This allows the proper resolving of lookups when performing constraint
validation involving Q and Case objects.
Thanks Andrew Roberts for the report and Sarah for the tests and review.
Regression in 849f8307a5.
In order to prevent underlines on links styled like buttons, role="button" was added.
This has been removed and the style updated to reflect that these are links.
Refactored `center` template filter to match f-string behaviour,
producing consistent padding for both odd and even fillings.
Thanks Lily Acorn for the report and Natalia Bidart for the review.
Co-authored-by: Lily Acorn <code@lilyf.org>
- Changed EmailMessage.message() to construct a "modern email API"
email.message.EmailMessage and added policy keyword arg.
- Added support for modern MIMEPart objects in EmailMessage.attach()
(and EmailMessage constructor, EmailMessage.attachments list).
- Updated SMTP EmailBackend to use modern email.policy.SMTP.
Deprecated:
- Attaching MIMEBase objects (replace with MIMEPart)
- BadHeaderError (modern email uses ValueError)
- SafeMIMEText, SafeMIMEMultipart (unnecessary for modern email)
- django.core.mail.forbid_multi_line_headers()
(undocumented, but exposed via `__all__` and in wide use)
- django.core.mail.message.sanitize_address()
(undocumented, but in wide use)
Removed without deprecation (all undocumented):
- EmailMessage.mixed_subtype
- EmailMultiAlternatives.alternative_subtype
- Support for setting (undocumented) EmailMessage.encoding property
to a legacy email.charset.Charset object
Related changes:
- Dropped tests for incorrect RFC 2047 encoding of non-ASCII email
address localparts. This is specifically prohibited by RFC 2047, and
not supported by any known MTA or email client. (Python still
mis-applies encoded-word to non-ASCII localparts, but it is a bug that
may be fixed in the future.)
- Added tests that try to discourage using Python's legacy email APIs
in future updates to django.core.mail.
EmailMessage is intended to support lazy strings in any header field
(via coercion to `str` in forbid_multi_line_headers() called from
SafeMIMEMessage/Text/Multipart.__setitem__).
Manually reformatted some long docstrings and comments that would be
damaged by the to-be-applied autofixer script, in cases where editorial
judgment seemed necessary for style or wording changes.
When looking for cached values in ManyRelatedManager and
ForwardManyToOneDescriptor walk up the whole chain of ancestors
(as long as they are cached) to find the prefetched relation.
In public mail APIs, changed less frequently used parameters from
keyword-or-positional to keyword-only, emitting a warning during the
required deprecation period.
Updated mail tests in preparation for migrating from Python's legacy
to modern email API. The updated tests will pass with either Python API,
and focus on desired outcomes (e.g., that a message with non-ASCII
content parses accurately at the receiving end) rather than specific
implementation details (e.g., where rfc2047 encoded-words are split).
In a few cases that are still implementation dependent, added comments
identifying behavior specific to the legacy email API and expected to
change under the modern one.
Added comments identifying tests that cover internal functions planned
for deprecation, and (where meaningful) added similar tests to verify
the equivalent behavior in non-deprecated features.
Removed obsolete tests left over from Python 2.
This change reuses the existing sorting of `hashed_files` in
`ManifestStaticFilesStorage.save_manifest` to also store a sorted
`paths` mapping in the manifest file. This ensures stable manifest
output that does not change unnecessarily.
Ensured the test for formatter subprocess FileNotFoundError doesn't rely
on platform-specific behavior, improving reliability on macOS and other
systems by consistently using pathlib to build test paths.
When native support for tuple lookups is missing in a DB backend, it can
be emulated with an EXISTS clause. This is controlled by the backend
feature flag "supports_tuple_lookups".
The mishandling of subquery right-hand side in `TupleIn` (added to
support `CompositePrimaryKey` in Refs #373) was likely missed because
the only core backend we test with the feature flag disabled
(Oracle < 23.4) supports it natively.
Thanks to Nandana Raol for the report, and to Sarah Boyce, Jacob Walls,
and Natalia Bidart for reviews.
This initial work adds a pair of settings to configure specific CSP
directives for enforcing or reporting policy violations, a new
`django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the
appropriate headers to responses, and a context processor to support CSP
nonces in templates for safely inlining assets.
Relevant documentation has been added for the 6.0 release notes,
security overview, a new how-to page, and a dedicated reference section.
Thanks to the multiple reviewers for their precise and valuable feedback.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Fixed an inconsistency between EmailMessage.attach() and .attachments
when attaching bytes content with a text/* mimetype. The attach()
function decodes UTF-8 bytes if possible and otherwise changes the
mimetype to application/octet-stream to preserve the content's unknown
encoding (refs #27007). Providing equivalent content directly in
EmailMessage.attachments did not apply the same logic, leading
to an "AttributeError: 'bytes' object has no attribute 'encode'"
in SafeMIMEText.set_payload().
Updated EmailMessage._create_mime_attachment() to match attach()'s
handling for text/* mimetypes with bytes content. Updated test cases
to accurately cover behavior on both paths.
