1
0
mirror of https://github.com/django/django.git synced 2024-12-27 19:46:22 +00:00
Commit Graph

27189 Commits

Author SHA1 Message Date
Mariusz Felisiak
868cd56f05 Added CVE-2019-12781 to the security release archive. 2019-07-01 10:14:36 +02:00
Mariusz Felisiak
fc41401f33 Added release date for 2.2.3. 2019-07-01 07:48:45 +02:00
Carlton Gibson
54d0f5e62f Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
Mariusz Felisiak
30b3ee9d0b Added stub release notes for security releases. 2019-07-01 06:57:27 +02:00
Mariusz Felisiak
8fc8c958a5
Fixed broken selenium tests after 42b9a23267. 2019-06-30 20:35:05 +02:00
Claude Paroz
d54baf6970 Updated translations from Transifex
Forward port of b3f7262e6e from stable/2.2.x
2019-06-29 16:17:16 +02:00
Jon Dufresne
42b9a23267 Fixed #30400 -- Improved typography of user facing strings.
Thanks Claude Paroz for assistance with translations.
2019-06-28 16:46:18 +02:00
Hasan Ramezani
2b03e8e9e8 Fixed #30584 -- Fixed management command when using subparsers with dest parameter. 2019-06-28 12:51:26 +02:00
can
f03b7bd114 Fixed #28408 -- Added error message when updating with annotated expressions on joined fields.
Co-Authored-By: Simon Charette <charette.s@gmail.com>
2019-06-28 07:55:32 +02:00
Nadège Michel
fb54aca540 Added test for serializing child model without inherited fields. 2019-06-27 15:10:22 +02:00
Nadège Michel
895b15771e Fixed #28725 -- Prevented serializing inherited ManyToManyFields in child model. 2019-06-27 15:10:22 +02:00
Mariusz Felisiak
4305fbe8b1
Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database. 2019-06-27 15:09:28 +02:00
Shubham Bhagat
26d16c07fd Fixed #30578 - Made SelectDateWidget respect a custom date format when USE_L10N is disabled. 2019-06-26 11:07:11 +02:00
nsasaki128
a289e79679 Fixed #30594 -- Added 'private' Cache-Control directive to never_cache() decorator. 2019-06-26 09:25:24 +02:00
Tom Forbes
8454f6dea4 Fixed #30588 -- Fixed crash of autoreloader when __main__ module doesn't have __file__ attribute. 2019-06-26 06:44:10 +02:00
Tim Gates
698df6a009 Fixed typos in test comments. 2019-06-25 11:12:45 +02:00
can
325d5d6445 Fixed #30477 -- Made reverse lookup use Field.get_db_prep_value() from the target field. 2019-06-25 10:20:33 +02:00
daniel a rios
76b993a117 Fixed #26431 -- Prevented django.urls.resolve() from returning missing optional parameters.
Previous behavior was inconsistent with django.urls.reverse() and
caused that translate_url() created an incorrect URL when an optional
parameter was missing.
2019-06-24 11:47:56 +02:00
daniel a rios
d640c71fa3 Refs #26431 -- Added tests for resolving URL and translate_url() with provided optional parameter. 2019-06-24 11:30:26 +02:00
daniel a rios
b24e763846 Added tests for terminated path with optional arguments in django.urls.reverse(). 2019-06-24 11:30:26 +02:00
Tom Forbes
e286711879 Simplified handling of non-existent paths in autoreloader with Path.resolve(strict=True). 2019-06-24 09:48:59 +02:00
Meysam
833878411c Fixed typo in docs/topics/db/models.txt. 2019-06-24 09:04:33 +02:00
Alexey Opalev
2f91e7832f Fixed typo in docs/ref/models/indexes.txt. 2019-06-24 08:58:56 +02:00
Mariusz Felisiak
19895e897c
Refs #30451 -- Added asgiref to the tests requirements. 2019-06-24 08:10:23 +02:00
Claude Paroz
8590726a5d Removed unneeded non-breaking spaces added in 00169bc36 2019-06-22 10:26:14 +02:00
Markus Holtermann
ad7b438002 Bumped minimum ESLint version to 4.18.2. 2019-06-21 17:57:35 +02:00
Nadège Michel
87b1ad6e73 Fixed #30421 -- Allowed symmetrical intermediate table for self-referential ManyToManyField. 2019-06-21 15:03:17 +02:00
Mariusz Felisiak
a9179ab032
Fixed typo in BasicExpressionsTests.test_object_update_fk() test. 2019-06-21 12:00:42 +02:00
Jon Dufresne
2ef6f209f7 Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes. 2019-06-21 07:07:23 +02:00
Tobias Kunze
a387ef1117 Added missing form argument in modelform_factory() docstring. 2019-06-20 15:13:22 +02:00
Mariusz Felisiak
9aeac29949
Removed unnecessary backslashes from docs. 2019-06-20 14:04:36 +02:00
Mariusz Felisiak
7f19e37135 Refs #30451 -- Added more tests for ASGIRequest and ASGIHandler. 2019-06-20 12:29:58 +02:00
Andrew Godwin
a415ce70be Fixed #30451 -- Added ASGI handler and coroutine-safety.
This adds an ASGI handler, asgi.py file for the default project layout,
a few async utilities and adds async-safety to many parts of Django.
2019-06-20 12:29:43 +02:00
Chris Jerdonek
cce47ff65a Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like object. 2019-06-20 11:48:49 +02:00
Chris Jerdonek
533311782f Refs #30565 -- Doc'd HttpResponse.close() method. 2019-06-20 11:48:49 +02:00
Swat009
00169bc361 Fixed #30547 -- Doc'd how Meta.constraints affect model validation. 2019-06-20 10:44:02 +02:00
Jon Dufresne
b903bb438f Refs #30485 -- Removed non-representative test that emitted a warning.
Previously, when running the Django test suite with warnings enabled,
the following was emitted:

    /usr/lib64/python3.7/urllib/parse.py:915: BytesWarning: str() on a bytearray instance
      v = quote_via(str(v), safe, encoding, errors)

This occurred due to the bytearray() being passed to
urllib.parse.urlencode() which eventually calls str() on it. The test
does not represent desired real world behavior. Rather than test for and
assert strange unspecified behavior that emits a warning, remove it.

This was also discussed in PR #11374.
2019-06-19 13:03:52 +02:00
can
2cbd3967e0 Fixed #29834 -- Fixed column mismatch crash with QuerySet.values()/values_list() and order_by() on combined querysets. 2019-06-19 12:11:28 +02:00
Mariusz Felisiak
14d026cccb
Fixed #30572 -- Prevented values()/values_list() on combined queryset from mutating the list of columns in querysets. 2019-06-19 10:44:53 +02:00
Hasan Ramezani
a7038adbd0 Fixed typos in signals and custom management commands docs. 2019-06-19 08:40:46 +02:00
Hasan Ramezani
036362e0cf Fixed typos and example in signals.pre_init docs. 2019-06-18 14:51:17 +02:00
Mariusz Felisiak
b08a18f17b
Fixed LiveWidgetTests.test_textarea_trailing_newlines() crash on Chrome 75+. 2019-06-18 11:38:51 +02:00
Min ho Kim
6e8303d49b Fixed typos in FakePayload docstring and SimplifiedURLTests test name. 2019-06-17 12:38:04 +02:00
Mariusz Felisiak
415e899dc4 Refs #30451 -- Added HttpRequest._set_content_type_params() hook. 2019-06-15 10:29:02 -07:00
Sanyam Khurana
87f5d07eed Fixed #12952 -- Adjusted admin log change messages to use form labels instead of field names. 2019-06-14 18:20:29 +02:00
Carlton Gibson
1564e42ad3 Refs #30512, #15042 -- Added local-only address to sanitize_email() tests cases.
email.headerregistry.parser.get_mailbox() returns a token with a `token_type` attribute.

If `token_type` is `’invalid-mailbox’` then RFC violations have been detected. Emails with only the local part, and no domain,  are correctly parsed but are marked as `’invalid-mailbox’`.

As per #15042, local-only are supported, to enable sending to addresses on localhost.

sanitize_email() does not currently check `token_type`. This test is added to avoid a regression in case this is revisited in the future.
2019-06-13 17:29:58 +02:00
Joachim Jablon
2628ea9515 Fixed #30512 -- Used email.headerregistry.parser for parsing emails in sanitize_address(). 2019-06-13 16:22:15 +02:00
Joachim Jablon
0c2ffdd526 Fixed an example of email with display name in EmailMessage.from_email. 2019-06-13 16:22:15 +02:00
Mariusz Felisiak
fc2536fe66
Refs #29548 -- Doc'd MariaDB support for GIS database functions. 2019-06-13 10:26:21 +02:00
can
fde9b7d35e Fixed #30128 -- Fixed handling timedelta timezone in database functions. 2019-06-13 09:29:43 +02:00