| Age | Commit message (Collapse) | Author |
|
available backends.
Backport of d3f142f2cd36ba0458cc679397555bd5ee7db744 from main.
|
|
in XML serializer.
Previously, `getInnerText()` recursively used `list.extend()` on strings,
which added each character from child nodes as a separate list element.
On deeply nested XML content, this caused the overall deserialization
work to grow quadratically with input size, potentially allowing
disproportionate CPU consumption for crafted XML.
The fix separates collection of inner texts from joining them, so that
each subtree is joined only once, reducing the complexity to linear in
the size of the input. These changes also include a mitigation for a
xml.dom.minidom performance issue.
Thanks Seokchan Yoon (https://ch4n3.kr/) for report.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Backport of 50efb718b31333051bc2dcb06911b8fa1358c98c from main.
|
|
Co-authored-by: Rida Zouga <ridazouga@gmail.com>
Backport of 3ea0195ca57790d7bd6921ecaa32312eabec78d0 from main
|
|
Backport of 7b32485ee98edf7e8b94ad9c8acdccee562bf216 from main
|
|
relation is sticky.
Backport of 3c005b5f79bf6d71f3f4c3692ed670e1722b0fb6 from main.
|
|
Backport of 7e765a68598b2b798e49bf1f4b431a7bcac085a4 from main.
|
|
Co-authored-by: Clifford Gama <cliffygamy@gmail.com>
Backport of 47ac64ed8bba4de98376b961c739036b3199394b from main.
|
|
docs/topics/i18n/translation.txt.
Backport of 0ea01101c3a35568bc43e9707ac058b9874bd425 from main.
|
|
docs/topics/i18n/formatting.txt.
Co-authored-by: Ahmed Nassar <a.moh.nassar00@gmail.com>
Backport of 74239181252ca73bebb84789856f5d8937d421b4 from main.
|
|
from set_language() docs.
Backport of 2514857e3fae831106832cca8823237801cf2cad from main.
|
|
Thanks Baptiste Mispelon for the report
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Backport of afe6634146d0fe70498976c49d2eb4d745aa9064 from main.
|
|
Backport of 762d3be8c559b0abf415be8d6117f04fb6347983 from main.
|
|
Backport of f8d2610d94333a8b0fd283851a6cf4ac2e2e2435 from main
|
|
This removes the ability to configure Task enqueueing via a setting,
since the proposed `ENQUEUE_ON_COMMIT` did not support multi-database
setups.
Thanks to Simon Charette for the report.
Follow-up to 4289966d1b8e848e5e460b7c782dac009d746b20.
|
|
|
|
This work implements what was defined in DEP 14
(https://github.com/django/deps/blob/main/accepted/0014-background-workers.rst).
Thanks to Raphael Gaschignard, Eric Holscher, Ran Benita, Sarah Boyce,
Jacob Walls, and Natalia Bidart for the reviews.
|
|
|
|
Thanks Mike Edmunds for the report.
|
|
Updated docs for class django.core.mail.EmailMessage to use Sphinx
`method::` directives, allowing cross references to those methods
elsewhere in the docs.
Updated references to those methods in the email docs and 6.0 release
notes to link directly to the specific methods.
|
|
docs/topics/email.txt declares `module:: django.core.mail`.
Removed unnecessary `currentmodule::` pointing to the same module.
|
|
Co-authored-by: Jonathan <3218047+jernwerber@users.noreply.github.com>
Co-authored-by: Mustafa <117516335+mspirbhai@users.noreply.github.com>
|
|
disable policies.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
Signed-off-by: SaJH <wogur981208@gmail.com>
|
|
Lines in the docs files were manually adjusted to conform to the
79 columns limit per line (plus newline), improving readability and
consistency across the content.
|
|
|
|
|
|
docs.
|
|
|
|
Language.
Introduced `{% partialdef %}` and `{% partial %}` template tags to
define and render reusable named fragments within a template file.
Partials can also be accessed using the `template_name#partial_name`
syntax via `get_template()`, `render()`, `{% include %}`, and other
template-loading tools.
Adjusted `get_template()` behavior to support partial resolution, with
appropriate error handling for invalid names and edge cases. Introduced
`PartialTemplate` to encapsulate partial rendering behavior.
Includes tests and internal refactors to support partial context
binding, exception reporting, and tag validation.
Co-authored-by: Carlton Gibson <carlton@noumenal.es>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
|
|
|
|
|
|
- Changed EmailMessage.message() to construct a "modern email API"
email.message.EmailMessage and added policy keyword arg.
- Added support for modern MIMEPart objects in EmailMessage.attach()
(and EmailMessage constructor, EmailMessage.attachments list).
- Updated SMTP EmailBackend to use modern email.policy.SMTP.
Deprecated:
- Attaching MIMEBase objects (replace with MIMEPart)
- BadHeaderError (modern email uses ValueError)
- SafeMIMEText, SafeMIMEMultipart (unnecessary for modern email)
- django.core.mail.forbid_multi_line_headers()
(undocumented, but exposed via `__all__` and in wide use)
- django.core.mail.message.sanitize_address()
(undocumented, but in wide use)
Removed without deprecation (all undocumented):
- EmailMessage.mixed_subtype
- EmailMultiAlternatives.alternative_subtype
- Support for setting (undocumented) EmailMessage.encoding property
to a legacy email.charset.Charset object
Related changes:
- Dropped tests for incorrect RFC 2047 encoding of non-ASCII email
address localparts. This is specifically prohibited by RFC 2047, and
not supported by any known MTA or email client. (Python still
mis-applies encoded-word to non-ASCII localparts, but it is a bug that
may be fixed in the future.)
- Added tests that try to discourage using Python's legacy email APIs
in future updates to django.core.mail.
|
|
|
|
Reordered the keyword-only EmailMessage parameters in the documentation
to group similar options together and move rarely used options later.
Used keywords for *all* parameters in EmailMessage examples to improve
clarity.
|
|
In public mail APIs, changed less frequently used parameters from
keyword-or-positional to keyword-only, emitting a warning during the
required deprecation period.
|
|
django.core.mail.get_connection() has always supported only variable
keyword arguments (never variable positional arguments).
|
|
This initial work adds a pair of settings to configure specific CSP
directives for enforcing or reporting policy violations, a new
`django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the
appropriate headers to responses, and a context processor to support CSP
nonces in templates for safely inlining assets.
Relevant documentation has been added for the 6.0 release notes,
security overview, a new how-to page, and a dedicated reference section.
Thanks to the multiple reviewers for their precise and valuable feedback.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
Postgresql 16+.
Thanks Simon Charette for the guidance and review. Thanks Tim Schilling for the
documentation review. Thanks David Wobrock for investigation and solution proposals.
|
|
Previously save() would crash with an attempted forced update message, and both
save(force_insert=True) and bulk_create() would crash with DoesNotExist errors
trying to retrieve rows with an empty primary key (id IS NULL).
Implementing deferred field model instance copying might be doable in certain
cases (e.g. when all the deferred fields are db generated) but that's not
trivial to implement in a backward compatible way.
Thanks Adam Sołtysik for the report and test and Clifford for the review.
|
|
|
|
model of a self-referential m2m.
Thanks Giannis Terzopoulos and Sarah Boyce for the reviews.
|
|
|
|
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
Thank you to Claude Paroz and Athena Wolfskämpf for the review.
|