summaryrefslogtreecommitdiff
path: root/django/core
AgeCommit message (Collapse)Author
2021-10-25[4.0.x] Fixed #33205 -- Made call_command() raise TypeError when dest with ↵Hasan Ramezani
multiple arguments is passed. Backport of c1e4111c74ee9d9f48cbee5a5b7c40289203c93d from main
2021-10-19[4.0.x] Refs #32956 -- Changed docs to treat the acronym HTTP phonetically.David Smith
Backport of 69b0736fad1d1f0197409ca025b7bcdf5666ae62 from main
2021-09-14Fixed #33012 -- Added Redis cache backend.Daniyal
Thanks Carlton Gibson, Chris Jerdonek, David Smith, Keryn Knight, Mariusz Felisiak, and Nick Pope for reviews and mentoring this Google Summer of Code 2021 project.
2021-09-07Fixed #32076 -- Added async methods to BaseCache.Andrew-Chen-Wang
This also makes DummyCache async-compatible.
2021-09-07Fixed #33060 -- Added BaseCache.make_and_validate_key() hook.Nick Pope
This helper function reduces the amount of duplicated code and makes it easier to ensure that we always validate the keys.
2021-09-07Refs #33060 -- Ensured cache backends validate keys.Nick Pope
The validate_key() function should be called after make_key() to ensure that the validation is performed on the key that will actually be stored in the cache. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-09-06Refs #32363 -- Made shell ignore a missing sys.___interactivehook__.Peter Inglesby
Thanks Tim Graham for the report. Follow up to 1bbb98d9a4b7d83e422b14ae2429cb368eff5a13.
2021-09-03Refs #33060 -- Added .make_key() in .touch() for dummy cache backend.Nick Pope
All cache operations should use make_key().
2021-09-02Refs #33012 -- Moved PickleSerializer to django.core.serializers.base and ↵Daniyal Abbasi
added tests.
2021-09-02Fixed #33079 -- Fixed get_image_dimensions() on nonexistent images.Stefanos I. Tsaklidis
Thanks Nick Pope for the review.
2021-09-01Fixed #32309 -- Added --exclude option to startapp/startproject management ↵sage
commands.
2021-08-31Fixed #25264 -- Allowed suppressing base command options in --help output.Jan Szoja
This also suppresses -verbosity and --trackback options in the runserver's help.
2021-08-31Refs #33061 -- Removed unnecessary BaseMemcachedCache.decr().Mariusz Felisiak
2021-08-31Fixed #33061 -- Fixed handling nonexistent keys with negative deltas in ↵Sondre Lillebø Gundersen
incr()/decr() in memcached backends. Thanks Chris Jerdonek for the review.
2021-08-19Refs #31621 -- Fixed handling --parallel option in test management command ↵Mariusz Felisiak
and runtests.py. Regression in ae89daf46f83a7b39d599d289624c3377bfa4ab1. Thanks Tim Graham for the report.
2021-08-06Fixed typo in regex for IPv6 literals in EmailValidator.qimingmafan
2021-08-04Fixed #29063 -- Fixed migrate crash when specifying a name of partially ↵Jacob Walls
applied squashed migrations.
2021-08-04Fixed typos in migrations tests, comments, and error message.Jacob Walls
2021-07-29Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵David Smith
appropriate.
2021-07-22Fixed #32930 -- Fixed URLValidator when port numbers < 10.Wu Haotian
2021-07-13Refs #23359 -- Corrected showmigrations help text for the --database option.Wilhelm Klopp
2021-07-01Fixed #32889 -- Allowed per-request sync_to_async context in ASGIHandler .Allan Feldman
By using a asgiref's ThreadSensitiveContext context manager, requests will be able to execute independently of other requests when sync work is involved. Prior to this commit, a single global thread was used to execute any sync work independent of the request from which that work was scheduled. This could result in contention for the global sync thread in the case of a slow sync function. Requests are now isolated to their own sync thread.
2021-07-01Refs #32144 -- Made makemessages remove temporary files on preprocessing error.Carlton Gibson
Co-authored-by: Anders Hovmöller <anders.hovmoller@dryft.se>
2021-07-01Fixed #32144 -- Made makemessages remove temporary files when locale path ↵Carlton Gibson
doesn't exist.
2021-06-23Fixed #32363 -- Ensured sys.__interactivehook__ is called in shellPeter Inglesby
By default, this means that readline is properly registered, so that .python_history is used. sys.__interactivehook__ may be set by a $PYTHONSTARTUP file.
2021-06-21Fixed typo in makemessages error message.Jacob Walls
2021-06-11Fixed #25250 -- Clarified partially recorded state of squashed migrations in ↵Jacob Walls
showmigrations --list.
2021-06-07Fixed #32821 -- Updated os.scandir() uses to use a context manager.Chris Jerdonek
2021-06-02Fixed #28154 -- Prevented infinite loop in FileSystemStorage.save() when a ↵Jacob Walls
broken symlink with the same name exists.
2021-06-02Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.Mariusz Felisiak
validate_ipv4_address() was affected only on Python < 3.9.5, see [1]. URLValidator() uses a regular expressions and it was affected on all Python versions. [1] https://bugs.python.org/issue36384
2021-05-26Fixed #32772 -- Made database cache count size once per set.Michael Lissner
2021-05-19Fixed #32740 -- Caught possible exception when initializing colorama.Carlton Gibson
2021-05-18Fixed #32747 -- Prevented initialization of unused caches.Mariusz Felisiak
Thanks Alexander Ebral for the report. Regression in 98e05ccde440cc9b768952cc10bc8285f4924e1f.
2021-05-18Fixed #32317 -- Refactored loaddata command to make it extensible.William Schwartz
Moved deeply nested blocks out of inner loops to improve readability and maintainability. Thanks to Mariusz Felisiak, Shreyas Ravi, and Paolo Melchiorre for feedback.
2021-05-14Refs #32317 -- Simplified find_fixtures() in loaddata command.William Schwartz
This always replaces 'fixture_name' with its base name, which preserves the previous behavior, because os.path.basename() was not called only on relative paths without os.path.sep i.e. when base name was equal to the file name. This also changes os.path.dirname() and os.path.basename() calls to the equivalent os.path.split() call.
2021-05-14Refs #32317 -- Cleaned up try/except blocks in loaddata command.William Schwartz
This moves code unable to trigger relevant exceptions outside of try/except blocks, and changes 'objects' to 'objects_in_fixture' which is equal to the length of 'objects'.
2021-05-14Fixed #32734 -- Fixed validation of startapp's directory with trailing slash.Rohith PR
Regression in fc9566d42daf28cdaa25a5db1b5ade253ceb064f.
2021-05-13Fixed #32718 -- Relaxed file name validation in FileField.Mariusz Felisiak
- Validate filename returned by FileField.upload_to() not a filename passed to the FileField.generate_filename() (upload_to() may completely ignored passed filename). - Allow relative paths (without dot segments) in the generated filename. Thanks to Jakub Kleň for the report and review. Thanks to all folks for checking this patch on existing projects. Thanks Florian Apolloner and Markus Holtermann for the discussion and implementation idea. Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3.
2021-05-12Fixed #32366 -- Updated datetime module usage to recommended approach.Nick Pope
- Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
2021-05-07Fixed #32712 -- Deprecated django.utils.baseconv module.Hasan Ramezani
2021-05-06Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being ↵Mariusz Felisiak
accepted in URLValidator on Python 3.9.5+. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4
2021-05-05Fixed #32705 -- Prevented database cache backend from checking .rowcount on ↵ecogels
closed cursor. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-04Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.Florian Apolloner
2021-04-30Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.Tim Graham
2021-04-21Fixed #32665 -- Fixed caches system check crash when STATICFILES_DIRS is a ↵Mariusz Felisiak
list of 2-tuples. Thanks Jared Lockhart for the report. Regression in c36075ac1dddfa986340b1a5e15fe48833322372.
2021-04-12Fixed #32416 -- Made ThreadedWSGIServer close connections after each thread.Chris Jerdonek
ThreadedWSGIServer is used by LiveServerTestCase.
2021-03-30Fixed #31840 -- Added support for Cross-Origin Opener Policy header.bankc
Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham <timograham@gmail.com>
2021-03-19Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.core.Daniyal
2021-03-18Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme.Tim Graham
2021-02-10Fixed #32355 -- Dropped support for Python 3.6 and 3.7Mariusz Felisiak