| Age | Commit message (Collapse) | Author |
|
get_placeholder_sql.
The lack of ability of the get_placeholder call chain to return SQL and
parameters separated so they can be mogrified by the backend at execution time
forced implementations to dangerously interpolate potentially user controlled
values.
The get_placeholder_sql name was chosen due to its proximity to the previous
method, but other options such as Field.as_sql were considered but ultimately
rejected due to its different input signature compared to Expression.as_sql
that might have lead to confusion.
There is a lot of overlap between what Field.get_db_prep_value and
get_placeholder_sql do but folding the latter in the former would require
changing its return signature to return expression which is a way more invasive
change than what is proposed here.
Given we always call get_db_prep_value it might still be an avenue worth
exploring in the future to offer a publicly documented interface to allow field
to take an active part in the compilation chain.
Thanks Jacob for the review.
|
|
This was missed when Field.check(databases) was introduced.
|
|
base_field.get_db_prep_save.
Previously, ArrayField always used base_field.get_db_prep_value when saving,
which could differ from how base_field prepares data for save. This change
overrides ArrayField.get_db_prep_save to delegate to the base_field's
get_db_prep_save, ensuring elements like None in JSONField arrays are saved
correctly as SQL NULL instead of JSON null.
|
|
|
|
installed when using its features.
Added postgres.E005 to validate 'django.contrib.postgres' is in INSTALLED_APPS
when using:
* PostgreSQL-specific fields (ArrayField, HStoreField, range fields, SearchVectorField),
* PostgreSQL indexes (PostgresIndex and all subclasses), and
* ExclusionConstraint
The check provides immediate feedback during system checks rather than failing
later with obscure runtime and database errors.
Thanks to Simon Charette and Sarah Boyce for reviews.
|
|
|
|
|
|
|
|
HStoreField.
|
|
Co-authored-by: Priyansh Saxena <askpriyansh@gmail.com>
Co-authored-by: Niclas Olofsson <n@niclasolofsson.se>
Co-authored-by: David Smith <smithdc@gmail.com>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Abhinav Yadav <abhinav.sny.2002@gmail.com>
|
|
django.contrib.postgres.fields.CIText/CICharField/CIEmailField/CITextField.
Per deprecation timeline.
|
|
ArrayField.
Thanks Simon Charette for the review.
|
|
Thanks Simon Charette, Tim Graham, and Adam Johnson for reviews.
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
|
|
__len lookup.
Regression in 88fc9e2826044110b7b22577a227f122fe9c1fb5 that began
manifesting in Django 4.1.
|
|
values.
Thanks jerch and David Sanders for reviews.
|
|
Bug in 667105877e6723c6985399803a364848891513cc.
|
|
django.contrib.postgres.fields.CIText/CICharField/CIEmailField/CITextField.
|
|
ArrayField(Char/TextFields).
|
|
|
|
|
|
range fields.
|
|
django.contrib.postgres.fields.jsonb.KeyTransform/KeyTextTransform.
Per deprecation timeline.
|
|
deprecation timeline.
|
|
ArrayField lookups.
|
|
This required implementing a limited form of dynamic dispatch to combine
expressions with numerical output. Refs #26355 should eventually provide
a better interface for that.
|
|
Thanks to Adam Johnson, Carlton Gibson, Mariusz Felisiak, and Raphael
Michel for mentoring this Google Summer of Code 2019 project and
everyone else who helped with the patch.
Special thanks to Mads Jensen, Nick Pope, and Simon Charette for
extensive reviews.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
django.db.models.lookups.PostgresOperatorLookup.
|
|
SmallIntegerField, and DecimalField.
|
|
BigIntegerField.
It's already registered for IntegerField.
|
|
for RangeFields.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
lists and tuples.
|
|
django.db.models.fields.mixins.
|
|
JSON/HStoreField annotation.
This was a regression introduced by 7deeabc7c7526786df6894429ce89a9c4b614086
to address CVE-2019-14234.
Thanks Tim Kleinschmidt for the report and Mariusz for the tests.
|
|
|
|
over AutoField.
|
|
|
|
expressions with params.
Regression in 4f5b58f5cd3c57fee9972ab074f8dc6895d8f387.
Thanks Florian Apolloner for the report and helping with tests.
|
|
expressions with params.
Thanks Florian Apolloner for the report and helping with tests.
|
|
Follow up to 7deeabc7c7526786df6894429ce89a9c4b614086.
These lookups aren't vulnerable to SQL injection because both accept
only integer indexes. It is a part of good practices.
|
|
lookups against SQL injection.
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
|
|
Thanks to Nick Pope and Mariusz Felisiak for review.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
|
|
|
|
|
|
when the right hand side is the same type.
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson the review.
Regression in 6b048b364ca1e0e56a0d3815bf2be33ac9998355.
|
|
Thanks Claude Paroz for assistance with translations.
|
|
After 3a505c70e7b228bf1212c067a8f38271ca86ce09, all _prepare() methods
return self.
|
|
This reverts commit 463fe11bc8b2d068e447c5df677e7a31c2af7e03 due to
restore of relative paths sorting from isort < 4.3.5 in isort 4.3.10.
|
|
|