1
0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00
Commit Graph

30449 Commits

Author SHA1 Message Date
Mariusz Felisiak
ba4a6880d1 Added stub release notes for 4.0.3. 2022-02-01 09:10:20 +01:00
Mariusz Felisiak
9e0df0d6dd Added CVE-2022-22818 and CVE-2022-23833 to security archive. 2022-02-01 08:17:25 +01:00
Mariusz Felisiak
fc18f36c4a Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
Thanks Alan Ryan for the report and initial patch.
2022-02-01 07:41:40 +01:00
Markus Holtermann
394517f078 Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.
Thanks Keryn Knight for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
2022-02-01 07:40:51 +01:00
Kirill Safronov
97a7274468 Fixed #33480 -- Fixed makemigrations crash when renaming field of renamed model.
Regression in aa4acc164d.
2022-02-01 07:01:41 +01:00
Mariusz Felisiak
71e7c8e737
Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on aggregates with default.
Thanks Adam Johnson for the report.
2022-01-31 11:33:24 +01:00
Claude Paroz
beb7ddbcee Updated translations from Transifex.
Updated Bulgarian, Czech, German, Uzbek, and Vietnamese translations.

Forwardport of 7a1c6533eb from stable/4.0.x.
2022-01-29 19:01:15 +01:00
Keryn Knight
55022f75c1 Fixed #33465 -- Added empty __slots__ to SafeString and SafeData.
Despite inheriting from the str type, every SafeString instance gains
an empty __dict__ due to the normal, expected behaviour of type
subclassing in Python.

Adding __slots__ to SafeData is necessary, because otherwise inheriting
from that (as SafeString does) will give it a __dict__ and negate the
benefit added by modifying SafeString.
2022-01-29 13:50:34 +01:00
Mariusz Felisiak
67db54a5a7
Fixed #33452 -- Fixed admin change-form layout for submit buttons on mid-sized displays.
Thanks David Smith for reviews.
2022-01-29 11:59:08 +01:00
Keryn Knight
c5c7a15b09 Fixed #33461 -- Escaped template errors in the technical 500 debug page. 2022-01-28 07:07:12 +01:00
Thomas Aglassinger
3a9b8b25d4
Fixed #33459 -- Clarified index type in full text search docs. 2022-01-28 06:36:39 +01:00
vgolubev
e87f57fdb8 Fixed #26142 -- Allowed model formsets to prevent new object creation.
Thanks Jacob Walls, David Smith, and Mariusz Felisiak for reviews.

Co-authored-by: parth <parthvin@gmail.com>
2022-01-27 20:45:21 +01:00
Jörg Breitbart
0af9a5fc7d Fixed #33463 -- Fixed QuerySet.bulk_update() with F() expressions. 2022-01-27 19:03:26 +01:00
Mariusz Felisiak
e972620ada
Fixed #33462 -- Fixed migration crash when altering type of primary key with MTI and foreign key.
This prevents duplicated operations when altering type of primary key
with MTI and foreign key. Previously, a foreign key to the base model
was added twice, once directly and once by the inheritance model.

Thanks bcail for the report.

Regression in 325d7710ce.
2022-01-27 18:51:39 +01:00
Mariusz Felisiak
2eed554c3f
Fixed wrapping of long messages in the admin. 2022-01-26 21:14:13 +01:00
Carlton Gibson
d15a10afb5
Adjusted CBV resolver_match example in testing tools docs.
The view_class is available on the view callback, allowing that to be
checked, rather than the __name__.
2022-01-26 20:58:22 +01:00
Mariusz Felisiak
f38c3cbadc
Increased test coverage for django.contrib.gis.gdal.layer.Layer. 2022-01-26 17:47:03 +01:00
Tom Forbes
f97401d1b1 Used GitHub actions for Windows tests. 2022-01-26 12:03:55 +01:00
Kaushik Chintam
1625a8c8eb Fixed #33048 -- Doc'd that DEBUG static files requests don't use middleware chain. 2022-01-26 11:22:13 +01:00
Carlton Gibson
85f2a9fb0f Fixed #33407 -- Fixed .radiolist admin CSS.
Regression in 5942ab5eb1.
2022-01-26 09:26:48 +01:00
Ian Foote
a93a1ba347
Fixed broken link to cx_Oracle docs. 2022-01-25 20:14:24 +01:00
Collin Anderson
890bfa368c Refs #20349 -- Avoided loading testing libraries when not needed. 2022-01-25 11:41:01 +01:00
Mariusz Felisiak
34aba9c06e
Fixed typo in docs/releases/4.1.txt. 2022-01-25 10:57:05 +01:00
Mariusz Felisiak
eeca934238 Added stub release notes and release date for 4.0.2, 3.2.12, and 2.2.27. 2022-01-25 07:21:57 +01:00
Jacob Walls
edbf930287 Fixed #29984 -- Added QuerySet.iterator() support for prefetching related objects.
Co-authored-by: Raphael Kimmig <raphael.kimmig@ampad.de>
Co-authored-by: Simon Charette <charette.s@gmail.com>
2022-01-25 06:12:04 +01:00
Keryn Knight
c27932ec93 Fixed #33460 -- Used VALUES clause for insert in bulk on SQLite.
SQLite 3.7.11 introduced the ability to use multiple values directly.
SQLite 3.8.8 made multiple values not subject to the
SQLITE_LIMIT_COMPOUND_SELECT (500).
2022-01-24 20:51:32 +01:00
Mariusz Felisiak
4ac0bf6acd
Fixed wrapping of long values in technical 500 debug page.
Follow up to d5f2d5d604.
2022-01-24 11:54:41 +01:00
Hrushikesh Vaidya
89d137f3be
Fixed #33457 -- Fixed "Local vars" scrolling in technical 500 debug page.
Thanks Keryn Knight for the report and the initial patch.
2022-01-24 07:42:52 +01:00
Timothy McCurrach
efb4478e48 Fixed #33458 -- Fixed encoding of messages with empty string as extra_tags. 2022-01-24 07:05:53 +01:00
Claude Paroz
7c4f396509 Stopped including type="text/css" attributes for CSS link tags. 2022-01-22 16:38:14 +01:00
My-Name-Is-Nabil
9dc65263d4 Fixed #33455 -- Improved error message when selenium is not installed. 2022-01-21 21:54:10 +01:00
Jacob Walls
2d8232fa71 Fixed #26760 -- Added --prune option to migrate command. 2022-01-21 17:10:31 +01:00
Fabian Büchler
eeff1787b0 Fixed #33449 -- Fixed makemigrations crash on models without Meta.order_with_respect_to but with _order field.
Regression in aa4acc164d.
2022-01-21 06:44:53 +01:00
Mariusz Felisiak
f605e85af9
Fixed #33453 -- Dropped support for GDAL 2.1. 2022-01-20 18:54:29 +01:00
Tilak
2c76c27a95 Improved wording in running Django’s test suite in contributing tutorial. 2022-01-20 10:02:47 +01:00
Hrushikesh Vaidya
3fadf141e6 Fixed #33062 -- Made MultiPartParser remove non-printable chars from file names. 2022-01-20 07:19:52 +01:00
sean_c_hsu
0f6946495a Fixed #31685 -- Added support for updating conflicts to QuerySet.bulk_create().
Thanks Florian Apolloner, Chris Jerdonek, Hannes Ljungberg, Nick Pope,
and Mariusz Felisiak for reviews.
2022-01-19 20:17:42 +01:00
Moritz Duchêne
ba9de2e74e Updated GEOS/GDAL links in docs and comments. 2022-01-19 19:06:12 +01:00
Mariusz Felisiak
4a8ac604b1
Added tests for SpatialReference.to_esri()/from_esri(). 2022-01-19 16:03:04 +01:00
Adam Johnson
dc8bb35e39 Fixed #33446 -- Added CSS source map support to ManifestStaticFilesStorage. 2022-01-18 12:53:14 +01:00
Nick Pope
fac26684fd
Removed unused buf_size argument to LimitedStream().
Unused since its introduction in 269e921756.
2022-01-18 05:55:14 +01:00
Mariusz Felisiak
30a0144134
Fixed #29338 -- Allowed using combined queryset in Subquery.
Thanks Eugene Kovalev for the initial patch, Simon Charette for the
review, and Chetan Khanna for help.
2022-01-17 18:01:07 +01:00
My-Name-Is-Nabil
f37face331 Fixed #33435 -- Fixed invalid SQL generatered by Subquery.as_sql(). 2022-01-17 09:00:46 +01:00
Brad Solomon
b55ebe3241 Fixed #33443 -- Clarified when PasswordResetView sends an email. 2022-01-17 07:44:46 +01:00
Ayush Joshi
0a17666045 Fixed #28135 -- Made simplify_regex() handle non-capturing groups. 2022-01-14 11:01:02 +01:00
Adam Johnson
fdfa97fb16 Fixed #33441 -- Restored immutability of models.Field.__hash__().
Regression in 502e75f9ed.
2022-01-14 07:00:48 +01:00
Adam Johnson
652c68ffee
Clarified how contrib.auth picks a password hasher for verification. 2022-01-13 20:46:18 +01:00
Ayush Joshi
827bc07047 Refs #28135 -- Refactored out _find_groups()/_get_group_start_end() hooks in admindocs. 2022-01-13 16:33:19 +01:00
Adam Johnson
45a42aabfa Fixed #29708 -- Deprecated PickleSerializer. 2022-01-13 13:50:20 +01:00
Adam Johnson
c920387fab Optimized SessionBase.get_expire_at_browser_close(). 2022-01-13 13:05:46 +01:00