mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-23 21:59:11 +00:00
Code Issues 32 Releases Wiki Activity
31,677 Commits 30 Branches 460 Tags
5b698cbcf15b29c194b4a23d179959e17103645b
Commit Graph

12801 Commits

Author SHA1 Message Date
Tom Carrick
bd0ea8c2ba [4.2.x] Fixed #34982 -- Fixed admin's read-only password widget and help texts alignment for tablet screen size. 
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>

Backport of 729266c6f2 from main
 2023-11-27 15:20:59 -03:00
Nathaniel Conroy
450d518d2f [4.2.x] Fixed #34992 -- Fixed DatabaseFeatures.allows_group_by_selected_pks on MariaDB with ONLY_FULL_GROUP_BY sql mode. 
Regression in 041551d716.

Backport of 0257426fe1 from main.
 2023-11-27 10:35:56 +01:00
Simon Charette
cf95de9d24 [4.2.x] Fixed #34987 -- Fixed queryset crash when mixing aggregate and window annotations. 
Regression in f387d024fc.

Just like `OrderByList` the `ExpressionList` expression used to wrap
`Window.partition_by` must implement `get_group_by_cols` to ensure the
necessary grouping when mixing window expressions with aggregate
annotations is performed against the partition members and not the
partition expression itself.

This is necessary because while `partition_by` is implemented as
a source expression of `Window` it's actually a fragment of the WINDOW
expression at the SQL level and thus it should result in a group by its
members and not the sum of them.

Thanks ElRoberto538 for the report.
Backport of e76cc93b01 from main
 2023-11-23 06:10:24 +01:00
Simon Charette
acf4cee951 [4.2.x] Fixed #34975 -- Fixed crash of conditional aggregate() over aggregations. 
Adjustments made to solve_lookup_type to defer the resolving of
references for summarized aggregates failed to account for similar
requirements for lookup values which can also reference annotations
through Aggregate.filter.

Regression in b181cae2e3.

Refs #25307.

Thanks Sergey Nesterenko for the report.

Backport of 7530cf3900 from main
 2023-11-18 16:53:24 +01:00
Adam Johnson
90c3d71dfe [4.2.x] Fixed #34457 -- Restored output for makemigrations --check. 
Co-authored-by: David Sanders <shang.xiao.sanders@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of f7389c4b07 from main
 2023-11-09 11:05:54 -03:00
Mariusz Felisiak
048a9ebb6e [4.2.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows. 
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
 2023-11-01 06:19:20 +01:00
Tom Carrick
109f39a38b [4.2.x] Fixed #34932 -- Restored varchar_pattern_ops/text_pattern_ops index creation when deterministic collaction is set. 
Regression in f3f9d03edf (4.2) and
8ed25d65ea (5.0).

Backport of 34b411762b from main.
 2023-10-30 11:14:08 +01:00
Mariusz Felisiak
a576ef98ae [4.2.x] Refs #34900, Refs #34118 -- Updated assertion in test_skip_class_unless_db_feature() test on Python 3.12.1+. 
Python 3.12.1+ no longer includes skipped tests in the number of
running tests. Check out:

https://github.com/python/cpython/issues/110890#issuecomment-1763458686
https://github.com/python/cpython/pull/106588
Backport of 20b7aac7ca from main
 2023-10-16 06:28:46 +02:00
Simon Charette
803caec60b [4.2.x] Fixed #34798 -- Fixed QuerySet.aggregate() crash when referencing expressions containing subqueries. 
Regression in 59bea9efd2,
complements e5c844d6f2.

Refs #28477, #34551.

Thanks Haldun Komsuoglu for the report.

Backport of 3b4a571275 from main
 2023-10-16 06:15:36 +02:00
Mariusz Felisiak
b6bb2f8099 [4.2.x] Refs #34840 -- Fixed test_validate_nullable_textfield_with_isnull_true() on databases that don's support table check constraints. 
Thanks Tim Graham for the report.
Backport of 9fd3a0ffc8 from main
 2023-10-12 20:02:26 +02:00
Natalia
be9c27c4d1 [4.2.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text. 
Thanks Wenchao Li of Alibaba Group for the report.
 2023-10-04 09:39:49 -03:00
Mariusz Felisiak
a148461f1f [4.2.x] Fixed #34840 -- Avoided casting string base fields on PostgreSQL. 
Thanks Alex Vandiver for the report.

Regression in 09ffc5c121.

Backport of 779cd28acb from main.
 2023-09-22 06:07:19 +02:00
Mariusz Felisiak
97e8a2afb1 [4.2.x] Fixed #34821 -- Prevented DEFAULT_FILE_STORAGE/STATICFILES_STORAGE settings from mutating the main STORAGES. 
Regression in 6b965c6000.
Backport of a7c73b944f from main
 2023-09-11 13:04:55 +02:00
Mariusz Felisiak
9c51b4dcfa [4.2.x] Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding.uri_to_iri(). 
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.

Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
 2023-09-04 12:05:35 +02:00
willzhao
acfb427522 [4.2.x] Fixed #34803 -- Fixed queryset crash when filtering againts deeply nested OuterRef annotations. 
Thanks Pierre-Nicolas Rigal for the report.

Regression in c67ea79aa9.

Backport of 9cc0d7f7f8 from main
 2023-09-01 11:25:00 +02:00
Juan Alvarez
46b2b08e45 [4.2.x] Fixed #34779 -- Avoided unnecessary selection of non-nullable m2m fields without natural keys during serialization. 
By using `select_related(None)` instead of `select_related()`, the
unnecessary joins are completely avoided. Note that the current tests
already covers the change, when the field is not `null=True`.

Regression in f9936deed1.

Backport of 517d3bb4dd from main
 2023-08-19 11:23:59 +02:00
Mariusz Felisiak
d34db6602e [4.2.x] Fixed #34773 -- Fixed syncing DEFAULT_FILE_STORAGE/STATICFILES_STORAGE settings with STORAGES. 
Thanks Petr Dlouhý for the report.

Bug in 32940d390a.
Backport of 6b965c6000 from main
 2023-08-18 18:12:30 +02:00
Simon Charette
3a1863319c [4.2.x] Fixed #34754 -- Fixed JSONField check constraints validation on NULL values. 
The __isnull lookup of JSONField must special case
Value(None, JSONField()) left-hand-side in order to be coherent with
its convoluted null handling.

Since psycopg>=3 offers no way to pass a NULL::jsonb the issue is
resolved by optimizing IsNull(Value(None), True | False) to
True | False.

Regression in 5c23d9f0c3.

Thanks Alexandre Collet for the report.

Backport of 3434dbd39d from main
 2023-08-04 10:58:53 +02:00
Mariusz Felisiak
8808d9da6b [4.2.x] Fixed #34750 -- Fixed QuerySet.count() when grouping by unused multi-valued annotations. 
Thanks Toan Vuong for the report.
Thanks Simon Charette for the review.

Regression in 59bea9efd2.
Backport of c9b9a52edc from main
 2023-08-01 16:17:06 +02:00
Mariusz Felisiak
8db9a0b5a0 [4.2.x] Fixed warnings per flake8 6.1.0. 
Backport of 22b0b73c77 from main
 2023-07-30 16:18:48 +02:00
Simon Charette
739da73164 [4.2.x] Fixed #34748 -- Fixed queryset crash when grouping by a reference in a subquery. 
Regression in dd68af62b2.

Thanks Toan Vuong for the report.

Backport of 4087367ba8 from main
 2023-07-30 07:51:52 +02:00
Simon Charette
7a67b065d7 [4.2.x] Fixed #34717 -- Fixed QuerySet.aggregate() crash when referencing window functions. 
Regression in 59bea9efd2.

Refs #28477.

Thanks younes-chaoui for the report.

Backport of 68912e4f6f from main
 2023-07-19 09:06:16 +02:00
Mariusz Felisiak
b7c5feb35a [4.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator. 
Thanks Seokchan Yoon for reports.
 2023-07-03 08:19:23 +02:00
Mariusz Felisiak
4b433ef236 [4.2.x] Refs #30220 -- Bumped required version of Selenium to 3.8.0. 
Follow up to 8d010f3986.
Backport of 06881341d4 from main
 2023-06-13 10:13:15 +02:00
Mariusz Felisiak
31d1fc36b3 [4.2.x] Fixed #34645 -- Restored alignment for admin date/time timezone warnings. 
Regression in 96a598356a.
Backport of caf80cb41f from main
 2023-06-09 21:37:50 +02:00
Mariusz Felisiak
87a4cd559b [4.2.x] Fixed #34620 -- Fixed serialization crash on m2m fields without natural keys when base querysets use select_related(). 
Regression in 19e0587ee5.

Thanks Martin Svoboda for the report.
Backport of f9936deed1 from main
 2023-06-04 20:49:40 +02:00
Simon Charette
738386470d [4.2.x] Fixed #34612 -- Fixed QuerySet.only() crash on reverse relationships. 
Regression in b3db6c8dcb.

Thanks Ian Cubitt for the report.

This also corrected test_inheritance_deferred2() test which was
previously properly defined and marked as an expected failure but was
then wrongly adjusted to mask the lack of support for per-alias
deferral that was fixed by #21204.

Backport of 2cf76f2d5d from main
 2023-06-01 20:27:06 +01:00
David Sanders
91f8df5c2e [4.2.x] Fixed #34590 -- Reverted "Refs #33308 -- Improved adapting DecimalField values to decimal." 
This reverts 7990d254b0.

Thanks Marc Odermatt for the report.
Backport of 0c1518ee42 from main
 2023-05-24 11:00:21 +02:00
Mariusz Felisiak
bf5249fc8e [4.2.x] Refs #34118 -- Fixed FunctionalTests.test_cached_property_reuse_different_names() on Python 3.12+. 
Python 3.12+ no longer wraps exceptions in __set_name__, see
55c99d97e1
Backport of fc9c90d9c4 from main
 2023-05-23 12:58:32 +02:00
Simon Charette
c78a4421de [4.2.x] Fixed #34551 -- Fixed QuerySet.aggregate() crash when referencing subqueries. 
Regression in 59bea9efd2.

Refs #28477.

Thanks Denis Roldán and Mariusz for the test.

Backport of e5c844d6f2 from main
 2023-05-23 07:39:24 +02:00
Simon Charette
57f499e412 [4.2.x] Refs #34551 -- Fixed QuerySet.aggregate() crash on precending aggregation reference. 
Regression in 1297c0d0d7.

Refs #31679.

Backport of 2ee01747c3 from main
 2023-05-23 07:39:18 +02:00
Mariusz Felisiak
cdd970ae22 [4.2.x] Fixed #34568 -- Made makemigrations --update respect --name option. 
Thanks David Sanders for the report.
Backport of c52f4295f2 from main
 2023-05-17 13:15:30 +02:00
Simon Charette
201d29b371 [4.2.x] Fixed #34570 -- Silenced noop deferral of many-to-many and GFK. 
While deferring many-to-many and GFK has no effect, the previous
implementation of QuerySet.defer() ignore them instead of crashing.

Regression in b3db6c8dcb.

Thanks Paco Martínez for the report.

Backport of 99e5dff737 from main
 2023-05-17 08:39:44 +02:00
Julie Rymer
9c301814b0 [4.2.x] Fixed #34539 -- Restored get_prep_value() call when adapting JSONFields. 
Regression in 5c23d9f0c3.

Backport of 0ec60661e6 from main
 2023-05-16 11:02:33 +02:00
Mariusz Felisiak
e0d8981139 [4.2.x] Fixed #34544 -- Avoided DBMS_LOB.SUBSTR() wrapping with IS NULL condition on Oracle. 
Regression in 09ffc5c121.

Thanks Michael Smith for the report.

This also reverts commit 1e4da43955.
Backport of 1586a09b79 from main
 2023-05-08 19:35:20 +02:00
Mariusz Felisiak
9ec1ff7879 [4.2.x] Fixed MultipleFileFieldTest.test_file_multiple_validation() test if Pillow isn't installed. 
Follow up to fb4c55d9ec.
Backport of fcfbf08abe from main
 2023-05-04 08:09:27 +02:00
Mariusz Felisiak
21b1b1fc03 [4.2.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of validation when uploading multiple files using one form field. 
Thanks Moataz Al-Sharida and nawaik for reports.

Co-authored-by: Shai Berger <shai@platonix.com>
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
 2023-05-03 13:43:16 +02:00
Mariusz Felisiak
290fd5ecec [4.2.x] Fixed #34529, Refs #34525 -- Reduced index operations with Meta.indexes/index_together when optimizing migrations. 
This makes squashing migrations an available path for changing
Meta.index_together, which is deprecated, to Meta.indexes.

Follow up to f810325721.

Backport of 8e2460d599 from main.
 2023-05-03 13:09:49 +02:00
Mariusz Felisiak
f200d83698 [4.2.x] Fixed #34515 -- Made LocaleMiddleware prefer language from paths when i18n patterns are used. 
Regression in 94e7f471c4.

This reverts commit 94e7f471c4
(refs #34069) and
partly reverts commit 3b4728310a.

Thanks Anthony Baillard for the report.

Co-Authored-By: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>

Backport of 0e444e84f8 from main
 2023-05-02 06:33:23 +02:00
Mariusz Felisiak
fffbf85080 [4.2.x] Fixed #34512 -- Restored breadcrumbs on admin app index view. 
Thanks Adam (ataylor32) for the report.

Regression in 872b61193b.
Backport of 9440f6ba41 from main
 2023-04-26 08:37:30 +02:00
Mariusz Felisiak
f75a6977e4 [4.2.x] Refs #34483 -- Fixed timesince()/timeuntil() with timezone-aware dates on different days and interval less than 1 day. 
Follow up to 813015d67e.
Regression in 8d67e16493.
Backport of 198a19b692 from main
 2023-04-14 17:42:33 +02:00
Scott Macpherson
090d5ccc6c [4.2.x] Fixed #34486 -- Fixed DatabaseOperations.compose_sql() crash with no existing database connection on PostgreSQL. 
Regression in 09ffc5c121.

Backport of 53aee470d5 from main
 2023-04-14 11:02:47 +02:00
Mariusz Felisiak
cd464fbc3a [4.2.x] Refs #34483 -- Fixed utils_tests.test_timesince crash on Python 3.8. 2023-04-14 06:10:31 +02:00
nessita
a3c14ea61b [4.2.x] Fixed #34483 -- Fixed timesince()/timeuntil() with timezone-aware dates and interval less than 1 day. 
Regression in 8d67e16493.

Thanks Lorenzo Peña for the report.

Backport of 813015d67e from main
 2023-04-13 13:20:16 -03:00
Mariusz Felisiak
791407fef1 [4.2.x] Refs #34482 -- Reverted "Fixed #32969 -- Fixed pickling HttpResponse and subclasses." 
This reverts commit d7f5bfd241.

Thanks Márton Salomváry for the report.

Backport of 173034b005 from main
 2023-04-12 18:53:29 +02:00
Mariusz Felisiak
2feb9333e7 [4.2.x] Fixed #34484, Refs #34482 -- Reverted "Fixed #29186 -- Fixed pickling HttpRequest and subclasses." 
This reverts commit 6220c445c4.

Thanks Adam Johnson and Márton Salomváry for reports.

Backport of 280ca147af from main
 2023-04-12 18:53:22 +02:00
sarahboyce
facc153af7 [4.2.x] Fixed #34455 -- Restored i18n_patterns() respect of prefix_default_language argument when fallback language is used. 
Regression in 94e7f471c4.

Thanks Oussama Jarrousse for the report.

Backport of 3b4728310a from main
 2023-04-10 15:35:28 +02:00
Mariusz Felisiak
f6e0029fcd [4.2.x] Refs #34118 -- Fixed CustomChoicesTests.test_uuid_unsupported on Python 3.11.4+. 
5342f5e713

Follow up to 38e63c9e61.
Backport of 2eb1f37260 from main
 2023-04-07 11:08:32 +02:00
Mariusz Felisiak
b0d7753d07 [4.2.x] Fixed #34470 -- Enforced UTF-8 encoding on PostgreSQL. 
Regression in 6a21658163.
Backport of 5b8a043bf5 from main
 2023-04-07 10:12:19 +02:00
Anders Kaseorg
0bc2bbf041 [4.2.x] Fixed #34466 -- Reallowed setting cursor_factory in DATABASES["options"] on PostgreSQL. 
Regression in 09ffc5c121.

Backport of 73cbb372ba from main
 2023-04-07 09:21:54 +02:00