Force text display of object when raising PermissionDenied
to avoid UnicodeDecodeError. Thanks to Mathias Behrle
(@mbehrle) for the report and the debug information.
GitLab issue #576.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
This new setting is used to limit the number of bytes read
while determining the MIME type of a new document. A value
of 0 will cause the entire file to be loaded into memory.
1024 appears to be a suitable number for most cases. This
setting defaults to 0 to preserve the current behavior but
might change in a future version.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
Thanks to Manoel Brunnen (@mbru) for the report and debug
information. GitLab issue #557.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
Thanks to Robert Schoeftner (@robert.schoeftner)for the report
and solution. GitLab issue #574.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
Individual link AJAX workers are obsolete now that the menu
is being rendered by its own AJAX renderer.
GitLab issue #562.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
From Django 1.11.16.
* Django 1.11.17 fixes several bugs in 1.11.16 and adds compatibility
with Python 3.7.
* Prevented repetitive calls to geos_version_tuple() in the WKBWriter
class in an attempt to fix a random crash involving LooseVersion
since Django 1.11.14 (#29959).
* CVE-2019-3498: Content spoofing possibility in the default 404 page
An attacker could craft a malicious URL that could make spoofed
content appear on the default page generated by the
django.views.defaults.page_not_found() view. The URL path is no
longer displayed in the default 404 template and the request_path
context variable is now quoted to fix the issue for custom
templates that use the path
* CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()
If django.utils.numberformat.format() – used by contrib.admin as
well as the the floatformat, filesizeformat, and intcomma templates
filters – received a Decimal with a large number of digits or a large
exponent, it could lead to significant memory usage due to a call to
'{:f}'.format(). To avoid this, decimals with more than 200 digits
are now formatted using scientific notation.
* Corrected packaging error from 1.11.19 (#30175).
https://docs.djangoproject.com/en/2.1/releases/1.11.17/https://docs.djangoproject.com/en/2.1/releases/1.11.18/https://docs.djangoproject.com/en/2.1/releases/1.11.19/https://docs.djangoproject.com/en/2.1/releases/1.11.20/
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
Add tests for the advanced search API. GitLab merge !36.
Thanks to Simeon Walker (@simeon-walker) for the find and fix.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
Use sets and remove explicit index node ordering to allow tests
to work regardless of the node creation order. GitLab issue #559.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
Add random primary key mixin. Split test case code into mixins.
Make the view test case and the API test cases part of the same
class hierachy. Update tests that failed due to the new import
locations.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
