summaryrefslogtreecommitdiff
path: root/tests/queries
AgeCommit message (Collapse)Author
2026-05-18Refs #36938 -- Reverted "Refs #36938 -- Tolerated unnecessary ordering in ↵Jacob Walls
compound queries on SQLite." This mostly reverts 2314cdf1ff860058a6579bb9f9bac1253fc9ab43, but keeps the removal of some test skips.
2026-05-18Fixed #37097 -- Made Query.clear_ordering() clear ordering on combined ↵Jacob Walls
queries also. Thanks Shai Berger for the report. Regression in 087bb9e8f3478d53f12b1737af865992af17c5f2. (That commit drove more traffic into an error that would have been reachable only with an explicit order_by() after each union().) Co-authored-by: Simon Charette <charettes@gmail.com> Co-authored-by: siddus <dcsid10@gmail.com>
2026-05-11Refs #36938 -- Tolerated unnecessary ordering in compound queries on SQLite.Jacob Walls
2026-05-11Fixed #36593 -- Deprecated QuerySet.select_related() with no arguments.Adam Johnson
This commit deprecates the "fetch all relations" form of `QuerySet.select_related()` due to its poor performance characteristics, and updates several tests relying on that feature to ignore the new warning.
2026-05-11Refs #36593 -- Used explicit select_related() calls in tests.Adam Johnson
This commit prepares for the deprecation of select_related() without arguments by updating tests that used select_related() as a shorthand to explicitly specify the related fields to be selected.
2026-04-28Fixed #36912 -- Added connector validation to Q.create().Anna Makarudze
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2026-04-27Moved QuerySet.extra() assertions to a separate test.Tim Graham
This allows backends that don't support extra() to skip it.
2026-04-02Fixed #20024 -- Fixed handling of __in lookups with None in exclude().Eddy Adegnandjou
Thanks Simon Charette and Tim Graham for reviews, and Jason Hall for a prior iteration.
2026-03-21Refs #36883 -- Split monolithic aggregation/lookup/queries tests.Tim Graham
2026-03-19Refs #36795 -- Deprecated SQLCompiler.quote_name_unless_alias().Simon Charette
It has been superseded with .quote_name(), which ensures aliases are always quoted.
2026-03-19Fixed #36795 -- Enforced quoting of all database object names.Simon Charette
This ensures all database identifiers are quoted independently of their orign and most importantly that user provided aliases through annotate() and alias() which paves the way for dropping the allow list of characters such aliases can contain. This will require adjustments to raw SQL interfaces such as RawSQL that might make reference to ORM managed annotations as these will now be quoted. The `SQLCompiler.quote_name_unless_alias` method is kept for now as an alias for the newly introduced `.quote_name` method but will be duly deprecated in a follow up commit.
2026-03-11Refs #28455 -- Implemented private API methods for preventing QuerySet cloning.Keryn Knight
Multiple calls are idempotent assuming they're balanced. Also, multiple calls to disable cloning followed by a single call to re-enable cloning will subsequently cause clones to occur - it is not a stack, just a toggle. @contextlib.contextmanager is intentionally not used for performance reasons: - decorator takes 1.1µs to execute, or 2µs if used correctly in a `with ...:` statement - custom class takes 300ns to execute, or 900ns if used correctly in a `with ...:` statement Based on work originally done by Anssi Kääriäinen and Tim Graham.
2026-02-12Added tests for QuerySet.union() across different models and value aliases.Emanuel Lupi
These tests were developed during work on MongoDB and capture edge cases discovered there.
2026-02-06Refs #36644 -- Applied default ordering after union().Nilesh Kumar Pahari
2026-02-03Fixed CVE-2026-1287 -- Protected against SQL injection in column aliases via ↵Jake Howard
control characters. Control characters in FilteredRelation column aliases could be used for SQL injection attacks. This affected QuerySet.annotate(), aggregate(), extra(), values(), values_list(), and alias() when using dictionary expansion with **kwargs. Thanks Solomon Kebede for the report, and Simon Charette, Jacob Walls, and Natalia Bidart for reviews.
2026-01-27Refs #35744 -- Removed problematic __in lookup in ↵Tim Graham
test_intersection_in_nested_subquery. It's problematic on MongoDB. Simon: "It seems odd that we'd use __in=OuterRef("pk") over __in=[OuterRef("pk")]. It's a SQLism that only works because right-hand-side is wrapped with (...) and that's interpreted as a singleton tuple which is allowed with IN."
2026-01-06Fixed #29257 -- Caught DatabaseError when attempting to close a possibly ↵VIZZARD-X
already-closed cursor.
2025-11-05Refs CVE-2025-64459 -- Avoided propagating invalid arguments to Q on ↵Jacob Walls
dictionary expansion.
2025-11-05Fixed CVE-2025-64459 -- Prevented SQL injections in Q/QuerySet via the ↵Jacob Walls
_connector kwarg. Thanks cyberstan for the report, Sarah Boyce, Adam Johnson, Simon Charette, and Jake Howard for the reviews.
2025-10-27Fixed #36624 -- Dropped support for MySQL < 8.4.Mariusz Felisiak
2025-10-01Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggregate(), ↵Mariusz Felisiak
and extra() against SQL injection in column aliases on MySQL/MariaDB. Thanks sw0rd1ight for the report. Follow up to 93cae5cb2f9a4ef1514cf1a41f714fef08005200.
2025-09-17Refs #27222 -- Restored Model.save()'s refreshing of db_returning fields ↵Simon Charette
even if a value is set. The logic could likely be adjusted to assign the pre_save value in most cases to avoid the database transit but it could break in subtle ways so it's not worth the complexity it would require. Regression in 94680437a45a71c70ca8bd2e68b72aa1e2eff337. Co-authored-by: Tim Graham <timograham@gmail.com>
2025-09-16Refs #27222 -- Deduplicated db_returning fields in Model.save().Jacob Walls
Follow-up to 94680437a45a71c70ca8bd2e68b72aa1e2eff337.
2025-08-04Fixed #34871, #36518 -- Implemented unresolved lookups expression replacement.Simon Charette
This allows the proper resolving of lookups when performing constraint validation involving Q and Case objects. Thanks Andrew Roberts for the report and Sarah for the tests and review.
2025-07-23Refs #36500 -- Rewrapped long docstrings and block comments via a script.django-bot
Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505.
2025-06-10Refs #36419 -- Fixed BulkUpdateTests.test_json_field_sql_null() crash on Oracle.Mariusz Felisiak
Follow up to c1fa3fdd040718356e5a3b9a0fe699d73f47a940.
2025-06-06Fixed #36419 -- Ensured for_save was propagated when resolving expressions.Clifford Gama
The for_save flag wasn't properly propagated when resolving expressions, which prevented get_db_prep_save() from being called in some cases. This affected fields like JSONField where None would be saved as JSON null instead of SQL NULL. Regression in 00c690efbc0b10f67924687f24a7b30397bf47d9. Thanks to David Sanders and Simon Charette for reviews. Co-authored-by: Adam Johnson <me@adamj.eu>
2025-05-19Fixed #36388 -- Made QuerySet.union() return self when called with no arguments.Colleen Dunlap
Regression in 9cb8baa0c4fa2c10789c5c8b65f4465932d4d172. Thank you to Antoine Humeau for the report and Simon Charette for the review.
2025-05-08Refs #36143 -- Tested bulk_batch_size limit for bulk_update and bulk_create.Sage Abdullah
2025-04-11Fixed #36288 -- Addressed improper handling of duplicates in values_list().Simon Charette
Now that selected aliases are stored in sql.Query.selected: dict[str, Any] the values_list() method must ensures that duplicate field name references are assigned unique aliases. Refs #28900. Regression in 65ad4ade74dc9208b9d686a451cd6045df0c9c3a. Thanks Claude for the report.
2025-02-11Fixed #36149 -- Allowed subquery values against tuple exact and in lookups.Simon Charette
Non-tuple exact and in lookups have specialized logic for subqueries that can be adapted to properly assign select mask if unspecified and ensure the number of involved members are matching on both side of the operator.
2025-01-14Refs #36075 -- Adjusted pk_fields usage in bulk_update eligibility checks.Simon Charette
Regression in bf7b17d16d3978b2e1cee4a0f7ce8840bd1a8dc4. Thanks Sage Abdullah for the report.
2024-11-08Fixed #35011, Refs #28900 -- Added tests for QuerySet.union() with multiple ↵Jacob Rief
models and DateTimeField annotations. Ticket was resolved by 65ad4ade74dc9208b9d686a451cd6045df0c9c3a as part of #28900.
2024-10-30Fixed #35856 -- Added QuerySet.explain() support for MEMORY/SERIALIZE option ↵Anthony Joseph
on PostgreSQL 17+.
2024-10-14Fixed #35744 -- Relabelled external aliases of combined queries.Simon Charette
Just like normal queries, combined queries' outer references might fully resolve before their reference is assigned its final alias. Refs #29338. Thanks Antony_K for the report and example, and thanks Mariusz Felisiak for the review.
2024-09-02Fixed #35712 -- Prevented Q.check() from leaving the connection in an ↵Alex Fischer
unusable state. Co-authored-by: Simon Charette <charette.s@gmail.com>
2024-08-26Added supports_select_union skips in queries and aggregation tests.Tim Graham
2024-07-19Fixed #35559 -- Avoided unnecessary query on sliced union of empty queries.Simon Charette
While refs #34125 focused on the SQL correctness of slicing of union of potentially empty queries it missed an optimization opportunity to avoid performing a query at all when all queries are empty. Thanks Lucidiot for the report.
2024-07-03Fixed #28900 -- Propagated all selected fields to combinator queries.Simon Charette
Previously, only the selected column aliases would be propagated and annotations were ignored.
2024-07-03Refs #28900 -- Made SELECT respect the order specified by values(*selected).Simon Charette
Previously the order was always extra_fields + model_fields + annotations with respective local ordering inferred from the insertion order of *selected. This commits introduces a new `Query.selected` propery that keeps tracks of the global select order as specified by on values assignment. This is crucial feature to allow the combination of queries mixing annotations and table references. It also allows the removal of the re-ordering shenanigans perform by ValuesListIterable in order to re-map the tuples returned from the database backend to the order specified by values_list() as they'll be in the right order at query compilation time. Refs #28553 as the initially reported issue that was only partially fixed for annotations by d6b6e5d0fd4e6b6d0183b4cf6e4bd4f9afc7bf67. Thanks Mariusz Felisiak and Sarah Boyce for review.
2024-05-02Refs #34007, Refs #35359 -- Added Q.referenced_based_fields property.David Sanders
Thank you to Mariusz Felisiak and Natalia Bidart for the reviews.
2024-03-15Fixed #35294 -- Fixed TEXT format of QuerySet.explain() for long plans.Adam Johnson
co-authored-by: Gordon <gordon.wrigley@gmail.com> co-authored-by: Simon Charette <charette.s@gmail.com>
2024-02-07Fixed #35099 -- Prevented mutating queryset when combining with & and | ↵Hisham Mahmood
operators. Thanks Alan for the report. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2024-01-26Applied Black's 2024 stable style.Mariusz Felisiak
https://github.com/psf/black/releases/tag/24.1.0
2023-12-16Refs #34013 -- Registered instance lookups as documented in tests.Simon Charette
2023-12-12Fixed #34013 -- Added QuerySet.order_by() support for annotation transforms.Simon Charette
Thanks Eugene Morozov and Ben Nace for the reports.
2023-12-06Refs #34986 -- Avoided implementation-specific unpickleable types.Nick Pope
The implementation of some core types differ between CPython and PyPy and this may affect the way that pickling works such that errors are raised in differing locations in the interpreter or not at all. Use our own custom non-pickleable type instead to avoid these quirks.
2023-09-26Fixed #34873 -- Added QuerySet.explain() support for GENERIC_PLAN option on ↵Mariusz Felisiak
PostgreSQL 16+.
2023-09-20Fixed #34851 -- Dropped support for PostgreSQL 12 and PostGIS 2.5.Mariusz Felisiak
2023-08-23Fixed #34744 -- Prevented recreation of migration for constraints with a ↵David Sanders
dict_keys. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>