summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-11-02Updated {% static %} tag examples in docs to use single quotes where ↵Nikita Sobolev
appropriate.
2020-11-02Added stub release notes for 3.1.4.Carlton Gibson
2020-11-02Set release date for 3.1.3, 3.0.11, and 2.2.17.Carlton Gibson
2020-11-02Protected Watchman autoreloader against busy loops.Daniel Hahler
With an error in the loop above (e.g. using query without args), this would trigger a busy loop. While this was caused due to changes to the loop itself, it seems to be just good practice to protect against this.
2020-10-30Fixed #32153 -- Fixed management commands when using required list options.Hasan Ramezani
Thanks Mark Gajdosik for the report and initial patch.
2020-10-30Updated MultiValueDict.update() to mirror dict.update() behavior.Nick Pope
Changes in behavior include: - Accepting iteration over empty sequences, updating nothing. - Accepting iterable of 2-tuples providing key-value pairs. - Failing with the same or comparable exceptions for invalid input. Notably this replaces the previous attempt to catch TypeError which was unreachable as the call to .items() resulted in AttributeError on non-dict objects.
2020-10-30Removed unused custom exception support for ImmutableList.Nick Pope
If the warning provided was an instance of Exception, then it would be used as-is. In practice this is untested, unused and ImmutableList is an undocumented internal datastructure.
2020-10-30Increased test coverage for django.utils.datastructures.MultiValueDict.Nick Pope
Co-authored-by: Mads Jensen <mje@inducks.org>
2020-10-30Increased test coverage for django.utils.datastructures.OrderedSet.Mads Jensen
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2020-10-30Refs #32061 -- Prevented password leak on MySQL dbshell crash.Simon Charette
The usage of the --password flag when invoking the mysql CLI has the potential of exposing the password in plain text if the command happens to crash due to the inclusion of args provided to subprocess.run(check=True) in the string representation of the subprocess.CalledProcessError exception raised on non-zero return code. Since this has the potential of leaking the password to logging facilities configured to capture crashes (e.g. sys.excepthook, Sentry) it's safer to rely on the MYSQL_PWD environment variable instead even if its usage is discouraged due to potential leak through the ps command on old flavors of Unix. Thanks Charlie Denton for reporting the issue to the security team. Refs #24999.
2020-10-30Refs #32061 -- Added test for dbshell password leak on PostgreSQL.Simon Charette
2020-10-29Refs #32061 -- Unified DatabaseClient.runshell() in db backends.Simon Charette
2020-10-29Fixed #32152 -- Fixed grouping by subquery aliases.Christian Klus
Regression in 42c08ee46539ef44f8658ebb1cbefb408e0d03fe. Thanks Simon Charette for the review.
2020-10-29Fixed #26962 -- Doc'd running migrations in transactions.Caio Ariede
2020-10-28Made small readability improvements.Martin Thoma
2020-10-28Refs #28215 -- Marked auth credentials as sensitive variables.Hasan Ramezani
Co-authored-by: Collin Anderson <collin@onetencommunications.com>
2020-10-28Refs #25780 -- Removed redundant status code assertions from tests.Jon Dufresne
2020-10-28Fixed #32062 -- Added %b support to Date.strftime.Gagan Deep
This enables the admin to display the month as locale's abbreviated name if %b is used in the date format.
2020-10-28Added unit test for Date.getFullMonthName.Gagan Deep
2020-10-28Fixed #32143 -- Used EXISTS to exclude multi-valued relationships.Simon Charette
As mentioned in the pre-existing split_exclude() docstring EXISTS is easier to optimize for query planers and circumvents the IN (NULL) handling issue.
2020-10-28Refs #27149 -- Fixed sql.Query identity.Simon Charette
By making Query subclass BaseExpression in 35431298226165986ad07e91f9d3aca721ff38ec the former defined it's identity based off _construct_args which is not appropriate.
2020-10-27Fixed #1891, Fixed #11707 -- Prevented duplicates with limit_choices_to on ↵alvinshaita
multi-value relations.
2020-10-27Fixed #32127 -- Fixed admin change-form textarea layout for mid-sized displays.Josh Santos
2020-10-27Fixed #32128 -- Added asgiref 3.3 compatibility.Carlton Gibson
Thread sensitive parameter is True by default from asgiref v3.3.0. Added an explicit thread_sensitive=False to previously implicit uses.
2020-10-27Improved naming consistency in BaseManage.contribute_to_class().Nguyen You
Matches signatures of other contribute_to_class() methods.
2020-10-27Removed unneeded @no_oracle skips.Tim Graham
2020-10-27Made OracleSpatialAdapter clone geometries rather than mutate them.Tim Graham
2020-10-27Fixed some queries tests when primary key values are large.Tim Graham
On CockroachDB, primary key values stored in these fields are larger than they accept. Fixes: queries.test_bulk_update.BulkUpdateNoteTests.test_multiple_fields, queries.test_bulk_update.BulkUpdateNoteTests.test_inherited_fields, and queries.tests.RelatedLookupTypeTests.test_values_queryset_lookup.
2020-10-27Removed an obsolete query test that assumes serial pks.Tim Graham
The code from the original fix (922aba3def68e57c405a0e50d353a790af85b00a) was removed in 419de7b00daabf5e9be064198d370cdbf19b5f2d.
2020-10-26Fixed #29497 -- Fixed loss of assigned parent when saving child with ↵Hannes Ljungberg
bulk_create() after parent.
2020-10-26Fixed admin_views's test_history_view on databases that don't use serial pks.Tim Graham
2020-10-26Refs #31670 -- Used allowlist_externals in tox.ini.David Smith
2020-10-26Fixed #32138 -- Prevented admin's map from covering other widgets.dokgeppo
2020-10-26Simplifed formset iteration using enumerate().Jon Dufresne
2020-10-26Corrected output of rendered formset example in model formsets docs.Jon Dufresne
2020-10-23Fixed #32134 -- Fixed crash of __range lookup with namedtuple.Adam Johnson
Regression in 8be79984dce7d819879a6e594ca69c5f95a08378. Thanks Gordon Wrigley for the report.
2020-10-22Replaced @no_oracle skips with DatabaseFeatures.allows_group_by_lob.Tim Graham
2020-10-22Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior.Carlton Gibson
2020-10-22Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation.Mariusz Felisiak
Thanks Gordon Wrigley for the report and implementation idea. Regression in 226ebb17290b604ef29e82fb5c1fbac3594ac163.
2020-10-22Refs #9475 -- Linked through_default docs to related managers methods.Simon Charette
2020-10-21Fixed #26390 -- Disabled grouping by Random().Étienne Beaulé
Thanks to Tzu-ping Chung for the tests.
2020-10-21Fixed #32069 -- Fixed admin change-form layout on small screens.Carlton Gibson
Restored flex-wrap CSS declaration to form elements at smallest breakpoint. This was present since the responsive admin was introduced in dc37e8846eeedc3a9100ca21fdc9d579bc534c89. Regression in 8ee4bb6ffcb3346c0fa8fb194986fbf9edadc822, where it was accidentally removed.
2020-10-21Fixed #13060 -- Improved error message when ManagementForm data is missing.manav014
2020-10-21Fixed #32046 -- Added CreateCollation/RemoveCollation operations for PostgreSQL.Tom Carrick
2020-10-21Fixed #26615 -- Made password reset token invalidate when changing email.Jacob Walls
Co-Authored-By: Silas Barta <sbarta@gmail.com>
2020-10-21Fixed typo in docs/releases/3.2.txt.Jacob Walls
2020-10-21Fixed #32126 -- Fixed grouping by Case() annotation without cases.Hannes Ljungberg
Co-authored-by: Simon Charette <charettes@users.noreply.github.com>
2020-10-21Removed hardcoded pks in syndication tests.Octavio
2020-10-20Fixed outdated notes in SchemaEditor docs.Mariusz Felisiak
2020-10-20Fixed #32121 -- Fixed detecting uniqueness of USERNAME_FIELD when using ↵Hannes Ljungberg
Meta.constraints. Co-authored-by: Simon Charette <charettes@users.noreply.github.com>