mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2024-12-27 11:35:53 +00:00
Code Issues 30 Releases Wiki Activity
30,683 Commits 28 Branches 426 Tags 674 MiB
6f311c7e35
Commit Graph

30683 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hannes Ljungberg
6f311c7e35 Refs #33508 -- Corrected note about MySQL/MariaDB support of index ordering. 2022-04-20 17:45:23 +02:00
Carlton Gibson
6b53114dd8 Refs #33646 -- Added example for async cross-thread connection access. 2022-04-20 14:07:14 +02:00
Aymeric Augustin
5dfa6fca96 Refactored out RedirectURLMixin.get_success_url(). 
This also adds a default implementation of get_default_redirect_url().
 2022-04-20 10:04:29 +02:00
Aymeric Augustin
04bc2564b6 Simplified LogoutView.get_success_url(). 
This preserves the behavior of redirecting to the logout URL without
query string parameters when an insecure ?next=... parameter is given.

It changes the behavior of a POST to the logout URL, as shown by the
test that is changed. Currently, this results in a GET to the logout
URL. However, such GET requests are deprecated. This change would be
necessary in Django 5.0 anyway. This commit merely anticipates it.
 2022-04-20 10:04:29 +02:00
Aymeric Augustin
5fcd9b8c33 Unified LoginView/LogoutView.get_default_redirect_url() methods. 
This might change the behavior when self.next_page == "". However,
resolve_url(self.next_page) would almost certainly fail in that case.

It is technically possible to define a logout URLpattern whose name is
"": path('logout/', LogoutView.as_view(), name=''), and then to refer to
this pattern with next_page = "". However this feels like a pathological
case, so we decided not to handle it.

Most checks on next_page, LOGIN_REDIRECT_URL, and LOGOUT_REDIRECT_URL
are performed with boolean evaluation rather than comparison with None.
That's why we standardizing that way.
 2022-04-20 10:04:29 +02:00
Aymeric Augustin
5b8699e723 Renamed LogoutView.get_next_page() to get_success_url(). 
This aligns it with LoginView. Also, it removes confusion with the
get_next_page() method of paginators. get_next_page() was a private
API, therefore this refactoring is allowed.
 2022-04-20 10:04:29 +02:00
Aymeric Augustin
12576bd371 Refactored out RedirectURLMixin.get_redirect_url(). 
This also renames SuccessURLAllowedHostsMixin to RedirectURLMixin.

This doesn't change the behavior of LogoutView.get_next_page() because
next_page == "" implies url_is_safe == False before the refactoring.
 2022-04-20 10:04:29 +02:00
Andrey Otto
420d13edee
Fixed #33654 -- Added localdate to utils.timezone.__all__. 2022-04-20 09:59:48 +02:00
Xiang Zhang
c8c6a51a38
Added TiDB to list of third-party DB backends. 2022-04-20 08:11:17 +02:00
Theofilos Alexiou
470708f50d
Updated note about ListView pagination example in CBV docs. 
Follow up to 0f0abc20be.
 2022-04-19 21:38:49 +02:00
Dominik
7d26d5f8f1 Fixed #33644 -- Corrected FAQ about displaying ManyToManyField in list_filter. 2022-04-19 18:56:04 +02:00
Carlton Gibson
bf7c51a5f4 Fixed #33639 -- Enabled cached template loader in development. 2022-04-19 12:13:27 +02:00
Mariusz Felisiak
f4f2afeb45
Refs #32226 -- Fixed JSON format of QuerySet.explain() on PostgreSQL when format is uppercased. 
Follow up to aba9c2de66.
 2022-04-19 08:24:24 +02:00
Aymeric Augustin
903702dfb1 Removed unnecessary default argument from GET.get() call in LoginView.get_redirect_url(). 
The default argument is unnecessary because
url_has_allowed_host_and_scheme() returns False when its first argument
is "" or None, so get_redirect_url() still returns "".

This also aligns LoginView.get_redirect_url() and LogoutView.get_next_page().
 2022-04-19 06:25:38 +02:00
Aymeric Augustin
5591a72571
Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page when LOGOUT_REDIRECT_URL is set. 2022-04-18 16:33:10 +02:00
Claude Paroz
fe7cb34544
Refs #33328 -- Corrected JS check for event.detail presence in docs. 2022-04-18 15:19:58 +02:00
Mariusz Felisiak
8e89dfe1c2 Fixed various tests on MySQL with MyISAM storage engine. 2022-04-18 07:05:52 +02:00
Mariusz Felisiak
331a460f8f Fixed DatabaseFeatures.uses_savepoints/can_release_savepoints and related tests with MyISAM storage engine. 2022-04-18 07:05:52 +02:00
Scott
e12670016b
Fixed #33643 -- Fixed inspectdb crash on functional unique constraints on Oracle. 2022-04-16 15:29:51 +02:00
Alexandru Mărășteanu
a1e4e86f92
Fixed #33607 -- Made PostgresIndex.create_sql() respect the "using" argument. 2022-04-15 22:00:28 +02:00
mgaligniana
c72f6f36c1 Fixed #11803 -- Allowed admin select widgets to display new related objects. 
Adjusted admin javascript to add newly created related objects to
already loaded select widgets.

In this version, applies only where limit_choices_to is not set.
 2022-04-15 07:46:37 +02:00
Carlton Gibson
deedf5bbc3 Refs #31169 -- Added release note for parallel test running changes. 2022-04-14 12:38:31 +02:00
Mariusz Felisiak
1760ad4e8c
Relaxed some query ordering assertions in various tests. 
It accounts for differences seen on MySQL with MyISAM storage engine.
 2022-04-14 12:12:13 +02:00
Claude Paroz
08f30d1b6a
Fixed #33637 -- Improved initial zoom level in MapWidget. 2022-04-14 11:50:31 +02:00
Carlton Gibson
5c67d906fd Removed stale Windows asyncio test skips. 
Underlying issue was fixed in Python 3.8.1, now many versions ago.
https://bugs.python.org/issue38563
 2022-04-14 10:43:34 +02:00
Mariusz Felisiak
a0bd006306
Made select_for_update() don't raise TransactionManagementError on databases that don't support transactions. 2022-04-14 07:53:15 +02:00
Tim Graham
db83ac48d4 Expanded QuerySet.explain() error message if a backend supports no formats. 2022-04-14 06:46:42 +02:00
Tim Graham
a32876606f Removed unneeded code in explain_query_prefix() 2022-04-14 06:46:42 +02:00
Florian Apolloner
2eea361eff Fixed #30511 -- Used identity columns instead of serials on PostgreSQL. 2022-04-13 21:51:51 +02:00
Nick Pope
62ffc9883a
Updated bpo link to use redirect URI. 
Mirrors the change made in python/cpython#32342.
 2022-04-13 13:27:41 +02:00
Mariusz Felisiak
fdfb3086fc Fixed DatabaseFeatures.supports_index_column_ordering and related tests with MyISAM storage engine. 2022-04-13 11:56:24 +02:00
Mariusz Felisiak
1bdfde0857 Fixed typo in SchemaIndexesMySQLTests.test_no_index_for_foreignkey(). 2022-04-13 11:56:24 +02:00
Mariusz Felisiak
a65547c04a
Fixed tests on databases that don't support introspecting foreign keys. 2022-04-13 11:52:40 +02:00
Mariusz Felisiak
0b63124c84
Improved ExplainTests.test_basic(). 
QuerySet.select_for_update() is not supported by all databases.
Moreover it cannot be used outside of a transaction.
 2022-04-13 10:17:14 +02:00
SanderBeekhuis
27d52158b2
Fixed #33627 -- Improved nonexistent pk in ModelMultipleChoiceFieldTests.test_model_multiple_choice_field(). 2022-04-13 08:31:23 +02:00
David Smith
856b528801
Removed unnecessary tuple call in SQLInsertCompiler. 2022-04-13 08:10:52 +02:00
zhangyangyu
1bb9bd9724 Fixed #33633 -- Skipped some test_utils tests on databases that don't support transactions. 2022-04-12 13:37:44 +02:00
Mariusz Felisiak
24f442b91d
Fixed DatabaseFeatures.supports_expression_indexes on MySQL with MyISAM. 2022-04-12 12:26:51 +02:00
mgaligniana
0ad5316f22 Fixed #24296 -- Made QuerySet.exists() clear selected columns for not sliced distinct querysets. 2022-04-12 08:18:22 +02:00
mgaligniana
d2263b7b87 Refs #18414 -- Added tests for selected columns of sliced distinct querysets. 2022-04-12 08:18:22 +02:00
Himanshu-Balasamanta
06ebaa9e28 Fixed #33626 -- Cleared cache when unregistering a lookup. 2022-04-12 06:24:02 +02:00
Mateo Radman
884b4c27f5 Fixed #32604 -- Made file upload respect group id when uploading to a temporary file. 2022-04-11 13:32:27 +02:00
Mariusz Felisiak
b8759093d8
Removed DatabaseFeatures.validates_explain_options. 
Always True since 6723a26e59.
 2022-04-11 12:58:01 +02:00
Mariusz Felisiak
b54fd0e36e Added stub release notes for 4.0.5. 2022-04-11 10:45:57 +02:00
Mariusz Felisiak
78eeff8d33 Added CVE-2022-28346 and CVE-2022-28347 to security archive. 2022-04-11 10:32:22 +02:00
Mariusz Felisiak
6723a26e59 Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 2022-04-11 08:59:58 +02:00
Mariusz Felisiak
93cae5cb2f Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. 
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
 2022-04-11 08:59:33 +02:00
Manel Clos
62739b6e26 Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes. 
Regression in 68357b2ca9.
 2022-04-11 07:37:30 +02:00
Simon Charette
0b31e02487 Fixed #33618 -- Fixed MTI updates outside of primary key chain. 2022-04-07 07:54:56 +02:00
Carlton Gibson
9ffd4eae2c
Fixed #33611 -- Allowed View subclasses to define async method handlers. 2022-04-07 07:05:59 +02:00