1
0
mirror of https://github.com/django/django.git synced 2024-12-28 20:16:19 +00:00
Commit Graph

12736 Commits

Author SHA1 Message Date
Panagiotis H.M. Issaris
ce69dba000 [4.2.x] Fixed #34363 -- Fixed floatformat crash on zero with trailing zeros.
Regression in 08c5a78726.
Follow up to 4b066bde69.
Backport of dcd9746983 from main
2023-02-22 20:49:04 +01:00
Laurens Verhoeven
bb94e1b7db [4.2.x] Fixed #34349 -- Fixed FormSet.empty_form crash when deleting extra forms is disabled.
Backport of 6cbc403b8e from main
2023-02-20 09:33:19 +01:00
Simon Charette
aab25a69dd [4.2.x] Fixed #34346 -- Ordered selected expressions by position.
Used the same approach as for #34176 by using selected expressions
position to prevent ambiguous aliases in collisions.

Thanks henribru for the report.

Regression in 04518e310d.

Backport of 278881e376 from main
2023-02-20 06:22:18 +01:00
Simon Charette
312d0f88b4 [4.2.x] Refs #33308 -- Added tests for queryset ordered by annotation with nulls_first/nulls_last.
Backport of a6511bc233 from main
2023-02-18 16:29:04 +01:00
Stefan Brand
efcc0f25a7 [4.2.x] Fixed #34302 -- Fixed SpatialReference.srid for objects without top-level authority.
Backport of eacf6b73d8 from main
2023-02-17 19:57:41 +01:00
Stefan Brand
341f33ed15 [4.2.x] Refs #34302 -- Fixed SpatialReference.auth_name()/auth_code() when target is None.
force_bytes() turns None into the byte string b"None". Since
ctypes.c_char_p() also accepts None, we can bypass force_bytes() if
target is None.

Backport of d77762de03 from main
2023-02-17 19:57:34 +01:00
Alexandre Spaeth
610cd06c3f [4.2.x] Fixed #34342, Refs #33735 -- Fixed test client handling of async streaming responses.
Bug in 0bd2c0c901.

Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>

Backport of 52b054824e from main
2023-02-17 11:48:59 +01:00
Alexandre Spaeth
1ecbc04624 [4.2.x] Refs #34342 -- Added tests for handling sync streaming responses by test client.
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>

Backport of bfb8fda3e6 from main
2023-02-17 11:48:53 +01:00
nabil-rady
3b09f35558 [4.2.x] Fixed #34320 -- Make sure constraints names are obtained from truncated columns names.
Backport of 6bdc3c58b6 from main
2023-02-15 16:52:31 +01:00
DevilsAutumn
5cde08f702 [4.2.x] Fixed #34250 -- Fixed renaming model with m2m relation to a model with the same name.
Backport of ff3a283422 from main
2023-02-14 14:33:45 +01:00
Markus Holtermann
7ac5ff37b8 [4.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.
Thanks to Jakob Ackermann for the report.
2023-02-14 08:21:18 +01:00
sarahboyce
5510a12c90 [4.2.x] Fixed #34316 -- Fixed layout of admin password change forms and help texts.
Regression in 96a598356a.

Backport of e678046681 from main
2023-02-13 11:52:09 +01:00
Dhanush
a0623b117c [4.2.x] Fixed #32813 -- Made runserver display port after binding.
Thanks Florian Apolloner for the review.

Backport of a18d20ca97 from main
2023-02-10 09:55:35 +01:00
Mariusz Felisiak
836ae73a89 [4.2.x] Fixed #34319 -- Fixed Model.validate_constraints() crash on ValidationError with no code.
Thanks Mateusz Kurowski for the report.

Regression in 667105877e.
Backport of 2fd755b361 from main
2023-02-08 16:39:53 +01:00
Bakdolot
1f193f7f56 [4.2.x] Fixed #34315 -- Preserved admin changelist filters on "Close" button.
Backport of 325c44ac6c from main
2023-02-08 10:21:40 +01:00
Nils VAN ZUIJLEN
e8a39da396 [4.2.x] Fixed #34285 -- Fixed index/slice lookups on filtered aggregates with ArrayField.
Thanks Simon Charette for the review.

Backport of ae1fe72e9b from main
2023-02-07 14:06:08 +01:00
Jacob Walls
714d59d57f [4.2.x] Fixed #33638 -- Fixed GIS lookups crash with geography fields on PostGIS.
Backport of 4403432b75 from main
2023-02-07 12:24:24 +01:00
Frederic Mheir
d70b2a88e8 [4.2.x] Fixed #34301 -- Made admin's submit_row check add permission for "Save as new" button.
Backport of 2878938626 from main
2023-02-07 07:31:51 +01:00
Mariusz Felisiak
9a1848f48c
[4.2.x] Increased the default PBKDF2 iterations for Django 4.2.
See https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2.

Thanks Markus Holtermann for the report.
2023-02-04 13:36:06 +01:00
Adam Johnson
beaa5f31e1 [4.2.x] Fixed #34259 -- Passed called_from_command_line to command subparsers.
Backport of 017fa23d3b from main
2023-02-03 07:54:15 +01:00
skidipap
db0e10c037 [4.2.x] Fixed #34286 -- Fixed admindocs markups for case-sensitive template/view names.
Backport of 1250483ebf from main
2023-02-02 14:48:10 +01:00
David Smith
80aae83439 [4.2.x] Refs #33476 -- Applied Black's 2023 stable style.
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.

https://github.com/psf/black/releases/tag/23.1.0

Backport of 097e3a70c1 from main
2023-02-01 11:37:29 +01:00
Nick Pope
8a7b22d4a6 [4.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language.
The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.

Accept-Language headers are now limited to a maximum length in order
to avoid this issue.
2023-02-01 09:45:07 +01:00
sag᠎e
5e0be0873c [4.2.x] Fixed #34304 -- Made MySQL's SchemaEditor.remove_constraint() don't create foreign key index when unique constraint is ignored.
Regression in b731e88415.
Backport of 110b3b8356 from main
2023-01-31 11:52:44 +01:00
Stanislav Volyk
7217c11eba [4.2.x] Fixed #34283 -- Escaped title in admin's changelist filters.
Regression in 27aa7035f5.

Backport of 20a0850099 from main
2023-01-30 11:58:06 +01:00
Sarah Boyce
4bf3d6dec2 [4.2.x] Fixed #28054 -- Made runserver not return response body for HEAD requests.
Co-authored-by: jannschu <jannik.schuerg@posteo.de>
Backport of 8acc433e41 from main
2023-01-27 21:50:40 +01:00
Raj Desai
f210ad1b98 [4.2.x] Fixed #34254 -- Fixed return value of Exists() with empty queryset.
Thanks Simon Charette for reviews.

Backport of 246eb4836a from main
2023-01-26 20:25:18 +01:00
Mariusz Felisiak
719a14badc [4.2.x] Fixed #34291 -- Fixed Meta.constraints validation crash on UniqueConstraint with ordered expressions.
Thanks Dan F for the report.

Bug in 667105877e.
Backport of 2b1242abb3 from main
2023-01-26 09:32:14 +01:00
朱穆穆
f23a85337a [4.2.x] Fixed #34227 -- Fixed QuerySet.select_related() with multi-level FilteredRelation.
Backport of d3c93cdc59 from main
2023-01-24 10:52:01 +01:00
Matt Westcott
b332a96cd7 [4.2.x] Fixed #34192 -- Preserved callable storage when it returns default_storage.
Backport of ef85b6bf0b from main
2023-01-23 11:14:57 +01:00
Francesco Panico
84927e110e [4.2.x] Fixed #34267 -- Fixed sliced QuerySet.union() crash.
Regression in 3d734c09ff.

Thanks Raphaël Stefanini for the report.

Backport of cc8aa6bf9c from main
2023-01-20 09:25:26 +01:00
David Wobrock
3b6f307344 [4.2.x] Fixed #34272 -- Fixed floatformat crash on zero with trailing zeros to zero decimal places.
Regression in 08c5a78726.

Thanks Andrii Lahuta for the report.

Backport of 4b066bde69 from main
2023-01-19 10:47:52 +01:00
Mariusz Felisiak
0e2649fdf4 Fixed #34255 -- Made PostgreSQL backend use client-side parameters binding with psycopg version 3.
Thanks Guillaume Andreu Sabater for the report.

Co-authored-by: Florian Apolloner <apollo13@users.noreply.github.com>
2023-01-17 08:24:08 +01:00
Mariusz Felisiak
c8a76059ff Refs #34255 -- Bumped required psycopg version to 3.1.8. 2023-01-17 08:24:08 +01:00
sarahboyce
05bcd5baaf Refs #30129 -- Added test for create() with F() expression in Subquery.
Fixed in 3543129822.
2023-01-16 08:26:34 +01:00
Leo
5da5f3773e Fixed #34234 -- Dropped support for PROJ 4. 2023-01-13 12:31:41 +01:00
Mariusz Felisiak
c2118d72d6
Fixed #34240 -- Preserved headers of requests made with django.test.Client in assertRedirects().
Bug in 67da22f08e.
2023-01-13 11:30:27 +01:00
Jarosław Wygoda
32940d390a Refs #26029 -- Deprecated DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings. 2023-01-12 09:58:36 +01:00
Jarosław Wygoda
1ec3f0961f Fixed #26029 -- Allowed configuring custom file storage backends. 2023-01-12 06:20:57 +01:00
Mariusz Felisiak
d02a9f0cee
Fixed thread termination in servers.tests.LiveServerPort on Python 3.10.9+, 3.11.1+, and 3.12+.
Class cleanups registered in TestCase subclasses are no longer called
as TestCase.doClassCleanups() only cleans up the particular class, see

c2102136be
2023-01-12 06:04:10 +01:00
Mariusz Felisiak
829f4d1448
Refs #31546, Refs #34118 -- Corrected CommandTests.test_requires_system_checks_specific().
System checks are never called without skip_checks=False. Moreover,
called_once_with() is not a proper assertion and raise AttributeError
on Python 3.12.
2023-01-11 05:36:40 +01:00
Mariusz Felisiak
552384fa97
Refs #31014 -- Added FromWKB and FromWKT GIS database functions.
Co-authored-by: Ondřej Böhm <ondrej.bohm@firma.seznam.cz>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Sergey Fedoseev <fedoseev.sergey@gmail.com>
2023-01-10 11:51:09 +01:00
Francesco Panico
72efd840a8 Fixed #34110 -- Added in-memory file storage.
Thanks Paolo Melchiorre, Carlton Gibson, and Mariusz Felisiak for
reviews.
2023-01-10 10:56:59 +01:00
Simon Charette
dd68af62b2 Fixed #34176 -- Fixed grouping by ambiguous aliases.
Regression in b7b28c7c18.

Refs #31377.

Thanks Shai Berger for the report and reviews.

test_aggregation_subquery_annotation_values_collision() has been
updated as queries that are explicitly grouped by a subquery should
always be grouped by it and not its outer columns even if its alias
collides with referenced table columns. This was not possible to
accomplish at the time 10866a10 landed because we didn't have compiler
level handling of colliding aliases.
2023-01-09 10:52:51 +01:00
Tim Graham
016bead6a2
Renamed 'requests' test package.
This avoids a collision when third-party database backends depend on the
Requests HTTP library.
2023-01-07 11:41:40 +01:00
Nick Pope
b47f2f5b90 Fixed #33865 -- Optimized LimitedStream wrapper.
The current implementation of LimitedStream is slow because .read()
performs an extra copy into a buffer and .readline() performs two
extra copies. The stream being wrapped is already typically a BytesIO
object so this is unnecessary.

This implementation has largely been untouched for 12 years and,
inspired by a simpler implementation in werkzeug, it was possible to
achieve the following performance improvement:

LimitedStream.read() (single line):
  Mean +- std dev: [bench_limitedstream-main] 286 ns +- 6 ns
  -> [bench_limitedstream-patch] 227 ns +- 6 ns: 1.26x faster
LimitedStream.readline() (single line):
  Mean +- std dev: [bench_limitedstream-main] 507 ns +- 11 ns
  -> [bench_limitedstream-patch] 232 ns +- 8 ns: 2.18x faster
LimitedStream.read(8192) (single line):
  Mean +- std dev: [bench_limitedstream-main] 360 ns +- 8 ns
  -> [bench_limitedstream-patch] 297 ns +- 6 ns: 1.21x faster
LimitedStream.readline(8192) (single line):
  Mean +- std dev: [bench_limitedstream-main] 602 ns +- 10 ns
  -> [bench_limitedstream-patch] 305 ns +- 10 ns: 1.98x faster
LimitedStream.read() (multiple lines):
  Mean +- std dev: [bench_limitedstream-main] 290 ns +- 5 ns
  -> [bench_limitedstream-patch] 236 ns +- 6 ns: 1.23x faster
LimitedStream.readline() (multiple lines):
  Mean +- std dev: [bench_limitedstream-main] 517 ns +- 19 ns
  -> [bench_limitedstream-patch] 239 ns +- 7 ns: 2.16x faster
LimitedStream.read(8192) (multiple lines):
  Mean +- std dev: [bench_limitedstream-main] 363 ns +- 8 ns
  -> [bench_limitedstream-patch] 311 ns +- 11 ns: 1.17x faster
LimitedStream.readline(8192) (multiple lines):
  Mean +- std dev: [bench_limitedstream-main] 601 ns +- 12 ns
  -> [bench_limitedstream-patch] 308 ns +- 7 ns: 1.95x faster

Geometric mean: 1.59x faster
2023-01-05 19:26:56 +01:00
Nick Pope
57f5669d23 Refs #33865 -- Improved implementation of FakePayload.
FakePayload is a wrapper around io.BytesIO and is expected to
masquerade as though it is a file-like object. For that reason it makes
sense that it should inherit the correct signatures from io.BytesIO
methods.

Crucially an implementation of .readline() is added which will be
necessary for this to behave more like the expected file-like objects as
LimitedStream will be changed to defer to the wrapped stream object
rather than rolling its own implementation for improved performance.

It should be safe to adjust these signatures because FakePayload is
only used internally within test client helpers, is undocumented, and
thus private.
2023-01-05 19:25:25 +01:00
Nick Pope
95182a8593 Refs #33865 -- Corrected signature of ExplodingBytesIO.read().
These subclasses of io.BytesIO should inherit the correct signature.
2023-01-05 19:17:56 +01:00
Nick Pope
7a1543d9f6 Refs #33865 -- Made RequestsTests.test_set_encoding_clears_GET use FakePayload.
The input stream, wsgi.input, must be a file-like object. The existing
implementation of LimitedStream was lax and allowed an empty string to
be passed incorrectly.

See https://wsgi.readthedocs.io/en/latest/definitions.html#envvar-wsgi.input
2023-01-05 19:16:49 +01:00
Mariusz Felisiak
63d1cb0092
Refs #32355 -- Bumped minimum supported versions of 3rd-party packages.
This bumps minimum supported versions of 3rd-party packages to the first
releases to support Python 3.8.
2023-01-05 18:09:33 +01:00