| Age | Commit message (Collapse) | Author |
|
get_placeholder_sql.
The lack of ability of the get_placeholder call chain to return SQL and
parameters separated so they can be mogrified by the backend at execution time
forced implementations to dangerously interpolate potentially user controlled
values.
The get_placeholder_sql name was chosen due to its proximity to the previous
method, but other options such as Field.as_sql were considered but ultimately
rejected due to its different input signature compared to Expression.as_sql
that might have lead to confusion.
There is a lot of overlap between what Field.get_db_prep_value and
get_placeholder_sql do but folding the latter in the former would require
changing its return signature to return expression which is a way more invasive
change than what is proposed here.
Given we always call get_db_prep_value it might still be an avenue worth
exploring in the future to offer a publicly documented interface to allow field
to take an active part in the compilation chain.
Thanks Jacob for the review.
|
|
Needed on MongoDB.
|
|
|
|
Thanks Simon Charette for pair programming.
Co-authored-by: Nick Stefan <NickStefan12@gmail.com>
Co-authored-by: Akash Kumar Sen <71623442+Akash-Kumar-Sen@users.noreply.github.com>
Co-authored-by: Simon Charette <charette.s@gmail.com>
|
|
|
|
Renamed existing methods and abstractions used for INSERT … RETURNING
to be generic enough to be used in the context of UPDATEs as well.
This also consolidates SQL compliant implementations on
BaseDatabaseOperations.
|
|
BaseDatabaseOperations.return_insert_columns()/fetch_returned_insert_rows().
|
|
Rewrapped long docstrings and block comments to 79 characters + newline
using script from https://github.com/medmunds/autofix-w505.
|
|
|
|
|
|
wrapping layers.
Thank you Florian Apolloner, Jake Howard and Patryk Zawadzki for
the clarifying comments and reviews.
|
|
Also adds DatabaseOperations.format_debug_sql() hook for backends
(e.g. NoSQL) to customize formatting.
|
|
timeline.
|
|
|
|
DatabaseOperations.field_cast_sql().
|
|
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
|
|
and MySQL.
Also removed tests that ensured that adapt_(date)timefield backend
operations where able to deal with expressions when it's not the case
for any other adapt methods.
|
|
3.39.
On SQLite < 3.39, this forces a GROUP BY clause with a HAVING clause
when no grouping is specified.
Co-authored-by: Simon Charette <charette.s@gmail.com>
|
|
negative integer end.
|
|
|
|
relation on PostgreSQL.
|
|
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.
https://github.com/psf/black/releases/tag/23.1.0
|
|
Thanks Simon Charette, Tim Graham, and Adam Johnson for reviews.
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
|
|
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
SQL injection.
Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
|
|
|
|
|
|
|
|
Thanks Florian Apolloner, Chris Jerdonek, Hannes Ljungberg, Nick Pope,
and Mariusz Felisiak for reviews.
|
|
|
|
BaseDatabaseOperations.adapt_datetimefield_value()/adapt_timefield_value() crash with expressions.
|
|
BaseDatabaseOperations.format_for_duration_arithmetic() stub method.
|
|
|
|
specific timezone.
|
|
|
|
on PostgreSQL.
Thanks Marc Debureaux for the report.
Thanks Simon Charette, Nick Pope, and Adam Johnson for reviews.
|
|
This removes also unused DatabaseOperations.date_interval_sql().
|
|
QuerySet.select_for_update() on PostgreSQL.
|
|
Thanks to Adam Johnson, Carlton Gibson, Mariusz Felisiak, and Raphael
Michel for mentoring this Google Summer of Code 2019 project and
everyone else who helped with the patch.
Special thanks to Mads Jensen, Nick Pope, and Simon Charette for
extensive reviews.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
|
|
DatabaseOperations.execute_sql_flush().
|
|
PostgreSQL.
The sql_flush() positional argument sequences is replaced by the boolean
keyword-only argument reset_sequences. This ensures that the old
function signature can't be used by mistake when upgrading Django. When
the new argument is True, the sequences of the truncated tables will
reset. Using a single boolean value, rather than a list, allows making a
binary yes/no choice as to whether to reset all sequences rather than a
working on a completely different set.
|
|
together with PRECEDING and FOLLOWING".
|
|
The subtract_temporals() database operation was not handling expressions
returning SQL params in mixed database types.
Regression in 35431298226165986ad07e91f9d3aca721ff38ec.
Thanks Reupen Shah for the report.
|
|
|
|
Oracle.
|
|
PostgreSQL.
Thanks Florian Apolloner, Tim Graham, Simon Charette, Nick Pope, and
Mariusz Felisiak for reviews.
|
|
This allows using expressions that have an output_field that is a
BooleanField to be used directly in a queryset filters, or in the
When() clauses of a Case() expression.
Thanks Josh Smeaton, Tim Graham, Simon Charette, Mariusz Felisiak, and
Adam Johnson for reviews.
Co-Authored-By: NyanKiyoshi <hello@vanille.bid>
|
|
and refactored AutoFields.
This reduces duplication by allowing AutoField, BigAutoField and
SmallAutoField to inherit from IntegerField, BigIntegerField and
SmallIntegerField respectively. Doing so also allows for enabling the
max_length warning check and minimum/maximum value validation for auto
fields, as well as providing a mixin that can be used for other possible
future auto field types such as a theoretical UUIDAutoField.
|