mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-01 04:04:54 +00:00
Code Issues32 Releases Wiki Activity
30,448 Commits 29 Branches 434 Tags
9e0df0d6dd
Commit Graph

12197 Commits

Author SHA1 Message Date
Mariusz Felisiak
fc18f36c4a Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 
Thanks Alan Ryan for the report and initial patch.
 2022-02-01 07:41:40 +01:00
Markus Holtermann
394517f078 Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. 
Thanks Keryn Knight for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-02-01 07:40:51 +01:00
Kirill Safronov
97a7274468 Fixed -- Fixed makemigrations crash when renaming field of renamed model. 
Regression in aa4acc164d1247c0de515c959f7b09648b57dc42.
 2022-02-01 07:01:41 +01:00
Mariusz Felisiak
71e7c8e737
Fixed -- Fixed QuerySet.aggregate() after annotate() crash on aggregates with default. 
Thanks Adam Johnson for the report.
 2022-01-31 11:33:24 +01:00
Keryn Knight
55022f75c1 Fixed -- Added empty __slots__ to SafeString and SafeData. 
Despite inheriting from the str type, every SafeString instance gains
an empty __dict__ due to the normal, expected behaviour of type
subclassing in Python.

Adding __slots__ to SafeData is necessary, because otherwise inheriting
from that (as SafeString does) will give it a __dict__ and negate the
benefit added by modifying SafeString.
 2022-01-29 13:50:34 +01:00
Keryn Knight
c5c7a15b09 Fixed -- Escaped template errors in the technical 500 debug page. 2022-01-28 07:07:12 +01:00
vgolubev
e87f57fdb8 Fixed -- Allowed model formsets to prevent new object creation. 
Thanks Jacob Walls, David Smith, and Mariusz Felisiak for reviews.

Co-authored-by: parth <parthvin@gmail.com>
 2022-01-27 20:45:21 +01:00
Jörg Breitbart
0af9a5fc7d Fixed -- Fixed QuerySet.bulk_update() with F() expressions. 2022-01-27 19:03:26 +01:00
Mariusz Felisiak
e972620ada
Fixed -- Fixed migration crash when altering type of primary key with MTI and foreign key. 
This prevents duplicated operations when altering type of primary key
with MTI and foreign key. Previously, a foreign key to the base model
was added twice, once directly and once by the inheritance model.

Thanks bcail for the report.

Regression in 325d7710ce9f6155bb55610ad6b4580d31263557.
 2022-01-27 18:51:39 +01:00
Carlton Gibson
d15a10afb5
Adjusted CBV resolver_match example in testing tools docs. 
The view_class is available on the view callback, allowing that to be
checked, rather than the __name__.
 2022-01-26 20:58:22 +01:00
Mariusz Felisiak
f38c3cbadc
Increased test coverage for django.contrib.gis.gdal.layer.Layer. 2022-01-26 17:47:03 +01:00
Jacob Walls
edbf930287 Fixed -- Added QuerySet.iterator() support for prefetching related objects. 
Co-authored-by: Raphael Kimmig <raphael.kimmig@ampad.de>
Co-authored-by: Simon Charette <charette.s@gmail.com>
 2022-01-25 06:12:04 +01:00
Timothy McCurrach
efb4478e48 Fixed -- Fixed encoding of messages with empty string as extra_tags. 2022-01-24 07:05:53 +01:00
Claude Paroz
7c4f396509 Stopped including type="text/css" attributes for CSS link tags. 2022-01-22 16:38:14 +01:00
My-Name-Is-Nabil
9dc65263d4 Fixed -- Improved error message when selenium is not installed. 2022-01-21 21:54:10 +01:00
Jacob Walls
2d8232fa71 Fixed -- Added --prune option to migrate command. 2022-01-21 17:10:31 +01:00
Fabian Büchler
eeff1787b0 Fixed -- Fixed makemigrations crash on models without Meta.order_with_respect_to but with _order field. 
Regression in aa4acc164d1247c0de515c959f7b09648b57dc42.
 2022-01-21 06:44:53 +01:00
Mariusz Felisiak
f605e85af9
Fixed -- Dropped support for GDAL 2.1. 2022-01-20 18:54:29 +01:00
Hrushikesh Vaidya
3fadf141e6 Fixed -- Made MultiPartParser remove non-printable chars from file names. 2022-01-20 07:19:52 +01:00
sean_c_hsu
0f6946495a Fixed -- Added support for updating conflicts to QuerySet.bulk_create(). 
Thanks Florian Apolloner, Chris Jerdonek, Hannes Ljungberg, Nick Pope,
and Mariusz Felisiak for reviews.
 2022-01-19 20:17:42 +01:00
Mariusz Felisiak
4a8ac604b1
Added tests for SpatialReference.to_esri()/from_esri(). 2022-01-19 16:03:04 +01:00
Adam Johnson
dc8bb35e39 Fixed -- Added CSS source map support to ManifestStaticFilesStorage. 2022-01-18 12:53:14 +01:00
Mariusz Felisiak
30a0144134
Fixed -- Allowed using combined queryset in Subquery. 
Thanks Eugene Kovalev for the initial patch, Simon Charette for the
review, and Chetan Khanna for help.
 2022-01-17 18:01:07 +01:00
My-Name-Is-Nabil
f37face331 Fixed -- Fixed invalid SQL generatered by Subquery.as_sql(). 2022-01-17 09:00:46 +01:00
Ayush Joshi
0a17666045 Fixed -- Made simplify_regex() handle non-capturing groups. 2022-01-14 11:01:02 +01:00
Adam Johnson
fdfa97fb16 Fixed -- Restored immutability of models.Field.__hash__(). 
Regression in 502e75f9ed5476ffe8229109acf0c23999d4b533.
 2022-01-14 07:00:48 +01:00
Adam Johnson
45a42aabfa Fixed -- Deprecated PickleSerializer. 2022-01-13 13:50:20 +01:00
Adam Johnson
436862787c Refs -- Made SessionBase store expiry as string. 2022-01-13 13:05:42 +01:00
Adam Johnson
08d8bccbf1 Improved Model.__init__() properties loop. 
This improves readability, accumulates unrecognized arguments raise an
exception with all of them, and avoids refetching the values.
 2022-01-13 11:09:37 +01:00
Mariusz Felisiak
0a4a5e5bac
Refs -- Fixed VariableDoesNotExist when rendering some admin template. 
Regression in 84609b3205905097d7d3038d32e6101f012c0619.

Follow up to 4e5bbb6ef2287126badd32842b239f4a8a7394ca.

Thanks Sourav Kumar for the report.
 2022-01-13 10:10:48 +01:00
Hrushikesh Vaidya
6815da6e94 Fixed -- Added view name to technical 500 debug page. 2022-01-13 07:02:41 +01:00
Adam Johnson
84e98ba194
Added exception to SuspiciousOperation logging. 
This allows better debugging and filtering of errors.
 2022-01-12 13:27:25 +01:00
Jacob Walls
dc9deea8e8 Fixed -- Changed default value of ModelAdmin.actions/inlines to empty tuples. 
This clarifies the intended pattern of overwriting the default value
rather than mutating it.
 2022-01-11 12:22:49 +01:00
mgaligniana
fa235004dd Fixed -- Made pre/post_delete signals dispatch the origin. 2022-01-11 08:06:18 +01:00
Jacob Walls
6f78cb6b13 Fixed -- Added --scriptable option to makemigrations. 2022-01-10 18:49:57 +01:00
Keryn Knight
f4b06a3cc1 Fixed -- Fixed ResolverMatch.__repr_() for class-based views. 
Regression in 7c08f26bf0439c1ed593b51b51ad847f7e262bc1.
 2022-01-10 17:30:41 +01:00
Jacob Walls
3430093a46
Refs -- Removed python-memcached from test requirements. 
Follow up to 05f3a6186efefc9fca2204a745b992501c6fd91f.
 2022-01-10 06:39:15 +01:00
Keryn Knight
2a66c102d9 Fixed -- Fixed view name for CBVs on technical 404 debug page. 
Regression in 0c0b87725bbcffca3bc3a7a2c649995695a5ae3b.
 2022-01-08 13:05:55 +01:00
David
4c60c3edff Fixed -- Restored marking forms.Field.help_text as HTML safe. 
Regression in 456466d932830b096d39806e291fe23ec5ed38d5.

Thanks Matt Westcott for the report.
 2022-01-07 15:35:31 +01:00
Ad Timmering
bdf3e156b4 Fixed -- Changed \d to [0-9] in regexes where appropriate. 2022-01-07 12:25:06 +01:00
Ad Timmering
fe76944269 Refs -- Added tests for intcomma with non-ASCII digits. 2022-01-07 12:23:33 +01:00
Allen Jonathan David
28c98d4113 Fixed -- Simpilified deconstructed paths for some expressions. 2022-01-07 11:19:29 +01:00
Baptiste Mispelon
c67e1cf44f Refs -- Deprecated passing errors=None to SimpleTestCase.assertFormError()/assertFormsetErrors(). 2022-01-06 17:29:32 +01:00
Petter Friberg
bc174e6ea0 Fixed -- Fixed recursive capturing of callbacks by TestCase.captureOnCommitCallbacks(). 
Regression in d89f976bddb49fb168334960acc8979c3de991fa.
 2022-01-06 06:38:17 +01:00
Ad Timmering
806efe912b Fixed -- Added support for msg_prefix and count arguments to assertTemplateUsed()/assertTemplateNotUsed() used as context managers. 2022-01-05 12:49:42 +01:00
Jamie Matthews
f5233dce30 Fixed -- Corrected handling prefetched nested reverse relationships. 
When prefetching a set of child objects related to a set of parent
objects, we usually want to populate the relationship back from the
child to the parent to avoid a query when accessing that relationship
attribute. However, there's an edge case where the child queryset
itself specifies a prefetch back to the parent. In that case, we want
to use the prefetched relationship rather than populating the reverse
relationship from the parent.
 2022-01-05 09:49:05 +01:00
Allen Jonathan David
205f67cd5b Refs -- Made @deconstructible do not change path for subclasses. 2022-01-04 13:15:29 +01:00
Allen Jonathan David
194ca77092 Refs -- Added more tests for @deconstructible decorator. 2022-01-04 13:08:36 +01:00
Florian Apolloner
6d343d01c5 Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. 
Thanks to Dennis Brinkrolf for the report.
 2022-01-04 10:04:12 +01:00
Florian Apolloner
761f449e0d Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. 
Thanks to Dennis Brinkrolf for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:03:56 +01:00