| Age | Commit message (Collapse) | Author |
|
Relocated BaseEmailBackendTests that are _not_ dependent on the email
backend.
- In general, moved test cases to EmailMessageTests or SendMailTests
as appropriate, and changed them to work with the testing outbox.
- Replaced BaseEmailBackendTests.test_send_verbose_name() with
EmailMessageTests.test_unicode_display_name_in_from_email().
(EmailMessageTests.test_address_header_handling() also partly covers
the behavior, as well as Python's own message serialization tests.)
- Removed BaseEmailBackendTests.test_message_cc_header(), which was
already covered by EmailMessageTests.test_cc*() (and Python's own
message serialization tests).
- Replaced BaseEmailBackendTests.test_idn_send() with
EmailMessageTests.test_idn_addresses() to cover from_email and cc.
(EmailMessageTests.test_address_header_handling() already covered to.)
- Removed BaseEmailBackendTests.test_recipient_without_domain(), which
was partly covered by EmailMessageTests.test_localpart_only_address().
Updated the latter to cover a localpart-only from_email.
- Updated docstrings and comments to clarify a few tests that _do_
depend on the email backend.
|
|
Replaced large MailTests class with smaller classes focused on
specific django.core.mail APIs:
- EmailMessageTests: covering EmailMessage and EmailMultiAlternatives
classes (the bulk of the former MailTests cases).
- SendMailTests, SendMassMailTests, MailAdminsAndManagersTests:
covering the function-based mail APIs.
- GetConnectionTests: covering get_connection().
- DeprecatedInternalsTests: covering deprecated internal methods used
in deprecated functionality.
- DummyBackendTests: covering the dummy EmailBackend.
In the process, moved the two cases from MailTimeZoneTests into the new
EmailMessageTests, as they related to EmailMessage Date headers.
|
|
Broke apart independent cases in mail tests using subTest() or separate
methods.
|
|
Django automatically substitutes the locmem EmailBackend during tests,
and SimpleTestCase empties mail.outbox before each test.
|
|
Altering the .po files by hand was causing incorrect line numbers and
plural forms. Since our fetching procedure does not recompile any
hand-edited .po files to .mo files for production use, just accept
Transifex's plural forms as a source of truth.
https://forum.djangoproject.com/t/discourage-releasers-from-editing-po-files-by-hand/44441
|
|
Passing the --domain flag again just overwrites the prior value.
|
|
|
|
Added a fast-path to parse_header_parameters
Benchmark results (50,000 iterations):
- Simple headers: ~73% improvement
Thanks Nick Pope (@ngnpope) for the review.
|
|
As originally written, this test interfered with
admin_views.tests.SeleniumTests.test_inline_uuid_pk_add_with_popup.
To fix this, register the new ModelAdmin with a different AdminSite.
|
|
As the oldest supported version is Django 5.2, we only need constants for PY310+.
|
|
For use in checking user permissions via has_perm().
Co-authored-by: 사재혁 <jaehyuck.sa.dev@gmail.com>
|
|
|
|
projects.unbit.it has an invalid certificate and provides old packages.
|
|
The decorator was updated to accept **kwargs and forward them to
task_class, allowing additional parameters to be passed to custom
Task subclasses.
|
|
The artifacts downloaded from media.djangoproject.com use a lowercase
"django-" prefix but the script searched for capital D. Error was:
"ls: cannot access 'Django-*.tar.gz': No such file or directory"
The tarball and wheel smoke-tests used the same `test_one` folder inside
the same working directory, so the second invocation failed with
"CommandError: '/tmp/tmp.1234567890' already exists".
|
|
request bodies.
Notably that the limit can be bypassed under ASGI.
|
|
CVE-2026-33034 to security archive.
|
|
|
|
ASGI requests.
The `body` property in `HttpRequest` checks DATA_UPLOAD_MAX_MEMORY_SIZE
against the declared `Content-Length` header before reading. On the ASGI
path, chunked requests carry no `Content-Length`, so the check evaluated
to 0 and always passed regardless of the actual body size.
This work adds a new check on the actual number of bytes consumed.
Thanks to Superior for the report, and to Jake Howard and Jacob Walls
for reviews.
|
|
When a multipart file part used `Content-Transfer-Encoding: base64` and
the non-whitespace base64 bytes did not align to a multiple of 4 within
a chunk, the parser entered a loop calling `field_stream.read(1-3)` once
per whitespace byte. Each such call fetched the entire internal buffer,
sliced off 1-3 bytes, and pushed the remainder back via unget(), doing
an O(n) memory copy per call. A 2.5 MB payload of mostly whitespace
produced CPU amplification relative to a normal upload of the same size.
The alignment loop now reads `self._chunk_size` bytes at a time, and
accumulates stripped parts in a list joined once at the end.
Thanks to Seokchan Yoon for the report and the fixing patch.
|
|
ModelAdmin.list_editable.
Thanks Natalia Bidart, Jake Howard, and Markus Holtermann for reviews.
|
|
Edit permissions were still checked as part of ordinary form validation,
but because GenericInlineModelAdmin overrides get_formset(), it lacked
InlineModelAdmin's dynamic DeleteProtectedModelForm.has_changed() logic
for checking permissions server-side, leaving the add case unaddressed.
This change reimplements the relevant part of InlineModelAdmin.get_formset().
Thanks N05ec@LZU-DSLab for the report, and Natalia Bidart,
Markus Holtermann, and Simon Charette for reviews.
|
|
Thanks Tarek Nakkouch for the report and Jake Howard and Natalia Bidart
for reviews.
|
|
own line.
|
|
This facilitates nested fields and objects.
|
|
|
|
|
|
|
|
managers and related_names.
Clashes were only detected for self-referential relationships, i.e. ForeignKey("self").
Refs #22977. Bug in 6888375c53476011754f778deabc6cdbfa327011.
Thanks JaeHyuckSa for the thorough review!
|
|
RemoteUserMiddleware.
|
|
Thanks Simon Charette and Tim Graham for reviews, and Jason Hall for a
prior iteration.
|
|
|
|
Regression in 4187da258fe212d494cb578a0bc2b52c4979ab95.
|
|
This follows a post from Seth Larson (Security Developer-in-Residence at the PSF):
https://sethmlarson.dev/respecting-maintainer-time-should-be-in-security-policies
|
|
RemoteUserMiddleware under ASGI.
We have a flood of nuisance security reports describing ASGI deployments
using RemoteUserMiddleware without a fronting proxy, which is not
realistic.
|
|
alogin/alogout().
Regression in 31a43c571f4d036827d4fd7a5f615591637dc1be.
|
|
BaseModelFormSet.get_queryset() for stable ordering.
|
|
ordering.
|
|
Thanks Sarah Boyce for the idea and Tim McCurrach for the review.
Co-authored-by: Timothy McCurrach <tim.mccurrach@gmail.com>
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
|
|
Skip pending some investigation.
|
|
|
|
terminate() shouldn't assume the main server was started. (A deadlock
from mishandling of in-memory SQLite databases may have occurred.)
|
|
list_display.
|
|
Thanks James Bligh for the review.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
|
|
|
|
MultipleChoiceField.validate().
Used Django's OrderedSet datastructure instead of set() in MultipleChoiceField.validate()
to prevent submission ordering from being discarded during validation.
Thanks to Jacob Walls, JaeHyuck Sa, Jake Howard and Simon Charette for
the reviews.
|
|
Signed-off-by: JaeHyuckSa <jaehyuck.sa.dev@gmail.com>
|
|
|