| Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
tests.
Thanks JaeHyuck Sa and Jake Howard for the reviews.
|
|
It has been superseded with .quote_name(), which ensures aliases are
always quoted.
|
|
feature flag.
Now that user provided aliases are systematically quoted there is no need to
disallow the usage of the dollar sign on Postgres.
|
|
This ensures all database identifiers are quoted independently of their orign
and most importantly that user provided aliases through annotate() and alias()
which paves the way for dropping the allow list of characters such aliases can
contain.
This will require adjustments to raw SQL interfaces such as RawSQL that might
make reference to ORM managed annotations as these will now be quoted.
The `SQLCompiler.quote_name_unless_alias` method is kept for now as an alias
for the newly introduced `.quote_name` method but will be duly deprecated in
a follow up commit.
|
|
list_display.
When using related field lookups like 'parent__is_active' in list_display,
the admin now correctly detects if the final field is a BooleanField and
displays boolean icons instead of 'True'/'False' text.
Modified lookup_field() in django/contrib/admin/utils.py to retrieve the
final field from the path when traversing relations using LOOKUP_SEP (__),
allowing display_for_field() to properly handle BooleanFields.
|
|
This avoids two isinstance() calls per UUID value.
|
|
boundary conditions.
Follow-up to 352d860b9107adbcde0f1fe5d0fce8e9090a51e4.
Overriding USE_TZ=True during a test creates drift between the SQL compiled
for inserted values versus the deployed database default, as Extract() inquires
of the current timezone.
To resolve this, leave USE_TZ=False and make UTC explicit when asserting the result.
|
|
streaming responses.
|
|
A TypeError is now raised if fail_silently=True, auth_user, or auth_password
are provided along a connection.
Updated AdminEmailHandler in django.utils.log to remove redundant
fail_silently=True.
Thanks Mike Edmunds for the report and Jacob Tyler Walls for the review.
|
|
Oracle.
|
|
|
|
on test client.
|
|
Thanks Simon Charette and Jacob Walls for reviews.
|
|
get_placeholder_sql.
The lack of ability of the get_placeholder call chain to return SQL and
parameters separated so they can be mogrified by the backend at execution time
forced implementations to dangerously interpolate potentially user controlled
values.
The get_placeholder_sql name was chosen due to its proximity to the previous
method, but other options such as Field.as_sql were considered but ultimately
rejected due to its different input signature compared to Expression.as_sql
that might have lead to confusion.
There is a lot of overlap between what Field.get_db_prep_value and
get_placeholder_sql do but folding the latter in the former would require
changing its return signature to return expression which is a way more invasive
change than what is proposed here.
Given we always call get_db_prep_value it might still be an avenue worth
exploring in the future to offer a publicly documented interface to allow field
to take an active part in the compilation chain.
Thanks Jacob for the review.
|
|
Multiple calls are idempotent assuming they're balanced. Also, multiple
calls to disable cloning followed by a single call to re-enable cloning
will subsequently cause clones to occur - it is not a stack, just a
toggle.
@contextlib.contextmanager is intentionally not used for performance
reasons:
- decorator takes 1.1µs to execute, or 2µs if used correctly in a
`with ...:` statement
- custom class takes 300ns to execute, or 900ns if used correctly in a
`with ...:` statement
Based on work originally done by Anssi Kääriäinen and Tim Graham.
|
|
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
|
|
This avoids latency and/or blocking.
The example of streaming a CSV file was rewritten to employ batching for
greater efficiency in all layers (db, HTTP, etc.). The improved
performance from batching should outweigh the drag introduced by an
additional byte for each flush.
Co-authored-by: huoyinghui <huoyinghui@users.noreply.github.com>
|
|
truncated db_table names.
|
|
Paths that happened to begin with the script name were inappropriately
stripped, instead of checking that script name preceded a slash.
|
|
referenced file.
|
|
suffixes.
Basque (eu) grammar requires conditional suffixes on years and day
articles that depend on the final sound of the preceding word. Since
Django's format strings are static, the CLDR parenthetical convention
("(e)ko" instead of "ko") is used to express the optionality.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
Some languages use a different ordinal suffix for the number 1 than
for other values ending in 1 (e.g. 21, 31). Added a dedicated
pgettext context "ordinal is 1" to allow translators to handle
this distinction.
For example, in French, 1 is written as "1er" while 21, 31, etc. use
"21e", "31e", etc.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
Thanks Mariusz Felisiak for the review.
Co-authored-by: Nathan Gaberel <nathan@gnab.fr>
|
|
URLField.to_python().
Follow up to 951ffb3832cd83ba672c1e3deae2bda128eb9cca.
|
|
system object creation.
This fix introduces `safe_makedirs()` in the `os` utils as a safer
alternative to `os.makedirs()` that avoids umask-related race conditions
in multi-threaded environments.
This is a workaround for https://github.com/python/cpython/issues/86533
and the solution is based on the fix being proposed for CPython.
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
Refs CVE-2020-24583 and #31921.
Thanks Tarek Nakkouch for the report, and Jake Howard, Jacob Walls, and
Shai Berger for reviews.
|
|
This simplicaftion mitigates a potential DoS in URLField on Windows. The
usage of `urlsplit()` in `URLField.to_python()` was replaced with
`str.partition(":")` for URL scheme detection. On Windows, `urlsplit()`
performs Unicode normalization which is slow for certain characters,
making `URLField` vulnerable to DoS via specially crafted POST payloads.
Thanks Seokchan Yoon for the report, and Jake Howard and Shai Berger
for the review.
Refs #36923.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
imported by namespace.
|
|
TabularInline.
|
|
on SQLite.
The "spawn" and "forkserver" multiprocessing modes were affected.
|
|
|
|
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
Thanks Sarah Boyce and Jacob Walls for reviews.
Co-authored-by: Hrushikesh Vaidya <hrushikeshrv@gmail.com>
|
|
|
|
When "FORCE_COLOR" was set in the environment (such as in django-docker-box)
several test cases that rely on string comparisons against exception
messages or command line results would fail due to ANSI escape sequences
being present in the output. This change resolved the issue by setting
the "PYTHON_COLORS" environment variable to "0" for those specific tests,
which takes precendence over the presence of "FORCE_COLOR".
|
|
Co-authored-by: Simon Charette <charette.s@gmail.com>
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
launching a subprocess.
|
|
|
|
Before, if no exception occurred, "None Type: None" was logged.
|
|
references from HTML truncation docs.
|
|
ContentTypes.
|
|
encoding.
Added LookupError to the except clause so invalid headers are silently
skipped, consistent with other malformed header handling.
|
|
|
|
|
|
|
|
model_class() is None.
Updated ContentType.app_labeled_name to include the app_label in its string representation.
This removed ambiguity for content types whose models were not present in the current codebase
(for example, when multiple applications share the same database).
Adjusted related tests to reflect the new representation.
|