson
54d5bfa9c5
[3.2.x] Fixed #32647 -- Restored multi-row select with shift-modifier in admin changelist.
...
Regression in 30e59705fc5c73fbb6a9
2021-04-21 09:08:34 +02:00
Florian Apolloner
539d005aa5
[3.2.x] Fixed #32643 -- Fixed decoding of messages in the pre-Django 3.2 format.
...
Thanks Jan Pieter Waagmeester for the report.
Regression in 2d6179c8194511d14598
2021-04-15 07:58:48 +02:00
Mariusz Felisiak
208e72276a
[3.2.x] Fixed #32645 -- Fixed QuerySet.update() crash when ordered by joined fields on MySQL/MariaDB.
...
Thanks Matt Westcott for the report.
Regression in 779e615e36ca98729055
2021-04-14 21:13:27 +02:00
Jonathan Richards
d0267690f8
[3.2.x] Fixed #32548 -- Fixed crash when combining Q() objects with boolean expressions.
...
Backport of 00b0786de5466920f6d7
2021-04-14 19:46:45 +02:00
Arthur Jovart
65dfb06a1a
[3.2.x] Fixed #32648 -- Fixed VariableDoesNotExist rendering sitemaps template.
...
Backport of 08c60cce3b
2021-04-14 19:44:10 +02:00
Mariusz Felisiak
59cce8237c
[3.2.x] Fixed #32649 -- Fixed ModelAdmin.search_fields crash when searching against phrases with unbalanced quotes.
...
Thanks Dlis for the report.
Regression in 26a413507a23fa29f6a6
2021-04-14 12:24:11 +02:00
Hasan Ramezani
700356f93b
[3.2.x] Fixed #32635 -- Fixed system check crash for reverse o2o relations in CheckConstraint.check and UniqueConstraint.condition.
...
Regression in b7b7df5fbca77c9a4229
2021-04-14 10:32:07 +02:00
Mariusz Felisiak
d6314c4c2e
[3.2.x] Fixed #32637 -- Restored exception message on technical 404 debug page.
...
Thanks Atul Varma for the report.
Backport of 3b8527e32b
2021-04-13 09:15:25 +02:00
Iuri de Silvio
b245845575
[3.2.x] Fixed #32627 -- Fixed QuerySet.values()/values_list() crash on combined querysets ordered by unannotated columns.
...
Backport of 9760e262f8
2021-04-13 06:16:19 +02:00
Adam Johnson
49e618f4af
[3.2.x] Fixed #32620 -- Allowed subclasses of Big/SmallAutoField for DEFAULT_AUTO_FIELD.
...
Backport of 45a58c31e6
2021-04-08 13:44:21 +02:00
Claude Paroz
5eb17d31c3
[3.2.x] Fixed #32544 -- Confirmed support for GDAL 3.2 and GEOS 3.9.
...
Backport of e3cfba0029
2021-04-07 17:04:10 +02:00
Carlton Gibson
011b92ce98
[3.2.x] Updated asgiref dependency for 3.2 release series.
...
Backport of 5aea50e57f
2021-04-06 10:43:40 +02:00
Mariusz Felisiak
2820fd1be5
[3.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
...
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
Backport of d4d800ca1a
2021-04-06 08:24:01 +02:00
Mariusz Felisiak
eb7c0a7076
[3.2.x] Fixed #32614 -- Fixed MiddlewareSyncAsyncTests tests with asgiref 3.3.2+.
...
Backport of 78fea27f69
2021-04-06 08:04:07 +02:00
Claude Paroz
1ea5e98315
[3.2.x] Updated translations from Transifex.
2021-04-06 06:17:47 +02:00
Mariusz Felisiak
d67d48e923
[3.2.x] Fixed #32595 -- Fixed SchemaEditor.quote_value() crash with bytes.
...
Backport of f6018c1e63
2021-03-30 11:47:49 +02:00
Mariusz Felisiak
682eba534f
[3.2.x] Refs #32595 -- Added MySQL's SchemaEditor.quote_value() tests for values with Unicode chars.
...
Backport of 3c75f1f3ca
2021-03-30 11:47:41 +02:00
Mariusz Felisiak
e2e371593f
[3.2.x] Refs #32353 , Refs #32352 -- Fixed GIS tests with PROJ 7.X.
...
Different PROJ versions use different transformations, all are correct
as having a 1 meter accuracy.
These are differences in PROJ versions that cannot and should not be
handled in Django itself.
Thanks Jani Tiainen and David Smith for reports.
See: https://github.com/OSGeo/gdal/issues/3377
Backport of 2cd4026334
2021-03-23 09:17:58 +01:00
Adam Johnson
15a8518388
[3.2.x] Refs #31732 -- Fixed django.utils.inspect caching for bound methods.
...
Thanks Alexandr Artemyev for the report, and Simon Charette for the
original patch.
Backport of 562898034f
2021-03-22 20:49:15 +01:00
Adam Johnson
2420fd2d5c
[3.2.x] Refs #31372 -- Added django.utils.inspect tests for bound methods.
...
Backport of ac72a216a7
2021-03-22 20:49:09 +01:00
Johannes Maron
a8fef6daaf
[3.2.x] Fixed #32466 -- Corrected autocomplete to_field resolution for complex cases.
...
In MTI or ForeignKey as primary key cases, it is required to fetch the attname
from the field instance on the remote model in order to reliably resolve the
to_field_name.
Backport of ceb4b9ee6803d0f12c82info@johanneshoppe.com >
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com >
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es >
2021-03-18 14:21:12 +01:00
Tim Graham
cd4dc4c3f1
[3.2.x] Refs #26167 -- Added @skipUnlessDBFeature('supports_expression_indexes') to a test.
...
Failure observed on CockroachDB.
Backport of 76c0b32f82
2021-03-09 16:00:19 +01:00
Markus Holtermann
e078747290
[3.2.x] Updated Git branch "master" to "main".
...
This change follows a long discussion on django-develops:
https://groups.google.com/g/django-developers/c/tctDuKUGosc/
Backport of d9a266d657
2021-03-09 09:33:50 +01:00
Simon Charette
7a6ca01f4e
[3.2.x] Fixed #32478 -- Included nested columns referenced by subqueries in GROUP BY on aggregations.
...
Regression in fb3f034f1c#31094 , #31150 .
Thanks Igor Pejic for the report.
Backport of 277eea8fcc
2021-02-24 10:11:37 +01:00
Nick Pope
be8237c7cc
[3.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.http.parse_qsl().
2021-02-19 09:15:09 +01:00
Hasan Ramezani
0debc6ba5b
[3.2.x] Fixed #32455 -- Allowed right combining Q() with boolean expressions.
...
Backport of f2bef2b7bc
2021-02-19 06:21:10 +01:00
Mariusz Felisiak
732cf4c5b4
[3.2.x] Refs #32455 -- Added tests for left combining an empty Q() with boolean expressions.
...
Backport of efce21497c
2021-02-19 06:21:04 +01:00
starryrbs
0e2979e95d
[3.2.x] Fixed #32450 -- Fixed crash when ANDing/ORing an empty Q() with not pickleable Q().
...
Regression in bb0b6e5263466920f6d7
2021-02-18 22:06:36 +01:00
Hannes Ljungberg
69a585eb87
[3.2.x] Fixed #32453 -- Added introspection of unique constraint field ordering on SQLite.
...
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com >
Backport of 4d99375b46
2021-02-17 12:18:18 +01:00
Harm Geerts
b89ce413f2
[3.2.x] Fixed #29052 -- Made test database creation preserve alias order and prefer the "default" database.
...
This fixes flushing test databases when two aliases point to the same
database.
Use a list() to store the test database aliases so the order remains
stable by following the order of the connections. Also, always use the
"default" database alias as the first alias to accommodate `migrate`.
Previously `migrate` could be executed on a secondary alias which
caused truncating the "default" database.
Backport of 06e5f7ae16
2021-02-16 13:08:13 +01:00
Chris Jerdonek
65a620948c
[3.2.x] Fixed #32437 -- Fixed cleaning up ALLOWED_HOSTS in LiveServerTestCase on setUpClass() failure.
...
Backport of 694deff82f
2021-02-12 11:53:37 +01:00
Egidijus Macijauskas
aa1aed923b
[3.2.x] Fixed #32433 -- Added error message on QuerySet.delete() following distinct().
...
Backport of 6307c3f1a1
2021-02-11 09:09:59 +01:00
Egidijus Macijauskas
98ce39b5a3
[3.2.x] Refs #19102 -- Removed flaky test Ticket19102Tests.test_ticket_19102_distinct_on.
...
The subquery pushdown only happens because another table is involved in
filter. It's not the distinct usage that causes the pushdown.
The distinct('description').order_by('pk') expression is not valid
because SELECT DISTINCT ON must match initial ORDER BY expressions
which is not the case here.
Backport of 4e8ecf0cb6
2021-02-11 09:09:22 +01:00
Jordan Bae
9eed258283
[3.2.x] Fixed #32425 -- Fixed adding nullable field with default on MySQL.
...
Thanks Simon Charette for the review.
Backport of d4ac23bee1
2021-02-09 08:25:05 +01:00
Mikolaj Rybinski
d881a0ea3b
[3.2.x] Fixed #32420 -- Fixed detecting primary key values in deserialization when PK is also a FK.
...
Backport of 8e90560aa8
2021-02-05 14:19:10 +01:00
Hasan Ramezani
b36beec208
[3.2.x] Fixed #32332 -- Fixed loss of parent with non-numeric pk when saving child after parent.
...
Follow up to 519016e5f27cba92ec55
2021-02-04 07:08:20 +01:00
Mariusz Felisiak
7d65889345
[3.2.x] Fixed #32403 -- Fixed re-raising DatabaseErrors when using only 'postgres' database.
...
Thanks Kazantcev Andrey for the report.
Regression in f48f671223f131841c60
2021-02-02 21:35:35 +01:00
Mariusz Felisiak
f944f79e55
[3.2.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract().
...
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.
Thanks Wang Baohua for the report.
Backport of 05413afa8c
2021-02-01 09:13:37 +01:00
Sandro Covo
0a3d93ffba
[3.2.x] Fixed #32345 -- Fixed preserving encoded query strings in set_language() view.
...
Thanks Johannes Maron for the review.
Backport of 6822aa5c6c
2021-01-29 12:37:48 +01:00
