summaryrefslogtreecommitdiff
path: root/django
AgeCommit message (Collapse)Author
2021-05-12Refs #32738 -- Added sanitize_strftime_format() to replace datetime_safe.Nick Pope
2021-05-12Refs #32738, Refs #29600, Refs #29595 -- Removed unused ↵Nick Pope
django.utils.datetime_safe.time(). Unused since c72dde41e603093ab0bb12fa24fa69cfda0d35f9.
2021-05-12Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection ↵Nick Pope
options in MySQL backend. The 'db' and 'passwd' connection options have been deprecated, use 'database' and 'password' instead (available since mysqlclient >= 1.3.8). This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.
2021-05-12Fixed #32366 -- Updated datetime module usage to recommended approach.Nick Pope
- Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
2021-05-12Refs #24121 -- Added__repr__() to StaticNode.saeedblanchette
2021-05-12Fixed #32735 -- Made DateFormat.Y() return a zero-padded year.Nick Pope
2021-05-11Fixed #32722 -- Fixed comparing to TruncTime() on Oracle.Mariusz Felisiak
2021-05-07Fixed #32670 -- Allowed GDALRasters to use any GDAL virtual filesystem.Jordi Castells
2021-05-07Fixed #32712 -- Deprecated django.utils.baseconv module.Hasan Ramezani
2021-05-07Fixed #32699 -- Fixed comparing to TruncTime() with 0 microseconds on MySQL.Alex Hill
2021-05-06Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being ↵Mariusz Felisiak
accepted in URLValidator on Python 3.9.5+. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4
2021-05-05Fixed #32705 -- Prevented database cache backend from checking .rowcount on ↵ecogels
closed cursor. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-05Fixed #32690 -- Fixed __in lookup crash when combining with filtered aggregates.Simon Charette
Having lookups group by subquery right-hand-sides is likely unnecessary in the first place but relatively large amount of work would be needed to achieve that such as making Lookup instances proper resolvable expressions. Regression in 35431298226165986ad07e91f9d3aca721ff38ec. Thanks James A. Munsch for the report.
2021-05-05Fixed #32479 -- Added fallbacks to subsequent language codes in translations.Maxim Beder
Thanks Claude Paroz and Nick Pope for reviews.
2021-05-05Fixed #32714 -- Prevented recreation of migration for Meta.ordering with ↵Simon Charette
OrderBy expressions. Regression in c8b659430556dca0b2fe27cf2ea0f8290dbafecd. Thanks Kevin Marsh for the report.
2021-05-04Refs #32074 -- Removed usage of deprecated Thread.setDaemon().Karthikeyan Singaravelan
Thread.setDaemon() was deprecated in Python 3.10 and will be removed in Python 3.12.
2021-05-04Refs #32074 -- Used asyncio.get_running_loop() instead of get_event_loop().Mariusz Felisiak
Using asyncio.get_event_loop() when there is no running event loop was deprecated in Python 3.10, see https://bugs.python.org/issue39529.
2021-05-04Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.Florian Apolloner
2021-05-04Fixed #32693 -- Quoted and lowercased generated column aliases.Hasan Ramezani
2021-05-04Fixed #32709 -- Corrected examples in django/utils/baseconv.py docstring.pythonwood
2021-04-30Fixed #32653 -- Made quoting names in the Oracle backend consistent with ↵Mariusz Felisiak
db_table.
2021-04-30Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.Tim Graham
2021-04-30Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ↵Hasan Ramezani
ExceptionReporter._get_raw_insecure_uri().
2021-04-29Fixed capitalization of "ECMAScript" and "JavaScript".Nick Pope
2021-04-29Refs #32682 -- Renamed lookup_needs_distinct() to lookup_spawns_duplicates().Mariusz Felisiak
Follow up to 187118203197801c6cb72dc8b06b714b23b6dd3d.
2021-04-29Refs #32675 -- Removed to_field from ForeignKeys in contrib apps' migrations.David Wobrock
Refs #22889.
2021-04-28Removed unnecessary reuse_with_filtered_relation argument from Query methods.Nick Pope
In Query.join() the argument reuse_with_filtered_relation was used to determine whether to use == or .equals(). As this area of code is related to aliases, we only expect an instance of Join or BaseTable to be provided - the only two classes that provide .equals(). In both cases, the implementations of __eq__() and equals() are based on use of the "identity" property. __eq__() performs an isinstance() check first, returning NotImplemented if required. BaseTable.equals() then does a straightforward equality check on "identity". Join.equals() is a little bit different as it skips checking the last element of the "identity" property: filtered_relation. This was only included previously when the with_filtered_relation argument was True, impossible since bbf141bcdc31f1324048af9233583a523ac54c94.
2021-04-28Removed unused with_filtered_relation argument from .equals()Nick Pope
Unused since bbf141bcdc31f1324048af9233583a523ac54c94.
2021-04-28Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery ↵Simon Charette
deconstruction. Subquery deconstruction support required implementing complex and expensive equality rules for sql.Query objects for little benefit as the latter cannot themselves be made deconstructible to their reference to model classes. Making Expression @deconstructible and not BaseExpression allows interested parties to conform to the "expression" API even if they are not deconstructible as it's only a requirement for expressions allowed in Model fields and meta options (e.g. constraints, indexes). Thanks Phillip Cutter for the report. This also fixes a performance regression in bbf141bcdc31f1324048af9233583a523ac54c94.
2021-04-27Fixed #32687 -- Restored passing process’ environment to underlying tool ↵Konstantin Alekseev
in dbshell on PostgreSQL. Regression in bbe6fbb8768e8fb1aecb96d51c049d7ceaf802d3.
2021-04-27Fixed #32682 -- Made admin changelist use Exists() instead of distinct() for ↵Mariusz Felisiak
preventing duplicates. Thanks Zain Patel for the report and Simon Charette for reviews. The exception introduced in 6307c3f1a123f5975c73b231e8ac4f115fd72c0d revealed a possible data loss issue in the admin.
2021-04-27Refs #32682 -- Renamed use_distinct variable to may_have_duplicates.Mariusz Felisiak
QuerySet.distinct() is not the only way to avoid duplicate, it's also not preferred.
2021-04-27Refs #32682 -- Fixed QuerySet.delete() crash on querysets with ↵Mariusz Felisiak
self-referential subqueries on MySQL.
2021-04-27Refs 32637 -- Made technical 404 debug page display exception message when ↵Mariusz Felisiak
URL is resolved. Follow up to 3b8527e32b665df91622649550813bb1ec9a9251.
2021-04-27Fixed #32686 -- Removed unnecessary semicolon on collected multiline SQL for ↵Hannes Ljungberg
RunSQL.
2021-04-26Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin template.Zain Patel
Regression in 84609b3205905097d7d3038d32e6101f012c0619.
2021-04-23Refs #32673 -- Fixed lookups crash when comparing against lookups on Oracle.Mariusz Felisiak
Follow up to 170b006ce82b0ecf26dc088f832538b747ca0115.
2021-04-23Fixed #32673 -- Fixed lookups crash when comparing against lookups on ↵Simon Charette
PostgreSQL. Regression in 3a505c70e7b228bf1212c067a8f38271ca86ce09. Nonlitteral right-hand-sides of lookups need to be wrapped in parentheses to avoid operator precedence ambiguities. Thanks Charles Lirsac for the detailed report.
2021-04-21Fixed #32662 -- Refactored a generator out of SQLCompiler.get_order_by().Chris Jerdonek
This also renames the `asc` variable to `default_order`, markes the `desc` variable as unused, fixes a typo in SQLCompiler.get_order_by() docstring, and reorders some blocks in SQLCompiler._order_by_pairs().
2021-04-21Fixed #32650 -- Fixed handling subquery aliasing on queryset combination.Simon Charette
This issue started manifesting itself when nesting a combined subquery relying on exclude() since 8593e162c9cb63a6c0b06daf045bc1c21eb4d7c1 but sql.Query.combine never properly handled subqueries outer refs in the first place, see QuerySetBitwiseOperationTests.test_subquery_aliases() (refs #27149). Thanks Raffaele Salmaso for the report.
2021-04-21Fixed #32665 -- Fixed caches system check crash when STATICFILES_DIRS is a ↵Mariusz Felisiak
list of 2-tuples. Thanks Jared Lockhart for the report. Regression in c36075ac1dddfa986340b1a5e15fe48833322372.
2021-04-21Fixed #32647 -- Restored multi-row select with shift-modifier in admin ↵Carlton Gibson
changelist. Regression in 30e59705fc3e3e9e8370b965af794ad6173bf92b.
2021-04-20Refs #25287 -- Added support for multiplying and dividing DurationField by ↵Tobias Bengfort
scalar values on SQLite.
2021-04-20Refs #25287 -- Added _sqlite_prepare_dtdelta_param() hook.Tobias Bengfort
2021-04-20Removed unnecessary line in OrderBy.as_sql().David Beitey
Unnecessary since 7286eaf681d497167cd7dc8b70ceebfcf5cd21ad.
2021-04-20Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy.François Freitag
Django apps initialization to run management command triggers the admin autodiscovery. Importing django.contrib.auth.tokens creates an instance of PasswordResetTokenGenerator which required a SECRET_KEY. For several management commands, the token generator is unused. It should only complain about a missing SECRET_KEY when it is used.
2021-04-16Fixed #29899 -- Made autodetector use model states instead of model classes.David Wobrock
Thanks Simon Charette and Markus Holtermann for reviews.
2021-04-16Refs #29899 -- Improved variable names in ↵David Wobrock
MigrationAutodetector._detect_changes().
2021-04-16Refs #29899 -- Moved resolve_relation() to django.db.migrations.utils.David Wobrock
2021-04-15Fixed #32641 -- Made DiscoverRunner print the number of found tests.girishsontakke
Thanks Chris Jerdonek for reviews.