mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Code Issues 32 Releases Wiki Activity
33,912 Commits 30 Branches 460 Tags
a01d85d9416ca2aa9b3eca00a2f97a24ff25d303
Commit Graph

14096 Commits

Author SHA1 Message Date
Thibaut Decombe
b077982b3e [6.0.x] Refs #31223 -- Added __class_getitem__() to SetPasswordMixin. 
Backport of d0c8f89c94 from main.
 2025-10-14 08:15:01 -04:00
Sarah Boyce
0fa339ce71 [6.0.x] Fixed #36611, Refs #36580 -- Added system check for multicolumn ForeignObject in Meta.indexes/constraints/unique_together. 
ForeignObjects with multiple `from_fields` are not supported in these
options.

Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of 5b51e6f759 from main.
 2025-10-13 14:54:20 -03:00
Simon Charette
86e7406cfb [6.0.x] Fixed #36660 -- Fixed a regression in descending Index local field checks. 
Regression in 8638d8bf74.

Refs #36273.

Thanks Federico Bond for the report.

Backport of edde2891c3 from main.
 2025-10-13 10:51:22 -03:00
Mariusz Felisiak
851400194d [6.0.x] Refs #36491 -- Skipped ParallelTestSuiteTest.test_buffer_mode_reports_setupclass_failure() without tblib. 
Backport of 6cb641ba75 from main
 2025-10-02 13:20:55 +02:00
Sarah Boyce
af067f56c1 [6.0.x] Fixed CVE-2025-59682 -- Fixed potential partial directory-traversal via archive.extract(). 
Thanks stackered for the report.

Follow up to 05413afa8c.

Backport of 924a0c092e from main.
 2025-10-01 08:17:44 -04:00
Mariusz Felisiak
4ceaaee7e0 [6.0.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggregate(), and extra() against SQL injection in column aliases on MySQL/MariaDB. 
Thanks sw0rd1ight for the report.

Follow up to 93cae5cb2f.

Backport of 41b43c74bd from main.
 2025-10-01 08:17:15 -04:00
Mariusz Felisiak
2d502ed39d [6.0.x] Fixed assertIndexExists() crash when non-index constraint exists on the same columns. 
Backport of 8b84364d46 from main
 2025-09-29 23:01:42 +02:00
Shubham Singh
f8e91d0104 [6.0.x] Fixed #36491 -- Fixed crash in ParallelTestRunner with --buffer. 
Thanks Javier Buzzi and Adam Johnson for reviews.

Co-authored-by: Simon Charette <charette.s@gmail.com>

Backport of be581ff473 from main.
 2025-09-26 10:56:56 -04:00
SaJH
db2f206ee1 [6.0.x] Fixed #36434 -- Preserved unbuffered stdio (-u) in autoreloader child. 
Signed-off-by: SaJH <wogur981208@gmail.com>

Backport of 68aae8878f from main.
 2025-09-25 11:40:04 +02:00
Mridul Dhall
b15f8ba071 [6.0.x] Fixed #36543 -- Fixed time formats for fr_CA. 
Thanks Chris Anderson for the report.

Backport of b67a36ec6f from main.
 2025-09-23 16:53:58 +02:00
saJaeHyukc
e0f328d790 [6.0.x] Fixed #36264 -- Excluded proxy neighbors of parents from deletion collection when keep_parents=True. 
Signed-off-by: saJaeHyukc <wogur981208@gmail.com>

Backport of 748551fea0 from main.
 2025-09-23 16:45:23 +02:00
Ryan P Kilby
9575f813af [6.0.x] Fixed #35453 -- Made ManyToManyField.concrete False. 
ManyToManyField was already excluded from fields, concrete_fields,
and local_concrete_fields in Options.

Backport of f9a44cc0fa from main
 2025-09-22 21:52:21 -04:00
Simon Charette
ffac97bf63 [6.0.x] Fixed #36612 -- Fixed a KeyTextTransform crash on MySQL against annotations. 
MySQL only supports the ->> when used directly against columns, this can be
inferred by the presence of lhs.output_field.model as model bounds fields are
directly tied to columns.

Purposely don't systematically switch to using JSON_QUOTE(JSON_EXTRACT(...))
as there might be functional indices out there that rely on the SQL remaining
stable between versions.

Thanks Jacob Tavener for the report.

Backport of af84cfba59 from main.
 2025-09-22 09:02:01 +02:00
Samriddha9619
359c1c6ff9 [6.0.x] Fixed #36488 -- Fixed merging of query strings in RedirectView. 
Co-authored-by: Ethan Jucovy <ethan.jucovy@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of a36df6890d from main.
 2025-09-22 08:57:07 +02:00
Sarah Boyce
77ae09916d [6.0.x] Added cleanup of cache clearing to DjangoFilePrefixesTests.setUp(). 
Backport of 7528979153 from main.
 2025-09-19 10:23:13 +02:00
Jacob Walls
b931156c20 Refs #35859 -- Removed support for Task enqueuing on transaction commit. 
This removes the ability to configure Task enqueueing via a setting,
since the proposed `ENQUEUE_ON_COMMIT` did not support multi-database
setups.

Thanks to Simon Charette for the report.

Follow-up to 4289966d1b.
 2025-09-17 13:28:58 -03:00
Simon Charette
4fcc2883fa Refs #27222 -- Restored Model.save()'s refreshing of db_returning fields even if a value is set. 
The logic could likely be adjusted to assign the pre_save value in most cases
to avoid the database transit but it could break in subtle ways so it's not
worth the complexity it would require.

Regression in 94680437a4.

Co-authored-by: Tim Graham <timograham@gmail.com>
 2025-09-17 07:50:08 -04:00
antoliny0919
1e7728888d Fixed #36601 -- Fixed color contrast of FilteredSelectMultiple widget chosen labels in TabularInlines. 
Regression in a0f50c2a48.
 2025-09-17 09:56:01 +02:00
Adam Zapletal
606fc35279 Fixed #36083 -- Ran system checks in ParallelTestSuite workers. 
Workers created by ParallelTestSuite were not running system
checks in the spawn multiprocessing mode. In general this is
fine, but system checks can have side effects expected by tests.

This patch runs system checks inside of _init_worker, which is
only called by ParallelTestSuite.
 2025-09-16 21:57:22 -04:00
Adam Johnson
2336d5d33a Refs #36606 -- Added tests for QuerySet.values_list(flat=True) without fields. 2025-09-16 20:58:40 -04:00
Jake Howard
4289966d1b Fixed #35859 -- Added background Tasks framework interface. 
This work implements what was defined in DEP 14
(https://github.com/django/deps/blob/main/accepted/0014-background-workers.rst).

Thanks to Raphael Gaschignard, Eric Holscher, Ran Benita, Sarah Boyce,
Jacob Walls, and Natalia Bidart for the reviews.
 2025-09-16 17:28:32 -03:00
GappleBee
218f69f05e Fixed #28041 -- Added Lexeme expression to contrib.postgres.search. 
This expression automatically escapes its input and allows
fine-grained control over prefix matching and term weighting
via logical combinations.

Thanks Mariusz Felisiak, Adam Zapletal, Paolo Melchiorre,
Jacob Walls, Adam Johnson, and Simon Charette for reviews.

Co-authored-by: joetsoi <joetsoi@users.noreply.github.com>
Co-authored-by: Karl Hobley <karl@kaed.uk>
Co-authored-by: Alexandr Tatarinov <tatarinov1997@gmail.com>
 2025-09-16 15:09:11 -04:00
blingblin-g
e08fa42fa6 Fixed #36426 -- Added support for further iterables in prefetch_related_objects(). 
Thanks Sarah Boyce for the review.
 2025-09-16 14:14:23 -04:00
Jacob Walls
e059bbec96 Refs #27222 -- Deduplicated db_returning fields in Model.save(). 
Follow-up to 94680437a4.
 2025-09-16 12:54:10 -04:00
SaJH
8c621e9642 Fixed #36580 -- Fixed constraint validation crash when condition uses a ForeignObject. 
Follow-up to e44e8327d3. Refs #36222.
 2025-09-16 10:25:16 -04:00
SaJH
308f674e6d Refs #36580 -- Added coverage for excluding ForeignObject from constraint validation. 2025-09-16 10:25:16 -04:00
David Smith
82b3b84a78 Fixed OGRInspectTest.test_time_field with memory Spatialite database. 2025-09-16 08:10:31 +02:00
Natalia
424e0d8697 Fixed #36520 -- Reverted "Fixed #35440 -- Simplified parse_header_parameters by leveraging stdlid's Message." 
This partially reverts commit 9aabe7eae3.

The simplification of parse_header_parameters using stdlib's Message
is reverted due to a performance regression. The check for the header
maximum length remains in place, per Security Team guidance.

Thanks to David Smith for reporting the regression, and Jacob Walls for
the review.
 2025-09-15 22:14:50 -03:00
Caitie Baca
0e0b4214c3 Fixed #36589 -- Made assertTemplateUsed/NotUsed track full path for PartialTemplate. 
Previously, assertTemplateUsed only matched partial names, ignoring
the template origin. This caused assertions on partials specified by
origin ("template.html#partial") to fail. Refs #36410.
 2025-09-15 16:45:13 -04:00
David Sanders
6e89271a85 Refs #27489 -- Made RenamePermission() operation respect database. 
Regression in f02b49d2f3.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2025-09-15 21:17:18 +02:00
Simon Charette
94680437a4 Fixed #27222 -- Refreshed model field values assigned expressions on save(). 
Removed the can_return_columns_from_insert skip gates on existing
field_defaults tests to confirm the expected number of queries are
performed and that returning field overrides are respected.
 2025-09-14 00:27:50 +02:00
Simon Charette
55a0073b3b Refs #27222 -- Refreshed GeneratedFields values on save() initiated update. 
This required implementing UPDATE RETURNING machinery that heavily
borrows from the INSERT one.
 2025-09-14 00:27:49 +02:00
Adam Johnson
7b26b64a63 Refs #35667 -- Cached Django file prefixes for warnings. 2025-09-12 10:35:01 +02:00
Adam Johnson
41bc48ac1e Fixed #36603 -- Optimized check order in LoginRequiredMiddleware. 2025-09-11 11:09:53 +02:00
Tim Graham
2a636118da Fixed #36564 -- Changed DEFAULT_AUTO_FIELD from AutoField to BigAutoField. 2025-09-05 10:43:10 -04:00
Ryan P Kilby
bad03eb108 Fixed #36481 -- Fixed QuerySet.update concrete fields check. 
FieldError is now emitted for invalid update calls involving reverse
relations, where previously they failed with AttributeError.
 2025-09-04 12:15:45 -04:00
Ryan P Kilby
11c2c9ac17 Refs #36481 -- Improved test coverage for invalid updates on reverse relations. 2025-09-04 12:15:45 -04:00
farhan
34bd3ed944 Refs #36559, #35667 -- Used skip_file_prefixes in PartialTemplate.source warning. 2025-09-04 12:14:10 -04:00
Ronan LE HAY
e197953f11 Refs #34989 -- Ensured the Content-Length header is set when redirect with APPEND_SLASH. 2025-09-03 22:49:34 +02:00
farhan
d82f25d3f0 Fixed #36559 -- Respected verbatim and comment blocks in PartialTemplate.source. 2025-09-03 10:59:58 -04:00
farhan
3485599ef0 Refs #36559 -- Ran template partial source tests in debug mode only. 
Added a warning for accessing PartialTemplate.source when debugging is disabled.
Thanks Sarah Boyce for the idea.
 2025-09-03 10:59:58 -04:00
Jake Howard
5171171709 Fixed CVE-2025-57833 -- Protected FilteredRelation against SQL injection in column aliases. 
Thanks Eyal Gabay (EyalSec) for the report.
 2025-09-03 13:10:58 +02:00
SaJH
bb7a7701b1 Fixed #36431 -- Returned tuples for multi-column ForeignObject in values()/values_list(). 
Thanks Jacob Walls and Simon Charette for tests.

Signed-off-by: SaJH <wogur981208@gmail.com>
 2025-08-29 15:33:44 -04:00
Jacob Walls
2d453a2a68 Refs #36152 -- Suppressed duplicate warning when using "%" in alias via values(). 2025-08-29 13:45:08 -04:00
SaJH
0be1c4575b Fixed #34624 -- Removed change, delete, and view buttons for non-Select widgets in RelatedFieldWidgetWrapper. 
Signed-off-by: SaJH <wogur981208@gmail.com>
 2025-08-29 08:38:12 +02:00
Rob Hudson
550822bcee Fixed #36532 -- Added Content Security Policy view decorators to override or disable policies. 
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
 2025-08-28 17:23:48 -03:00
Jake Howard
41ff30f6f9 Refs #36520 -- Ensured only the header value is passed to parse_header_parameters for multipart requests. 
Header parsing should apply only to the header value. The previous
implementation happened to work but relied on unintended behavior.
 2025-08-28 14:25:36 -03:00
SaJH
a9fe98d5bd Fixed #35533 -- Prevented urlize creating broken links given a markdown link input. 
Signed-off-by: SaJH <wogur981208@gmail.com>
 2025-08-28 08:54:56 +02:00
Tim Graham
1285de557b Fixed incorrect IDs in test_in_bulk_preserve_ordering. 2025-08-27 18:23:42 -04:00
Sarah Boyce
d0e4dd5cdd Fixed #36572 -- Revert "Fixed #36546 -- Deprecated django.utils.crypto.constant_time_compare() in favor of hmac.compare_digest()." 
This reverts commit 0246f47888.
 2025-08-27 10:50:50 +02:00