Thanks Benjamin Bach for the report and initial patch.
This is a security fix; disclosure to follow shortly.
Backport of 8b93b31487d6d3b0fcbbd0498991ea0db9088054 from master
Correctly calculate the ``aggregate_start`` offset from loaded fields,
if any are deferred, instead of ``self.query.select`` which includes all
fields on the model.
Backpatch of 69f7db153d8108dcef033207d49f4c80febf3d70 from master.
In queries using .defer() together with .select_related() the values
and fields arguments didn't align properly for resolve_columns().
Backpatch of 8c27247397cf16b17d0153ae059593c5a468de01 from master.
A .annotate().select_related() query resulted in misaligned rows vs
columns for compiler.resolve_columns() method.
Report & patch by Michael Manfre.
Backpatch of 83554b018ef283827c0e7459ab934d447b3419d5 from master.
Currently module level queries are executed against the real database
(specified in NAME) instead of the test database; since it is to late
to fix this for 1.6, we at least ensures stable builds. Refs #21443.
Backport of 4fcc1e4ad8d153f41132b171c231b6d5d4086c28 from master.
Our WSGIServer rewrapped the socket errors from server_bind into
WSGIServerExceptions, which is used later on to provide nicer
error messages in runserver and used by the liveserver to see if
the port is already in use. But wrapping server_bind isn't enough since
it only binds to the socket, socket.listen (which is called from
server_activate) could also raise "Address already in use".
Instead of overriding server_activate too I chose to just catch socket
errors, which seems to make more sense anyways and should be more robust
against changes in wsgiref.
Backport of 2ca00faa913754cd5860f6e1f23c8da2529c691a from master
This reverts commit 6a708cd654fe63278ea8a14b3e44da847c62ebf4.
Reverted since it only moved the failures to some other tests and it apperently
only worked by accident. Patched selenium for now to include:
https://github.com/SeleniumHQ/selenium/pull/118
which seems to be the root cause for sporadic extra requests to the live server,
which then cause all sorts of issues.
This commit is a last resort; technically the test is correct but our testsuite
has some threading issues when LiveServer is used. Since this will never get
fixed in 1.5 and apperently doesn't get triggered on 1.6 we just make sure the
test doesn't error out. I am not 100% sure why this actually fixes the issue,
but this is still better than having failing builds wheneever we do a security
release for 1.5.
(Tested on jenkins itself, should work (tm)).
No forward port to 1.6 since it has new transactionmanagement. The
wait_page_loaded should ensure that the liveserver has time to tear
down properly after the submit.
Fixed the bug that a QuerySet that prefetches related objects cannot be
pickled and unpickled more than once (The second pickling attempt
raises an exception).
Added a new test for the queryset pickling idempotency.
The bug was introduced by
bac187c0d8e829fb3ca2ca82965eabbcbcb6ddd5.
Added settings.SESSION_SERIALIZER which is the import path of a serializer
to use for sessions.
Thanks apollo13, carljm, shaib, akaariai, charettes, and dstufft for reviews.
Backport of b0ce6fe656 from master
There were a couple of regressions related to field pickling. The
regressions were introduced by QuerySet._known_related_objects caching.
The regressions aren't present in master, the fix was likely in
f403653cf146384946e5c879ad2a351768ebc226.
Fixed#20157, fixed#20257. Also made QuerySets with model=None
picklable.
A regression caused by d5b93d3281fe93cbef5de84a52 made .get() error
reporting recurse infinitely on certain rare conditions. Fixed this by
not trying to print the given lookup kwargs.
Backpatch of 266c0bb23e9d64c47ace4d162e582febd5a1e336
Handle the `UnicodeDecodeError` exception, send a warning to `stdout` with the
file name and location, and continue processing other files.
Backport of 99a6f0e77 from master.
Also don't compete with -W CLI option.
Thanks to Aymeric Augustin for the catch, and Claude Paroz for the patch.
Backport of e79b857a07905340556f781a7d63016236b21c61 from master.
This reverts commit d1e87eb3baf75b1b6a0ada46a9b77f7e347cdb60.
This commit was the cause of a memory leak. See ticket for more details.
Thanks Anssi Kääriäinen for identifying the source of the bug.
Classes overriding __eq__ need a __hash__ such that equal objects have
the same hash.
Thanks akaariai for the report and regebro for the patch.
Backport of e76147a from master.
Backport of 6b03179e126d4df01623dccc162c1579f349e41e from master.
Although we're post RC 2, I'm backporting this because it's arguably a
major bug in a new feauture that will prevent several well-known
third-party apps from being ported to Python 3.
When iteration over a queryset raised an exception, the result cache
remained initialized with an empty list, so subsequent iterations returned
an empty list instead of raising an exception
Backport of 2cd0edaa477b327024e4007c8eaf46646dcd0f21 from master.
Querying the reverse side of nullable to_field relation, where both
sides can contain null values resulted in incorrect results. The reason
was not detecting '' as NULL.
Refs #17541, backpatch of 09fcb70c804b76fccc8fc0ac545873e5ab30c00a.
The admin_widgets tests were issuing click() to the browser but
didn't wait for the effects of those clicks. This caused the resulting
request to be processed concurrently with the test case. When using
in-memory SQLite this caused weird failures.
Also added wait_page_loaded() to admin selenium tests for code
reuse.
Fixed#19856, backpatch of 50677b29af39ca670274fb45087415c883c78b04
There was a variable overwrite error in negated join filtering. This
happened when add_filter() was adding the IS NULL condition to the
WHERE clause.
This is not a backport from master as there have been some other
refactorings which made this patch irrelevant.
The patch is from Ian Kelly.
