summaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)Author
2021-05-06[3.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs ↵Mariusz Felisiak
from being accepted in URLValidator on Python 3.9.5+. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 Backport of e1e81aa1c4427411e3c68facdd761229ffea6f6f from main.
2021-05-06[3.2.x] Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows.Carlton Gibson
The validate_file_name() sanitation introduced in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3 correctly rejects the example file name as containing path elements on Windows. This breaks the test introduced in 914c72be2abb1c6dd860cb9279beaa66409ae1b2 to allow path components for storages that may allow them. Test is skipped pending a discussed storage refactoring to support this use-case. Backport of a708f39ce67af174df90c5b5e50ad1976cec7cb8 from main
2021-05-05[3.2.x] Fixed #32714 -- Prevented recreation of migration for Meta.ordering ↵Simon Charette
with OrderBy expressions. Regression in c8b659430556dca0b2fe27cf2ea0f8290dbafecd. Thanks Kevin Marsh for the report. Backport of 96f55ccf798c7592a1203f798a4dffaf173a9263 from main
2021-05-04[3.2.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in ↵Florian Apolloner
file uploads.
2021-04-28[3.2.x] Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery ↵Simon Charette
deconstruction. Subquery deconstruction support required implementing complex and expensive equality rules for sql.Query objects for little benefit as the latter cannot themselves be made deconstructible to their reference to model classes. Making Expression @deconstructible and not BaseExpression allows interested parties to conform to the "expression" API even if they are not deconstructible as it's only a requirement for expressions allowed in Model fields and meta options (e.g. constraints, indexes). Thanks Phillip Cutter for the report. This also fixes a performance regression in bbf141bcdc31f1324048af9233583a523ac54c94. Backport of c8b659430556dca0b2fe27cf2ea0f8290dbafecd from main
2021-04-27[3.2.x] Fixed #32687 -- Restored passing process’ environment to ↵Konstantin Alekseev
underlying tool in dbshell on PostgreSQL. Regression in bbe6fbb8768e8fb1aecb96d51c049d7ceaf802d3. Backport of 6e742dabc95b00ba896434293556adeb4dbaee8a from main.
2021-04-27[3.2.x] Fixed #32682 -- Made admin changelist use Exists() instead of ↵Mariusz Felisiak
distinct() for preventing duplicates. Thanks Zain Patel for the report and Simon Charette for reviews. The exception introduced in 6307c3f1a123f5975c73b231e8ac4f115fd72c0d revealed a possible data loss issue in the admin. Backport of 187118203197801c6cb72dc8b06b714b23b6dd3d from main
2021-04-27[3.2.x] Refs #32682 -- Renamed use_distinct variable to may_have_duplicates.Mariusz Felisiak
QuerySet.distinct() is not the only way to avoid duplicate, it's also not preferred. Backport of cd74aad90e09865ae6cd8ca0377ef0a5008d14e9 from main
2021-04-27[3.2.x] Refs #32682 -- Fixed QuerySet.delete() crash on querysets with ↵Mariusz Felisiak
self-referential subqueries on MySQL. Backport of 4074f38e1dcc93b859bbbfd6abd8441c3bca36b3 from main
2021-04-27[3.2.x] Refs 32637 -- Made technical 404 debug page display exception ↵Mariusz Felisiak
message when URL is resolved. Follow up to 3b8527e32b665df91622649550813bb1ec9a9251. Backport of d68be0494be8b82365f2a5410c9335e539d8efd6 from main
2021-04-26[3.2.x] Fixed #32681 -- Fixed VariableDoesNotExist when rendering some admin ↵Zain Patel
template. Regression in 84609b3205905097d7d3038d32e6101f012c0619. Backport of 4e5bbb6ef2287126badd32842b239f4a8a7394ca from main.
2021-04-22[3.2.x] Used assertCountEqual() in ExcludeTests.test_exclude_subquery().Mariusz Felisiak
Backport of c3278bb71fe03132704525abcdf29bb4f1b3f143 from main
2021-04-21[3.2.x] Fixed #32650 -- Fixed handling subquery aliasing on queryset ↵Simon Charette
combination. This issue started manifesting itself when nesting a combined subquery relying on exclude() since 8593e162c9cb63a6c0b06daf045bc1c21eb4d7c1 but sql.Query.combine never properly handled subqueries outer refs in the first place, see QuerySetBitwiseOperationTests.test_subquery_aliases() (refs #27149). Thanks Raffaele Salmaso for the report. Backport of 6d0cbe42c3d382e5393d4af48185c546bb0ada1f from main
2021-04-21[3.2.x] Fixed #32665 -- Fixed caches system check crash when ↵Mariusz Felisiak
STATICFILES_DIRS is a list of 2-tuples. Thanks Jared Lockhart for the report. Regression in c36075ac1dddfa986340b1a5e15fe48833322372. Backport of 34d1905712d33e72c76b3a55a4fc24abbd11be6c from main
2021-04-21[3.2.x] Fixed #32647 -- Restored multi-row select with shift-modifier in ↵Carlton Gibson
admin changelist. Regression in 30e59705fc3e3e9e8370b965af794ad6173bf92b. Backport of 5c73fbb6a93ee214678f02ba4027f18dff49337b from main
2021-04-15[3.2.x] Fixed #32643 -- Fixed decoding of messages in the pre-Django 3.2 format.Florian Apolloner
Thanks Jan Pieter Waagmeester for the report. Regression in 2d6179c819010f6a9d00835d5893c4593c0b85a0. Backport of 4511d1459810037b91faa5b506e4f75c77aa72be from main.
2021-04-14[3.2.x] Fixed #32645 -- Fixed QuerySet.update() crash when ordered by joined ↵Mariusz Felisiak
fields on MySQL/MariaDB. Thanks Matt Westcott for the report. Regression in 779e615e362108862f1681f965ee9e4f1d0ae6d2. Backport of ca9872905559026af82000e46cde6f7dedc897b6 from main
2021-04-14[3.2.x] Fixed #32548 -- Fixed crash when combining Q() objects with boolean ↵Jonathan Richards
expressions. Backport of 00b0786de533dbb3f6208d8d5eaddbf765b4e5b8 from main. Regression in 466920f6d726eee90d5566e0a9948e92b33a122e.
2021-04-14[3.2.x] Fixed #32648 -- Fixed VariableDoesNotExist rendering sitemaps template.Arthur Jovart
Backport of 08c60cce3b13f6e60d7588206da2d3c71228f378 from main
2021-04-14[3.2.x] Fixed #32649 -- Fixed ModelAdmin.search_fields crash when searching ↵Mariusz Felisiak
against phrases with unbalanced quotes. Thanks Dlis for the report. Regression in 26a413507abb38f7eee4cf62f2ee9727fdc7bf8d. Backport of 23fa29f6a6659e0f600d216de6bcb79e7f6818c9 from main
2021-04-14[3.2.x] Fixed #32635 -- Fixed system check crash for reverse o2o relations ↵Hasan Ramezani
in CheckConstraint.check and UniqueConstraint.condition. Regression in b7b7df5fbcf44e6598396905136cab5a19e9faff. Thanks Szymon Zmilczak for the report. Backport of a77c9a4229cfef790ec18001b2cd18bd9c4aedbc from main
2021-04-13[3.2.x] Fixed #32637 -- Restored exception message on technical 404 debug page.Mariusz Felisiak
Thanks Atul Varma for the report. Backport of 3b8527e32b665df91622649550813bb1ec9a9251 from main
2021-04-13[3.2.x] Fixed #32627 -- Fixed QuerySet.values()/values_list() crash on ↵Iuri de Silvio
combined querysets ordered by unannotated columns. Backport of 9760e262f85ae57df39abe2799eff48a82b14474 from main
2021-04-08[3.2.x] Fixed #32620 -- Allowed subclasses of Big/SmallAutoField for ↵Adam Johnson
DEFAULT_AUTO_FIELD. Backport of 45a58c31e64dbfdecab1178b1d00a3803a90ea2d from main
2021-04-07[3.2.x] Fixed #32544 -- Confirmed support for GDAL 3.2 and GEOS 3.9.Claude Paroz
Backport of e3cfba0029516aafe40f963378e234df2c0d33bb from main.
2021-04-06[3.2.x] Updated asgiref dependency for 3.2 release series.Carlton Gibson
Backport of 5aea50e57f6c1bd725db36a0664e21b2be91b591 from main
2021-04-06[3.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via ↵Mariusz Felisiak
uploaded files. Thanks Claude Paroz for the initial patch. Thanks Dennis Brinkrolf for the report. Backport of d4d800ca1addc4141e03c5440a849bb64d1582cd from main.
2021-04-06[3.2.x] Fixed #32614 -- Fixed MiddlewareSyncAsyncTests tests with asgiref ↵Mariusz Felisiak
3.3.2+. Backport of 78fea27f690028204c03c28d821cb0c0240a7398 from main
2021-04-06[3.2.x] Updated translations from Transifex.Claude Paroz
2021-03-30[3.2.x] Fixed #32595 -- Fixed SchemaEditor.quote_value() crash with bytes.Mariusz Felisiak
Backport of f6018c1e63a04e0c12e2ca759e76e05ccf5e09de from main
2021-03-30[3.2.x] Refs #32595 -- Added MySQL's SchemaEditor.quote_value() tests for ↵Mariusz Felisiak
values with Unicode chars. Backport of 3c75f1f3cac7985e8a134fc1c33eb6e01639a04b from main
2021-03-23[3.2.x] Refs #32353, Refs #32352 -- Fixed GIS tests with PROJ 7.X.Mariusz Felisiak
Different PROJ versions use different transformations, all are correct as having a 1 meter accuracy. These are differences in PROJ versions that cannot and should not be handled in Django itself. Thanks Jani Tiainen and David Smith for reports. See: https://github.com/OSGeo/gdal/issues/3377 Backport of 2cd40263348a9c345a58c44d48922ac3b370a119 from main
2021-03-22[3.2.x] Refs #31732 -- Fixed django.utils.inspect caching for bound methods.Adam Johnson
Thanks Alexandr Artemyev for the report, and Simon Charette for the original patch. Backport of 562898034f65e17bcdd2d951ac5236a1ec8ea690 from main
2021-03-22[3.2.x] Refs #31372 -- Added django.utils.inspect tests for bound methods.Adam Johnson
Backport of ac72a216a7ef95e8e9cb8651b7e67320597c903b from main
2021-03-18[3.2.x] Fixed #32466 -- Corrected autocomplete to_field resolution for ↵Johannes Maron
complex cases. In MTI or ForeignKey as primary key cases, it is required to fetch the attname from the field instance on the remote model in order to reliably resolve the to_field_name. Backport of ceb4b9ee68dffc6ab0398886f1758f15f037c472 from main Backport of 03d0f12c823239812da21e5180aaa74dc6fd146e from main Co-authored-by: Johannes Maron <info@johanneshoppe.com> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2021-03-09[3.2.x] Refs #26167 -- Added ↵Tim Graham
@skipUnlessDBFeature('supports_expression_indexes') to a test. Failure observed on CockroachDB. Backport of 76c0b32f826469320c59709d31e2f2126dd7c505 from main
2021-03-09[3.2.x] Updated Git branch "master" to "main".Markus Holtermann
This change follows a long discussion on django-develops: https://groups.google.com/g/django-developers/c/tctDuKUGosc/ Backport of d9a266d657f66b8c4fa068408002a4e3709ee669 from main
2021-02-24[3.2.x] Fixed #32478 -- Included nested columns referenced by subqueries in ↵Simon Charette
GROUP BY on aggregations. Regression in fb3f034f1c63160c0ff13c609acd01c18be12f80. Refs #31094, #31150. Thanks Igor Pejic for the report. Backport of 277eea8fcced7f04f3800617f189beb349a3212e from master
2021-02-19[3.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via ↵Nick Pope
django.utils.http.parse_qsl().
2021-02-19[3.2.x] Fixed #32455 -- Allowed right combining Q() with boolean expressions.Hasan Ramezani
Backport of f2bef2b7bc6c817af0f5fa77e1052a1f5ce12f71 from master
2021-02-19[3.2.x] Refs #32455 -- Added tests for left combining an empty Q() with ↵Mariusz Felisiak
boolean expressions. Backport of efce21497cc21140c5fe2b133064cd815c97b3f5 from master
2021-02-18[3.2.x] Fixed #32450 -- Fixed crash when ANDing/ORing an empty Q() with not ↵starryrbs
pickleable Q(). Regression in bb0b6e526340e638522e093765e534df4e4393d2. Backport of 466920f6d726eee90d5566e0a9948e92b33a122e from master
2021-02-17[3.2.x] Fixed #32453 -- Added introspection of unique constraint field ↵Hannes Ljungberg
ordering on SQLite. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Backport of 4d99375b46ad03fa4b4795319973046f438328c8 from master
2021-02-16[3.2.x] Fixed #29052 -- Made test database creation preserve alias order and ↵Harm Geerts
prefer the "default" database. This fixes flushing test databases when two aliases point to the same database. Use a list() to store the test database aliases so the order remains stable by following the order of the connections. Also, always use the "default" database alias as the first alias to accommodate `migrate`. Previously `migrate` could be executed on a secondary alias which caused truncating the "default" database. Backport of 06e5f7ae1639f1e275e7cc1076dc70ca3ebaa946 from master
2021-02-12[3.2.x] Fixed #32437 -- Fixed cleaning up ALLOWED_HOSTS in ↵Chris Jerdonek
LiveServerTestCase on setUpClass() failure. Backport of 694deff82f86e025561dfa724425f67e2ff7cbb7 from master
2021-02-11[3.2.x] Fixed #32433 -- Added error message on QuerySet.delete() following ↵Egidijus Macijauskas
distinct(). Backport of 6307c3f1a123f5975c73b231e8ac4f115fd72c0d from master
2021-02-11[3.2.x] Refs #19102 -- Removed flaky test ↵Egidijus Macijauskas
Ticket19102Tests.test_ticket_19102_distinct_on. The subquery pushdown only happens because another table is involved in filter. It's not the distinct usage that causes the pushdown. The distinct('description').order_by('pk') expression is not valid because SELECT DISTINCT ON must match initial ORDER BY expressions which is not the case here. Backport of 4e8ecf0cb6ea36c45edb9cb86f0d63224e08097e from master
2021-02-09[3.2.x] Fixed #32425 -- Fixed adding nullable field with default on MySQL.Jordan Bae
Thanks Simon Charette for the review. Backport of d4ac23bee1c84d8e4610350202ac068fc90f38c0 from master
2021-02-05[3.2.x] Fixed #32420 -- Fixed detecting primary key values in ↵Mikolaj Rybinski
deserialization when PK is also a FK. Backport of 8e90560aa8868a42bb8eda6273595bf0932a6090 from master
2021-02-04[3.2.x] Fixed #32332 -- Fixed loss of parent with non-numeric pk when saving ↵Hasan Ramezani
child after parent. Follow up to 519016e5f25d7c0a040015724f9920581551cab0. Backport of 7cba92ec55a5d05450261f375830619870ca84fa from master