| Age | Commit message (Collapse) | Author |
|
|
|
primary key.
|
|
Since in the majority of cases the `MediaAsset.attributes` will be
empty or small, there's only a tiny performance penalty.
However, the accidental use of the `path` property caused
a 1_000x performacne degredation (N=1_000_000).
|
|
Thank you James Walls and James Bligh for reviews.
Co-authored-by: Johannes Maron <johannes@maron.family>
|
|
New default tag `{% csp_nonce_attr %}` was added for explicit CSP nonce
inclusion into `<script>` and `<link>` elements.
`{% csp_nonce_attr %}` renders `nonce="<value>"` when `csp_nonce` is
present in the template context, and renders nothing otherwise.
`{% csp_nonce_attr media %}` renders a `Media` object's assets with the
nonce attr applied to each tag.
Thanks Jacob Walls for the accurate and spot on review comments.
Co-authored-by: Johannes Maron <johannes@maron.family>
|
|
|
|
Added new constant django.db.models.fields.BLANK_CHOICE_LABEL for
an accessible and translatable blank choice label in forms.
Deprecated django.db.models.fields.BLANK_CHOICE_DASH constant.
Added the immediately deprecated transitional setting
USE_BLANK_CHOICE_DASH.
Co-Authored-By: Marijke Luttekes <mail@marijkeluttekes.dev>
|
|
BaseModelFormSet.get_queryset() for stable ordering.
|
|
MultipleChoiceField.validate().
Used Django's OrderedSet datastructure instead of set() in MultipleChoiceField.validate()
to prevent submission ordering from being discarded during validation.
Thanks to Jacob Walls, JaeHyuck Sa, Jake Howard and Simon Charette for
the reviews.
|
|
|
|
This simplicaftion mitigates a potential DoS in URLField on Windows. The
usage of `urlsplit()` in `URLField.to_python()` was replaced with
`str.partition(":")` for URL scheme detection. On Windows, `urlsplit()`
performs Unicode normalization which is slow for certain characters,
making `URLField` vulnerable to DoS via specially crafted POST payloads.
Thanks Seokchan Yoon for the report, and Jake Howard and Shai Berger
for the review.
Refs #36923.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
There was unresolved discussion regarding whether to set
ClearableFileInput.use_fieldset to True or False when use_fieldset was
introduced in Django 4.1, since the clear checkbox appears only
sometimes. Although using <fieldset> is likely desirable, since the
primary motivation in #35892 was just to improve markup in the admin,
and a deprecation path was not provided for general form usage, future
work is deferred to #36828.
Regression in 4187da258fe212d494cb578a0bc2b52c4979ab95.
Thanks Tim Graham, Antoliny, and David Smith for triage.
|
|
The error message now correctly states that the error argument
is a dictionary.
|
|
|
|
Signed-off-by: SaJH <wogur981208@gmail.com>
|
|
django/forms/models.py.
|
|
|
|
Manually reformatted some comments and docstrings where autofix_w505.py
changed the meaning of the formatting.
|
|
Rewrapped long docstrings and block comments to 79 characters + newline
using script from https://github.com/medmunds/autofix-w505.
|
|
Manually reformatted some long docstrings and comments that would be
damaged by the to-be-applied autofixer script, in cases where editorial
judgment seemed necessary for style or wording changes.
|
|
|
|
InlineForeignKeyField.
Co-authored-by: Simon Charette <charette.s@gmail.com>
|
|
ModelChoiceField/ModelMultipleChoiceField.clean().
Signed-off-by: saJaeHyukc <wogur981208@gmail.com>
|
|
https://github.com/psf/black/releases/tag/25.1.0
|
|
FORMS_URLFIELD_ASSUME_HTTPS per deprecation timeline.
|
|
|
|
renderers.
Thank you Sarah Boyce, Carlton Gibson, Tim Schilling and Adam Johnson
for reviews.
Co-authored-by: Christophe Henry <contact@c-henry.fr>
Co-authored-by: David Smith <smithdc@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Matthias Kestenholz <mk@feinheit.ch>
|
|
Thanks Saravana Kumar for the report, and Sarah Boyce and Mariusz
Felisiak for the reviews.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
is set.
|
|
renderers.
|
|
|
|
|
|
|
|
Applied the ProhibitNullCharactersValidator to ModelChoiceField and ModelMultipleChoiceField.
Co-authored-by: Viktor Paripás <viktor.paripas@gmail.com>
Co-authored-by: Vasyl Dizhak <vasyl@dizhak.com>
Co-authored-by: Arthur Vasconcelos <vasconcelos.arthur@gmail.com>
|
|
unhashable type.
|
|
This work should not generate any change of functionality, and
`urlsplit` is approximately 6x faster.
Most use cases of `urlparse` didn't touch the path, so they can be
converted to `urlsplit` without any issue. Most of those which do use
`.path`, simply parse the URL, mutate the querystring, then put them
back together, which is also fine (so long as urlunsplit is used).
|
|
linkcode ext.
Co-authored-by: David Smith <smithdc@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
Hidden elements are not visible for both accessibility tools and browsers presentation layer. This change therefore only reduces the size of the generated HTML.
|
|
when form is invalid.
|
|
co-authored-by: Keryn Knight <keryn@kerynknight.com>
co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
co-authored-by: David Smith <smithdc@gmail.com>
co-authored-by: Paolo Melchiorre <paolo@melchiorre.org>
|
|
get_attname()/get_attname_column().
|
|
https://github.com/psf/black/releases/tag/24.1.0
|
|
|