summaryrefslogtreecommitdiff
path: root/django
AgeCommit message (Collapse)Author
2022-05-02Refs #33646 -- Made QuerySet.raw() async-compatible.Mariusz Felisiak
2022-05-02Refs #33646 -- Added RawModelIterable.Mariusz Felisiak
2022-05-02Fixed #33413 -- Made migrations propage collations to related fields.David Wobrock
2022-04-29Refs #33671 -- Fixed migrations crash when adding collation to a primary key ↵Mariusz Felisiak
on Oracle.
2022-04-29Refs #30426 -- Updated XFrameOptionsMiddleware docstring.Clemens Wolff
Follow up to 05d0eca635853564c57e639ac5590674a7de2ed6.
2022-04-29Fixed #33670 -- Fixed altering primary key on SQLite.Mariusz Felisiak
2022-04-29Refs #33413 -- Added collation to CharField/TextField's db_parameters.David Wobrock
2022-04-28Fixed #33661 -- Corrected Catalan date-format localization.mpachas
Changed DATE_FORMAT, DATETIME_FORMAT and MONTH_DAY_FORMAT to use E placeholder (Month, locale specific alternative) to handle both “de gener” and contracted “d’abril” cases. Thanks to Ferran Jovell for review.
2022-04-27Refs #32339 -- Allowed renderer to specify default form and formset templates.Carlton Gibson
Co-authored-by: David Smith <smithdc@gmail.com>
2022-04-26Fixed #33646 -- Added async-compatible interface to QuerySet.Andrew Godwin
Thanks Simon Charette for reviews. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2022-04-26Fixed #27471 -- Made admin's filter choices collapsable.Marcelo Galigniana
2022-04-26Fixed #33656 -- Fixed MultiWidget crash when compressed value is a tuple.L
2022-04-26Fixed #33655 -- Removed unnecessary constant from GROUP BY clause for ↵marcperrinoptel
QuerySet.exists().
2022-04-25Refs #2259 -- Disallowed primary keys in ModelAdmin.list_editable.siddhartha-star-dev
Refs #32728.
2022-04-22Removed unnecessary variable in Index.create_sql().Hannes Ljungberg
Unnecessary since fdfb3086fcba1b737ec09676ab4bb95105f3371e.
2022-04-22Refs #31223 -- Added __class_getitem__() to ForeignKey.Collin Anderson
2022-04-22Refs #27674 --- Deprecated django.contrib.gis.admin.OpenLayersWidget.Mariusz Felisiak
2022-04-21Fixed #33509 -- Added "(no-op)" to sqlmigrate output for operations without ↵Adam Johnson
SQL statement.
2022-04-21Fixed #33004 -- Made saving objects with unsaved GenericForeignKey raise ↵sarahboyce
ValueError. This aligns to the behaviour of OneToOneField and ForeignKey fields. Thanks Jonny Park for the initial patch.
2022-04-20Refactored out RedirectURLMixin.get_success_url().Aymeric Augustin
This also adds a default implementation of get_default_redirect_url().
2022-04-20Simplified LogoutView.get_success_url().Aymeric Augustin
This preserves the behavior of redirecting to the logout URL without query string parameters when an insecure ?next=... parameter is given. It changes the behavior of a POST to the logout URL, as shown by the test that is changed. Currently, this results in a GET to the logout URL. However, such GET requests are deprecated. This change would be necessary in Django 5.0 anyway. This commit merely anticipates it.
2022-04-20Unified LoginView/LogoutView.get_default_redirect_url() methods.Aymeric Augustin
This might change the behavior when self.next_page == "". However, resolve_url(self.next_page) would almost certainly fail in that case. It is technically possible to define a logout URLpattern whose name is "": path('logout/', LogoutView.as_view(), name=''), and then to refer to this pattern with next_page = "". However this feels like a pathological case, so we decided not to handle it. Most checks on next_page, LOGIN_REDIRECT_URL, and LOGOUT_REDIRECT_URL are performed with boolean evaluation rather than comparison with None. That's why we standardizing that way.
2022-04-20Renamed LogoutView.get_next_page() to get_success_url().Aymeric Augustin
This aligns it with LoginView. Also, it removes confusion with the get_next_page() method of paginators. get_next_page() was a private API, therefore this refactoring is allowed.
2022-04-20Refactored out RedirectURLMixin.get_redirect_url().Aymeric Augustin
This also renames SuccessURLAllowedHostsMixin to RedirectURLMixin. This doesn't change the behavior of LogoutView.get_next_page() because next_page == "" implies url_is_safe == False before the refactoring.
2022-04-20Fixed #33654 -- Added localdate to utils.timezone.__all__. Andrey Otto
2022-04-19Fixed #33639 -- Enabled cached template loader in development.Carlton Gibson
2022-04-19Refs #32226 -- Fixed JSON format of QuerySet.explain() on PostgreSQL when ↵Mariusz Felisiak
format is uppercased. Follow up to aba9c2de669dcc0278c7ffde7981be91801be00b.
2022-04-19Removed unnecessary default argument from GET.get() call in ↵Aymeric Augustin
LoginView.get_redirect_url(). The default argument is unnecessary because url_has_allowed_host_and_scheme() returns False when its first argument is "" or None, so get_redirect_url() still returns "". This also aligns LoginView.get_redirect_url() and LogoutView.get_next_page().
2022-04-18Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page ↵Aymeric Augustin
when LOGOUT_REDIRECT_URL is set.
2022-04-18Fixed DatabaseFeatures.uses_savepoints/can_release_savepoints and related ↵Mariusz Felisiak
tests with MyISAM storage engine.
2022-04-16Fixed #33643 -- Fixed inspectdb crash on functional unique constraints on ↵Scott
Oracle.
2022-04-15Fixed #33607 -- Made PostgresIndex.create_sql() respect the "using" argument.Alexandru Mărășteanu
2022-04-15Fixed #11803 -- Allowed admin select widgets to display new related objects.mgaligniana
Adjusted admin javascript to add newly created related objects to already loaded select widgets. In this version, applies only where limit_choices_to is not set.
2022-04-14Fixed #33637 -- Improved initial zoom level in MapWidget.Claude Paroz
2022-04-14Made select_for_update() don't raise TransactionManagementError on databases ↵Mariusz Felisiak
that don't support transactions.
2022-04-14Expanded QuerySet.explain() error message if a backend supports no formats.Tim Graham
2022-04-14Removed unneeded code in explain_query_prefix()Tim Graham
2022-04-13Fixed #30511 -- Used identity columns instead of serials on PostgreSQL.Florian Apolloner
2022-04-13Fixed DatabaseFeatures.supports_index_column_ordering and related tests with ↵Mariusz Felisiak
MyISAM storage engine.
2022-04-13Removed unnecessary tuple call in SQLInsertCompiler.David Smith
2022-04-12Fixed DatabaseFeatures.supports_expression_indexes on MySQL with MyISAM.Mariusz Felisiak
2022-04-12Fixed #24296 -- Made QuerySet.exists() clear selected columns for not sliced ↵mgaligniana
distinct querysets.
2022-04-12Fixed #33626 -- Cleared cache when unregistering a lookup.Himanshu-Balasamanta
2022-04-11Fixed #32604 -- Made file upload respect group id when uploading to a ↵Mateo Radman
temporary file.
2022-04-11Removed DatabaseFeatures.validates_explain_options.Mariusz Felisiak
Always True since 6723a26e59b0b5429a0c5873941e01a2e1bdbb81.
2022-04-11Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL ↵Mariusz Felisiak
injection on PostgreSQL.
2022-04-11Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and ↵Mariusz Felisiak
extra() against SQL injection in column aliases. Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report.
2022-04-11Fixed #33628 -- Ignored directories with empty names in autoreloader check ↵Manel Clos
for template changes. Regression in 68357b2ca9e88c40fc00d848799813241be39129.
2022-04-07Fixed #33618 -- Fixed MTI updates outside of primary key chain.Simon Charette
2022-04-07Fixed #33611 -- Allowed View subclasses to define async method handlers.Carlton Gibson