summaryrefslogtreecommitdiff
path: root/django
AgeCommit message (Collapse)Author
2019-08-23Replaced subprocess commands by run() wherever possible.Claude Paroz
2019-08-23Fixed #30715 -- Fixed crash of ArrayField lookups on ArrayAgg annotations ↵Mariusz Felisiak
over AutoField.
2019-08-23Reduced code duplication in ArrayField's lookups.Mariusz Felisiak
2019-08-22Fixed #30064 -- Added form to validate admin search fields query input.Carlton Gibson
2019-08-22Fixed #30712 -- Allowed BLOB/TEXT defaults on MySQL 8.0.13+.Nasir Hussain
2019-08-21Fixed #21039 -- Added AddIndexConcurrently/RemoveIndexConcurrently ↵Mads Jensen
operations for PostgreSQL. Thanks to Simon Charettes for review. Co-Authored-By: Daniel Tao <daniel.tao@gmail.com>
2019-08-20Fixed #29667 -- Prohibited whitespaces in path() URLs.Hasan Ramezani
2019-08-20Fixed #29979, Refs #17337 -- Extracted AutoField field logic into a mixin ↵Nick Pope
and refactored AutoFields. This reduces duplication by allowing AutoField, BigAutoField and SmallAutoField to inherit from IntegerField, BigIntegerField and SmallIntegerField respectively. Doing so also allows for enabling the max_length warning check and minimum/maximum value validation for auto fields, as well as providing a mixin that can be used for other possible future auto field types such as a theoretical UUIDAutoField.
2019-08-19Fixed #29260 -- Skipped an UPDATE when adding a model instance with primary ↵Hasan Ramezani
key that has a default.
2019-08-19Fixed #30693 -- Removed separate import of os.path in ↵Maaz Bin Tahir Saeed
django.core.management.templates.
2019-08-18Refs #28428 -- Made FileField.upload_to support pathlib.Path.Claude Paroz
2019-08-18Refs #30426 -- Changed default SECURE_CONTENT_TYPE_NOSNIFF to True.Claude Paroz
2019-08-17Fixed #29545 -- Fixed using filter lookups againts nested subquery expressions.Simon Charette
Made sql.Where resolve lhs of its child nodes. This is necessary to allow filter lookups against nested subquery expressions to properly resolve their OuterRefs to Cols. Thanks Oskar Persson for the simplified test case.
2019-08-16Fixed #30701 -- Updated patch_vary_headers() to handle an asterisk according ↵Adnan Umer
to RFC 7231.
2019-08-16Fixed #27676 -- Allowed BLOB/TEXT defaults on MariaDB 10.2.1+.Adam Johnson
2019-08-16Fixed #30687 -- Fixed using of OuterRef() expressions in distance lookups.Andrew Brown
2019-08-15Refs #30449 -- Made RelatedOnlyFieldListFilter respect ModelAdmin.ordering.zeyneloz
2019-08-15Fixed #30449 -- Fixed RelatedFieldListFilter/RelatedOnlyFieldListFilter to ↵zeyneloz
respect model's Meta.ordering. Regression in 6d4e5feb79f7eabe8a0c7c4b87f25b1a7f87ca0b. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-08-14Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on ↵Mariusz Felisiak
expressions with params. Regression in 4f5b58f5cd3c57fee9972ab074f8dc6895d8f387. Thanks Florian Apolloner for the report and helping with tests.
2019-08-14Optimized Field.deconstruct() by using elif.Mads Jensen
2019-08-13Fixed #30461 -- Made GeoIP2 and GEOIP_PATH setting accept pathlib.Path as ↵Claude Paroz
library path. Thanks Nikita Krokosh for the initial patch.
2019-08-13Refs #30461 -- Added django.utils._os.to_path().Claude Paroz
2019-08-13Fixed #30704 -- Fixed crash of JSONField nested key and index transforms on ↵Mariusz Felisiak
expressions with params. Thanks Florian Apolloner for the report and helping with tests.
2019-08-13Refs #25367 -- Moved Oracle Exists() handling to contextual methods.Simon Charette
Oracle requires the EXISTS expression to be wrapped in a CASE WHEN in the following cases. 1. When part of a SELECT clause. 2. When part of a ORDER BY clause. 3. When compared against another expression in the WHERE clause. This commit moves the systematic CASE WHEN wrapping of Exists.as_oracle to contextual .select_format, Lookup.as_oracle, and OrderBy.as_oracle methods in order to avoid unnecessary wrapping.
2019-08-13Refs #25367 -- Moved select_format hook to BaseExpression.Simon Charette
This will expose an intermediary hook for expressions that need special formatting when used in a SELECT clause.
2019-08-12Corrected multiple typos.Min ho Kim
2019-08-12Refs #24793 -- Removed bogus connection argument from SQLCompiler.compile() ↵Simon Charette
calls. The method doesn't expect a connection object to be passed as its second argument.
2019-08-12Refs #11964 -- Made constraint support check respect required_db_features.Simon Charette
This will notably silence the warnings issued when running the test suite on MySQL.
2019-08-12Refs #23879 -- Made introspection respect required_db_features.Simon Charette
2019-08-11Fixed #30677 -- Improved error message for urlencode() and Client when None ↵swatantra
is passed as data.
2019-08-09Fixed #29008 -- Fixed crash of 404 debug page when URL path converter raises ↵Ngalim Siregar
Http404.
2019-08-08Removed unnecessary StatAggregate.resolve_expression().Jon Dufresne
This method only calls the parent method, but without the for_save argument. The parent class, Aggregate, already ignores the for_save argument so there is no need for special handling. Unnecessary since its introduction in e4cf8c8420634d6f2dc8ce873246256ce635972d.
2019-08-08Fixed #30673 -- Relaxed system check for db_table collision when database ↵Adnan Umer
routers are installed by turning the error into a warning.
2019-08-07Corrected several typos in string literals and test names.Min ho Kim
2019-08-07Fixed #30676 -- Added --pdb option to test runner.Andrew Godwin
2019-08-05Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER ↵Adnan Umer
setting.
2019-08-05Moved indexes in ArrayField's Index and Slice transforms to SQL params.Mariusz Felisiak
Follow up to 7deeabc7c7526786df6894429ce89a9c4b614086. These lookups aren't vulnerable to SQL injection because both accept only integer indexes. It is a part of good practices.
2019-08-05Fixed #28393 -- Added helpful error messages for invalid ↵Diederik van der Boor
AutoField/FloatField/IntegerField values. Co-authored-by: Diederik van der Boor <vdboor@edoburu.nl> Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-02Simplified AlterModelTable by making it subclass ModelOptionOperation.Nick Pope
2019-08-02Fixed #30668 -- Made QuerySet.filter() raise NotSupportedError if any of ↵aaktsipetrov
source expressions is not filterable.
2019-08-02Fixed #30661 -- Added models.SmallAutoField.Nick Pope
2019-08-02Fixed #30599 -- Prevented ManifestFilesMixin.read_manifest() from silencing ↵zeyneloz
errors other than FileNotFoundError.
2019-08-02Removed obsolete mentions of a check constraint in ↵Mariusz Felisiak
BaseDatabaseSchemaEditor.add_constraint()/remove_constraint() docstrings.
2019-08-01Removed unneeded ValueError catching in django.utils.text._replace_entity().Jon Dufresne
The html.entities.name2codepoint dict contains only valid Unicode codepoints. Either the key exists and chr() will succeed or the key does not exist.
2019-08-01Refs #30664 -- Fixed migrations crash when altering AutoField/BigAutoField ↵Mariusz Felisiak
with quoted db_column on PostgreSQL.
2019-08-01Fixed #30664 -- Fixed migrations crash when altering table on SQLite or ↵Ngalim Siregar
altering AutoField/BigAutoField on PostgreSQL for models with quoted db_table.
2019-08-01Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in ↵Florian Apolloner
django.utils.encoding.uri_to_iri(). Thanks to Guido Vranken for initial report.
2019-08-01Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index ↵Mariusz Felisiak
lookups against SQL injection. Thanks to Sage M. Abdullah for the report and initial patch. Thanks Florian Apolloner for reviews.
2019-08-01Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵Florian Apolloner
strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report.
2019-08-01Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when ↵Florian Apolloner
truncating HTML. Thanks to Guido Vranken for initial report.