1
0
mirror of https://github.com/django/django.git synced 2024-12-23 09:36:06 +00:00
Commit Graph

32937 Commits

Author SHA1 Message Date
Jacob Walls
b99c608ea1 Refs #35402 -- Added tests for invalid usage of submodules in some settings. 2024-08-13 16:09:52 +02:00
Simon Charette
602fe961e6 Fixed #35665 -- Fixed a crash when passing an empty order_by to Window.
This also caused un-ordered sliced prefetches to crash as they rely on Window.

Regression in e16d0c176e that made OrderByList
piggy-back ExpressionList without porting the empty handling that the latter
provided.

Supporting explicit empty ordering on Window functions and slicing is arguably
a foot-gun design due to how backends will return undeterministic results but
this is a problem that requires a larger discussion.

Refs #35064.

Thanks Andrew Backer for the report and Mariusz for the review.
2024-08-13 11:26:17 +02:00
David Smith
5ae9922666 Fixed typo of --no-startup in django-admin docs. 2024-08-13 11:18:42 +02:00
Mariusz Felisiak
6f0a4c1f3f
Refs #35648 -- Corrected release notes for SafeString.__add__() changes. 2024-08-12 15:56:00 -03:00
Mohammad Salehi
ca47884410 Fixed #35623 -- Documented that a field cannot be named 'check'. 2024-08-12 19:58:37 +02:00
Matthias Kestenholz
d84200e4eb Fixed #35648 -- Raised NotImplementedError in SafeString.__add__ for non-string RHS.
This change ensures SafeString addition operations handle non-string RHS
properly, allowing them to implement __radd__ for better compatibility.
2024-08-12 14:25:05 -03:00
Matthias Kestenholz
b5c048f5ec Refs #35648 -- Added test for addition between SafeString and str in utils_tests. 2024-08-12 14:25:05 -03:00
Marc Picaud
b4c1569eae
Marked missing part of warning footer for translation in SelectFilter2.js. 2024-08-12 14:23:21 -03:00
Devin Cox
e03083917d Fixed #35586 -- Added support for set-returning database functions.
Aggregation optimization didn't account for not referenced set-returning annotations on Postgres.

Co-authored-by: Simon Charette <charette.s@gmail.com>
2024-08-12 15:35:19 +02:00
Mark Gensler
228128618b Fixed #35575 -- Added support for constraint validation on GeneratedFields. 2024-08-12 13:45:57 +02:00
Mariusz Felisiak
f883bef054 Refs #35591 -- Removed hardcoded "stable" version in runserver warning. 2024-08-12 10:57:02 +02:00
lucasesposito
f16a9a556f Fixed #35658 -- Initialized InMemoryFileNode instances with a name. 2024-08-09 12:27:15 +02:00
Andrew Miller
69aa13ffb9 Fixed #35591 -- Added unsuitable for production console warning to runserver. 2024-08-09 10:34:10 +02:00
Adam Johnson
9582745257 Fixed #35622 -- Made unittest ignore Django assertions in traceback frames.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-08-08 21:34:01 -03:00
Natalia
e1606d27b4 Added test for acheck_password() to ensure make_password is called for unusable passwords.
This is a follow up for the fix of CVE-2024-39329
(5d86458579) where the timing of
verify_password() was standardized when checking unusable passwords.
2024-08-08 12:53:36 -03:00
Jure Cuhalev
f8ef4579ea Doc'd that SessionMiddleware is required for the admin site.
The system check "admin.E410" was already checking for this, but the
requirement was not listed in docs/ref/contrib/admin/index.txt.
2024-08-08 08:48:41 -03:00
Andrew Miller
cec62fb99e Refs #35591 -- Emphasized that runserver is not suitable for production. 2024-08-08 10:08:53 +02:00
Adam Johnson
49815f70e4 Refs #31405 -- Improved LoginRequiredMiddleware documentation.
co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-08 10:05:31 +02:00
Mariusz Felisiak
7fb15ad5bc Fixed #35661 -- Fixed test_too_many_digits_to_rander() test crash on PyPy.
Thanks Michał Górny for the report.
2024-08-08 09:53:04 +02:00
Matthias Kestenholz
54888408a1
Fixed #35639 -- Improved admin's delete confirmation page title. 2024-08-07 18:10:49 -03:00
Natalia
790f0f8868 Added stub release notes for 5.1.1. 2024-08-07 10:38:36 -03:00
Natalia
a05187fce6 Fixed i18n.tests.TranslationTests.test_plural to use correct French translation.
Forwardport of d5ad743e79 from stable/5.1.x.
2024-08-07 10:10:28 -03:00
Natalia
bdcf789553 Updated translations from Transifex.
Forwardport of 380c6e6ddd from stable/5.1.x.
2024-08-07 10:09:42 -03:00
Natalia
8ad6dc636b Finalized release notes for Django 5.1. 2024-08-07 10:04:18 -03:00
Farhan
6993c9d8c9 Fixed #35553 -- Handled import*as in HashedFilesMixin. 2024-08-07 11:01:56 +02:00
Sarah Boyce
fdc638bf4a Added CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and CVE-2024-42005 to security archive. 2024-08-06 17:22:46 +02:00
Simon Charette
c87bfaacf8 Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields.
Thanks Eyal (eyalgabay) for the report.
2024-08-06 08:50:08 +02:00
Mariusz Felisiak
5f1757142f Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget.
Thanks Seokchan Yoon for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-06 08:50:08 +02:00
Sarah Boyce
ecf1f8fb90 Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thanks to MProgrammer for the report.
2024-08-06 08:50:08 +02:00
Sarah Boyce
c19465ad87 Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat.
Thanks Elias Myllymäki for the report.

Co-authored-by: Shai Berger <shai@platonix.com>
2024-08-06 08:50:08 +02:00
Sarah Boyce
8deb6bb1fc
Fixed #35657 -- Made FileField handle db_default values. 2024-08-05 16:36:49 -03:00
nessita
e9e14709ff
Extended script to manage translations to support fetching new translations since a given date. 2024-08-05 13:51:28 -03:00
David Sanders
509763c799 Fixed #35638 -- Updated validate_constraints to consider db_default. 2024-08-05 17:33:12 +02:00
David Sanders
91a038754b Refs #35638 -- Avoided wrapping expressions with Value in _get_field_value_map() and renamed to _get_field_expression_map(). 2024-08-05 17:33:12 +02:00
Mariusz Felisiak
304d256674
Used :pypi: role in docs where appropriate. 2024-08-05 10:35:50 -03:00
John Parton
7f8d839722 Fixed #35628 -- Allowed compatible GeneratedFields for ModelAdmin.date_hierarchy. 2024-08-05 15:27:20 +02:00
Natalia
90adba85b2 Refs #35380 -- Updated screenshots in admin docs. 2024-08-05 09:02:01 -03:00
Natalia
fb6050e784 Refs #35380 -- Updated screenshots in intro docs. 2024-08-05 09:02:01 -03:00
Natalia
6e66c77089 Fixed #35645, Refs #35558 -- Added "medium" color in the admin CSS to improve accessibility of headings. 2024-08-05 09:02:01 -03:00
Jake Howard
d5bebc1c26 Refs #35537 -- Improved documentation and test coverage for email attachments and alternatives. 2024-08-05 09:21:44 +02:00
Sarah Boyce
5424151f96 Fixed #35655 -- Reverted "Fixed #35295 -- Used INSERT with multiple rows on Oracle 23c."
This reverts commit 175b04942a due to a crash when Oracle > 23.3.
2024-08-03 09:05:30 +02:00
Mariusz Felisiak
6d3464cff0
Refs #35601, Refs #35599 -- Made cosmetic edits to TelInput/ColorInput docs. 2024-08-02 17:40:53 -03:00
Simon Charette
a16f13a866
Fixed #35643 -- Fixed a crash when ordering a QuerySet by a reference containing "__".
Regression in b0ad41198b.

Refs #34013. The initial logic did not consider that annotation aliases
can include lookup or transform separators.

Thanks Gert Van Gool for the report and Mariusz Felisiak for the review.
2024-08-02 16:21:12 -03:00
lucasesposito
b478cae006 Fixed #35601 -- Added TelInput widget. 2024-08-02 11:31:54 +02:00
arjunomray
946c3cf734 Fixed #35599 -- Added ColorInput widget. 2024-08-02 09:51:49 +02:00
Vaarun Sinha
54e8b4e582 Fixed #35489 -- Fixed vertical alignment of raw_id_fields widget.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-02 08:56:54 +02:00
Markus Holtermann
aa90795050 Fixed #35646 -- Extended SafeExceptionReporterFilter.hidden_settings to treat AUTH as a sensitive match.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-08-01 15:02:00 -03:00
Natalia
615c80aba6 Improved view_tests.tests.test_debug.ExceptionReporterFilterTests. 2024-08-01 15:02:00 -03:00
Bendeguz Csirmaz
1eac690d25 Refs #373 -- Added tuple lookups. 2024-08-01 17:26:09 +02:00
Sarah Boyce
3dac3271d2 Reverted "Fixed #28646 -- Prevented duplicate index when unique is set to True on PostgreSQL."
This reverts commit 9cf9c796be due to a crash on Oracle
as it didn't allow multiple indexes on the same field.
2024-08-01 09:25:33 +02:00