| Age | Commit message (Collapse) | Author |
|---|
|
Follow-up to 4a52533329a03207c1c4592a13fbb12b9ec5ef9e.
|
|
Bcc addresses are sent via the SMTP envelope and must never appear in
the message itself. A "Bcc" key in `extra_headers` was not excluded like
From/To/Cc/Reply-To, so it leaked into the generated message as a
visible header.
Thanks Mike Edmunds for reviews.
|
|
|
|
After incorporating a translation for "Run" in Arabic, the RTL case started failing.
|
|
AlterUniqueTogether.
|
|
Thanks Johannes Maron for reviews.
|
|
|
|
|
|
(a)force_login().
Co-authored-by: Mykhailo Havelia <Arfey17.mg@gmail.com>
|
|
self-referential foreign key.
When collecting SQL (e.g. for sqlmigrate), a RenameModel operation's
table rename is not executed, so the subsequent field alteration
introspected the renamed table before it existed. On MySQL this raised
"Table doesn't exist", and on PostgreSQL the missing introspection
silently omitted the self-referential foreign key's drop and recreate.
The schema editor now records table renames while collecting SQL and
redirects constraint-name introspection to the still-existing old table
name, which carries the same constraints. Applying migrations is
unaffected.
|
|
|
|
Signal.receivers prunes dead weak references lazily, so a weak receiver
garbage-collected elsewhere could still occupy a slot when
BaseSignalSetup.setUp() counted receivers. The test's own
connect/send/disconnect calls would then prune before tearDown()
counted again.
|
|
|
|
|
|
|
|
directives in UpdateCacheMiddleware.
Avoid false positives from hypothetical extension directives
that could be superstrings of the ones we are checking.
|
|
primary key.
|
|
Extracted the repeated `split(",")` + per-token `.strip()` pattern into
a `split_header_value()` generator in django/utils/http.py. The previous
`cc_delim_re` regex only stripped whitespace adjacent to the comma
delimiter, leaving leading or trailing whitespace on the first and last
tokens. Now, `split_header_value()` strips every token fully, matching
RFC 9110's optional-whitespace rules.
Thanks to Shai Berger, Jacob Walls, and Sarah Boyce for reviews.
|
|
|
|
We were seeing this occasional failure in FlatpagesSitemapTests.setUpClass(),
which was unexpectedly attempting a write on the "other" database because
of an instance hint from a cached Site:
django.test.testcases.DatabaseOperationForbidden:
Database queries to 'other' are not allowed in this test. Add 'other' to flatpages_tests.test_sitemaps.FlatpagesSitemapTests.databases to
ensure proper test isolation and silence this failure.
|
|
|
|
delete_confirmation_max_display.
|
|
primary key.
|
|
Performance regression in 37e6c5b on SQLite. Just like MySQL, and presumably
Oracle, which don't have a native boolean type and incidently store booleans in
integer columns, indices on such columns cannot be used when explicit boolean
literal equalities are omitted.
Adapt the logic introduced by refs #32691 for MySQL to be used for all backends
that don't support native boolean fields instead of special casing MySQL,
SQLite, and Oracle in their own special way.
Note that review of this work surfaced that SQLite's query planner also cannot
make use of indices when dealing with expressions of form
WHERE NOT (indexed_bool_field = false)
but that's a long standing problem unrelated to the restorative work performed
in this patch.
Thanks Klaas van Schelven for the report.
|
|
transitional setting to False.
|
|
|
|
values.
Thanks to Navid Rezazadeh for the report and Jacob Walls for review.
|
|
responses.
Thanks Shai Berger for the report, and Natalia Bidart and Sarah Boyce for reviews.
|
|
UpdateCacheMiddleware.
Thanks Ahmed Badawe for the report, and Jacob Walls for reviews.
|
|
Thanks Kasper Dupont for the report, and Jacob Walls and Natalia Bidart
for reviews.
|
|
Made signed cookies derive their signer namespace from an injective
encoding of `(name, salt)` while preserving compatibility with legacy
`name + salt` cookies behind SIGNED_COOKIE_LEGACY_SALT_FALLBACK.
Thanks Peng Zhou for the report, and Shai Berger, Markus Holterman,
Jake Howard, and Paul McMillan for reviews.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
Thanks JaeHyuck Sa, Jacob Walls, and Tim McCurrach for reviews.
Co-authored-by: Ülgen Sarıkavak <ulgensrkvk@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
Peer frameworks have long since dropped their analogous checks for this
vulnerability that was fixed in ES5.
|
|
|
|
|
|
|
|
Refs #37105, #12090.
|
|
|
|
Since in the majority of cases the `MediaAsset.attributes` will be
empty or small, there's only a tiny performance penalty.
However, the accidental use of the `path` property caused
a 1_000x performacne degredation (N=1_000_000).
|
|
|
|
This makes the name consistent with the `savepoint_commit` and
`savepoint_rollback` functions. The previous name is maintained as a
deprecated alias.
This also frees up the `savepoint` name, which would allow the context
manager from `django-subatomic` to be included in Django.
Co-authored-by: Lily <code@lilyf.org>
|
|
|
|
The CSP report test relied on the debug view having a CSP error,
which has been fixed in 3e4e0db. This commit added a custom
view to reintroduce the same error to verify the reporting
behavior.
Follow-up to 3e4e0db66961a48a080ff3ff91f6c0d954261366.
|
|
action.
|
