Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
24,355 Commits 26 Branches 382 Tags
Commit Graph

8710 Commits

Author SHA1 Message Date
Carlton Gibson
c238701859 [1.11.x] Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate URL before rendering clickable link. 
Backport of deeba6d92006999fee9adfbd8be79bf0a59e8008 from master.
 2019-06-03 11:38:19 +02:00
Mariusz Felisiak
d13490c18a
[1.11.x] Refs #30331 -- Doc'd that psycopg2 < 2.8 is required. 
Backport of 0a8617a5b1cac7063f30e4d8ff4ea4c30748f7b8 from stable/2.1.x.
 2019-04-05 12:13:05 +02:00
Tim Graham
9530fac978 [1.11.x] Fixed serializers test crash if PyYAML isn't installed. 
Follow up to a57c783dd4e6dc73847081221827a1902eede88b.

Backport of 55490ac7469a3647ce163bee323f7fe4a06fcaa6 from master
 2019-03-20 16:11:02 +01:00
Mariusz Felisiak
f8ce3cd162 [1.11.x] Fixed serializers tests for PyYAML 5.1+. 
Backport of a57c783dd4e6dc73847081221827a1902eede88b from master
 2019-03-14 18:45:14 +01:00
Mariusz Felisiak
f13bfdeb55
[1.11.x] Reverted "Fixed relative paths imports per isort 4.3.5." 
This reverts commit 463fe11bc8b2d068e447c5df677e7a31c2af7e03 due to
restore of relative paths sorting from isort < 4.3.5 in isort 4.3.10.

Backport of b435f82939edf70674856e0e1cd63973c2e0a1d1 from master.
 2019-03-03 19:47:17 +01:00
Mariusz Felisiak
b9beb6a52e
[1.11.x] Fixed relative paths imports per isort 4.3.5. 
Backport of 463fe11bc8b2d068e447c5df677e7a31c2af7e03 from master.
 2019-02-25 20:02:56 +01:00
Tim Graham
1b8a26efa2 [1.11.x] Fixed E117 flake8 warnings. 2019-02-14 09:35:54 -05:00
Carlton Gibson
0bbb560183 [1.11.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format(). 
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.

Backport of 402c0caa851e265410fbcaa55318f22d2bf22ee2 from master.
 2019-02-11 11:15:45 +01:00
Tom Hacohen
1cd00fcf52 [1.11.x] Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page. 
Co-Authored-By: Tim Graham <timograham@gmail.com>
Backport of 1ecc0a395be721e987e8e9fdfadde952b6dee1c7 from master.
 2019-01-03 22:09:25 -05:00
Tim Graham
b683bb0c9f [1.11.x] Pinned Pillow != 5.4.0 in test requirements. 
There's a bug that causes a test failure in forms_tests:
https://github.com/python-pillow/Pillow/pull/3501/files#r244651761.

Backport of e4a714b259125423059b9f65f5e0ab70d78521ba from master.
 2019-01-02 17:43:25 -05:00
CHI Cheng
190aa59447 [1.11.x] Fixed broken links to PyYAML page. 
Backport of b7dbd5ff68bb9d2235ca081c0bd0b8baa65f8c77 from master.
 2018-12-27 10:56:19 +01:00
Tim Graham
2ea1e0e58d [1.11.x] Refs #30013 -- Doc'd that mysqlclient 1.3.14 and later isn't supported. 2018-12-05 15:51:04 -05:00
Tim Graham
b9e248975f [1.11.x] Refs #28814 -- Fixed test_runner failure on Python 3.7. 
Due to https://bugs.python.org/issue30399.

Backport of 9d1d3b2d2fe0bef995b024368088eeabbdf73629 from master
 2018-11-17 14:46:04 -05:00
Tom Forbes
0ecc4f8d49 [1.11.x] Removed obsolete and flaky GeoIP tests. 
Backport of 8f90593e6f8197148c8f86e598bfef6792f3f4bf from master.
 2018-11-10 16:34:03 -05:00
Mariusz Felisiak
006ca978b9
[1.11.x] Refs #29759 -- Doc'd that cx_Oracle < 7 is required. 
Backport of 7085247e2fd1ad8b08103173a23ca730784765a3 from stable/2.0.x
 2018-09-18 10:42:04 +02:00
Tim Graham
8a0b905187 [1.11.x] Refs #29499 -- Skipped QuerySet.update_or_create() test that fails on MySQL. 2018-08-03 12:13:06 -04:00
Michael Sanders
2668418d99 [1.11.x] Fixed #29499 -- Fixed race condition in QuerySet.update_or_create(). 
A race condition happened when the object didn't already exist and
another process/thread created the object before update_or_create()
did and then attempted to update the object, also before update_or_create()
saved the object. The update by the other process/thread could be lost.

Backport of 271542dad1686c438f658aa6220982495db09797 from master
 2018-08-02 17:28:23 -04:00
Andreas Hug
d6eaee0927 [1.11.x] Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware. 2018-07-25 12:13:03 -04:00
Adam Donaghy
56c5c1599a [1.11.x] Fixed #28462 -- Decreased memory usage with ModelAdmin.list_editable. 
Regression in 917cc288a38f3c114a5440f0749b7e5e1086eb36.

Backport of b18650a2634890aa758abae2f33875daa13a9ba3 from master
 2018-06-07 10:15:56 -04:00
Tim Graham
b548180605 [1.11.x] Fixed #29461 -- Fixed ogrinspect test_time_field failure on SpatiaLite. 
Backport of 666be7b9942611d5c0f5e485c448f219cd5a1ad5 from master
 2018-06-02 07:33:32 -04:00
Tim Graham
d60d7d6d71 [1.11.x] Fixed #29462 -- Fixed ogrinspect test failures with GDAL 2.2. 
Backport of 55f4eee75d41499995bfdb611ac89e80c87404eb from master
 2018-06-01 22:38:49 -04:00
Claude Paroz
6f171c285e [1.11.x] Refs #28257 -- Updated a test for GDAL 2.2 
Partial backport of 28627608945ddc3f59fb6a011a4eb363d8020e83 from master
 2018-05-31 17:45:49 -04:00
Tim Graham
800778f7ad [1.11.x] Fixed a test failure with the latest GeoIP databases. 
Backport of 7a22d9f75125e3cfbea0979a876efe4634f6fe05 from master
 2018-04-17 21:35:44 -04:00
Tim Graham
4a20aae468 [1.11.x] Added isolated_local_models support to schema tests. 
Follow up to 46496a542c2ff9f273e090073e9c8071acb1a4a4, which otherwise
has no effect.

Partial backport of 9f7772e098439f9edea3d25ab127539fc514eeb2 from master
 2018-04-14 07:18:33 -04:00
Mariusz Felisiak
f89b11b879
[1.11.x] Fixed #29286 -- Fixed column mismatch crash with QuerySet.values() or values_list() after combining an annotated and unannotated queryset with union(), difference(), or intersection(). 
Regression in a0c03c62a8ac586e5be5b21393c925afa581efaf.

Thanks Tim Graham and Carlton Gibson for reviews.

Backport of 0b66c3b442875627fa6daef4ac1e90900d74290b from master.
 2018-04-13 12:54:32 +02:00
Tim Graham
46496a542c [1.11.x] Fixed schema test failure when running tests in reverse. 
Follow up to 003334f8af29e2023cf7ad7d080aa9ab26a7c528.

Backport of 78f8b80f9b215e50618375adce4c97795dabbb84 from master
 2018-04-12 20:29:30 -04:00
Paul Donohue
979253fce9 [1.11.x] Fixed #29296 -- Fixed crashes in admindocs when a view is a callable object. 
Backport of 33a0b7ac815588ed92dca215e153390af8bdbdda from master
 2018-04-12 13:28:29 -04:00
Jeremy Bowman
8f76939f54 [1.11.x] Fixed #29193 -- Prevented unnecessary foreign key drops when altering a unique field. 
Stopped dropping and recreating foreign key constraints on other fields
in the same table as the one which is actually being altered in an
AlterField operation.

Regression in c3e0adcad8d8ba94b33cabd137056166ed36dae0.

Backport of ee17bb8a67a9e7e688da6e6f4b3be1b3a69c09b0 from master
 2018-04-11 23:24:42 -04:00
Jeremy Bowman
a1f4e14f99 [1.11.x] Tested altering a unique field when a reverse M2M relation exists. 
Backport of 003334f8af29e2023cf7ad7d080aa9ab26a7c528 from master
 2018-04-11 23:23:44 -04:00
Claude Paroz
b25433a225 [1.11.x] Fixed #29273 -- Prevented initial selection of empty choice in multiple choice widgets. 
Regression in b52c73008a9d67e9ddbb841872dc15cdd3d6ee01.

Backport of f3b69f9757ec03057441ebbd52b7cdbfed31fb32 from master.
 2018-04-02 09:27:01 -04:00
Amr Anwar
c5bb472095 [1.11.x] Fixed #29229 -- Fixed column mismatch crash when combining two annotated values_list() querysets with union(), difference(), or intersection(). 
Regression in 7316720603821ebb64dfe8fa592ba6edcef5f3e.

Backport of a0c03c62a8ac586e5be5b21393c925afa581efaf from master
 2018-03-19 21:06:40 -04:00
Tim Graham
a91436360b [1.11.x] Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator. 
Thanks James Davis for suggesting the fix.
 2018-02-27 13:56:26 -05:00
Tim Graham
abf89d729f [1.11.x] Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters. 
Thanks Florian Apolloner for assisting with the patch.
 2018-02-27 13:54:19 -05:00
Tim Graham
e8afd6bf81 [1.11.x] Switched test requirement to new psycopg2-binary package. 
Backport of d4373b6da4b420fe9211438addeedb396a3821be from master
 2018-02-20 19:06:23 -05:00
Tim Graham
d5da552d92 [1.11.x] Removed blank lines per isort 4.3.0. 2018-02-20 08:58:29 -05:00
Tim Graham
57b95fedad [1.11.x] Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm. 
Reverted 359370a8b8ca0efe99b1d4630b291ec060b69225 (refs #28645).

This is a security fix.
 2018-02-01 09:18:33 -05:00
Tim Graham
1c9233b1b9 [1.11.x] Fixed #29094 -- Fixed crash when entering an invalid uuid in ModelAdmin.raw_id_fields. 
Regression in 2f9861d823620da7ecb291a8f005f53da12b1e89.

Thanks Carel Burger for the report and fix.

Backport of docs552abffab16cbdff571486b683e7e7ef12e46066 from master
 2018-02-01 08:56:52 -05:00
Tim Graham
4430b83e4b [1.11.x] Fixed #29071 -- Fixed contrib.auth.authenticate() crash if a backend doesn't accept a request but a later one does. 
Regression in a3ba2662cdaa36183fdfb8a26dfa157e26fca76a.

Backport of 55e16f25e9d2050e95e448f9ab2e4b9fc845a9e5 from stable/2.0.x
 2018-01-31 09:27:21 -05:00
Étienne Loks
419705bbe8 [1.11.x] Fixed #29016 -- Fixed incorrect foreign key nullification on related instance deletion. 
Backport of 9a621edf624a4eb1f1645fca628a9e432f0de776 from master
 2018-01-13 10:33:24 -05:00
Tim Graham
967d824288 [1.11.x] Fixed a GeoIP2 test failure with the latest GeoIP2 database. 
Backport of 66d74676e23c32bc676fb0706af8580b391953b6 from master
 2018-01-10 10:20:19 -05:00
Tim Graham
1bf0e5c43c [1.11.x] Fixed GeoIP test failure with the latest data. 2018-01-08 09:57:49 -05:00
Tim Graham
06e4e80382 [1.11.x] Fixed #25277 -- Restored test dependency to the original python-memcached. 
Backport of 770b9ea77fb5e39d616e62b54c06755e6d4f4d36 from master
 2017-12-18 15:23:44 -10:00
Morgan Wahl
3522203502 [1.11.x] Refs #28856 -- Fixed caching of a GenericForeignKey pointing to a model that uses more than one level of MTI. 2017-12-07 09:34:54 -05:00
Mariusz Felisiak
1decd0197d [1.11.x] Refs #28876 -- Fixed incorrect foreign key constraint name for models with quoted db_table. 
Thanks Simon Charette and Tim Graham for the review and Carlos E. C.
Leite for the report.

Backport of fc48047586a8f92262f55d9d2bfb976325844b23 from master
 2017-12-05 22:52:42 +01:00
Mariusz Felisiak
3e52fd7595 [1.11.x] Refs #28876 -- Fixed incorrect class-based model index name generation for models with quoted db_table. 
Thanks Simon Charette and Tim Graham for the review and Carlos E. C.
Leite for the report.

Backport of f79d9a322c6008e5fada1453aebfb56afc316cc8 from master
 2017-12-05 22:42:58 +01:00
Nick Pope
47681af344 [1.11.x] Fixed #28890 -- Removed newlines between MultiWidget's subwidgets. 
Regression in b52c73008a9d67e9ddbb841872dc15cdd3d6ee01.

Backport of e014f91a70aa3ccdddb363a733c76e35597424fa from master
 2017-12-05 11:44:39 -05:00
Tim Graham
b8a2f3c2d6 [1.11.x] Fixed #28305 -- Fixed "Cannot change column 'x': used in a foreign key constraint" crash on MySQL with a sequence of AlterField or RenameField operations. 
Regression in 45ded053b1f4320284aa5dac63052f6d1baefea9.

Backport of c3e0adcad8d8ba94b33cabd137056166ed36dae0 from master
 2017-12-01 19:09:36 -05:00
Simon Charette
f319e7abad [1.11.x] Fixed #28856 -- Fixed a regression in caching of a GenericForeignKey pointing to a MTI model. 
Regression in b9f8635f58ad743995cad2081b3dc395e55761e5.

Backport of d31424fec1a3de9d281535c0503644a9d7b93c63 from stable/2.0.x
 2017-11-30 10:45:20 -05:00
Mads Jensen
3545e84488 [1.11.x] Fixed #28702 -- Made query lookups for CIText fields use citext. 
Backport of f0a68c25118786d47041d0a435b2afa953be3c86 from master
 2017-11-29 11:12:07 -05:00
Raphael Michel
899999db42 [1.11.x] Fixed #28848 -- Fixed SQLite/MySQL crash when ordering by a filtered subquery that uses nulls_first/nulls_last. 
Backport of 616f468760e4984915bb2ccca6b9eb3d80ddadb0 from master
 2017-11-27 11:40:09 -05:00