Go to file

Simon Charette 0bd57a879a [3.1.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.order_by().

Regression introduced in 513948735b799239f3ef8c89397592445e1a0cd5
by marking the raw SQL column reference feature for deprecation in
Django 4.0 while lifting the column format validation.

In retrospective the validation should have been kept around and the
user should have been pointed at using RawSQL expressions during the
deprecation period.

The main branch is not affected because the raw SQL column reference
support has been removed in 06eec3197009b88e3a633128bbcbd76eea0b46ff
per the 4.0 deprecation life cycle.

Thanks Joel Saunders for the report.

2021-07-01 08:36:17 +02:00

.github

Enabled GitHub security policy.

2020-05-07 17:25:46 +02:00

.tx

Removed contrib-messages entry in Transifex config file

2016-06-29 21:11:30 +02:00

django

[3.1.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.order_by().

2021-07-01 08:36:17 +02:00

docs

[3.1.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.order_by().

2021-07-01 08:36:17 +02:00

extras

Fixed #23433 -- Deprecated django-admin.py entry point in favor of django-admin.

2019-12-06 12:11:44 +01:00

js_tests

Refs #31493 -- Changed IIFE to ES6 blocks.

2020-04-29 10:22:41 +02:00

scripts

Refs #30116 -- Simplified stdout/stderr decoding with subprocess.run()'s encoding argument.

2019-11-04 11:21:25 +01:00

tests

[3.1.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.order_by().

2021-07-01 08:36:17 +02:00

.editorconfig

Refs #29784 -- Switched to https:// links where available.

2018-09-26 08:48:47 +02:00

.eslintignore

Refs #16501 , #26474 -- Added xregexp.js source file.

2016-06-06 09:25:02 -04:00

.eslintrc

Refs #31493 -- Changed IIFE to ES6 blocks.

2020-04-29 10:22:41 +02:00

.gitattributes

Fixed #19670 -- Applied CachedFilesMixin patterns to specific extensions

2016-03-30 14:34:41 +02:00

.gitignore

Fixed #22446 -- Added tox.ini to automate pull request checks.

2016-07-20 14:06:28 -04:00

.hgignore

Synced .hgignore with .gitignore

2015-07-01 10:23:05 -04:00

AUTHORS

[3.1.x] Fixed #31850 -- Fixed BasicExtractorTests.test_extraction_warning with xgettext 0.21+.

2020-11-02 10:29:14 +01:00

CONTRIBUTING.rst

Added link to the code of conduct from contributing guides.

2015-04-17 18:12:41 -04:00

Gruntfile.js

Fixed qunit tests (coverage still missing). (#7716 )

2016-12-19 18:45:37 +01:00

INSTALL

Refs #30948 -- Updated install instructions to use pip instead of setup.py.

2019-11-08 13:26:35 +01:00

LICENSE

Whitespace cleanup.

2013-10-10 16:49:20 -04:00

LICENSE.python

Updated Python license for 2020.

2020-02-04 11:58:12 +01:00

MANIFEST.in

Simplified MANIFEST.in

2015-12-12 12:07:21 -05:00

package.json

Removed bundled QUnit in favor of npm package.

2020-03-17 15:43:59 +01:00

README.rst

[3.1.x] Changed IRC references to Libera.Chat.

2021-05-20 12:29:31 +02:00

setup.cfg

[3.1.x] Fixed #32128 -- Added asgiref 3.3 compatibility.

2020-10-27 11:29:31 +01:00

setup.py

Fixed #30948 -- Changed packaging to use declarative config in setup.cfg.

2019-11-08 14:14:13 +01:00

tox.ini

[3.1.x] Refs #31040 -- Doc'd Python 3.9 compatibility.

2020-10-13 08:36:43 +02:00

README.rst

Django

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Thanks for checking it out.

All documentation is in the "docs" directory and online at https://docs.djangoproject.com/en/stable/. If you're just getting started, here's how we recommend you read the docs:

First, read docs/intro/install.txt for instructions on installing Django.
Next, work through the tutorials in order (docs/intro/tutorial01.txt, docs/intro/tutorial02.txt, etc.).
If you want to set up an actual deployment server, read docs/howto/deployment/index.txt for instructions.
You'll probably want to read through the topical guides (in docs/topics) next; from there you can jump to the HOWTOs (in docs/howto) for specific problems, and check out the reference (docs/ref) for gory details.
See docs/README for instructions on building an HTML version of the docs.

Docs are updated rigorously. If you find any problems in the docs, or think they should be clarified in any way, please take 30 seconds to fill out a ticket here: https://code.djangoproject.com/newticket

To get more help:

Join the #django channel on irc.libera.chat. Lots of helpful people hang out there.
Join the django-users mailing list, or read the archives, at https://groups.google.com/group/django-users.

To contribute to Django:

Check out https://docs.djangoproject.com/en/dev/internals/contributing/ for information about getting involved.

To run Django's test suite:

Follow the instructions in the "Unit tests" section of docs/internals/contributing/writing-code/unit-tests.txt, published online at https://docs.djangoproject.com/en/dev/internals/contributing/writing-code/unit-tests/#running-the-unit-tests