summaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)Author
2019-09-16[2.1.x] Fixed #30769 -- Fixed a crash when filtering against a subquery ↵Simon Charette
JSON/HStoreField annotation. This was a regression introduced by 7deeabc7c7526786df6894429ce89a9c4b614086 to address CVE-2019-14234. Thanks Tim Kleinschmidt for the report and Mariusz for the tests. Backport of 6c3dfba89215fc56fc27ef61829a6fff88be4abb from master.
2019-08-15[2.1.x] Fixed test_json.TestQuerying.test_key_transform_expression() on ↵Mariusz Felisiak
Python 3.5. Backport of 6624a3de286ccebf2dafba5a3e9b5ee91ae43cf9 from stable/2.2.x
2019-08-14[2.1.x] Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms ↵Mariusz Felisiak
on expressions with params. Regression in 4f5b58f5cd3c57fee9972ab074f8dc6895d8f387. Thanks Florian Apolloner for the report and helping with tests. Backport of 1f8382d34d54061eddc41df6994e20ee38c60907 from master.
2019-07-31[2.1.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in ↵Florian Apolloner
django.utils.encoding.uri_to_iri(). Thanks to Guido Vranken for initial report.
2019-07-31[2.1.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and ↵Mariusz Felisiak
index lookups against SQL injection. Thanks to Sage M. Abdullah for the report and initial patch. Thanks Florian Apolloner for reviews.
2019-07-29[2.1.X] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵Florian Apolloner
strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report.
2019-07-29[2.1.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues ↵Florian Apolloner
when truncating HTML. Thanks to Guido Vranken for initial report.
2019-07-01[2.1.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust ↵Carlton Gibson
SECURE_PROXY_SSL_HEADER if set. An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review. Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master
2019-06-30[2.1.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database.Mariusz Felisiak
Backport of 4305fbe8b11f44ab5d6759346488026c1e9677b2 from master
2019-06-03[2.1.x] Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before ↵Carlton Gibson
rendering clickable link. Backport of deeba6d92006999fee9adfbd8be79bf0a59e8008 from master.
2019-04-05[2.1.x] Refs #30331 -- Doc'd that psycopg2 < 2.8 is required.Mariusz Felisiak
2019-03-30[2.1.x] Fixed #30289 -- Prevented admin inlines for a ManyToManyField's ↵Tim Graham
implicit through model from being editable if the user only has the view permission. Backport of 8335d59200e4c64dfe3348ea93989d95e0107439 from master.
2019-03-20[2.1.x] Fixed serializers test crash if PyYAML isn't installed.Tim Graham
Follow up to a57c783dd4e6dc73847081221827a1902eede88b. Backport of 55490ac7469a3647ce163bee323f7fe4a06fcaa6 from master
2019-03-14[2.1.x] Fixed serializers tests for PyYAML 5.1+.Mariusz Felisiak
Backport of a57c783dd4e6dc73847081221827a1902eede88b from master
2019-03-03[2.1.x] Reverted "Fixed relative paths imports per isort 4.3.5."Mariusz Felisiak
This reverts commit 463fe11bc8b2d068e447c5df677e7a31c2af7e03 due to restore of relative paths sorting from isort < 4.3.5 in isort 4.3.10. Backport of b435f82939edf70674856e0e1cd63973c2e0a1d1 from master
2019-02-25[2.1.x] Fixed relative paths imports per isort 4.3.5.Mariusz Felisiak
Backport of 463fe11bc8b2d068e447c5df677e7a31c2af7e03 from master
2019-02-11[2.1.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in ↵Carlton Gibson
utils.numberformat.format(). Thanks Sjoerd Job Postmus for the report and initial patch. Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review. Backport of 402c0caa851e265410fbcaa55318f22d2bf22ee2 from master
2019-01-19[2.1.x] Fixed #30117 -- Fixed SchemaEditor.quote_value() test for ↵Mariusz Felisiak
mysqlclient 1.4.0+. Backport of f05c02c4b8d4e423e57d453c4bd699dc5ff7eaa7 from master
2019-01-17[2.1.x] Refs #30097 -- Fixed typos in InlineModelAdmin.has_add_permission() ↵Tim Graham
deprecation comments. Backport of ee9bd8c31024ec424157798b2a60a7f52f9353ee from stable/2.2.x.
2019-01-14[2.1.x] Refs #29004 -- Prevented inspectdb tests from flushing all tables data.Simon Charette
This is a costly operation on most database backends. Backport of 64f9776bc4a27a665032ac15f5176ced66e996e3 from master
2019-01-14[2.1.x] Relaxed assertions to fix GIS test failures on Oracle 18c.Mariusz Felisiak
Backport of 1508e71c5b056ba099097a849b13187dcbfa26a1 from master
2019-01-11[2.1.x] Fixed #30097 -- Made 'obj' arg of ↵MaximZemskov
InlineModelAdmin.has_add_permission() optional. Restored backwards compatibility after refs #27991. Regression in be6ca89396c031619947921c81b8795d816e3285. Backport of 3c01fe30f3dd4dc1c8bb4fec816bd277d1ae5fa6 from master.
2019-01-03[2.1.x] Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in ↵Tom Hacohen
the default 404 page. Co-Authored-By: Tim Graham <timograham@gmail.com> Backport of 1ecc0a395be721e987e8e9fdfadde952b6dee1c7 from master.
2019-01-02[2.1.x] Added __init__.py for db_utils tests.Tim Graham
Backport of b5fe97a34ea527d4254b58c2e828450e7c32157f from master.
2019-01-02[2.1.x] Pinned Pillow != 5.4.0 in test requirements.Tim Graham
There's a bug that causes a test failure in forms_tests: https://github.com/python-pillow/Pillow/pull/3501/files#r244651761. Backport of e4a714b259125423059b9f65f5e0ab70d78521ba from master.
2019-01-01[2.1.x] Fixed #30050 -- Fixed InlineModelAdmin.has_change_permission() ↵Tim Graham
called with non-None obj during add. Thanks andreage for the report and suggested fix. Backport of 02c07be95c47efaab9da7422c33ee76142f11336 from master.
2018-12-27[2.1.x] Fixed broken links to PyYAML page.CHI Cheng
Backport of b7dbd5ff68bb9d2235ca081c0bd0b8baa65f8c77 from master.
2018-12-20[2.1.x] Fixed #30015 -- Ensured request body is properly consumed for ↵Konstantin Alekseev
keep-alive connections. Backport of b514dc14f4e1c364341f5931b354e83ef15ee12d and bbe28fa07658f00786dc1d91ee281b4daac22d07 from master.
2018-12-20[2.1.x] Removed unused imports in tests/test_runner/tests.py.Tim Graham
2018-12-17[2.1.x] Fixed #30023 -- Prevented SQLite schema alterations while foreign ↵Simon Charette
key checks are enabled. Prior to this change foreign key constraint references could be left pointing at tables dropped during operations simulating unsupported table alterations because of an unexpected failure to disable foreign key constraint checks. SQLite3 does not allow disabling such checks while in a transaction so they must be disabled beforehand. Thanks ezaquarii for the report and Carlton and Tim for the review. Backport of 315357ad25a6590e7f4564ec2e56a22132b09001 from master.
2018-12-05[2.1.x] Refs #30013 -- Fixed SchemaEditor.quote_value() test for mysqlclient ↵Tim Graham
1.3.14+. Backport of 734ce71824180740f2318750ae2436f4b60c30b1 from master.
2018-12-03[2.1.x] Fixed #29930 -- Allowed editing in admin with view-only inlines.Carlton Gibson
Co-authored-by: Tim Graham <timograham@gmail.com> Backport of 8245c99ee6032c2748ba46583d8cab15b2f9438e from master
2018-11-28[2.1.x] Fixed #29929 -- Fixed admin view-only change form crash when using ↵Basil Dubyk
ModelAdmin.prepopulated_fields. Backport of 7d1123e5ada60963ba3c708a8932e57342278706 from master.
2018-11-20[2.1.x] Fixed #29849 -- Fixed keep-alive support in runserver.Florian Apolloner
Ticket #25619 changed the default protocol to HTTP/1.1 but did not properly implement keep-alive. As a "fix" keep-alive was disabled in ticket #28440 to prevent clients from hanging (they expect the server to send more data if the connection is not closed and there is no content length set). The combination of those two fixes resulted in yet another problem: HTTP/1.1 by default allows a client to assume that keep-alive is supported unless the server disables it via 'Connection: close' -- see RFC2616 8.1.2.1 for details on persistent connection negotiation. Now if the client receives a response from Django without 'Connection: close' and immediately sends a new request (on the same tcp connection) before our server closes the tcp connection, it will error out at some point because the connection does get closed a few milli seconds later. This patch fixes the mentioned issues by always sending 'Connection: close' if we cannot determine a content length. The code is inefficient in the sense that it does not allow for persistent connections when chunked responses are used, but that should not really cause any problems (Django does not generate those) and it only affects the development server anyways. Refs #25619, #28440. Regression in ac756f16c5bbbe544ad82a8f3ab2eac6cccdb62e. Backport of 934acf1126995f6e6ccba5947ec8f7561633c27f from master.
2018-11-15[2.1.x] Fixed #29952 -- Lowercased all passwords in contrib.auth's ↵Mathew Payne
auth/common-passwords.txt.gz. Backport of 26bb2611a567d43bc258aa7806eef766b7adcfe5 from master.
2018-11-10[2.1.x] Removed obsolete and flaky GeoIP tests.Tom Forbes
Backport of 8f90593e6f8197148c8f86e598bfef6792f3f4bf from master.
2018-10-31[2.1.x] Fixed #29890 -- Fixed FileSystemStorage crash if concurrent saves ↵Tim Graham
try to create the same directory. Regression in 632c4ffd9cb1da273303bcd8005fff216506c795. Backport of 98ef3829e96ebc73d4d446f92465e671ff520d2b from master.
2018-10-28[2.1.x] Fixed #29896 -- Fixed incorrect Model.save() cache relation clearing ↵Tim Graham
for foreign keys that use to_field. Regression in ee49306176a2d2f1751cb890bd607d42c7c09196. Backport of f77fc56c9671a2e2498e3920d79e247e6de18c16 from master.
2018-10-25[2.1.x] Fixed #29827 -- Fixed reuse of test databases with --keepdb on MySQL.Sergey Fedoseev
Regression in e1253bc26facfa1d0fca161f43925e99c2591ced. Backport of 9a88c6dd6aa84a1b35e585faa0058a0996cc7ed7 from master.
2018-10-17[2.1.x] Fixed #29838 -- Fixed crash when combining Q objects with __in ↵aspalding
lookups and lists. Regression in fc6528b25ab1834be1a478b405bf8f7ec5cf860c. Backport of 834c4ec8e4cfc43acf0525e0a4d8c914534f6afd, 217f82d7139fd32f07adbfa92c5fb383d0ade577, and dc5e75d419893bde33b7e439b59bdf271fc1a3f2 from master.
2018-10-09[2.1.x] Refs #29784 -- Switched to https:// links where available.Jon Dufresne
Backport of 82f286cf6f198d37850d3c5df637b5665566a66b from master.
2018-10-09[2.1.x] Capitalized "Python" in docs and comments.Jon Dufresne
Backport of e90af8bad44341cf8ebd469dac57b61a95667c1d from master.
2018-10-03Revert "[2.1.x] Refs #27795 -- Removed force_bytes() usage in sessions."Carlton Gibson
This reverts commit f3f31b0fc26f772b198c9683a427f2f7fe208c37.
2018-10-03[2.1.x] Refs #27795 -- Removed force_bytes() usage in sessions.Jon Dufresne
SessionBase.decode() is the inverse operation to SessionBase.encode(). As SessionBase.encode() always returns a string, SessionBase.decode() should always be passed a string argument. Fixed the file backend, which was the only backend still passing a bytestring. Backport of bdae19cf6395d6bfee80864d9e87c4aec241eceb from master
2018-10-02[2.1.x] Fixed #29813 -- Fixed DatabaseOperation test when run in isolation ↵Jon Dufresne
on MySQL. Backport of 7598cd4748dc402b0209e5eedb6d2a83c3da1620 from master.
2018-10-01[2.1.x] Added tests for using bytearray with BinaryField and corrected docs.Jon Dufresne
Backport of b3b47bf5156d400595363fa0029e51ce3f974ff0 from master.
2018-10-01[2.1.x] Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the ↵Tim Graham
admin user change form. Backport of a7284cc0c3620030b43034cdf41216c0941bf411 from master
2018-10-01Fixed CVE-2018-16984 -- Fixed password hash disclosure to admin "view only" ↵Carlton Gibson
users. Thanks Claude Paroz & Tim Graham for collaborating on the patch. # Conflicts: # tests/auth_tests/test_views.py
2018-09-29[2.1.x] Refs #21408 -- Updated naturaltime translation test.Claude Paroz
Upcoming German translations will not differ for past and future naturaltime translations. Using Czech language instead. Backport of ddcb9e806275114c91bbed90bc917374ba08a9ae from master
2018-09-26[2.1.x] Added test of filtering on BinaryField and corrected docs.Jon Dufresne
Backport of fb2964a4106b1282c4179b6fbbd0374f5be1ccac from master.