Force text display of object when raising PermissionDenied
to avoid UnicodeDecodeError. Thanks to Mathias Behrle
(@mbehrle) for the report and the debug information.
GitLab issue #576.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
This new setting is used to limit the number of bytes read
while determining the MIME type of a new document. A value
of 0 will cause the entire file to be loaded into memory.
1024 appears to be a suitable number for most cases. This
setting defaults to 0 to preserve the current behavior but
might change in a future version.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
Thanks to Manoel Brunnen (@mbru) for the report and debug
information. GitLab issue #557.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
Thanks to Robert Schoeftner (@robert.schoeftner)for the report
and solution. GitLab issue #574.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
Individual link AJAX workers are obsolete now that the menu
is being rendered by its own AJAX renderer.
GitLab issue #562.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
From Django 1.11.16.
* Django 1.11.17 fixes several bugs in 1.11.16 and adds compatibility
with Python 3.7.
* Prevented repetitive calls to geos_version_tuple() in the WKBWriter
class in an attempt to fix a random crash involving LooseVersion
since Django 1.11.14 (#29959).
* CVE-2019-3498: Content spoofing possibility in the default 404 page
An attacker could craft a malicious URL that could make spoofed
content appear on the default page generated by the
django.views.defaults.page_not_found() view. The URL path is no
longer displayed in the default 404 template and the request_path
context variable is now quoted to fix the issue for custom
templates that use the path
* CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()
If django.utils.numberformat.format() – used by contrib.admin as
well as the the floatformat, filesizeformat, and intcomma templates
filters – received a Decimal with a large number of digits or a large
exponent, it could lead to significant memory usage due to a call to
'{:f}'.format(). To avoid this, decimals with more than 200 digits
are now formatted using scientific notation.
* Corrected packaging error from 1.11.19 (#30175).
https://docs.djangoproject.com/en/2.1/releases/1.11.17/https://docs.djangoproject.com/en/2.1/releases/1.11.18/https://docs.djangoproject.com/en/2.1/releases/1.11.19/https://docs.djangoproject.com/en/2.1/releases/1.11.20/
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
Add tests for the advanced search API. GitLab merge !36.
Thanks to Simeon Walker (@simeon-walker) for the find and fix.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
Use sets and remove explicit index node ordering to allow tests
to work regardless of the node creation order. GitLab issue #559.
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
