summaryrefslogtreecommitdiff
path: root/django
AgeCommit message (Collapse)Author
2022-07-06Used list comprehensions in RedisCache.delete_many().Christos Kopanos
2022-07-06Fixed #33823 -- Made inspectdb generate unique related_name when reverse ↵Vladimir Kochetkov
accessor clashes.
2022-07-06Refs CVE-2022-34265 -- Properly escaped Extract() and Trunc() parameters.Simon Charette
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-07-05Fixed #33822 -- Fixed save() crash on model formsets when not created by ↵Shawn Dong
modelformset_factory(). Thanks Claude Paroz for the report. Regression in e87f57fdb8dcdabc452bd15abd015bf6c9b1f7a8.
2022-07-05Fixed #33815 -- Fixed last_executed_query() on Oracle when parameter names ↵Mariusz Felisiak
overlap.
2022-07-04Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) against ↵Mariusz Felisiak
SQL injection. Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
2022-07-04Fixed #33816 -- Fixed QuerySet.only() after select_related() crash on proxy ↵Ipakeev
models.
2022-07-01Updated vendored _urlsplit() to strip newline and tabs.Michael Manfre
Refs Python CVE-2022-0391. Django is not affected, but others who incorrectly use internal function url_has_allowed_host_and_scheme() with unsanitized input could be at risk.
2022-06-28Fixed #33779 -- Allowed customizing encoder class in ↵Hrushikesh Vaidya
django.utils.html.json_script().
2022-06-28Refs #33697 -- Used django.utils.http.parse_header_parameters() for parsing ↵Mehrdad
boundary streams. This also removes unused parse_header() and _parse_header_params() helpers in django.http.multipartparser.
2022-06-28Removed unnecessary _parse_header() from MultiPartParser.Mariusz Felisiak
Reraising ValueError was unused since its introduction in d725cc9734272f867d41f7236235c28b3931a1b2.
2022-06-28Refs #33697 -- Made MediaType use django.utils.http.parse_header_parameters().Mehrdad
2022-06-28Fixed #33805 -- Made admin's many-to-many widgets do not display help text ↵Ankur
for selecting values when allow_multiple_selected is False.
2022-06-27Refs #32786 -- Made query clear ordering when ordered combined queryset is ↵Mariusz Felisiak
used in subquery on Oracle.
2022-06-27Refs #33713 -- Removed unnecessary skip for MariaDB 10.3.Mariusz Felisiak
2022-06-27Fixed #33796 -- Fixed ordered combined queryset crash when used in subquery ↵Mariusz Felisiak
on PostgreSQL and MySQL. Thanks Shai Berger for the report. Regression in 30a01441347d5a2146af2944b29778fa0834d4be.
2022-06-23Fixed #33800 -- Fixed system check for the same template tag module in ↵Mariusz Felisiak
installed apps and template tag libraries. Thanks Claude Paroz for the report. Regression in 004b4620f6f4ad87261e149898940f2dcd5757ef.
2022-06-23Fixed #33799, Refs #31685 -- Added parameters for updating conflicts to ↵DhruvaPatil98
QuerySeta.abulk_create().
2022-06-23Made HashedFilesMixin ignore URLs without a path.Florian Apolloner
2022-06-22Fixed #33028 -- Used ModelAdmin's opts attribute instead of model._meta.Marcelo Galigniana
2022-06-21Fixed #33794 -- Fixed string-casting of GIS queries on PostgreSQL.Claude Paroz
Regression in 64c3f049ea3bcb1c82f35ae09f1dd5349a826a5c.
2022-06-20Fixed #33657 -- Allowed customizing formatter class of argument parsers.Abhinav Yadav
2022-06-20Fixed #32969 -- Fixed pickling HttpResponse and subclasses.Anv3sh
2022-06-20Fixed #23689 -- Made parsing HTTP Accept-Language header case-insensitive.Zainab Amir
Thank you Daniel Samuels for test project.
2022-06-18Fixed #33784 -- Removed unnecessary format escaping in admin calendar widget.Ankur
Replacements were added in fa0653cd1d791a8bce835e8992cbeab6fd70d0e7 where we created a callback function by concatenating strings. It's unnecessary since d638cdc42acec608c1967f44af6be32a477c239f.
2022-06-17Fixed #33788 -- Added TrigramStrictWordSimilarity() and ↵Matt Brewer
TrigramStrictWordDistance() on PostgreSQL.
2022-06-17Fixed #28897 -- Fixed QuerySet.update() on querysets ordered by annotations.David Wobrock
2022-06-17Refs #28897 -- Added test for QuerySet.update() on querysets ordered by ↵David Wobrock
inline m2m annotation.
2022-06-17Fixed #24870 -- Added --update option to makemigrations command.David Wobrock
2022-06-17Refs #24870 -- Refactored out get_relative_path() hook in makemigrations.David Wobrock
2022-06-16Fixed #33786 -- Confirmed support for GDAL 3.5.Mariusz Felisiak
2022-06-14Fixed #33772 -- Added QuerySet.first()/last() error message on unordered ↵Pablo Pissi
queryset with aggregation.
2022-06-13Fixed #33773 -- Made Index with multiple fields respect ↵Bruce Cutler
DEFAULT_INDEX_TABLESPACE. Thanks to Simon Charette for locating where issue lay.
2022-06-13Made QuerySet.bulk_update() raise an error when batch_size is zero.Ebram Shehata
2022-06-09Fixed #33755 -- Moved ASGI body-file cleanup into request class.Jonas Lundberg
2022-06-08Fixed #33565 -- Improved locale format validation for the makemessages command.Ronnie van den Crommenacker
2022-06-03Refs #33697 -- Made MultiPartParser use ↵Mehrdad
django.utils.http.parse_header_parameters() for parsing Content-Type header.
2022-06-03Fixed documentation of Widget.id_for_label() empty return value.Swann
2022-06-03Fixed #33764 -- Deprecated BaseUserManager.make_random_password().Ciaran McCormick
2022-06-02Fixed #33700 -- Skipped extra resolution for successful requests not ending ↵Anders Kaseorg
with /. By moving a should_redirect_with_slash call out of an if block, commit 9390da7fb6e251eaa9a785692f987296cb14523f negated the performance fix of commit 434d309ef6dbecbfd2b322d3a1da78aa5cb05fa8 (#24720). Meanwhile, the logging issue #26293 that it targeted was subsequently fixed more fully by commit 40b69607c751c4afa453edfd41d2ed155e58187e (#26504), so it is no longer needed. This effectively reverts it. This speeds up successful requests not ending with / when APPEND_SLASH is enabled (the default, and still useful in projects with a mix of URLs with and without trailing /). The amount of speedup varies from about 5% in a typical project to nearly 50% on a benchmark with many routes. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2022-06-02Fixed #31788 -- Fixed migration optimization after altering field to ↵David Wobrock
ManyToManyField. This makes AddField() used for altering to ManyToManyField, dependent on the prior RemoveField.
2022-06-01Fixed #33742 -- Added id to GeoJSON serializer.Samir Shah
2022-06-01Fixed #33750 -- Fixed timezone warning alignment with help texts.Florian Demmer
Previously help_text was wrapped in a paragraph, but the change to div broke the alignment, refs #27207.
2022-06-01Fixed #33733 -- Preserved wrapper assignment for manager methods.kshivakumar
2022-06-01Refs #33697 -- Fixed multipart parsing of headers with double quotes and ↵Mehrdad
semicolons. See https://github.com/python/cpython/commit/1ef0c0349e8fdb5415e21231cb42edbf232b742a
2022-06-01Fixed #32234 -- Made inspectdb inform about composite primary keys.Anv3sh
2022-05-31Fixed #33191 -- Avoided clearing cached reference when saving child after ↵Allen Jonathan David
parent. Thanks Barry Johnson for the report.
2022-05-31Fixed #33754 -- Fixed crash with prematurely closed ASGI request body.Jonas Lundberg
Regression in 441103a04d1d167dc870eaaf90e3fba974f67c93.
2022-05-31Fixed #33748 -- Fixed date template filter crash with lazy format.Claude Paroz
Regression in 659d2421c7adbbcd205604002d521d82d6b0b465.
2022-05-26Fixed #22078 -- Fixed crash of Feed with decorated methods.Marcelo Galigniana