Hopiu/django
1
0
Fork 0
mirror of https://github.com/Hopiu/django.git synced 2026-03-20 16:00:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
29893 commits 1 branch 0 tags 216 MiB
Commit graph

12512 commits

Author SHA1 Message Date
Ian Foote
f42ccdd835 Fixed #27021 -- Allowed lookup expressions in annotations, aggregations, and QuerySet.filter(). 
Thanks Hannes Ljungberg and Simon Charette for reviews.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2021-07-09 11:43:06 +02:00
Chris Jerdonek
90ba716bf0 Fixed #24522 -- Added a --shuffle option to DiscoverRunner. 2021-07-08 07:29:04 +02:00
Mariusz Felisiak
77b88fe621
Fixed #32908 -- Allowed select_for_update(skip_locked) on MariaDB 10.6+. 2021-07-08 06:51:10 +02:00
Claude Paroz
7309393c3a Documented in_bulk behavior with nonexistent id_list items. 
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
 2021-07-07 10:13:32 +02:00
Hannes Ljungberg
a06b977a91 Fixed #32776 -- Added support for Array subqueries on PostgreSQL. 2021-07-06 07:36:52 +02:00
Nick Pope
fa35c8bdbc
Fixed #30934 -- Included database alias in django.db.backends log messages. 
This is useful when working with database routing as you want to know
where each query is being executed.

Co-authored-by: David Winterbottom <david.winterbottom@gmail.com>
 2021-07-02 15:36:53 +02:00
Simon Charette
9f3cce172f Refs #26430 -- Re-introduced empty aggregation optimization. 
The introduction of the Expression.empty_aggregate_value interface
allows the compilation stage to enable the EmptyResultSet optimization
if all the aggregates expressions implement it.

This also removes unnecessary RegrCount/Count.convert_value() methods.
Disabling the empty result set aggregation optimization when it wasn't
appropriate prevented None returned for a Count aggregation value.

Thanks Nick Pope for the review.
 2021-07-02 07:25:42 +02:00
Mariusz Felisiak
8feb2a49fa Added CVE-2021-35042 to security archive. 2021-07-01 09:57:08 +02:00
Mariusz Felisiak
bcea1a3193 Added stub release notes for Django 3.2.6. 2021-07-01 09:43:15 +02:00
Mariusz Felisiak
dae83a2451 Forwardported release notes for CVE-2021-35042. 2021-07-01 09:42:54 +02:00
Daniele Procida
62988afbea Refs #32880 -- Renamed/reordered logging topic sections. 
Moved sections so that how-to type material is all together, and
renamed headings so it's clearer what those sections are about, in
anticipation of creating a separate how-to document and expanding
the material.
 2021-07-01 07:30:53 +02:00
Daniele Procida
261ca6ce2e Removed trailing whitespace in logging topic. 2021-07-01 07:12:56 +02:00
Mariusz Felisiak
8e97698d7b Added stub release notes for 3.1.13 and release date for 3.2.5. 2021-07-01 06:52:41 +02:00
Thomas Guettler
775f7506d7 Fixed #32850 -- Doc'd Sitemap.paginator. 2021-06-30 20:11:49 +02:00
Daniele Procida
e3d55eeb14 Refs #32880 -- Moved logging reference to new document. 
Completed a first step in moving reference and how-to material out of
the topic document.
 2021-06-30 07:21:52 +02:00
abhiabhi94
cd124295d8 Fixed #32381 -- Made QuerySet.bulk_update() return the number of objects updated. 
Co-authored-by: Diego Lima <diego.lima@lais.huol.ufrn.br>
 2021-06-29 06:58:46 +02:00
Daniele Procida
d79be3ed39 Refs #32880 -- Rearranged logging security notes. 
Expanded security notes and moved them under a new explanation heading
of their own for future reference and expansion.

Removed specific reference to Sentry since there are multiple
third-party services that fulfill that role.
 2021-06-28 11:46:37 +02:00
Claude Paroz
495083e3e1 Updated translations from Transifex. 
Forwardport of 04b744050f1743a88e2bf0ca2ca82b34e3361f50 from stable/3.2.x.
 2021-06-28 07:08:39 +02:00
Daniele Procida
e9fbd73480 Refs #32880 -- Improved some how-to notes in logging topic. 2021-06-26 13:39:07 +02:00
Daniele Procida
64839512a6
Refs #32880 -- Improved some headings and text in logging topic. 2021-06-24 13:41:56 +02:00
Peter Inglesby
1bbb98d9a4 Fixed #32363 -- Ensured sys.__interactivehook__ is called in shell 
By default, this means that readline is properly registered, so that
.python_history is used.

sys.__interactivehook__ may be set by a $PYTHONSTARTUP file.
 2021-06-23 14:53:41 +02:00
Hasan Ramezani
7a9745fed4 Fixed #32863 -- Skipped system check for specifying type of auto-created primary keys on models with invalid app_label. 
Regression in b5e12d490a.

Thanks Iuri de Silvio for the report.
 2021-06-22 20:47:15 +02:00
Russell Keith-Magee
4f0a034b9e
Added a note about %autoawait off for IPython. 2021-06-22 10:23:03 +02:00
Timothy McCurrach
4659a790cf Fixed #32860 -- Made docs permalinks focusable to improve accessibility. 2021-06-21 13:47:26 +02:00
Carlton Gibson
225d96533a Fixed #30427, Fixed #16176 -- Corrected setting descriptor in Field.contribute_to_class(). 
Co-authored-by: Jarek Glowacki <jarekwg@gmail.com>
 2021-06-15 12:01:28 +02:00
Keryn Knight
854e9b0668 Fixed #32824 -- Improved performance of NodeList.render(). 
This avoids the following:
 - checking that each item in the nodelist is a subclass of Node,
 - calling str() on the render_annotated() output, because it's
   documented that Node.render() must return a string,
 - calling mark_safe() on the output, when the value to be wrapped is
   definitively known to be a string because the result of ''.join()
   is always of that type,
 - using an intermediate list to store each individual string.
 2021-06-11 12:22:06 +02:00
Mariusz Felisiak
fa0433d05f Fixed #32832 -- Fixed adding BLOB/TEXT nullable field with default on MySQL 8.0.13+. 
Regression in d4ac23bee1.

Thanks Omkar Deshpande for the report.
 2021-06-10 20:03:43 +02:00
Mariusz Felisiak
57bc16b38e Refs #32503 -- Added release notes for 5e04e84d67. 2021-06-10 20:03:43 +02:00
Angus Holder
3e73c65ffc Fixed #32195 -- Added system check for invalid view in path() and improved error messages. 2021-06-09 09:06:42 +02:00
Mariusz Felisiak
fcd44b889f
Refs #14357 -- Updated docs about interaction between aggregations and QuerySet.order_by(). 
Obsolete since 0ddb4ebf7b.
 2021-06-08 16:39:00 +02:00
Sanskar Jaiswal
8c3bd0b708 Fixed #31653 -- Added AddConstraintNotValid()/ValidateConstraint() operations for PostgreSQL. 2021-06-08 07:46:51 +02:00
Claude Paroz
ecf8af7935
Fixed header underlines in performance docs. 2021-06-05 18:20:40 +02:00
David Smith
d8c17aa10c Refs #32338 -- Improved accessibility of RadioSelect examples in docs. 
Co-authored-by: Thibaud Colas <thibaudcolas@gmail.com>
 2021-06-04 08:28:25 +02:00
Takayuki Hirayama
0393b9262d Fixed #32812 -- Restored immutability of named values from QuerySet.values_list(). 
Regression in 981a072dd4.

Thanks pirelle for the report.
 2021-06-04 07:23:16 +02:00
Mariusz Felisiak
f10c52afab
Refs #31356 -- Changed IRC links to the Libera.Chat webchat. 
Follow up to 66491f08fe.
 2021-06-03 12:07:30 +02:00
Jacob Walls
f0d0d29f03
Fixed typos in docs. 2021-06-03 07:49:50 +02:00
Mariusz Felisiak
d9cee3f5f2 Fixed docs header underlines in security archive. 2021-06-02 12:16:38 +02:00
Carlton Gibson
ba10772bf6 Added stub release notes for Django 3.2.5. 2021-06-02 11:25:32 +02:00
Carlton Gibson
a39f235ca4 Added CVE-2021-33203 and CVE-2021-33571 to security archive. 2021-06-02 11:15:54 +02:00
Mariusz Felisiak
e1d787f1b3 Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses. 
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.

[1] https://bugs.python.org/issue36384
 2021-06-02 10:58:39 +02:00
Florian Apolloner
46572de2e9 Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView. 2021-06-02 10:58:39 +02:00
Carlton Gibson
f66ae7a2d5 Confirmed release date for Django 3.2.4, 3.1.12, and 2.2.24. 2021-06-02 10:19:19 +02:00
Jacob Walls
1443b5e9ac
Fixed typo in docs/internals/contributing/writing-code/coding-style.txt. 2021-06-02 08:14:57 +02:00
Mariusz Felisiak
e703b152c6
Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL. 
Regression in 1e38f1191d.

Thanks Mohsen Tamiz for the report.
 2021-06-01 15:11:42 +02:00
Daniyal
a0410ffe8f Refs #32552 -- Added DiscoverRunner.log() to allow customization. 
Thanks Carlton Gibson, Chris Jerdonek, and David Smith for reviews.
 2021-06-01 13:31:44 +02:00
Gildardo Adrian Maravilla Jacome
91e21836f6 Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage. 2021-05-31 11:09:48 +02:00
David Sanders
5685b7cd73
Fixed typos in comments and docs. 2021-05-29 12:51:14 +02:00
David Wobrock
b9df2b74b9 Fixed #32676 -- Prevented migrations from rendering related field attributes when not passed during initialization. 
Thanks Simon Charette for the implementation idea.
 2021-05-28 20:25:59 +02:00
Hannes Ljungberg
b746596f5f Refs #32779 -- Changed DatabaseSchemaEditor._unique_sql()/_create_unique_sql() to take fields as second parameter. 2021-05-28 10:50:27 +02:00
Mohammadreza Varasteh
e93eb3d971 Fixed #32789 -- Made feeds emit elements with no content as self-closing tags. 2021-05-27 21:05:28 +02:00
Nick Pope
e513fb0e77 Fixed typo in MiddlewareMixin deprecation note. 2021-05-27 06:17:30 +02:00
Mariusz Felisiak
12b19a1d76
Fixed #32783 -- Fixed crash of autoreloader when __main__ module doesn't have __spec__ attribute. 
Regression in ec6d2531c5.

Thanks JonathanNickelson for the report.
 2021-05-26 11:19:47 +02:00
Hasan Ramezani
1143f3bb5e Fixed #32543 -- Added search_help_text to ModelAdmin. 2021-05-26 10:20:13 +02:00
Carlton Gibson
b46dbd4e3e Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24. 2021-05-26 10:16:05 +02:00
Hasan Ramezani
68357b2ca9 Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for template changes. 2021-05-26 09:41:29 +02:00
Rohith PR
7cca22964c Fixed #32375 -- Started deprecation toward changing the default sitemap protocol to https. 
The default sitemap protocol, when it is built outside the context of
a request, will be changed from 'http' to 'https' in Django 5.0.
 2021-05-21 11:00:54 +02:00
yyyyyyyan
e197dcca36 Clarified docs about increasing the work factor for bcrypt hasher. 2021-05-20 20:24:51 +02:00
Mariusz Felisiak
66491f08fe
Changed IRC references to Libera.Chat. 2021-05-20 12:23:36 +02:00
Ben Sturmfels
31b6ce9ff9 Fixed note about ISP caching in docs. 
Regression in 7aabd62380.
 2021-05-20 10:55:42 +02:00
David Sanders
736bb9868a Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods. 2021-05-20 07:29:16 +02:00
Mike Lissner
6e155d280d Added note about culling in database cache backend docs. 
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2021-05-20 06:24:48 +02:00
David D Lowe
fa4e963ee7 Doc'd that HttpRequest.path doesn't contain a query string. 2021-05-19 11:23:56 +02:00
Carlton Gibson
c2e6047c72 Fixed #32740 -- Caught possible exception when initializing colorama. 2021-05-19 10:33:15 +02:00
David Sanders
dacc307d93
Fixed typo in docs/ref/contrib/admin/index.txt. 2021-05-19 07:28:56 +02:00
Claude Paroz
8cd55021bc Fixed #32379 -- Started deprecation toward changing default USE_TZ to True. 
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2021-05-18 20:26:44 +02:00
Mariusz Felisiak
958cdf65ae Fixed #32747 -- Prevented initialization of unused caches. 
Thanks Alexander Ebral for the report.

Regression in 98e05ccde4.
 2021-05-18 18:24:19 +02:00
Rust Saiargaliev
a24fed399c Fixed #32733 -- Skipped system check for specifying type of auto-created primary keys on abstract models. 
Regression in b5e12d490a.
 2021-05-18 13:02:33 +02:00
Girish Sontakke
27d4573d35
Fixed #32755 -- Corrected Model.get_absolute_url() example in docs. 2021-05-18 11:30:38 +02:00
Slava Skvortsov
f7691d4812 Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME. 
Regression in ba31b01034.
 2021-05-18 09:14:05 +02:00
Nick Pope
0851933cba Fixed #32720 -- Added configuration and docs for Sphinx link checker. 
We explicitly ignore checking anchors for line-range anchors on GitHub
which are dynamically generated and, otherwise, show up as broken links.

See https://github.com/sphinx-doc/sphinx/issues/7388#issuecomment-739961689.

We also ignore links to resources that require authentication.
 2021-05-17 11:21:35 +02:00
Nick Pope
c156e36955 Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. 2021-05-17 09:46:09 +02:00
Nick Pope
7c4ee487c7 Refs #32720 -- Fixed some broken links in docs. 2021-05-17 09:22:17 +02:00
Nick Pope
1c3bbcf802 Refs #32720 -- Used full hashes in security archive. 2021-05-17 08:27:46 +02:00
Mariusz Felisiak
df5c96299a Corrected commit hashes for security patches. 2021-05-17 08:26:06 +02:00
Nick Pope
8c4caee76a Refs #32720 -- Used :commit: and :source: role in old release notes. 2021-05-17 07:36:57 +02:00
Mariusz Felisiak
820408d842 Added stub release notes for Django 3.2.4. 2021-05-13 09:42:26 +02:00
Mariusz Felisiak
b55699968f
Fixed #32718 -- Relaxed file name validation in FileField. 
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
 2021-05-13 08:53:44 +02:00
Simon Charette
b81c7562fc Fixed #32717 -- Fixed filtering of querysets combined with the | operator. 
Address a long standing bug in a Where.add optimization to discard
equal nodes that was surfaced by implementing equality for Lookup
instances in bbf141bcdc.

Thanks Shaheed Haque for the report.
 2021-05-13 07:26:52 +02:00
Raffaele Salmaso
3733ae8957 Fixed #32031 -- Added model class for each model to AdminSite.each_context(). 2021-05-13 06:57:09 +02:00
David Smith
0456d3e427
Fixed #26721 -- Doc'd setting UTF-8 on Windows. 2021-05-12 20:46:01 +02:00
Nick Pope
29e4ccb1a2 Fixed #32738 -- Deprecated django.utils.datetime_safe module. 2021-05-12 14:42:17 +02:00
Nick Pope
1061f52436 Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection options in MySQL backend. 
The 'db' and 'passwd' connection options have been deprecated, use
'database' and 'password' instead (available since mysqlclient >= 1.3.8).

This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.
 2021-05-12 12:21:57 +02:00
Nick Pope
69ffb1acf3 Refs #32366 -- Avoided use of datetime.utcnow() in the documentation. 2021-05-12 11:06:31 +02:00
Nick Pope
88b3982af3 Fixed a typo in docs/ref/models/fields.txt. 
datetime.date.utcnow() doesn't exist, should be .today().
 2021-05-12 11:06:29 +02:00
Mariusz Felisiak
d1f1417cae
Refs #32718 -- Corrected CVE-2021-31542 release notes. 2021-05-12 10:42:01 +02:00
Nick Pope
34363a391b Fixed #32735 -- Made DateFormat.Y() return a zero-padded year. 2021-05-12 08:17:06 +02:00
Jordi Castells
205c36b58f Fixed #32670 -- Allowed GDALRasters to use any GDAL virtual filesystem. 2021-05-07 20:03:46 +02:00
Hasan Ramezani
028f10fac6 Fixed #32712 -- Deprecated django.utils.baseconv module. 2021-05-07 11:57:40 +02:00
Nick Pope
c240ceea7d
Fixed typo in docs/internals/contributing/writing-documentation.txt. 2021-05-06 20:01:32 +02:00
Mariusz Felisiak
29779075d7 Added stub release notes for Django 3.2.3. 2021-05-06 10:08:00 +02:00
Mariusz Felisiak
efebcc429f Added CVE-2021-32052 to security archive. 2021-05-06 09:58:24 +02:00
Mariusz Felisiak
e1e81aa1c4
Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+. 
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
 2021-05-06 08:45:23 +02:00
Simon Charette
96f55ccf79 Fixed #32714 -- Prevented recreation of migration for Meta.ordering with OrderBy expressions. 
Regression in c8b6594305.

Thanks Kevin Marsh for the report.
 2021-05-05 08:43:57 +02:00
Carlton Gibson
62b2e8b37e Added commits for CVE-2021-31542 to security archive. 2021-05-04 11:09:21 +02:00
Carlton Gibson
607ebbfba9 Added CVE-2021-31542 to security archive. 2021-05-04 11:06:07 +02:00
Carlton Gibson
5a43cfe245 Added stub release notes for Django 3.2.2. 2021-05-04 11:01:33 +02:00
Florian Apolloner
0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Susan Wright
7582d913e7
Added spelling option to make.bat. 2021-04-30 14:04:22 +02:00
Tim Graham
54da6e2ac2 Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. 2021-04-30 12:32:52 +02:00
Hasan Ramezani
8bcb00858e Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ExceptionReporter._get_raw_insecure_uri(). 2021-04-30 08:05:42 +02:00