0
0
mirror of https://github.com/django/django.git synced 2024-12-01 15:42:04 +01:00
Commit Graph

29646 Commits

Author SHA1 Message Date
Jacob Walls
ec2727efef Fixed #28154 -- Prevented infinite loop in FileSystemStorage.save() when a broken symlink with the same name exists. 2021-06-02 12:20:22 +02:00
Mariusz Felisiak
d9cee3f5f2 Fixed docs header underlines in security archive. 2021-06-02 12:16:38 +02:00
Carlton Gibson
ba10772bf6 Added stub release notes for Django 3.2.5. 2021-06-02 11:25:32 +02:00
Carlton Gibson
a39f235ca4 Added CVE-2021-33203 and CVE-2021-33571 to security archive. 2021-06-02 11:15:54 +02:00
Mariusz Felisiak
e1d787f1b3 Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.

[1] https://bugs.python.org/issue36384
2021-06-02 10:58:39 +02:00
Florian Apolloner
46572de2e9 Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs' TemplateDetailView. 2021-06-02 10:58:39 +02:00
Carlton Gibson
f66ae7a2d5 Confirmed release date for Django 3.2.4, 3.1.12, and 2.2.24. 2021-06-02 10:19:19 +02:00
Jacob Walls
1443b5e9ac
Fixed typo in docs/internals/contributing/writing-code/coding-style.txt. 2021-06-02 08:14:57 +02:00
Mariusz Felisiak
e703b152c6
Fixed #32793 -- Fixed loss of precision for temporal operations with DecimalFields on MySQL.
Regression in 1e38f1191d.

Thanks Mohsen Tamiz for the report.
2021-06-01 15:11:42 +02:00
Daniyal
a0410ffe8f Refs #32552 -- Added DiscoverRunner.log() to allow customization.
Thanks Carlton Gibson, Chris Jerdonek, and David Smith for reviews.
2021-06-01 13:31:44 +02:00
Chris Jerdonek
cd19db10df Fixed #32796 -- Changed CsrfViewMiddleware to fail earlier on badly formatted cookie tokens. 2021-06-01 09:02:27 +02:00
Chris Jerdonek
623cec0879 Refs #32796 -- Added CsrfViewMiddleware tests for incorrectly formatted cookie tokens. 2021-06-01 09:02:23 +02:00
abhiabhi94
c609d5149c Refs #24121 -- Added __repr__() to Engine 2021-06-01 07:44:36 +02:00
Chris Jerdonek
55775891fb Fixed #32795 -- Changed CsrfViewMiddleware to fail earlier on badly formatted tokens. 2021-05-31 21:12:21 +02:00
Chris Jerdonek
ffdee8d264 Refs #32795 -- Added CsrfViewMiddleware tests for rejecting invalid or missing tokens.
This also improves test names for test_process_request_no_csrf_cookie
and test_process_request_csrf_cookie_no_token. The logic being tested
is actually in process_view() rather than process_request(), and it's
not necessary to include the method name.
2021-05-31 21:12:17 +02:00
Gildardo Adrian Maravilla Jacome
91e21836f6 Fixed #32319 -- Added ES module support to ManifestStaticFilesStorage. 2021-05-31 11:09:48 +02:00
Gildardo Adrian Maravilla Jacome
781b44240a Refs #32319 -- Changed HashedFilesMixin to use named groups in patterns. 2021-05-31 10:40:21 +02:00
Chris Jerdonek
d270dd584e
Refs #32778 -- Improved the name of the regex object detecting invalid CSRF token characters.
This also improves the comments near where the variable is used.
2021-05-29 12:53:50 +02:00
David Sanders
5685b7cd73
Fixed typos in comments and docs. 2021-05-29 12:51:14 +02:00
David Wobrock
b9df2b74b9 Fixed #32676 -- Prevented migrations from rendering related field attributes when not passed during initialization.
Thanks Simon Charette for the implementation idea.
2021-05-28 20:25:59 +02:00
Hannes Ljungberg
b746596f5f Refs #32779 -- Changed DatabaseSchemaEditor._unique_sql()/_create_unique_sql() to take fields as second parameter. 2021-05-28 10:50:27 +02:00
abhiabhi94
22da686ca9 Refs #24121 -- Added __repr__() to PermWrapper. 2021-05-28 08:03:23 +02:00
Chris Jerdonek
214b36f50a Refs #32596 -- Added early return on safe methods in CsrfViewMiddleware.process_view(). 2021-05-28 07:32:01 +02:00
Chris Jerdonek
cfd8c91839 Refs #32596 -- Optimized CsrfViewMiddleware._check_referer() to delay computing good_referer. 2021-05-28 07:32:01 +02:00
Chris Jerdonek
71179a6124 Fixed #32596 -- Added CsrfViewMiddleware._check_referer().
This encapsulates CsrfViewMiddleware's referer logic into a method and
updates existing tests to check the "seam" introduced by the refactor,
when doing so would improve the test.
2021-05-28 07:31:56 +02:00
Mohammadreza Varasteh
e93eb3d971 Fixed #32789 -- Made feeds emit elements with no content as self-closing tags. 2021-05-27 21:05:28 +02:00
Chris Jerdonek
02c59b7a43 Refs #32596 -- Added extra tests for CsrfViewMiddleware's referer logic. 2021-05-27 10:53:20 +02:00
Nick Pope
e513fb0e77 Fixed typo in MiddlewareMixin deprecation note. 2021-05-27 06:17:30 +02:00
Nilo César Teixeira
0d67481a66 Fixed #32762 -- Fixed locale reset in compilemessages test.
Reset the `LC_ALL` override value in the test environment to ensure that locale
values the calling environment are not used.
2021-05-26 15:37:42 +02:00
Moriyoshi Koizumi
9e4780deda Fixed #32669 -- Fixed detection when started non-django modules which aren't packages with "python -m" in autoreloader. 2021-05-26 12:29:43 +02:00
Michael Lissner
5a8e8f80bb Fixed #32772 -- Made database cache count size once per set. 2021-05-26 11:21:11 +02:00
Mariusz Felisiak
12b19a1d76
Fixed #32783 -- Fixed crash of autoreloader when __main__ module doesn't have __spec__ attribute.
Regression in ec6d2531c5.

Thanks JonathanNickelson for the report.
2021-05-26 11:19:47 +02:00
Hasan Ramezani
1143f3bb5e Fixed #32543 -- Added search_help_text to ModelAdmin. 2021-05-26 10:20:13 +02:00
Carlton Gibson
b46dbd4e3e Added stub release notes and date for Django 3.2.4, 3.1.12, and 2.2.24. 2021-05-26 10:16:05 +02:00
Hasan Ramezani
68357b2ca9 Fixed #32744 -- Normalized to pathlib.Path in autoreloader check for template changes. 2021-05-26 09:41:29 +02:00
Mariusz Felisiak
7e51893911
Refs #32379 -- Added USE_TZ settings to AdminScriptTestCase.write_settings(). 2021-05-25 13:22:40 +02:00
Hannes Ljungberg
3e0fdf5546
Fixed #32780 -- Made Add/RemoveConstraint operations a noop for covering/deferrable unique constraints on SQLite. 2021-05-25 11:34:25 +02:00
abhiabhi94
866dccb650 Fixed #32778 -- Avoided unnecessary recompilation of token regex in _sanitize_token(). 2021-05-25 09:56:09 +02:00
saeedblanchette
d3d95d645f Refs #24121 -- Added __repr__() to Lookup. 2021-05-24 07:32:25 +02:00
Mariusz Felisiak
f0a9413bd2 Refs #24121 -- Improved Value.__repr__(). 2021-05-24 07:26:53 +02:00
Mariusz Felisiak
3f6d4e22f8 Fixed typo in tests/expressions/tests.py. 2021-05-24 07:26:53 +02:00
Hannes Ljungberg
7ef2398e81 Fixed #32777 -- Passed table reference as a string to DatabaseSchemaEditor._index_columns(). 2021-05-24 06:31:48 +02:00
Yuekui Li
5e04e84d67 Fixed #32503 -- Fixed altering BLOB/TEXT field to non-nullable with default on MySQL 8.0.13+.
MySQL 8.0.13+ supports defaults for BLOB/TEXT but not in the
ALTER COLUMN statement.

Regression in 6b16c91157.

Thanks Matt Westcott for the report.
2021-05-21 13:34:37 +02:00
Rohith PR
7cca22964c Fixed #32375 -- Started deprecation toward changing the default sitemap protocol to https.
The default sitemap protocol, when it is built outside the context of
a request, will be changed from 'http' to 'https' in Django 5.0.
2021-05-21 11:00:54 +02:00
Rohith PR
56003b21ea Added tests for Sitemap.get_protocol(). 2021-05-21 10:55:05 +02:00
yyyyyyyan
e197dcca36 Clarified docs about increasing the work factor for bcrypt hasher. 2021-05-20 20:24:51 +02:00
Mariusz Felisiak
66491f08fe
Changed IRC references to Libera.Chat. 2021-05-20 12:23:36 +02:00
Ben Sturmfels
31b6ce9ff9 Fixed note about ISP caching in docs.
Regression in 7aabd62380.
2021-05-20 10:55:42 +02:00
David Sanders
736bb9868a Renamed "object" argument of ModelAdmin.log_addition(), log_change(), and log_deletion() methods. 2021-05-20 07:29:16 +02:00
David Sanders
2978c63a34 Fixed #32771 -- Used IS_POPUP_VAR constant instead of hard-coded value. 2021-05-20 07:04:26 +02:00