summaryrefslogtreecommitdiff
path: root/django/core
AgeCommit message (Collapse)Author
2021-08-04Fixed typos in migrations tests, comments, and error message.Jacob Walls
2021-07-29Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵David Smith
appropriate.
2021-07-22Fixed #32930 -- Fixed URLValidator when port numbers < 10.Wu Haotian
2021-07-13Refs #23359 -- Corrected showmigrations help text for the --database option.Wilhelm Klopp
2021-07-01Fixed #32889 -- Allowed per-request sync_to_async context in ASGIHandler .Allan Feldman
By using a asgiref's ThreadSensitiveContext context manager, requests will be able to execute independently of other requests when sync work is involved. Prior to this commit, a single global thread was used to execute any sync work independent of the request from which that work was scheduled. This could result in contention for the global sync thread in the case of a slow sync function. Requests are now isolated to their own sync thread.
2021-07-01Refs #32144 -- Made makemessages remove temporary files on preprocessing error.Carlton Gibson
Co-authored-by: Anders Hovmöller <anders.hovmoller@dryft.se>
2021-07-01Fixed #32144 -- Made makemessages remove temporary files when locale path ↵Carlton Gibson
doesn't exist.
2021-06-23Fixed #32363 -- Ensured sys.__interactivehook__ is called in shellPeter Inglesby
By default, this means that readline is properly registered, so that .python_history is used. sys.__interactivehook__ may be set by a $PYTHONSTARTUP file.
2021-06-21Fixed typo in makemessages error message.Jacob Walls
2021-06-11Fixed #25250 -- Clarified partially recorded state of squashed migrations in ↵Jacob Walls
showmigrations --list.
2021-06-07Fixed #32821 -- Updated os.scandir() uses to use a context manager.Chris Jerdonek
2021-06-02Fixed #28154 -- Prevented infinite loop in FileSystemStorage.save() when a ↵Jacob Walls
broken symlink with the same name exists.
2021-06-02Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.Mariusz Felisiak
validate_ipv4_address() was affected only on Python < 3.9.5, see [1]. URLValidator() uses a regular expressions and it was affected on all Python versions. [1] https://bugs.python.org/issue36384
2021-05-26Fixed #32772 -- Made database cache count size once per set.Michael Lissner
2021-05-19Fixed #32740 -- Caught possible exception when initializing colorama.Carlton Gibson
2021-05-18Fixed #32747 -- Prevented initialization of unused caches.Mariusz Felisiak
Thanks Alexander Ebral for the report. Regression in 98e05ccde440cc9b768952cc10bc8285f4924e1f.
2021-05-18Fixed #32317 -- Refactored loaddata command to make it extensible.William Schwartz
Moved deeply nested blocks out of inner loops to improve readability and maintainability. Thanks to Mariusz Felisiak, Shreyas Ravi, and Paolo Melchiorre for feedback.
2021-05-14Refs #32317 -- Simplified find_fixtures() in loaddata command.William Schwartz
This always replaces 'fixture_name' with its base name, which preserves the previous behavior, because os.path.basename() was not called only on relative paths without os.path.sep i.e. when base name was equal to the file name. This also changes os.path.dirname() and os.path.basename() calls to the equivalent os.path.split() call.
2021-05-14Refs #32317 -- Cleaned up try/except blocks in loaddata command.William Schwartz
This moves code unable to trigger relevant exceptions outside of try/except blocks, and changes 'objects' to 'objects_in_fixture' which is equal to the length of 'objects'.
2021-05-14Fixed #32734 -- Fixed validation of startapp's directory with trailing slash.Rohith PR
Regression in fc9566d42daf28cdaa25a5db1b5ade253ceb064f.
2021-05-13Fixed #32718 -- Relaxed file name validation in FileField.Mariusz Felisiak
- Validate filename returned by FileField.upload_to() not a filename passed to the FileField.generate_filename() (upload_to() may completely ignored passed filename). - Allow relative paths (without dot segments) in the generated filename. Thanks to Jakub Kleň for the report and review. Thanks to all folks for checking this patch on existing projects. Thanks Florian Apolloner and Markus Holtermann for the discussion and implementation idea. Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3.
2021-05-12Fixed #32366 -- Updated datetime module usage to recommended approach.Nick Pope
- Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
2021-05-07Fixed #32712 -- Deprecated django.utils.baseconv module.Hasan Ramezani
2021-05-06Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being ↵Mariusz Felisiak
accepted in URLValidator on Python 3.9.5+. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4
2021-05-05Fixed #32705 -- Prevented database cache backend from checking .rowcount on ↵ecogels
closed cursor. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-04Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.Florian Apolloner
2021-04-30Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.Tim Graham
2021-04-21Fixed #32665 -- Fixed caches system check crash when STATICFILES_DIRS is a ↵Mariusz Felisiak
list of 2-tuples. Thanks Jared Lockhart for the report. Regression in c36075ac1dddfa986340b1a5e15fe48833322372.
2021-04-12Fixed #32416 -- Made ThreadedWSGIServer close connections after each thread.Chris Jerdonek
ThreadedWSGIServer is used by LiveServerTestCase.
2021-03-30Fixed #31840 -- Added support for Cross-Origin Opener Policy header.bankc
Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham <timograham@gmail.com>
2021-03-19Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.core.Daniyal
2021-03-18Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme.Tim Graham
2021-02-10Fixed #32355 -- Dropped support for Python 3.6 and 3.7Mariusz Felisiak
2021-02-09Fixed #32145 -- Improved makemessages error message when app's locale ↵Josh Santos
directory doesn't exist.
2021-02-05Fixed #32420 -- Fixed detecting primary key values in deserialization when ↵Mikolaj Rybinski
PK is also a FK.
2021-02-04Fixed #32350 -- Fixed showmigrations crash for applied squashed migrations.Daniel Ebrahimian
Thanks Simon Charette for reviews.
2021-02-04Fixed #32395 -- Allowed capturing stdout of migration signals.Simon Charette
2021-01-22Fixed #32360 -- Added system check for FILE_UPLOAD_TEMP_DIR setting.Timothy McCurrach
2021-01-19Removed unreachable SystemExit check.Adam Johnson
This check dates back to Python <2.5, before Python introduced BaseException to prevent exactly unwarranted catching of SystemExit (and others). response_for_exception() is only called under `except Exception` or `except Http404` so it's now impossible for a SystemExit instance to reach the branch.
2021-01-18Fixed #32296 -- Added --skip-checks option to runserver command.Hasan Ramezani
2021-01-16Fixed #32265, Refs #32355 -- Removed unnecessary ServerHandler.handle_error().Mariusz Felisiak
ConnectionAbortedError, BrokenPipeError, ConnectionResetError raised from SocketServer.BaseServer.finish_request() are already suppressed by wsgiref.handlers.BaseHandler.run() in Python 3.7+, see https://github.com/python/cpython/commit/47ffc1a9f6fab1c17cdcc325d4af066317369ed7
2021-01-14Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #27468 -- Removed support for the pre-Django 3.1 signatures in Signer ↵Mariusz Felisiak
and signing.dumps()/loads(). Per deprecation timeline.
2021-01-14Refs #30165 -- Removed ugettext(), ugettext_lazy(), ugettext_noop(), ↵Mariusz Felisiak
ungettext(), and ungettext_lazy() per deprecation timeline.
2021-01-12Fixed #32291 -- Added fixtures compression support to dumpdata.Paolo Melchiorre
2021-01-12Refs #32311 -- Fixed CSRF_FAILURE_VIEW system check errors code.Hasan Ramezani
2021-01-12Fixed #32311 -- Added system check for CSRF_FAILURE_VIEW setting.Hasan Ramezani
2021-01-06Refs #32191 -- Added Signer.sign_object()/unsign_object().Florian Apolloner
Co-authored-by: Craig Smith <hello@craigiansmith.com.au>
2021-01-04Fixed #32298 -- Fixed URLValidator hostname length validation.Akshat1Nar
URLValidator now validates the maximum length of a hostname without the userinfo and port.
2020-12-29Fixed #32299 -- Prevented mutating handlers when processing middlewares ↵Mariusz Felisiak
marking as unused in an async context. Thanks Hubert Bielenia for the report.