1
0
mirror of https://github.com/django/django.git synced 2025-01-26 10:09:42 +00:00

187 Commits

Author SHA1 Message Date
Simon Charette
602fe961e6 Fixed #35665 -- Fixed a crash when passing an empty order_by to Window.
This also caused un-ordered sliced prefetches to crash as they rely on Window.

Regression in e16d0c176e9b89628cdec5e58c418378c4a2436a that made OrderByList
piggy-back ExpressionList without porting the empty handling that the latter
provided.

Supporting explicit empty ordering on Window functions and slicing is arguably
a foot-gun design due to how backends will return undeterministic results but
this is a problem that requires a larger discussion.

Refs #35064.

Thanks Andrew Backer for the report and Mariusz for the review.
2024-08-13 11:26:17 +02:00
Simon Charette
c87bfaacf8 Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields.
Thanks Eyal (eyalgabay) for the report.
2024-08-06 08:50:08 +02:00
Mariusz Felisiak
9f5e2306e2
Refs #29049 -- Fixed isolation of BasicExpressionsTests._test_slicing_of_f_expressions() subtests.
Thanks Tim Graham for the report.
2024-07-23 14:29:14 -03:00
Simon Charette
6b3f55446f Fixed #35603 -- Prevented F.__contains__() from hanging.
Regression in 94b6f101f7dc363a8e71593570b17527dbb9f77f.
2024-07-18 08:39:10 +02:00
Tim Graham
7ba2a0db20
Fixed Number.__str__() crash when float/decimal_value is None in expressions tests models. 2024-06-21 16:51:41 -03:00
Mariusz Felisiak
f030236a86 Fixed #35275 -- Fixed Meta.constraints validation crash on UniqueConstraint with OpClass().
This also introduces Expression.constraint_validation_compatible that
allows specifying that expression should be ignored during a constraint
validation.
2024-05-14 10:34:30 +02:00
sharonwoo
6a37e9bfae Fixed #35257 -- Corrected resolving output_field for IntegerField/DecimalField with NULL. 2024-03-21 10:13:54 +01:00
Mariusz Felisiak
305757aec1
Applied Black's 2024 stable style.
https://github.com/psf/black/releases/tag/24.1.0
2024-01-26 12:45:07 +01:00
Simon Charette
0fcee1676c Fixed #35111 -- Fixed compilation of DateField __in/__range rhs on SQLite and MySQL.
Also removed tests that ensured that adapt_(date)timefield backend
operations where able to deal with expressions when it's not the case
for any other adapt methods.
2024-01-16 08:34:14 +01:00
Simon Charette
561f770415 Refs #22288 -- Corrected __range lookup test names. 2024-01-16 08:34:06 +01:00
Nick Pope
94b6f101f7
Fixed #29049 -- Added slicing notation to F expressions.
Co-authored-by: Priyansh Saxena <askpriyansh@gmail.com>
Co-authored-by: Niclas Olofsson <n@niclasolofsson.se>
Co-authored-by: David Smith <smithdc@gmail.com>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Abhinav Yadav <abhinav.sny.2002@gmail.com>
2023-12-30 08:24:30 +01:00
Mariusz Felisiak
de4884b114 Reverted "Refs #30446, Refs #34944 -- Fixed crash when adding GeneratedField with string Value()."
This reverts commit 8b1acc0440418ac8f45ba48e2dfcf5126c83341b.
2023-11-14 15:45:43 +01:00
Simon Charette
8b1acc0440 Refs #30446, Refs #34944 -- Fixed crash when adding GeneratedField with string Value().
This should allow smarter output_field inferring in functions dealing
with text expressions.

Regression in f333e3513e8bdf5ffeb6eeb63021c230082e6f95.
2023-11-08 15:48:15 +03:00
Simon Charette
ea596a52d9
Refs #33482 -- Fixed QuerySet selecting and filtering againts Exists() with empty queryset.
Thanks Tobias Bengfort for the report.
2023-10-04 21:30:50 +02:00
toan
4de31ec680 Fixed #34858 -- Corrected resolving output_field for PositiveIntegerField.
Regression in 40b8a6174f001a310aa33f7880db0efeeb04d4c4.
2023-09-22 09:33:50 +02:00
willzhao
9cc0d7f7f8 Fixed #34803 -- Fixed queryset crash when filtering againts deeply nested OuterRef annotations.
Thanks Pierre-Nicolas Rigal for the report.

Regression in c67ea79aa981ae82595d89f8018a41fcd842e7c9.
2023-09-01 10:44:20 +02:00
Jingbei Li
9946f0b0d9 Fixed #33817 -- Added support for python-oracledb and deprecated cx_Oracle. 2023-08-10 10:11:53 +02:00
Mariusz Felisiak
94ad46e9d8 Refs #33543 -- Made Expression.asc()/desc() and OrderBy raise ValueError when nulls_first/nulls_last=False is passed.
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
sarahboyce
05bcd5baaf Refs #30129 -- Added test for create() with F() expression in Subquery.
Fixed in 35431298226165986ad07e91f9d3aca721ff38ec.
2023-01-16 08:26:34 +01:00
David Wobrock
a320aab512 Fixed #16211 -- Added logical NOT support to F expressions. 2022-10-31 09:55:51 +01:00
Gregor Gärtner
f0c06f8ab7 Refs #33990 -- Renamed TransactionTestCase.assertQuerysetEqual() to assertQuerySetEqual().
Co-Authored-By: Michael Howitz <mh@gocept.com>
2022-10-08 08:07:38 +02:00
Simon Charette
c6350d594c Refs #30158 -- Removed alias argument for Expression.get_group_by_cols().
Recent refactors allowed GROUP BY aliasing allowed for aliasing to be
entirely handled by the sql.Query.set_group_by and compiler layers.
2022-10-06 12:04:00 +02:00
David Wobrock
cff1f888e9
Fixed #33464 -- Resolved output_field for combined numeric expressions with MOD operator. 2022-09-27 20:41:10 +02:00
Mariusz Felisiak
68da6b389c
Fixed #33543 -- Deprecated passing nulls_first/nulls_last=False to OrderBy and Expression.asc()/desc().
Thanks Allen Jonathan David for the initial patch.
2022-05-12 11:30:03 +02:00
Mariusz Felisiak
1760ad4e8c
Relaxed some query ordering assertions in various tests.
It accounts for differences seen on MySQL with MyISAM storage engine.
2022-04-14 12:12:13 +02:00
Mariusz Felisiak
93cae5cb2f Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
2022-04-11 08:59:33 +02:00
Luke Plant
40b8a6174f Fixed #33397 -- Corrected resolving output_field for DateField/DateTimeField/TimeField/DurationFields.
This includes refactoring of CombinedExpression._resolve_output_field()
so it no longer uses the behavior inherited from Expression of guessing
same output type if argument types match, and instead we explicitly
define the output type of all supported operations.

This also makes nonsensical operations involving dates
(e.g. date + date) raise a FieldError, and adds support for
automatically inferring output_field for cases such as:
* date - date
* date + duration
* date - duration
* time + duration
* time - time
2022-03-31 11:05:23 +02:00
Luke Plant
04ad0f26ba Refs #33397 -- Added extra tests for resolving an output_field of CombinedExpression. 2022-03-30 11:03:48 +02:00
Ryan Heard
c6b4d62fa2 Fixed #29865 -- Added logical XOR support for Q() and querysets. 2022-03-04 12:55:37 +01:00
Mariusz Felisiak
7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Mariusz Felisiak
6f185a53a2
Refs #33482 -- Fixed QuerySet selecting and filtering againts negated Exists() with empty queryset.
Regression in b7d1da5a62fe4141beff2bfea565f7ef0038c94c.
2022-02-07 20:34:21 +01:00
Mariusz Felisiak
c5cd878382
Refs #33476 -- Refactored problematic code before reformatting by Black.
In these cases Black produces unexpected results, e.g.

def make_random_password(
    self,
    length=10,
    allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):

or

cursor.execute("""
SELECT ...
""",
    [table name],
)
2022-02-03 11:20:46 +01:00
Simon Charette
b7d1da5a62 Fixed #33482 -- Fixed QuerySet filtering againts negated Exists() with empty queryset.
Thanks Tobias Bengfort for the report.
2022-02-02 07:54:19 +01:00
My-Name-Is-Nabil
f37face331 Fixed #33435 -- Fixed invalid SQL generatered by Subquery.as_sql(). 2022-01-17 09:00:46 +01:00
Allen Jonathan David
28c98d4113 Fixed #33216 -- Simpilified deconstructed paths for some expressions. 2022-01-07 11:19:29 +01:00
Keryn Knight
0ed2919814 Fixed #33406 -- Avoided creation of MaxLengthValidator(None) when resolving Value.output_field for strings.
This brings the behaviour in line with Field subclasses which append to
the validators within __init__(), like BinaryField, and prevents the
creation of a validator which incorrectly throws a TypeError, if it
were used.
2022-01-04 05:51:00 +01:00
Keryn Knight
b894199eb0 Refs #33406 -- Added test for not creating broken validators when resolving Value.output_field. 2022-01-04 05:51:00 +01:00
Adam Johnson
a8fa3e5cd7 Refs #33355 -- Added missing tests for database functions and expression on null values. 2021-12-22 11:46:18 +01:00
Matthijs Kooijman
1a5023883b Fixed #33257 -- Fixed Case() and ExpressionWrapper() with decimal values on SQLite. 2021-11-08 18:02:56 +01:00
Hasan Ramezani
c069ee0b9d Fixed #33224 -- Removed DatabaseFeatures.supports_mixed_date_datetime_comparisons. 2021-11-02 07:30:38 +01:00
Tim Graham
cbd9f8531d
Removed duplicated lines in test_in_lookup_allows_F_expressions_and_expressions_for_datetimes(). 2021-10-26 07:22:20 +02:00
Adam Johnson
45f48ed4f7 Made F deconstruction omit 'expressions' in the path. 2021-10-21 09:40:52 +02:00
Mariusz Felisiak
e703b152c6
Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.
Regression in 1e38f1191de21b6e96736f58df57dfb851a28c1f.

Thanks Mohsen Tamiz for the report.
2021-06-01 15:11:42 +02:00
Mariusz Felisiak
f0a9413bd2 Refs #24121 -- Improved Value.__repr__(). 2021-05-24 07:26:53 +02:00
Mariusz Felisiak
3f6d4e22f8 Fixed typo in tests/expressions/tests.py. 2021-05-24 07:26:53 +02:00
Simon Charette
96f55ccf79 Fixed #32714 -- Prevented recreation of migration for Meta.ordering with OrderBy expressions.
Regression in c8b659430556dca0b2fe27cf2ea0f8290dbafecd.

Thanks Kevin Marsh for the report.
2021-05-05 08:43:57 +02:00
Tobias Bengfort
54e94640ac Refs #25287 -- Added support for multiplying and dividing DurationField by scalar values on SQLite. 2021-04-20 11:44:41 +02:00
Hasan Ramezani
ed0cc52dc3 Fixed #32585 -- Fixed Value() crash with DecimalField on SQLite. 2021-03-29 06:22:36 +02:00
Jonathan Richards
00b0786de5 Fixed #32548 -- Fixed crash when combining Q() objects with boolean expressions. 2021-03-17 21:53:39 +01:00