Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity

Revert "Apply all patches up to CVE-2023-36053"

Browse Source 
This reverts commit 02766aa3ec9fcd65a7384b3b37f93eae23dee437.
This commit is contained in:
Alan Cheung 2023-07-25 14:44:26 -07:00
parent 02766aa3ec
commit 225f60a6a2
7 changed files with 8 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
django/core/validators.py
View File

@ -104,8 +104,6 @@ class URLValidator(RegexValidator):
r'\Z', re.IGNORECASE)
message = _('Enter a valid URL.')
schemes = ['http', 'https', 'ftp', 'ftps']
unsafe_chars = frozenset('\t\r\n')
max_length = 2048
def __init__(self, schemes=None, **kwargs):
super(URLValidator, self).__init__(**kwargs)
@ -114,10 +112,6 @@ class URLValidator(RegexValidator):
def __call__(self, value):
value = force_text(value)
if not isinstance(value, str) or len(value) > self.max_length:
raise ValidationError(self.message, code=self.code, params={'value': value})
if self.unsafe_chars.intersection(value):
raise ValidationError(self.message, code=self.code)
# Check first if the scheme is valid
scheme = value.split('://')[0].lower()
if scheme not in self.schemes:
@ -189,9 +183,7 @@ class EmailValidator(object):
def __call__(self, value):
value = force_text(value)
# The maximum length of an email is 320 characters per RFC 3696
# section 3.
if not value or '@' not in value or len(value) > 320:
if not value or '@' not in value:
raise ValidationError(self.message, code=self.code)
user_part, domain_part = value.rsplit('@', 1)

2
django/db/backends/sqlite3/schema.py
View File

@ -24,12 +24,10 @@ class DatabaseSchemaEditor(BaseDatabaseSchemaEditor):
c.execute('PRAGMA foreign_keys')
self._initial_pragma_fk = c.fetchone()[0]
c.execute('PRAGMA foreign_keys = 0')
self.connection.cursor().execute('PRAGMA legacy_alter_table = ON')
return super(DatabaseSchemaEditor, self).__enter__()
def __exit__(self, exc_type, exc_value, traceback):
super(DatabaseSchemaEditor, self).__exit__(exc_type, exc_value, traceback)
self.connection.cursor().execute('PRAGMA legacy_alter_table = OFF')
with self.connection.cursor() as c:
# Restore initial FK setting - PRAGMA values can't be parametrized
c.execute('PRAGMA foreign_keys = %s' % int(self._initial_pragma_fk))

6
django/forms/fields.py
View File

@ -546,12 +546,6 @@ class EmailField(CharField):
widget = EmailInput
default_validators = [validators.validate_email]
def __init__(self, *args, **kwargs):
# The default maximum length of an email is 320 characters per RFC 3696
# section 3.
kwargs.setdefault("max_length", 320)
super(EmailField, self).__init__(*args, strip=True, **kwargs)
def clean(self, value):
value = self.to_python(value).strip()
return super(EmailField, self).clean(value)

5
tests/forms_tests/tests/test_fields.py
View File

@ -805,10 +805,7 @@ class FieldsTests(SimpleTestCase):
def test_emailfield_1(self):
f = EmailField()
self.assertEqual(f.max_length, 320)
self.assertWidgetRendersTo(
f, '<input type="email" name="f" id="id_f" maxlength="320" required>'
)
self.assertWidgetRendersTo(f, '<input type="email" name="f" id="id_f" />')
self.assertRaisesMessage(ValidationError, "'This field is required.'", f.clean, '')
self.assertRaisesMessage(ValidationError, "'This field is required.'", f.clean, None)
self.assertEqual('person@example.com', f.clean('person@example.com'))

18
tests/forms_tests/tests/test_forms.py
View File

@ -416,17 +416,11 @@ class FormsTestCase(SimpleTestCase):
get_spam = BooleanField()
f = SignupForm(auto_id=False)
self.assertHTMLEqual(
str(f["email"]),
'<input type="email" name="email" maxlength="320" required />',
)
self.assertHTMLEqual(str(f['email']), '<input type="email" name="email" />')
self.assertHTMLEqual(str(f['get_spam']), '<input type="checkbox" name="get_spam" />')
f = SignupForm({'email': 'test@example.com', 'get_spam': True}, auto_id=False)
self.assertHTMLEqual(
str(f["email"]),
'<input type="email" name="email" maxlength="320" required />',
)
self.assertHTMLEqual(str(f['email']), '<input type="email" name="email" value="test@example.com" />')
self.assertHTMLEqual(str(f['get_spam']), '<input checked="checked" type="checkbox" name="get_spam" />')
# 'True' or 'true' should be rendered without a value attribute
@ -2601,7 +2595,7 @@ Good luck picking a username that doesn&#39;t already exist.</p>
<option value="2">Yes</option>
<option value="3">No</option>
</select></li>
<li><label for="id_email">Email:</label> <input type="email" name="email" id="id_email" maxlength="320" /></li>
<li><label for="id_email">Email:</label> <input type="email" name="email" id="id_email" /></li>
<li class="required error"><ul class="errorlist"><li>This field is required.</li></ul>
<label class="required" for="id_age">Age:</label> <input type="number" name="age" id="id_age" /></li>"""
)
@ -2617,7 +2611,7 @@ Good luck picking a username that doesn&#39;t already exist.</p>
<option value="2">Yes</option>
<option value="3">No</option>
</select></p>
<p><label for="id_email">Email:</label> <input type="email" name="email" id="id_email" maxlength="320" /></p>
<p><label for="id_email">Email:</label> <input type="email" name="email" id="id_email" /></p>
<ul class="errorlist"><li>This field is required.</li></ul>
<p class="required error"><label class="required" for="id_age">Age:</label>
<input type="number" name="age" id="id_age" /></p>"""
@ -2636,7 +2630,7 @@ Good luck picking a username that doesn&#39;t already exist.</p>
<option value="3">No</option>
</select></td></tr>
<tr><th><label for="id_email">Email:</label></th><td>
<input type="email" name="email" id="id_email" maxlength="320" /></td></tr>
<input type="email" name="email" id="id_email" /></td></tr>
<tr class="required error"><th><label class="required" for="id_age">Age:</label></th>
<td><ul class="errorlist"><li>This field is required.</li></ul>
<input type="number" name="age" id="id_age" /></td></tr>"""
@ -3222,7 +3216,7 @@ Good luck picking a username that doesn&#39;t already exist.</p>
f = CommentForm(data, auto_id=False, error_class=DivErrorList)
self.assertHTMLEqual(f.as_p(), """<p>Name: <input type="text" name="name" maxlength="50" /></p>
<div class="errorlist"><div class="error">Enter a valid email address.</div></div>
<p>Email: <input type="email" name="email" value="invalid" maxlength="320" required /></p>
<p>Email: <input type="email" name="email" value="invalid" /></p>
<div class="errorlist"><div class="error">This field is required.</div></div>
<p>Comment: <input type="text" name="comment" /></p>""")

2
tests/requests/tests.py
View File

@ -192,13 +192,11 @@ class RequestsTests(SimpleTestCase):
"Cookie will expire when an distant expiration time is provided"
response = HttpResponse()
response.set_cookie('datetime', expires=datetime(2028, 1, 1, 4, 5, 6))
response.set_cookie('datetime', expires=datetime(2038, 1, 1, 4, 5, 6))
datetime_cookie = response.cookies['datetime']
self.assertIn(
datetime_cookie['expires'],
# Slight time dependency; refs #23450
('Sat, 01-Jan-2028 04:05:06 GMT', 'Sat, 01-Jan-2028 04:05:07 GMT')
('Fri, 01-Jan-2038 04:05:06 GMT', 'Fri, 01-Jan-2038 04:05:07 GMT')
)
def test_max_age_expiration(self):

6
tests/validators/tests.py
View File

@ -54,7 +54,6 @@ TEST_DATA = [
(validate_email, 'example@atm.%s' % ('a' * 64), ValidationError),
(validate_email, 'example@%s.atm.%s' % ('b' * 64, 'a' * 63), ValidationError),
(validate_email, "example@%scom" % (("a" * 63 + ".") * 100), ValidationError),
(validate_email, None, ValidationError),
(validate_email, '', ValidationError),
(validate_email, 'abc', ValidationError),
@ -208,11 +207,6 @@ TEST_DATA = [
(URLValidator(EXTENDED_SCHEMES), 'git://example.com/', None),
(URLValidator(EXTENDED_SCHEMES), 'git://-invalid.com', ValidationError),
(
URLValidator(),
"http://example." + ("a" * 63 + ".") * 1000 + "com",
ValidationError,
),
# Trailing newlines not accepted
(URLValidator(), 'http://www.djangoproject.com/\n', ValidationError),
(URLValidator(), 'http://[::ffff:192.9.5.5]\n', ValidationError),