| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Bcc addresses are sent via the SMTP envelope and must never appear in
the message itself. A "Bcc" key in `extra_headers` was not excluded like
From/To/Cc/Reply-To, so it leaked into the generated message as a
visible header.
Thanks Mike Edmunds for reviews.
|
|
The previous approach created both sync and async wrappers before
checking which one was needed. Checking first reduces about 1 microsecond
off each decorator application.
|
|
|
|
AlterUniqueTogether.
|
|
Thanks Johannes Maron for reviews.
|
|
|
|
|
|
(a)force_login().
Co-authored-by: Mykhailo Havelia <Arfey17.mg@gmail.com>
|
|
self-referential foreign key.
When collecting SQL (e.g. for sqlmigrate), a RenameModel operation's
table rename is not executed, so the subsequent field alteration
introspected the renamed table before it existed. On MySQL this raised
"Table doesn't exist", and on PostgreSQL the missing introspection
silently omitted the self-referential foreign key's drop and recreate.
The schema editor now records table renames while collecting SQL and
redirects constraint-name introspection to the still-existing old table
name, which carries the same constraints. Applying migrations is
unaffected.
|
|
|
|
|
|
|
|
|
|
|
|
directives in UpdateCacheMiddleware.
Avoid false positives from hypothetical extension directives
that could be superstrings of the ones we are checking.
|
|
primary key.
|
|
Extracted the repeated `split(",")` + per-token `.strip()` pattern into
a `split_header_value()` generator in django/utils/http.py. The previous
`cc_delim_re` regex only stripped whitespace adjacent to the comma
delimiter, leaving leading or trailing whitespace on the first and last
tokens. Now, `split_header_value()` strips every token fully, matching
RFC 9110's optional-whitespace rules.
Thanks to Shai Berger, Jacob Walls, and Sarah Boyce for reviews.
|
|
|
|
delete_confirmation_max_display.
|
|
primary key.
|
|
On Unix systems that lack time zone information stored at
`/usr/share/zoneinfo`, time zones couldn't be validated.
Python's `zoneinfo` module was introduced in Python 3.9, meaning all
modern Django versions should support it's use.
|
|
Performance regression in 37e6c5b on SQLite. Just like MySQL, and presumably
Oracle, which don't have a native boolean type and incidently store booleans in
integer columns, indices on such columns cannot be used when explicit boolean
literal equalities are omitted.
Adapt the logic introduced by refs #32691 for MySQL to be used for all backends
that don't support native boolean fields instead of special casing MySQL,
SQLite, and Oracle in their own special way.
Note that review of this work surfaced that SQLite's query planner also cannot
make use of indices when dealing with expressions of form
WHERE NOT (indexed_bool_field = false)
but that's a long standing problem unrelated to the restorative work performed
in this patch.
Thanks Klaas van Schelven for the report.
|
|
Follow-up to 6e15ac8066312328de279e3e072667416c205bfc.
|
|
transitional setting to False.
|
|
values.
Thanks to Navid Rezazadeh for the report and Jacob Walls for review.
|
|
responses.
Thanks Shai Berger for the report, and Natalia Bidart and Sarah Boyce for reviews.
|
|
UpdateCacheMiddleware.
Thanks Ahmed Badawe for the report, and Jacob Walls for reviews.
|
|
Thanks Kasper Dupont for the report, and Jacob Walls and Natalia Bidart
for reviews.
|
|
Made signed cookies derive their signer namespace from an injective
encoding of `(name, salt)` while preserving compatibility with legacy
`name + salt` cookies behind SIGNED_COOKIE_LEGACY_SALT_FALLBACK.
Thanks Peng Zhou for the report, and Shai Berger, Markus Holterman,
Jake Howard, and Paul McMillan for reviews.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
Forwardport of fcbbb1f920f7a7efb16a9871e8905b743447a939 from stable/6.1.x
|
|
Forwardport of dd895d6268f1dd544a565a321cb4527ca3ca1173 from stable/6.0.x.
|
|
path.
The existing user path also uses thread_sensitive=False in acheck_password().
Follow-up to 7f66c3b41f0fb0fb938d7b96e20a28dccdaa2ecd.
|
|
|
|
Thanks JaeHyuck Sa, Jacob Walls, and Tim McCurrach for reviews.
Co-authored-by: Ülgen Sarıkavak <ulgensrkvk@gmail.com>
|
|
|
|
|
|
Forwardport of 9969df4f360221fc408da1604f0369f7594a1818 from stable/6.0.x.
|
|
Co-authored-by: Sohail Ahmad <sohailahmed34280@gmail.com>
|
|
|
|
|
|
|
|
Peer frameworks have long since dropped their analogous checks for this
vulnerability that was fixed in ES5.
|
|
|
|
Refs #37105, #12090.
|
|
|
|
Since in the majority of cases the `MediaAsset.attributes` will be
empty or small, there's only a tiny performance penalty.
However, the accidental use of the `path` property caused
a 1_000x performacne degredation (N=1_000_000).
|
|
|
|
|
