mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-04-12 03:22:21 +00:00
Code Issues 32 Releases Wiki Activity
26,758 Commits 29 Branches 441 Tags
Commit Graph

11087 Commits

Author SHA1 Message Date
Mariusz Felisiak
4f5b58f5cd [2.2.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection. 
Thanks to Sage M. Abdullah for the report and initial patch.
Thanks Florian Apolloner for reviews.
 2019-07-29 11:06:54 +02:00
Florian Apolloner
e34f3c0e9e [2.2.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities. 
Thanks to Guido Vranken for initial report.
 2019-07-29 11:06:54 +02:00
Florian Apolloner
c3289717c6 [2.2.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML. 
Thanks to Guido Vranken for initial report.
 2019-07-29 11:00:01 +02:00
daniel a rios
f9462f4c82 [2.2.x] Fixed #30656 -- Added QuerySet.bulk_update() to the database optimization docs. 
Backport of 68aeb9016084290aac4f82860e17a9f4e941676e from master
 2019-07-29 10:10:00 +02:00
daniel a rios
b4139ed6ea [2.2.x] Refs #30656 -- Reorganized bulk methods in the database optimization docs. 
Backport of fe33fdc049df75f9dd8e2eecc8c94aefc0132cb8 from master
 2019-07-29 10:09:53 +02:00
Carlton Gibson
ea57c8a345 [2.2.x] Added stub release notes for security releases. 
Backport of f13147c8de725eed7038941758469aeb9bd66503 from master
 2019-07-25 10:50:18 +02:00
Tom Forbes
4d6449e125 [2.2.x] Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved. 
Backport of fc75694257b5bceab82713f84fe5a1b23d641c3f from master.
 2019-07-24 14:38:24 +02:00
terminator14
61d4a15989 [2.2.x] Fixed typo in docs/topics/http/sessions.txt. 
Backport of 8323691de0ba120dbdc8055063574df2b0c0afa4 from master
 2019-07-23 15:11:54 +02:00
Tom Forbes
2d2859bec2 [2.2.x] Fixed #30506 -- Fixed crash of autoreloader when path contains null characters. 
Backport of 2ff517ccb6116c1be6338e6bdcf08a313defc5c7 from master.
 2019-07-23 10:41:50 +02:00
Mariusz Felisiak
506f800ead [2.2.x] Refs #30083 -- Added a warning about performing queries in pre/post_init receivers. 
Thanks Carlton Gibson the review.

Backport of fc1182af01c391ce33d7fcf51c756829c6a11d5b from master
 2019-07-19 16:07:29 +02:00
Mariusz Felisiak
fa3ae446d9 [2.2.x] Refs #30083 -- Clarified database state of instances in signals.pre_init docs. 
Backport of a2e1c17f193f5017e1f6fac7d860f1f9e34d7892 from master
 2019-07-19 16:07:21 +02:00
Davit Gachechiladze
de2635fb4e [2.2.x] Fixed #30648 -- Removed unnecessary overriding get_context_data() from mixins with CBVs docs. 
Backport of 7f612eda80db1c1c8e502aced54c2062080eae46 from master
 2019-07-18 19:47:53 +02:00
Mariusz Felisiak
0088e59292 [2.2.x] Refs #30547 -- Clarified that partial UniqueConstraints don't affect model validation. 
Backport of 230d75f59c43b9731465c4ec92ad714e301637b8 from master
 2019-07-18 12:56:52 +02:00
Mariusz Felisiak
4814db40c1 [2.2.x] Fixed heading level typo in docs/ref/contrib/postgres/fields.txt. 
Backport of ad4e83a6d1c0a212fae751a3125dff6e28b2390a from master
 2019-07-16 15:08:40 +02:00
Frank Wiles
d58cde7444 [2.2.x] Updated WSGI servers ordering according to the more commonly used. 
Backport of fa65b90a96f27dced8cfa89126d28186b4c80fbf from master
 2019-07-16 14:44:29 +02:00
Frank Wiles
de19a600f0 [2.2.x] Fixed explanation of how to automatically create tables in database. 
Backport of c1b94e32fb3df25d72b5e9973da7928dddbc3a2e from master
 2019-07-15 15:24:44 +02:00
Hasan Ramezani
a39365c48e [2.2.x] Doc'd --no-input option for createsuperuser. 
Backport of 8dd5877f58f84f2b11126afbd0813e24545919ed from master
 2019-07-11 10:26:16 +02:00
Mariusz Felisiak
1088a9777d [2.2.x] Fixed #30621 -- Fixed crash of __contains lookup for Date/DateTimeRangeField when the right hand side is the same type. 
Thanks Tilman Koschnick for the report and initial patch.
Thanks Carlton Gibson for the review.

Regression in 6b048b364ca1e0e56a0d3815bf2be33ac9998355.
Backport of 7991111af12056ec9a856f35935d273526338c1f from master
 2019-07-10 10:34:49 +02:00
Simon Charette
9dee8515d6 [2.2.x] Fixed #30628 -- Adjusted expression identity to differentiate bound fields. 
Expressions referring to different bound fields should not be
considered equal.

Thanks Julien Enselme for the detailed report.

Regression in bc7e288ca9554ac1a0a19941302dea19df1acd21.

Backport of ee6e93ec8727d0f5ed33190a3c354867669ed72f from master
 2019-07-10 08:04:45 +02:00
Mariusz Felisiak
8f0b9e7f9a [2.2.x] Fixed typos in docs/ref/django-admin.txt. 
Backport of 24e8f7f7d3063a3bbfe14774080bc89035b4a3e2 from master
 2019-07-09 13:39:35 +02:00
Mariusz Felisiak
b593c39d7f [2.2.x] Added stub release notes for 2.2.4. 
Backport of 08e69cad9ccb18738b66388b0d0ee4660470710e from master
 2019-07-09 07:45:27 +02:00
sp1rs
0ea952e3d6 [2.2.x] Fixed #30600 -- Clarified that ValueError raised by converter.to_python() means no match. 
Backport of f197c3dd9130b18397022605c27ffe5755f329d7 from master
 2019-07-04 13:36:10 +02:00
swatantra
7d52d056e3 [2.2.x] Fixed #28667 -- Clarified how to override list of forms fields for custom UserAdmin with a custom user model. 
Backport of c13e3715f5f46f2ee4ddba357e2589a45e831813 from master
 2019-07-04 08:22:56 +02:00
Carlton Gibson
b6d8957356 [2.2.x] Fixed #28588 -- Doc'd User.has_perm() & co. behavior for active superusers. 
Equivalent note for PermissionsMixin was added in d33864ed138f65070049a3ac20ee98e03a1442b9.
Backport of 4b32d039dbb59b3c3e76587df5c58150e752d9ac from master
 2019-07-02 11:21:46 +02:00
aitoehigie
b9d1bb6955 [2.2.x] Fixed #30589 -- Clarified that urlize should be applied only to email addresses without single quotes. 
Backport of c2f381ef17058e5cfea58ae507983d2e459a2888 from master
 2019-07-01 12:03:56 +02:00
Mariusz Felisiak
2b533ae60e [2.2.x] Added CVE-2019-12781 to the security release archive. 
Backport of 868cd56f058ca203419ad0886353173b74c3bcf1 from master
 2019-07-01 10:21:16 +02:00
Mariusz Felisiak
93e719efdb [2.2.x] Updated man page for Django 2.2. 2019-07-01 07:54:32 +02:00
Mariusz Felisiak
4f2713ff0e [2.2.x] Added release date for 2.2.3. 
Backport of fc41401f33045d2015dd92e735a13e5ee4af3afd from master
 2019-07-01 07:51:53 +02:00
Carlton Gibson
77706a3e47 [2.2.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.

Backport of 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 from master
 2019-07-01 07:50:48 +02:00
Mariusz Felisiak
db9f7b44fc [2.2.x] Added stub release notes for security releases. 
Backport of 30b3ee9d0b33bb440f9c73d1ce9e0e7303887a9f from master
 2019-07-01 07:03:03 +02:00
Claude Paroz
b3f7262e6e [2.2.x] Updated translations from Transifex 2019-06-29 16:15:53 +02:00
Tom Forbes
bdc1de2199 [2.2.x] Fixed #30588 -- Fixed crash of autoreloader when __main__ module doesn't have __file__ attribute. 
Backport of 8454f6dea49dddb821bfcb7569ea222bb487dfd1 from master
 2019-06-26 06:44:57 +02:00
Meysam
04965bf92d [2.2.x] Fixed typo in docs/topics/db/models.txt. 
Backport of 833878411c35e1d47abfb77c23863a9dc9bb6d27 from master
 2019-06-24 09:05:15 +02:00
Alexey Opalev
f3b036593f [2.2.x] Fixed typo in docs/ref/models/indexes.txt. 
Backport of 2f91e7832fd2e51dfb75f6027b673a943e736ef0 from master
 2019-06-24 09:01:12 +02:00
Claude Paroz
3b2701e4f2 [2.2.x] Removed unneeded non-breaking spaces added in 00169bc36 
Backport of 8590726a5dd3087d40b549580703cd8c74f3d7b1 from master.
 2019-06-22 10:28:26 +02:00
Jon Dufresne
e6b2471ce7 [2.2.x] Fixed typos in 1.11.19, 2.0.11, 2.1.6 release notes. 
Backport of 2ef6f209f79b0bd27d53405f0d46bb9ab82b2a52 from master
 2019-06-21 07:10:32 +02:00
Chris Jerdonek
d200069b15 [2.2.x] Refs #30565 -- Doc'd HttpResponse.close() method. 
Backport of 533311782fd0c974208490ec9d11da3bbe179dea from master
 2019-06-20 11:49:52 +02:00
Swat009
c3a0f76d11 [2.2.x] Fixed #30547 -- Doc'd how Meta.constraints affect model validation. 
Backport of 00169bc36156d4a32546229bf39de91213709eaf from master
 2019-06-20 10:45:20 +02:00
Hasan Ramezani
c3a9d3050c [2.2.x] Fixed typos in signals and custom management commands docs. 
Backport of a7038adbd02c916315b16939b835f021c2ee8880 from master
 2019-06-19 08:41:51 +02:00
Hasan Ramezani
1ce04289f1 [2.2.x] Fixed typos and example in signals.pre_init docs. 
Backport of 036362e0cfe74e4ab8a65b99eb2aa9c35371fc04 from master
 2019-06-18 15:09:07 +02:00
Joachim Jablon
26c1214364 [2.2.x] Fixed an example of email with display name in EmailMessage.from_email. 
Backport of 0c2ffdd526ff0f0015628821c77fbee15960eaef from master
 2019-06-13 18:00:28 +02:00
Jon Dufresne
13e6040fd4 [2.2.x] Fixed intword example in docs/ref/contrib/humanize.txt. 
Backport of 175656e166712db019a4704c4031510b9fd6b00a from master
 2019-06-11 22:12:24 +02:00
Vyacheslav Ver
36766e1a28 [2.2.x] Fixed #30486 -- Fixed the default value of Aggregate.distinct and updated example of custom aggregate functions. 
Backport of 76b3fc5c8d8dffb441aaa08f75833888be2107af from master
 2019-06-11 12:02:02 +02:00
Mykola Nicholas
d5d22e1090 [2.2.x] Changed charset and collation link to MySQL docs. 
Backport of f3a03d5b61bbf6a47c9aaf8113cff5b1befbcbc5 from master
 2019-06-11 11:17:23 +02:00
Mariusz Felisiak
430f7e9dac [2.2.x] Removed redundant object descriptions to prevent warnings with Sphinx 2.1.0. 
Backport of 5ab75adb900ca3fce50e65e60b11f2eb3ce9fd25 from master
 2019-06-10 16:57:50 +02:00
swatantra
6dca336167 [2.2.x] Fixed #30553 -- Clarified the default value of disable_existing_loggers. 
Backport of 03cd3d137e2c29484b020b9768a4741f1096be97 from master
 2019-06-10 15:18:40 +02:00
Étienne Beaulé
4e6f0024f1 [2.2.x] Fixed #30542 -- Fixed crash of numerical aggregations with filter. 
Filters in annotations crashed when used with numerical-type
aggregations (i.e. Avg, StdDev, and Variance). This was caused as the
source expressions no not necessarily have an output_field (such as the
filter field), which lead to an AttributeError: 'WhereNode' object has
no attribute output_field.

Thanks to Chuan-Zheng Lee for the report.

Regression in c690afb873cac8035a3cb3be7c597a5ff0e4b261 and two following
commits.

Backport of 4b6dfe16226a81fea464ac5f77942f4d6ba266e8 from master.
 2019-06-05 09:15:21 +02:00
Mariusz Felisiak
ca3f86288a [2.2.x] Added stub release notes for 2.2.3. 
Backport of 1f81e2df69c0f62f9bd85bca5b3876a2d8229fde from master
 2019-06-05 06:58:53 +02:00
Caio Ariede
d6d65c1e87 [2.2.x] Fixed #30505 -- Doc'd how changes in the order of Field.choices affect migrations. 
Backport of 5248abe9b0425c1fc989c60a55860cdb4d135bcf from master
 2019-06-04 14:57:08 +02:00
Nick Pope
ed3dc5119b [2.2.x] Added CVE-2019-12308 to the security release archive. 
Backport of 21b1d239125f1228e579b1ce8d94d4d5feadd2a6 from master
 2019-06-03 21:45:58 +02:00