mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-04-22 08:14:37 +00:00
Code Issues 32 Releases Wiki Activity
28,495 Commits 29 Branches 441 Tags
Commit Graph

11908 Commits

Author SHA1 Message Date
Mariusz Felisiak
2b099caa59 [3.1.x] Fixed CVE-2020-24584 -- Fixed permission escalation in intermediate-level directories of the file system cache on Python 3.7+. 
Backport of f56b57976133129b0b351a38bba4ac882badabf0 from master.
 2020-09-01 09:35:05 +02:00
Mariusz Felisiak
934430d22a [3.1.x] Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level static and storage directories on Python 3.7+. 
Thanks WhiteSage for the report.

Backport of ea0febbba531a3ecc8c77b570efbfb68ca7155db from master.
 2020-09-01 09:35:05 +02:00
007gzs
dfa31f8e87 [3.1.x] Fixed #31901 -- Prevented content overflowing in the admin changelist with navigation sidebar. 
Backport of 2bc38bc7cae002f949157d95e3f0c19ea6b8ca5c from master
 2020-09-01 08:19:12 +02:00
Abdullah Dursun
42f8c085a6 [3.1.x] Corrected note about long names in search docs. 
Backport of fcad0b132427847d6db2008f00fbe45a7b45cad3 from master
 2020-08-31 22:37:20 +02:00
Hasan Ramezani
eda59ba2ec [3.1.x] Fixed #31934 -- Added note about the default of SameSite cookie flag in modern browsers. 
Backport of 70731fc6feeb40eab535781e938b0e67ff0077ad from master
 2020-08-31 12:33:17 +02:00
Federico Jaramillo Martínez
c4e5384e73 [3.1.x] Fixed #31952 -- Fixed EmptyFieldListFilter crash with reverse relationships. 
Thanks dacotagh for the report.

Backport of 179d9dc0c2265176f9f7062a1d98dc44d896f91f from master
 2020-08-31 10:40:21 +02:00
Simon Charette
2986ec031d [3.1.x] Fixed #31965 -- Adjusted multi-table fast-deletion on MySQL/MariaDB. 
The optimization introduced in 7acef095d73 did not properly handle
deletion involving filters against aggregate annotations.

It initially was surfaced by a MariaDB test failure but misattributed
to an undocumented change in behavior that resulted in the systemic
generation of poorly performing database queries in 5b83bae031.

Thanks Anton Plotkin for the report.

Refs #23576.

Backport of f6405c0b8ef7aff513b105c1da68407a881a3671 from master
 2020-08-31 09:22:59 +02:00
Mariusz Felisiak
655e1ce6b1 [3.1.x] Fixed #31956 -- Fixed crash of ordering by JSONField with a custom decoder on PostgreSQL. 
Thanks Marc Debureaux for the report.
Thanks Simon Charette, Nick Pope, and Adam Johnson for reviews.

Backport of 0be51d2226fce030ac9ca840535a524f41e9832c from master
 2020-08-28 19:12:02 +02:00
Kevin Michel
3a42c0447b [3.1.x] Fixed #31928 -- Fixed detecting an async get_response in various middlewares. 
SecurityMiddleware and the three cache middlewares were not calling
super().__init__() during their initialization or calling the required
MiddlewareMixin._async_check() method.

This made the middlewares not properly present as coroutine and
confused the middleware chain when used in a fully async context.

Thanks Kordian Kowalski for the report.

Backport of 825ce75faec63ce81601e31152c757a9c28fed13 from master
 2020-08-28 12:35:53 +02:00
Mariusz Felisiak
14a19700d8 [3.1.x] Fixed #31912 -- Removed strict=True in Path.resolve() in project template and CommonPasswordValidator. 
This caused permission errors when user didn't have permissions to
all intermediate directories in a Django installation path.

Thanks tytusd and leonyxz for reports.

Regression in edeec1247e52de6fc32cee93e96d4ce36003ea4b and
26554cf5d1e96db10d0d5f4b69683a22fb82fdf8.
Backport of e39e727ded673e74016b5d3658d23cbe20234d11 from master
 2020-08-28 05:59:11 +02:00
Mariusz Felisiak
9075d1f662 [3.1.x] Fixed #31936 -- Fixed __in lookup on key transforms for JSONField. 
This resolves an issue on databases without a native JSONField
(MariaDB, MySQL, SQLite, Oracle), where values must be wrapped.

Thanks Sébastien Pattyn for the report.
Backport of 1251772cb83aa4106f526fe00738e51c0eb59122 from master
 2020-08-26 22:14:46 +02:00
Michael Galler
b6d2419120 [3.1.x] Fixed #31905 -- Made MiddlewareMixin call process_request()/process_response() with thread sensitive. 
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>

Backport of 547a07fa7ec4364ea9ecd2aabfdd16ee4c63003c from master
 2020-08-26 07:54:55 +02:00
Mariusz Felisiak
e81aa7a94a [3.1.x] Fixed #31877 -- Reverted "Fixed #19878 -- Deprecated TemplateView passing URL kwargs into context." 
This reverts commit 4ed534758cb6a11df9f49baddecca5a6cdda9311.

Backport of bb8f66934d93faf80cd1a2dda65aaedce21a6fc5 from master
 2020-08-24 11:39:05 +02:00
Mariusz Felisiak
f247c66bb5 [3.1.x] Refs #31877 -- Reverted "Fixes #31877 -- Used lazy() for TemplateView kwarg deprecation warning." 
This reverts commit 20799cc0a6d98816b9ef0577e24691bd26b80d7d.

Backport of 04e87e79a0bd2b1b9fdc30f884a637a3268733f0 from master
 2020-08-24 11:38:57 +02:00
Kaustubh
5d55b878cf [3.1.x] Fixed #31925 -- Fixed typo in docs/releases/3.0.txt. 
Backport of 3e753d3de33469493b1f0947a2e0152c4000ed40 from master
 2020-08-21 09:48:30 +02:00
Ninad Kulkarni
8fb24a5130 [3.1.x] Fixed #31906 -- Fixed typo in docs/ref/forms/fields.txt. 
Backport of 927bd888ddea8bf37aec5515a7367fe8aeb3d1b4 from master
 2020-08-21 09:43:51 +02:00
Juan Pedro Fisanotti
af190bf263 [3.1.x] Improved wording in async views docs. 
Backport of 41725602afebe2ddb018b99afe134384cc3bf69e from master
 2020-08-20 09:08:19 +02:00
Enderson Menezes
26ccc7701d [3.1.x] Fixed #31909 -- Fixed typo in docs/ref/contrib/admin/index.txt. 
Backport of 67e4a9a4b9a40609fecc14f1604929ff2259a15a from master
 2020-08-20 07:51:20 +02:00
Mariusz Felisiak
7eaa2776e1 [3.1.x] Fixed #31895 -- Fixed crash when decoding invalid session data. 
Thanks Matt Hegarty for the report.
Regression in d4fff711d4c97356bd6ba1273d2a5e349326eb5f.
Backport of 4376c2c7f8cd9c7604a7d053b3c4022dd5ac2795 from master
 2020-08-19 12:06:55 +02:00
David Smith
b2fc5292b2 [3.1.x] Fixed #27679 -- Doc'd that empty formsets display extra + min_num forms. 
Backport of e2e34f4de3b90f3820ee11d49cc369ef573bc2ef from master
 2020-08-18 22:59:16 +02:00
Mariusz Felisiak
6eb0f4f70d [3.1.x] Refs #17642 -- Doc'd min_num and validate_min arguments in modelformset_factory() docs. 
Changed arguments ordering to match the modelformset_factory()
signature.

Backport of 13704b057d3c77d9442a150f79d8fad34bcdb995 from master.
 2020-08-18 09:33:49 +02:00
Jon Dufresne
c5a804207d [3.1.x] Fixed #31892 -- Added backward incompatibility note about Media <script> tags changes. 
Refs 31080.

Backport of dd5173ca1b3e65f8664ad90b81cba032826991dc from master
 2020-08-17 10:51:44 +02:00
Mariusz Felisiak
18e87ac85f [3.1.x] Refs #31863 -- Added release notes for 94ea79be137f3cb30949bf82198e96e094f2650d. 
Backport of 21768a99f47ee73a2f93405151550ef7c3d9c8a2 from master
 2020-08-13 16:30:37 +02:00
Adam Johnson
9ae40d8137 [3.1.x] Fixes #31877 -- Used lazy() for TemplateView kwarg deprecation warning. 
SimpleLazyObjects cause a crash when filtering.

Thanks Tim L. White for the report.
Regression in 4ed534758cb6a11df9f49baddecca5a6cdda9311.

Backport of 20799cc0a6d98816b9ef0577e24691bd26b80d7d from master
 2020-08-13 13:13:25 +02:00
Daniel Hillier
f139372491 [3.1.x] Fixed #31866 -- Fixed locking proxy models in QuerySet.select_for_update(of=()). 
Backport of 60626162f76f26d32a38d18151700cb041201fb3 from master
 2020-08-11 12:30:31 +02:00
Carlton Gibson
02b474f2a4 [3.1.x] Fixed #31865 -- Adjusted admin nav sidebar template to reduce debug logging. 
Thanks to Mariusz Felisiak for review.

Backport of 0aeb802cf054cb369646c871b53c93a83c1fa58a from master
 2020-08-11 11:43:22 +02:00
Mariusz Felisiak
daf4f70eae [3.1.x] Added stub release notes for 2.2.16 and 3.0.10. 
Backport of 8a5683b6b2aede38edcff070686ed1fce470dec5 from master
 2020-08-11 11:12:51 +02:00
Roy Zheng
02572bfc59 [3.1.x] Added note about password updates on argon2 attributes change. 
Backport of 804f2b70244d435c63f7f7c6312a829bc41b2ca4 from master
 2020-08-11 08:20:56 +02:00
Uri
cdfdbb3411 [3.1.x] Refs #31864 -- Doc'd that DEFAULT_HASHING_ALGORITHM requires 3.1.1+ in release notes. 
Backport of b2b0711b555fa292751763c2df4fe577c396f265 from master
 2020-08-08 17:33:43 +02:00
Mariusz Felisiak
c21bbe0883 [3.1.x] Fixed #31864 -- Fixed encoding session data during transition to Django 3.1. 
Thanks אורי for the report.
Backport of 99abfe8f4d3caebcd73548f5bf9e4755bdfed318 from master
 2020-08-07 21:43:46 +02:00
Adam Alton
1e3d8bd3a1 [3.1.x] Removed unnecessary sentence in QuerySet docs. 
Backport of 6e9c5ee88fc948e05b4a7d9f82a8861ed2b0343d from master
 2020-08-07 08:06:21 +02:00
Thomas
81ed126dff [3.1.x] Fixed typo in docs/ref/contrib/postgres/fields.txt. 
Backport of cdead4f013bc4d8f87fd714e91d5e1fcf419180f from master
 2020-08-07 07:57:21 +02:00
Phil Jones
20ec568e46 [3.1.x] Added Hypercorn to ASGI deployment guide. 
Backport of 1bd1264f2eafcef596960535a063c5be9ea5d433 from master
 2020-08-05 12:15:12 +02:00
David Smith
b81cdaf20d [3.1.x] Fixed #29336 -- Doc'd circular template inheritance 
Backport of 2c2f4b37997daf84834547c8abd146cd6e9eac13 from master
 2020-08-05 11:37:27 +02:00
Mariusz Felisiak
1c3d3294c1 [3.1.x] Fixed #31854 -- Fixed wrapping of long model names in admin's sidebar. 
Backport of e70dc506d76083e443a37bac5058151823802e29 from master
 2020-08-05 10:55:11 +02:00
007gzs
ff8e6e83a9 [3.1.x] Fixed #31853 -- Fixed wrapping of translated action labels in admin sidebar. 
Backport of b0af56f639179ac5a70253b07ead8b768c4ef4a9 from master
 2020-08-05 10:27:17 +02:00
Mariusz Felisiak
42e31d4922 [3.1.x] Added stub release notes for 3.1.1. 
Backport of 6c1923029748de4a0f443260751a93c1e0ea10fa from master
 2020-08-04 10:42:58 +02:00
Mariusz Felisiak
34b6622ff9 [3.1.x] Finalized release notes for Django 3.1. 
Backport of df37c2ec761f0032f508af38ce03dee7f4f3f149 from master
 2020-08-04 09:50:21 +02:00
Mariusz Felisiak
9857352655 [3.1.x] Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting. 
It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.

Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review.

Backport of d907371ef99a1e4ca6bc1660f57d81f265750984 from master.
 2020-08-04 09:39:29 +02:00
Mariusz Felisiak
acb7866b1f [3.1.x] Moved note about features deprecated in Django 3.1 above their descriptions. 
Backport of bce4a53670668d6fd1e34685197151c17fd1b378 from master
 2020-08-03 20:51:43 +02:00
Mariusz Felisiak
bdad2adb26 [3.1.x] Added release date for 2.2.15 and 3.0.9. 
Backport of b68b8cb89abb35ff2152175ea540619ec384b1f4 from master
 2020-08-03 08:56:15 +02:00
Mariusz Felisiak
b84b1921da [3.1.x] Refs #27468 -- Added tests and release notes for signing.dumps()/loads() changes. 
Follow up to 71c4fb7beb8e3293243140e4bd74e53989196440.

Backport of 1d6fdca557e674b9a789b51caadca8985e588492 from master
 2020-07-31 22:07:34 +02:00
Mariusz Felisiak
0e02560535 [3.1.x] Corrected signing.dumps()/loads() signatures in docs. 
Backport of 8703680ebee47bfa9e912a30a0509798500bf42a from master
 2020-07-31 11:33:50 +02:00
Andrzej Bartosiński
df8696c0b7 [3.1.x] Corrected admin.register() signature in docs. 
Backport of eb215da363e6cf0e8f3405db3c4392398c8777cb from master
 2020-07-29 12:54:26 +02:00
Claude Paroz
06474e929f [3.1.x] Refs #30165 -- Removed leftover 'u' prefix. 
Backport of bac5777bff8e8d8189193438b5af52f158a3f2a4 from master
 2020-07-29 10:20:08 +02:00
sage
23ce3d8491 [3.1.x] Fixed #31829 -- Used JSONField __contains lookup on key transforms. 
Backport of 2d8dcba03aae200aaa103ec1e69f0a0038ec2f85 from master
 2020-07-28 20:53:11 +02:00
Mariusz Felisiak
247bcef6b4 [3.1.x] Fixed #31836 -- Dropped support for JSONField __contains and __contained_by lookups on SQLite. 
The current implementation works only for basic examples without
supporting nested structures and doesn't follow "the general principle
that the contained object must match the containing object as to
structure and data contents, possibly after discarding some
non-matching array elements or object key/value pairs from the
containing object".

Backport of ba691933cee375195c9c50f333dd4b2a3abbb726 from master.
 2020-07-28 13:08:19 +02:00
Mariusz Felisiak
028a5f86f2 [3.1.x] Fixed #31835 -- Dropped support for JSONField __contains lookup on Oracle. 
The current implementation works only for basic examples without
supporting nested structures and doesn't follow "the general principle
that the contained object must match the containing object as to
structure and data contents, possibly after discarding some
non-matching array elements or object key/value pairs from the
containing object".
Backport of 02447fb133b53ec7d0ff068cc08f06fdf8817ef7 from master
 2020-07-28 11:54:35 +02:00
Harpreet Sharma
3116444559 [3.1.x] Fixed #31821 -- Removed outdated note in FILE_UPLOAD_PERMISSIONS docs. 
Follow up to 22aab8662f0368b63f91f2526bdd0532524bc0fe

Backport of 248d03fbe932b0844c628e56dafba334f9e028e4 from master
 2020-07-23 21:00:45 +02:00
LincolnPuzey
bc75442ebf [3.1.x] Fixed #31816 -- Corrected the expected content type in StreamingHttpResponse docs. 
Backport of d75436109694c286d9af48ae94ca39759d080214 from master
 2020-07-23 13:13:17 +02:00