summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-04-20Simplified LogoutView.get_success_url().Aymeric Augustin
This preserves the behavior of redirecting to the logout URL without query string parameters when an insecure ?next=... parameter is given. It changes the behavior of a POST to the logout URL, as shown by the test that is changed. Currently, this results in a GET to the logout URL. However, such GET requests are deprecated. This change would be necessary in Django 5.0 anyway. This commit merely anticipates it.
2022-04-20Unified LoginView/LogoutView.get_default_redirect_url() methods.Aymeric Augustin
This might change the behavior when self.next_page == "". However, resolve_url(self.next_page) would almost certainly fail in that case. It is technically possible to define a logout URLpattern whose name is "": path('logout/', LogoutView.as_view(), name=''), and then to refer to this pattern with next_page = "". However this feels like a pathological case, so we decided not to handle it. Most checks on next_page, LOGIN_REDIRECT_URL, and LOGOUT_REDIRECT_URL are performed with boolean evaluation rather than comparison with None. That's why we standardizing that way.
2022-04-20Renamed LogoutView.get_next_page() to get_success_url().Aymeric Augustin
This aligns it with LoginView. Also, it removes confusion with the get_next_page() method of paginators. get_next_page() was a private API, therefore this refactoring is allowed.
2022-04-20Refactored out RedirectURLMixin.get_redirect_url().Aymeric Augustin
This also renames SuccessURLAllowedHostsMixin to RedirectURLMixin. This doesn't change the behavior of LogoutView.get_next_page() because next_page == "" implies url_is_safe == False before the refactoring.
2022-04-20Fixed #33654 -- Added localdate to utils.timezone.__all__. Andrey Otto
2022-04-20Added TiDB to list of third-party DB backends.Xiang Zhang
2022-04-19Updated note about ListView pagination example in CBV docs.Theofilos Alexiou
Follow up to 0f0abc20be55d796ecfc3e7698e7ecfd9e9cdf88.
2022-04-19Fixed #33644 -- Corrected FAQ about displaying ManyToManyField in list_filter.Dominik
2022-04-19Fixed #33639 -- Enabled cached template loader in development.Carlton Gibson
2022-04-19Refs #32226 -- Fixed JSON format of QuerySet.explain() on PostgreSQL when ↵Mariusz Felisiak
format is uppercased. Follow up to aba9c2de669dcc0278c7ffde7981be91801be00b.
2022-04-19Removed unnecessary default argument from GET.get() call in ↵Aymeric Augustin
LoginView.get_redirect_url(). The default argument is unnecessary because url_has_allowed_host_and_scheme() returns False when its first argument is "" or None, so get_redirect_url() still returns "". This also aligns LoginView.get_redirect_url() and LogoutView.get_next_page().
2022-04-18Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page ↵Aymeric Augustin
when LOGOUT_REDIRECT_URL is set.
2022-04-18Refs #33328 -- Corrected JS check for event.detail presence in docs.Claude Paroz
2022-04-18Fixed various tests on MySQL with MyISAM storage engine.Mariusz Felisiak
2022-04-18Fixed DatabaseFeatures.uses_savepoints/can_release_savepoints and related ↵Mariusz Felisiak
tests with MyISAM storage engine.
2022-04-16Fixed #33643 -- Fixed inspectdb crash on functional unique constraints on ↵Scott
Oracle.
2022-04-15Fixed #33607 -- Made PostgresIndex.create_sql() respect the "using" argument.Alexandru Mărășteanu
2022-04-15Fixed #11803 -- Allowed admin select widgets to display new related objects.mgaligniana
Adjusted admin javascript to add newly created related objects to already loaded select widgets. In this version, applies only where limit_choices_to is not set.
2022-04-14Refs #31169 -- Added release note for parallel test running changes.Carlton Gibson
2022-04-14Relaxed some query ordering assertions in various tests.Mariusz Felisiak
It accounts for differences seen on MySQL with MyISAM storage engine.
2022-04-14Fixed #33637 -- Improved initial zoom level in MapWidget.Claude Paroz
2022-04-14Removed stale Windows asyncio test skips.Carlton Gibson
Underlying issue was fixed in Python 3.8.1, now many versions ago. https://bugs.python.org/issue38563
2022-04-14Made select_for_update() don't raise TransactionManagementError on databases ↵Mariusz Felisiak
that don't support transactions.
2022-04-14Expanded QuerySet.explain() error message if a backend supports no formats.Tim Graham
2022-04-14Removed unneeded code in explain_query_prefix()Tim Graham
2022-04-13Fixed #30511 -- Used identity columns instead of serials on PostgreSQL.Florian Apolloner
2022-04-13Updated bpo link to use redirect URI.Nick Pope
Mirrors the change made in python/cpython#32342.
2022-04-13Fixed DatabaseFeatures.supports_index_column_ordering and related tests with ↵Mariusz Felisiak
MyISAM storage engine.
2022-04-13Fixed typo in SchemaIndexesMySQLTests.test_no_index_for_foreignkey().Mariusz Felisiak
2022-04-13Fixed tests on databases that don't support introspecting foreign keys.Mariusz Felisiak
2022-04-13Improved ExplainTests.test_basic().Mariusz Felisiak
QuerySet.select_for_update() is not supported by all databases. Moreover it cannot be used outside of a transaction.
2022-04-13Fixed #33627 -- Improved nonexistent pk in ↵SanderBeekhuis
ModelMultipleChoiceFieldTests.test_model_multiple_choice_field().
2022-04-13Removed unnecessary tuple call in SQLInsertCompiler.David Smith
2022-04-12Fixed #33633 -- Skipped some test_utils tests on databases that don't ↵zhangyangyu
support transactions.
2022-04-12Fixed DatabaseFeatures.supports_expression_indexes on MySQL with MyISAM.Mariusz Felisiak
2022-04-12Fixed #24296 -- Made QuerySet.exists() clear selected columns for not sliced ↵mgaligniana
distinct querysets.
2022-04-12Refs #18414 -- Added tests for selected columns of sliced distinct querysets.mgaligniana
2022-04-12Fixed #33626 -- Cleared cache when unregistering a lookup.Himanshu-Balasamanta
2022-04-11Fixed #32604 -- Made file upload respect group id when uploading to a ↵Mateo Radman
temporary file.
2022-04-11Removed DatabaseFeatures.validates_explain_options.Mariusz Felisiak
Always True since 6723a26e59b0b5429a0c5873941e01a2e1bdbb81.
2022-04-11Added stub release notes for 4.0.5.Mariusz Felisiak
2022-04-11Added CVE-2022-28346 and CVE-2022-28347 to security archive.Mariusz Felisiak
2022-04-11Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL ↵Mariusz Felisiak
injection on PostgreSQL.
2022-04-11Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and ↵Mariusz Felisiak
extra() against SQL injection in column aliases. Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report.
2022-04-11Fixed #33628 -- Ignored directories with empty names in autoreloader check ↵Manel Clos
for template changes. Regression in 68357b2ca9e88c40fc00d848799813241be39129.
2022-04-07Fixed #33618 -- Fixed MTI updates outside of primary key chain.Simon Charette
2022-04-07Fixed #33611 -- Allowed View subclasses to define async method handlers.Carlton Gibson
2022-04-07Refs #33173 -- Fixed test_runner/test_utils tests on Python 3.11+.Mariusz Felisiak
Python 3.11 uses fully qualified test name in unittest output. See https://github.com/python/cpython/commit/755be9b1505af591b9f2ee424a6525b6c2b65ce9
2022-04-06Skipped SchemaTests.test_alter_field_type_and_db_collation on databases that ↵Mariusz Felisiak
don't support collation on TextField.
2022-04-06Fixed #33471 -- Made AlterField operation a noop when changing "choices".sarahboyce
This also allows customizing attributes of fields that don't affect a column definition.