| Age | Commit message (Collapse) | Author |
|
JSON/HStoreField annotation.
This was a regression introduced by 7deeabc7c7526786df6894429ce89a9c4b614086
to address CVE-2019-14234.
Thanks Tim Kleinschmidt for the report and Mariusz for the tests.
Backport of 6c3dfba89215fc56fc27ef61829a6fff88be4abb from master.
|
|
Python 3.5.
Backport of 6624a3de286ccebf2dafba5a3e9b5ee91ae43cf9 from stable/2.2.x
|
|
on expressions with params.
Regression in 4f5b58f5cd3c57fee9972ab074f8dc6895d8f387.
Thanks Florian Apolloner for the report and helping with tests.
Backport of 1f8382d34d54061eddc41df6994e20ee38c60907 from master.
|
|
django.utils.encoding.uri_to_iri().
Thanks to Guido Vranken for initial report.
|
|
index lookups against SQL injection.
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
|
|
strip_tags() when handling incomplete HTML entities.
Thanks to Guido Vranken for initial report.
|
|
when truncating HTML.
Thanks to Guido Vranken for initial report.
|
|
SECURE_PROXY_SSL_HEADER if set.
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master
|
|
Backport of 4305fbe8b11f44ab5d6759346488026c1e9677b2 from master
|
|
rendering clickable link.
Backport of deeba6d92006999fee9adfbd8be79bf0a59e8008 from master.
|
|
|
|
implicit through model from being editable if the user only has the view permission.
Backport of 8335d59200e4c64dfe3348ea93989d95e0107439 from master.
|
|
Follow up to a57c783dd4e6dc73847081221827a1902eede88b.
Backport of 55490ac7469a3647ce163bee323f7fe4a06fcaa6 from master
|
|
Backport of a57c783dd4e6dc73847081221827a1902eede88b from master
|
|
This reverts commit 463fe11bc8b2d068e447c5df677e7a31c2af7e03 due to
restore of relative paths sorting from isort < 4.3.5 in isort 4.3.10.
Backport of b435f82939edf70674856e0e1cd63973c2e0a1d1 from master
|
|
Backport of 463fe11bc8b2d068e447c5df677e7a31c2af7e03 from master
|
|
utils.numberformat.format().
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.
Backport of 402c0caa851e265410fbcaa55318f22d2bf22ee2 from master
|
|
mysqlclient 1.4.0+.
Backport of f05c02c4b8d4e423e57d453c4bd699dc5ff7eaa7 from master
|
|
deprecation comments.
Backport of ee9bd8c31024ec424157798b2a60a7f52f9353ee from stable/2.2.x.
|
|
This is a costly operation on most database backends.
Backport of 64f9776bc4a27a665032ac15f5176ced66e996e3 from master
|
|
Backport of 1508e71c5b056ba099097a849b13187dcbfa26a1 from master
|
|
InlineModelAdmin.has_add_permission() optional.
Restored backwards compatibility after refs #27991.
Regression in be6ca89396c031619947921c81b8795d816e3285.
Backport of 3c01fe30f3dd4dc1c8bb4fec816bd277d1ae5fa6 from master.
|
|
the default 404 page.
Co-Authored-By: Tim Graham <timograham@gmail.com>
Backport of 1ecc0a395be721e987e8e9fdfadde952b6dee1c7 from master.
|
|
Backport of b5fe97a34ea527d4254b58c2e828450e7c32157f from master.
|
|
There's a bug that causes a test failure in forms_tests:
https://github.com/python-pillow/Pillow/pull/3501/files#r244651761.
Backport of e4a714b259125423059b9f65f5e0ab70d78521ba from master.
|
|
called with non-None obj during add.
Thanks andreage for the report and suggested fix.
Backport of 02c07be95c47efaab9da7422c33ee76142f11336 from master.
|
|
Backport of b7dbd5ff68bb9d2235ca081c0bd0b8baa65f8c77 from master.
|
|
keep-alive connections.
Backport of b514dc14f4e1c364341f5931b354e83ef15ee12d and
bbe28fa07658f00786dc1d91ee281b4daac22d07 from master.
|
|
|
|
key checks are enabled.
Prior to this change foreign key constraint references could be left pointing
at tables dropped during operations simulating unsupported table alterations
because of an unexpected failure to disable foreign key constraint checks.
SQLite3 does not allow disabling such checks while in a transaction so they
must be disabled beforehand.
Thanks ezaquarii for the report and Carlton and Tim for the review.
Backport of 315357ad25a6590e7f4564ec2e56a22132b09001 from master.
|
|
1.3.14+.
Backport of 734ce71824180740f2318750ae2436f4b60c30b1 from master.
|
|
Co-authored-by: Tim Graham <timograham@gmail.com>
Backport of 8245c99ee6032c2748ba46583d8cab15b2f9438e from master
|
|
ModelAdmin.prepopulated_fields.
Backport of 7d1123e5ada60963ba3c708a8932e57342278706 from master.
|
|
Ticket #25619 changed the default protocol to HTTP/1.1 but did not
properly implement keep-alive. As a "fix" keep-alive was disabled in
ticket #28440 to prevent clients from hanging (they expect the server to
send more data if the connection is not closed and there is no content
length set).
The combination of those two fixes resulted in yet another problem:
HTTP/1.1 by default allows a client to assume that keep-alive is
supported unless the server disables it via 'Connection: close' -- see
RFC2616 8.1.2.1 for details on persistent connection negotiation. Now if
the client receives a response from Django without 'Connection: close'
and immediately sends a new request (on the same tcp connection) before
our server closes the tcp connection, it will error out at some point
because the connection does get closed a few milli seconds later.
This patch fixes the mentioned issues by always sending 'Connection:
close' if we cannot determine a content length. The code is inefficient
in the sense that it does not allow for persistent connections when
chunked responses are used, but that should not really cause any
problems (Django does not generate those) and it only affects the
development server anyways.
Refs #25619, #28440.
Regression in ac756f16c5bbbe544ad82a8f3ab2eac6cccdb62e.
Backport of 934acf1126995f6e6ccba5947ec8f7561633c27f from master.
|
|
auth/common-passwords.txt.gz.
Backport of 26bb2611a567d43bc258aa7806eef766b7adcfe5 from master.
|
|
Backport of 8f90593e6f8197148c8f86e598bfef6792f3f4bf from master.
|
|
try to create the same directory.
Regression in 632c4ffd9cb1da273303bcd8005fff216506c795.
Backport of 98ef3829e96ebc73d4d446f92465e671ff520d2b from master.
|
|
for foreign keys that use to_field.
Regression in ee49306176a2d2f1751cb890bd607d42c7c09196.
Backport of f77fc56c9671a2e2498e3920d79e247e6de18c16 from master.
|
|
Regression in e1253bc26facfa1d0fca161f43925e99c2591ced.
Backport of 9a88c6dd6aa84a1b35e585faa0058a0996cc7ed7 from master.
|
|
lookups and lists.
Regression in fc6528b25ab1834be1a478b405bf8f7ec5cf860c.
Backport of 834c4ec8e4cfc43acf0525e0a4d8c914534f6afd,
217f82d7139fd32f07adbfa92c5fb383d0ade577, and
dc5e75d419893bde33b7e439b59bdf271fc1a3f2 from master.
|
|
Backport of 82f286cf6f198d37850d3c5df637b5665566a66b from master.
|
|
Backport of e90af8bad44341cf8ebd469dac57b61a95667c1d from master.
|
|
This reverts commit f3f31b0fc26f772b198c9683a427f2f7fe208c37.
|
|
SessionBase.decode() is the inverse operation to SessionBase.encode().
As SessionBase.encode() always returns a string, SessionBase.decode()
should always be passed a string argument. Fixed the file backend, which
was the only backend still passing a bytestring.
Backport of bdae19cf6395d6bfee80864d9e87c4aec241eceb from master
|
|
on MySQL.
Backport of 7598cd4748dc402b0209e5eedb6d2a83c3da1620 from master.
|
|
Backport of b3b47bf5156d400595363fa0029e51ce3f974ff0 from master.
|
|
admin user change form.
Backport of a7284cc0c3620030b43034cdf41216c0941bf411 from master
|
|
users.
Thanks Claude Paroz & Tim Graham for collaborating on the patch.
# Conflicts:
# tests/auth_tests/test_views.py
|
|
Upcoming German translations will not differ for past and future naturaltime
translations. Using Czech language instead.
Backport of ddcb9e806275114c91bbed90bc917374ba08a9ae from master
|
|
Backport of fb2964a4106b1282c4179b6fbbd0374f5be1ccac from master.
|