| Age | Commit message (Collapse) | Author |
|
subsystem.
Thanks to Dennis Brinkrolf for the report.
|
|
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.
[1] https://bugs.python.org/issue36384
|
|
- Validate filename returned by FileField.upload_to() not a filename
passed to the FileField.generate_filename() (upload_to() may
completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.
Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.
Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3.
Backport of b55699968fc9ee985384c64e37f6cc74a0a23683 from main.
|
|
from being accepted in URLValidator on Python 3.9.5+.
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.
[1] https://bugs.python.org/issue43882 and
[2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4
Backport of e1e81aa1c4427411e3c68facdd761229ffea6f6f from main.
|
|
file uploads.
|
|
intermediate-level directories of the file system cache on Python 3.7+.
Backport of f56b57976133129b0b351a38bba4ac882badabf0 from master.
|
|
intermediate-level static and storage directories on Python 3.7+.
Thanks WhiteSage for the report.
Backport of ea0febbba531a3ecc8c77b570efbfb68ca7155db from master.
|
|
3.7.8+, and 3.8.4+.
Fixed sending emails crash on email addresses with display names longer
then 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+.
Wrapped display names were passed to email.headerregistry.Address()
what caused raising an exception because address parts cannot contain
CR or LF.
See https://bugs.python.org/issue39073
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Backport of 96a3ea39ef0790dbc413dde0a3e19f6a769356a2 from master.
|
|
Backport of 926148ef019abcac3a9988c78734d9336d69f24e from master.
|
|
backends.
|
|
Backport of 0668164b4ac93a5be79f5b87fae83c657124d9ab from master.
|
|
irreversible by migrate --plan.
Thanks Hasan Ramezani for the initial patch and Kyle Dickerson for the
report.
Backport of 06d34aab7cfb1632a1538a243db81f24498525ff from master.
|
|
database routers are installed by turning the error into a warning.
Backport of 8d3519071ec001f763b70a3a1f98ae2e980bd552 from master.
|
|
Backport of 881362986a1ee8f650752de8471a895890b71f96 from master
|
|
Partially reverted 50b8493581fea3d7137dd8db33bac7008868d23a (refs #29654)
to avoid a crash when the user shell doesn't support non-ASCII characters.
Backport of 2bd8df243ac6fc35e58c9fe90b20c9e42519a5ac from master.
|
|
Removed support for pyinotify (refs #9722).
|
|
Regression in 49b679371fe9beddcd23a93b5fdbadea914f37f8.
|
|
empty/error cases.
|
|
|
|
|
|
|
|
connections.
|
|
default value.
Co-Authored-By: Hasan Ramezani <hasan.r67@gmail.com>
|
|
Removed DatabaseIntrospection.table_name_converter()/column_name_converter()
and use instead DatabaseIntrospection.identifier_converter().
Removed DatabaseFeatures.uppercases_column_names.
Thanks Tim Graham for the initial patch and review and Simon Charette
for the review.
|
|
Obsolete since 742ea51413b3aab07c6afbfd1d52c1908ffcb510.
|
|
sender argument.
Inaccurate since 7d1b69dbe7f72ac04d2513f0468fe2146231b286.
|
|
Unused since 7d1b69dbe7f72ac04d2513f0468fe2146231b286.
|
|
|
|
|
|
Ticket #25619 changed the default protocol to HTTP/1.1 but did not
properly implement keep-alive. As a "fix" keep-alive was disabled in
ticket #28440 to prevent clients from hanging (they expect the server to
send more data if the connection is not closed and there is no content
length set).
The combination of those two fixes resulted in yet another problem:
HTTP/1.1 by default allows a client to assume that keep-alive is
supported unless the server disables it via 'Connection: close' -- see
RFC2616 8.1.2.1 for details on persistent connection negotiation. Now if
the client receives a response from Django without 'Connection: close'
and immediately sends a new request (on the same tcp connection) before
our server closes the tcp connection, it will error out at some point
because the connection does get closed a few milli seconds later.
This patch fixes the mentioned issues by always sending 'Connection:
close' if we cannot determine a content length. The code is inefficient
in the sense that it does not allow for persistent connections when
chunked responses are used, but that should not really cause any
problems (Django does not generate those) and it only affects the
development server anyways.
Refs #25619, #28440.
|
|
|
|
create the same directory.
Regression in 632c4ffd9cb1da273303bcd8005fff216506c795.
|
|
|
|
(No behavior change since HTTP headers are case insensitive.)
|
|
|
|
|
|
|
|
sys.stdin.read() blocks waiting for EOF in shell.py which will
likely never come if the user provides input on stdin via the
keyboard before the shell starts. Added check for a tty to
skip reading stdin if it's not present.
This still allows piping of code into the shell (which should
have no TTY and should have an EOF) but also doesn't cause it
to hang if multi-line input is provided.
|
|
|
|
|
|
|
|
|
|
Co-authored-by: Ross Thorne <rmwthorne@googlemail.com>
|
|
|
|
|
|
|
|
Also fixed test failures if sqlparse isn't installed.
|
|
|
|
|
|
|