Mariusz Felisiak
1f8382d34d
Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params.
...
Regression in 4f5b58f5cd
.
Thanks Florian Apolloner for the report and helping with tests.
2019-08-14 15:25:35 +02:00
Mads Jensen
0b8d911d28
Optimized Field.deconstruct() by using elif.
2019-08-14 10:50:31 +02:00
Claude Paroz
eed2e740f7
Fixed #30461 -- Made GeoIP2 and GEOIP_PATH setting accept pathlib.Path as library path.
...
Thanks Nikita Krokosh for the initial patch.
2019-08-13 19:44:10 +02:00
Claude Paroz
88c0b907e7
Refs #30461 -- Added django.utils._os.to_path().
2019-08-13 17:17:39 +02:00
Mariusz Felisiak
c19ad2da4b
Fixed #30704 -- Fixed crash of JSONField nested key and index transforms on expressions with params.
...
Thanks Florian Apolloner for the report and helping with tests.
2019-08-13 08:42:17 +02:00
Simon Charette
efa1908f66
Refs #25367 -- Moved Oracle Exists() handling to contextual methods.
...
Oracle requires the EXISTS expression to be wrapped in a CASE WHEN in
the following cases.
1. When part of a SELECT clause.
2. When part of a ORDER BY clause.
3. When compared against another expression in the WHERE clause.
This commit moves the systematic CASE WHEN wrapping of Exists.as_oracle
to contextual .select_format, Lookup.as_oracle, and OrderBy.as_oracle
methods in order to avoid unnecessary wrapping.
2019-08-13 06:48:14 +02:00
Simon Charette
fff5186d32
Refs #25367 -- Moved select_format hook to BaseExpression.
...
This will expose an intermediary hook for expressions that need special
formatting when used in a SELECT clause.
2019-08-13 06:48:14 +02:00
Min ho Kim
4f7328ce8a
Corrected multiple typos.
2019-08-12 12:53:36 +02:00
Min ho Kim
d7673d9eda
Switched to use HTTP_X_FORWARDED_PROTO
custom header in tests.
...
This is the conventional name: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
2019-08-12 12:51:26 +02:00
Simon Charette
f7e9db14bb
Refs #25367 -- Added test for Exists() lookup rhs.
2019-08-12 09:39:26 +02:00
Simon Charette
088a6fab1c
Refs #24793 -- Removed bogus connection argument from SQLCompiler.compile() calls.
...
The method doesn't expect a connection object to be passed as its second
argument.
2019-08-12 07:47:55 +02:00
Simon Charette
8b3e1b6e9e
Refs #11964 -- Made constraint support check respect required_db_features.
...
This will notably silence the warnings issued when running the test
suite on MySQL.
2019-08-12 06:44:37 +02:00
Simon Charette
2fb872e56f
Refs #23879 -- Made introspection respect required_db_features.
2019-08-12 06:33:46 +02:00
swatantra
73ac9e3f04
Fixed #30677 -- Improved error message for urlencode() and Client when None is passed as data.
2019-08-11 20:15:23 +02:00
Akash Agrawal
c1b26c77a9
Fixed #30696 -- Removed obsolete mention of CheckConstraint in the AddConstraint docs.
...
Follow up to 8eae094638
.
2019-08-11 15:39:48 +02:00
Akash Agrawal
af08a54415
Fixed #30670 -- Doc'd SchemaEditor.add/remove_constraint().
2019-08-11 03:26:44 +02:00
Ngalim Siregar
503f60ff57
Fixed #29008 -- Fixed crash of 404 debug page when URL path converter raises Http404.
2019-08-09 22:48:08 +02:00
Carlton Gibson
514efa3129
Fixed #30688 -- Clarified base_manager_name docs.
2019-08-09 10:08:06 +02:00
Jon Dufresne
5b57798513
Removed unnecessary StatAggregate.resolve_expression().
...
This method only calls the parent method, but without the for_save
argument. The parent class, Aggregate, already ignores the for_save
argument so there is no need for special handling.
Unnecessary since its introduction in e4cf8c8420
.
2019-08-08 22:34:25 +02:00
Adnan Umer
8d3519071e
Fixed #30673 -- Relaxed system check for db_table collision when database routers are installed by turning the error into a warning.
2019-08-08 21:14:06 +02:00
Min ho Kim
65e86948b8
Corrected several typos in string literals and test names.
2019-08-07 11:23:14 +02:00
Andrew Godwin
052388aba4
Fixed #30676 -- Added --pdb option to test runner.
2019-08-07 08:16:31 +02:00
Adnan Umer
c5075360c5
Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER setting.
2019-08-05 18:44:08 +02:00
Mariusz Felisiak
05964b2198
Moved indexes in ArrayField's Index and Slice transforms to SQL params.
...
Follow up to 7deeabc7c7
.
These lookups aren't vulnerable to SQL injection because both accept
only integer indexes. It is a part of good practices.
2019-08-05 14:16:35 +02:00
Mariusz Felisiak
0e02e496cd
Added tests for using ArrayField's IndexTransform/SliceTransform on expressions with params.
2019-08-05 14:16:25 +02:00
Diederik van der Boor
25f21bd237
Fixed #28393 -- Added helpful error messages for invalid AutoField/FloatField/IntegerField values.
...
Co-authored-by: Diederik van der Boor <vdboor@edoburu.nl>
Co-authored-by: Nick Pope <nick.pope@flightdataservices.com>
2019-08-05 08:41:29 +02:00
Mariusz Felisiak
1af469e67f
Added stub release notes for 2.2.5.
2019-08-02 20:32:21 +02:00
Nick Pope
4cf1f2f13e
Simplified AlterModelTable by making it subclass ModelOptionOperation.
2019-08-02 18:19:55 +02:00
niauah
75f8264083
Corrected StreamingHttpResponse.streaming_content description in docs.
2019-08-02 16:37:49 +02:00
aaktsipetrov
4edad1ddf6
Fixed #30668 -- Made QuerySet.filter() raise NotSupportedError if any of source expressions is not filterable.
2019-08-02 15:06:00 +02:00
Nick Pope
194d1dfc18
Fixed #30661 -- Added models.SmallAutoField.
2019-08-02 11:39:01 +02:00
zeyneloz
955b382600
Fixed #30599 -- Prevented ManifestFilesMixin.read_manifest() from silencing errors other than FileNotFoundError.
2019-08-02 08:35:28 +02:00
zeyneloz
246689452d
Added test for handling of non-existent manifest in ManifestFilesMixin.read_manifest().
2019-08-02 08:35:25 +02:00
Mariusz Felisiak
d14fa04ab3
Removed obsolete mentions of a check constraint in BaseDatabaseSchemaEditor.add_constraint()/remove_constraint() docstrings.
2019-08-02 07:09:37 +02:00
Jon Dufresne
e8d0d2a5ef
Removed unneeded ValueError catching in django.utils.text._replace_entity().
...
The html.entities.name2codepoint dict contains only valid Unicode
codepoints. Either the key exists and chr() will succeed or the key does
not exist.
2019-08-01 14:30:20 +02:00
Mariusz Felisiak
ff111ea5e3
Refs #30664 -- Fixed migrations crash when altering AutoField/BigAutoField with quoted db_column on PostgreSQL.
2019-08-01 12:06:32 +02:00
Ngalim Siregar
e4684220af
Fixed #30664 -- Fixed migrations crash when altering table on SQLite or altering AutoField/BigAutoField on PostgreSQL for models with quoted db_table.
2019-08-01 12:06:32 +02:00
Carlton Gibson
a5652eb795
Added CVE-2019-14235 to security release archive.
2019-08-01 12:01:27 +02:00
Carlton Gibson
3a6a2f5eaf
Added CVE-2019-14234 to security release archive.
2019-08-01 11:59:45 +02:00
Carlton Gibson
9600f63885
Added CVE-2019-14233 to security release archive.
2019-08-01 11:57:24 +02:00
Carlton Gibson
87750787d1
Added CVE-2019-14232 to the security release archive.
2019-08-01 11:54:24 +02:00
Florian Apolloner
76ed1c49f8
Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Mariusz Felisiak
7deeabc7c7
Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
...
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
2019-08-01 09:24:54 +02:00
Florian Apolloner
4b78420d25
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Florian Apolloner
7f65974f82
Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Carlton Gibson
eea0bf7bd5
Refs #30669 -- Removed incorrect branch in ASGIHander.read_body().
...
None is not valid for settings.FILE_UPLOAD_MAX_MEMORY_SIZE.
Always use SpooledTemporaryFile.
2019-07-31 13:33:01 +02:00
Étienne Beaulé
5f24e7158e
Fixed #30665 -- Added support for distinct argument to Avg() and Sum().
2019-07-31 11:22:50 +02:00
Étienne Beaulé
cb3c2da128
Moved test for distinct Count() to a separate test case.
2019-07-31 10:41:17 +02:00
Nick Pope
f618e033ac
Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands.
2019-07-31 10:02:13 +02:00
Nick Pope
c95d063e77
Refs #30160 -- Simplified and improved tests for django.utils.archive.
...
The file executable should have 0o775 permission not only u=x.
The file no_permissions should have 0o644 u=r.
2019-07-31 09:46:24 +02:00