1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00
Commit Graph

311 Commits

Author SHA1 Message Date
mgaligniana
0ad5316f22 Fixed #24296 -- Made QuerySet.exists() clear selected columns for not sliced distinct querysets. 2022-04-12 08:18:22 +02:00
mgaligniana
d2263b7b87 Refs #18414 -- Added tests for selected columns of sliced distinct querysets. 2022-04-12 08:18:22 +02:00
Mariusz Felisiak
b8759093d8
Removed DatabaseFeatures.validates_explain_options.
Always True since 6723a26e59.
2022-04-11 12:58:01 +02:00
Mariusz Felisiak
6723a26e59 Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 2022-04-11 08:59:58 +02:00
Mariusz Felisiak
93cae5cb2f Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
2022-04-11 08:59:33 +02:00
Gagaro
bf524d229f Refs #30581 -- Allowed sql.Query to be used without model. 2022-03-16 09:33:16 +01:00
Ryan Heard
c6b4d62fa2 Fixed #29865 -- Added logical XOR support for Q() and querysets. 2022-03-04 12:55:37 +01:00
Albert Defler
2b6a3baebe Fixed #31486 -- Deprecated passing unsaved objects to related filters.
Co-Authored-By: Hasan Ramezani <hasan.r67@gmail.com>
2022-02-25 07:51:37 +01:00
Nick Pope
847f46e9bf
Removed redundant QuerySet.all() calls in docs and tests.
Most QuerySet methods are mapped onto the Manager and, in general,
it isn't necessary to call .all() on the manager.
2022-02-22 10:29:38 +01:00
Simon Charette
d35ce682e3 Fixed #33506 -- Made QuerySet.bulk_update() perform atomic writes against write database.
The lack of _for_write = True assignment in bulk_update prior to
accessing self.db resulted in the db_for_read database being used to
wrap batched UPDATEs in a transaction.

Also tweaked the batch queryset creation to also ensure they are
executed against the same database as the opened transaction under all
circumstances.

Refs #23646, #33501.
2022-02-09 11:14:50 +01:00
Mariusz Felisiak
7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Mariusz Felisiak
c5cd878382
Refs #33476 -- Refactored problematic code before reformatting by Black.
In these cases Black produces unexpected results, e.g.

def make_random_password(
    self,
    length=10,
    allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):

or

cursor.execute("""
SELECT ...
""",
    [table name],
)
2022-02-03 11:20:46 +01:00
Jörg Breitbart
0af9a5fc7d Fixed #33463 -- Fixed QuerySet.bulk_update() with F() expressions. 2022-01-27 19:03:26 +01:00
Mariusz Felisiak
30a0144134
Fixed #29338 -- Allowed using combined queryset in Subquery.
Thanks Eugene Kovalev for the initial patch, Simon Charette for the
review, and Chetan Khanna for help.
2022-01-17 18:01:07 +01:00
Ömer Faruk Abacı
81739a45b5 Fixed #33319 -- Fixed crash when combining with the | operator querysets with aliases that conflict. 2021-12-08 21:16:24 +01:00
Hannes Ljungberg
ed2018037d Fixed #33322 -- Fixed loss of assigned related object when saving relation with bulk_update(). 2021-11-29 06:27:22 +01:00
Jonny Park
6fa2930573 Refs #24121 -- Added __repr__() to BaseDatabaseWrapper, JoinPromoter, and SQLCompiler. 2021-11-19 07:57:02 +01:00
Jacob Walls
28f66b2783 Refs #25467 -- Added test for excluding one-to-one relation with unsaved objects.
Fixed in 58da81a5a3.
2021-10-08 06:26:19 +02:00
Jacob Walls
e17ab0af91 Fixed tests.queries.models.StaffUser.__str__(). 2021-10-08 06:25:17 +02:00
Mariusz Felisiak
903aaa35e5
Fixed #33159 -- Reverted "Fixed #32970 -- Changed WhereNode.clone() to create a shallow copy of children."
This reverts commit e441847eca.

A shallow copy is not enough because querysets can be reused and
evaluated in nested nodes, which shouldn't mutate JOIN aliases.

Thanks Michal Čihař for the report.
2021-09-30 11:26:17 +02:00
Hasan Ramezani
f997c81472 Fixed #33127 -- Added error messages on | and & operators with combined querysets. 2021-09-24 06:59:22 +02:00
Daniyal
f479df7f8d Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.db.models.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-15 11:43:33 +02:00
Wu Haotian
aba9c2de66 Fixed #32226 -- Fixed JSON format of QuerySet.explain() on PostgreSQL. 2021-07-05 09:08:39 +02:00
Wu Haotian
b3b04ad211 Refs #28574 -- Added test for XML format output to Queryset.explain(). 2021-07-05 09:01:54 +02:00
abhiabhi94
cd124295d8 Fixed #32381 -- Made QuerySet.bulk_update() return the number of objects updated.
Co-authored-by: Diego Lima <diego.lima@lais.huol.ufrn.br>
2021-06-29 06:58:46 +02:00
Simon Charette
b81c7562fc Fixed #32717 -- Fixed filtering of querysets combined with the | operator.
Address a long standing bug in a Where.add optimization to discard
equal nodes that was surfaced by implementing equality for Lookup
instances in bbf141bcdc.

Thanks Shaheed Haque for the report.
2021-05-13 07:26:52 +02:00
Hasan Ramezani
8de4ca74ba Fixed #32693 -- Quoted and lowercased generated column aliases. 2021-05-04 07:36:56 +02:00
Simon Charette
c8b6594305 Fixed #32632, Fixed #32657 -- Removed flawed support for Subquery deconstruction.
Subquery deconstruction support required implementing complex and
expensive equality rules for sql.Query objects for little benefit as
the latter cannot themselves be made deconstructible to their reference
to model classes.

Making Expression @deconstructible and not BaseExpression allows
interested parties to conform to the "expression" API even if they are
not deconstructible as it's only a requirement for expressions allowed
in Model fields and meta options (e.g. constraints, indexes).

Thanks Phillip Cutter for the report.

This also fixes a performance regression in bbf141bcdc.
2021-04-28 12:13:55 +02:00
Mariusz Felisiak
4f600673d7 Refs #32632 -- Added tests for returning a copy when combining Q() objects. 2021-04-28 11:31:17 +02:00
Mariusz Felisiak
c3278bb71f
Used assertCountEqual() in ExcludeTests.test_exclude_subquery(). 2021-04-22 10:47:10 +02:00
Simon Charette
6d0cbe42c3 Fixed #32650 -- Fixed handling subquery aliasing on queryset combination.
This issue started manifesting itself when nesting a combined subquery
relying on exclude() since 8593e162c9 but
sql.Query.combine never properly handled subqueries outer refs in the
first place, see QuerySetBitwiseOperationTests.test_subquery_aliases()
(refs #27149).

Thanks Raffaele Salmaso for the report.
2021-04-21 09:49:15 +02:00
Iuri de Silvio
9760e262f8 Fixed #32627 -- Fixed QuerySet.values()/values_list() crash on combined querysets ordered by unannotated columns. 2021-04-12 21:11:40 +02:00
Jonathan Richards
00b0786de5 Fixed #32548 -- Fixed crash when combining Q() objects with boolean expressions. 2021-03-17 21:53:39 +01:00
Mariusz Felisiak
ba9a2b7544
Refs #32508 -- Raised TypeError instead of using "assert" on unsupported operations for sliced querysets. 2021-03-10 09:16:28 +01:00
Johan Schiff
d01709aae2 Fixed #24141 -- Added QuerySet.contains(). 2021-03-06 20:40:29 +01:00
starryrbs
466920f6d7 Fixed #32450 -- Fixed crash when ANDing/ORing an empty Q() with not pickleable Q().
Regression in bb0b6e5263.
2021-02-18 21:13:24 +01:00
Mariusz Felisiak
5371342ed6
Fixed #32357 -- Dropped support for PostgreSQL 9.6 and PostGIS 2.3. 2021-01-19 12:25:20 +01:00
Mariusz Felisiak
06eec31970 Refs #7098 -- Removed support for passing raw column aliases to order_by().
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak
68e3ca13d7 Refs #30988 -- Removed InvalidQuery exception per deprecation timeline. 2021-01-14 17:50:04 +01:00
Hasan Ramezani
275dd4ebba
Fixed #32178 -- Allowed database backends to skip tests and mark expected failures.
Co-authored-by: Tim Graham <timograham@gmail.com>
2020-12-10 18:00:57 +01:00
David-Wobrock
ba42569d5c Fixed #31507 -- Added QuerySet.exists() optimizations to compound queries. 2020-11-16 20:29:13 +01:00
David-Wobrock
7b42d34646 Refs #27718 -- Doc'd and tested QuerySet.exists() for combined querysets.
Supported since 84c1826ded.
2020-11-16 15:15:41 +01:00
David-Wobrock
464a4c0c59 Fixed #31496 -- Fixed QuerySet.values()/values_list() crash on combined querysets ordered by annotations. 2020-11-14 10:22:09 +01:00
Hasan Ramezani
3f7b327562 Fixed #31235 -- Made assertQuerysetEqual() compare querysets directly.
This also replaces assertQuerysetEqual() to
assertSequenceEqual()/assertCountEqual() where appropriate.

Co-authored-by: Peter Inglesby <peter.inglesby@gmail.com>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-11-06 09:24:50 +01:00
Simon Charette
8593e162c9 Fixed #32143 -- Used EXISTS to exclude multi-valued relationships.
As mentioned in the pre-existing split_exclude() docstring EXISTS is
easier to optimize for query planers and circumvents the IN (NULL)
handling issue.
2020-10-28 07:22:00 +01:00
Simon Charette
bbf141bcdc Refs #27149 -- Fixed sql.Query identity.
By making Query subclass BaseExpression in
3543129822 the former defined it's
identity based off _construct_args which is not appropriate.
2020-10-28 07:21:53 +01:00
Tim Graham
49ece89702
Fixed some queries tests when primary key values are large.
On CockroachDB, primary key values stored in these fields are larger
than they accept. Fixes:
queries.test_bulk_update.BulkUpdateNoteTests.test_multiple_fields,
queries.test_bulk_update.BulkUpdateNoteTests.test_inherited_fields, and
queries.tests.RelatedLookupTypeTests.test_values_queryset_lookup.
2020-10-27 06:39:52 +01:00
Tim Graham
73be11a266
Removed an obsolete query test that assumes serial pks.
The code from the original fix (922aba3def)
was removed in 419de7b00d.
2020-10-27 06:31:26 +01:00
Hannes Ljungberg
c7c7615d00 Fixed #32116 -- Fixed QuerySet.order_by() crash on EmptyQuerySet with union() on a single non-empty ordered queryset. 2020-10-19 08:36:07 +02:00