Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
21,878 Commits 26 Branches 382 Tags
Commit Graph

201 Commits

Author SHA1 Message Date
Claude Paroz
9c195d45a6 [1.9.x] Added safety to URL decoding in is_safe_url() on Python 2 
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
Backport of 552f03869e from master.
 2016-03-04 23:38:32 +01:00
Claude Paroz
78f4830056 [1.9.x] Fixed #26308 -- Prevented crash with binary URLs in is_safe_url() 
This fixes a regression introduced by c5544d28923.
Thanks John Eskew for the reporti and Tim Graham for the review.
Backport of ada7a4aef from master.
 2016-03-04 21:15:44 +01:00
Mark Striemer
fc6d147a63 [1.9.x] Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth. 
This is a security fix.
 2016-03-01 11:38:49 -05:00
Ben Kraft
dee5896b55 [1.9.x] Fixed #26122 -- Fixed copying a LazyObject 
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4.

Backport of 13023ba86746980aace2341ba32a9419e7567751 from master
 2016-01-26 06:57:27 -05:00
Tim Graham
2b17ac2469 [1.9.x] Skipped a dateformat test on Windows as needed. 
Refs 1014ba026e879e56e0f265a8d9f54e6f39843348

Backport of 2765adc8dcbaa41662af9000c4de2820418bf0a2 from master
 2016-01-05 13:12:09 -05:00
Denis Cornehl
ee2835e69c [1.9.x] Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support. 
Backport of 186b6c61bfe85afa4d6bf213d04a28dd2853fed2 from master
 2016-01-05 09:41:13 -05:00
Josh Soref
8897f4b0df [1.9.x] Fixed many spelling mistakes in code, comments, and docs. 
Backport of 93452a70e8a62c7408eeded444f5088d4a26212d from master
 2015-12-03 12:49:03 -05:00
Aymeric Augustin
ca0278f496 [1.9.x] Fixed debug view crash during autumn DST change. 
This only happens if USE_TZ = False and pytz is installed (perhaps not
the most logical combination, but who am I to jugde?)

Refs #23714 which essentially fixed the same problem when USE_TZ = True.

Thanks Florian and Carl for insisting until I wrote a complete patch.

Backport of 1014ba026e879e56e0f265a8d9f54e6f39843348 from master
 2015-11-09 06:56:44 -05:00
Ben Kraft
63a1e912a7 [1.9.x] Fixed #25389 -- Fixed pickling a SimpleLazyObject wrapping a model. 
Pickling a `SimpleLazyObject` wrapping a model did not work correctly; in
particular it did not add the `_django_version` attribute added in 42736ac8.
Now it will handle this and other custom `__reduce__` methods correctly.

Backport of 35355a4ffedb2aeed52d5fe3034380ffc6a438db from master
 2015-10-03 13:01:08 -04:00
Matt Robenolt
b0c56b895f Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN. 
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
 2015-09-16 12:21:50 -04:00
Dražen Odobašić
b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
Zan Anderle
f3dc173240 Fixed #24917 -- Made admindocs display model methods that take arguments. 2015-09-07 15:07:39 -04:00
Aymeric Augustin
b79fc11d73 Made the autoreloader survive all exceptions. 
Refs #24704.
 2015-08-29 20:50:00 +02:00
Aymeric Augustin
c2fcba2ac7 Ensured gen_filenames() yields native strings. 
This also fixes a test failure on Python 2 when Django is installed in a
non-ASCII path. This problem cannot happen on Python 3.
 2015-08-29 20:49:25 +02:00
Aymeric Augustin
dfa712efb8 Refactored autoreload tests. 
* Added helpers to test uncached and cached access.
* Fixed test_project_root_locale: it duplicated test_locale_paths_setting.
* Rewrote test_only_new_files: test more cases.
 2015-08-29 20:49:24 +02:00
Aymeric Augustin
23620cb8e0 Accounted for error files in the autoreloader. 
* When some old files contain errors, the second call to
  gen_filenames() should return them.
* When some new files contain errors, the first call to
  gen_filenames(only_new=True) should return them.
 2015-08-29 20:47:38 +02:00
Flavio Curella
c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Edward Henderson
f8cc464452 Fixed #16501 -- Added an allow_unicode parameter to SlugField. 
Thanks Flavio Curella and Berker Peksag for the initial patch.
 2015-07-17 13:48:58 -04:00
darkryder
f675afa13c Fixed #25093 -- Added utils.datastructures.OrderedSet.__len__() 2015-07-09 21:20:52 -04:00
Tim Graham
aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap. 
Forwardport of ae1d663b7913f6da233c55409c4973248372d302
from stable/1.8.x plus more.
 2015-06-24 16:08:20 -04:00
Marten Kenbeek
290ff35e6c Fixed #25000 -- Fixed cast to string for lazy objects. 
Implemented __str__() to return the string-representation of the
proxied object, not the proxy itself, if the lazy object didn't have
a string-like object in its resultclasses.
 2015-06-23 09:16:17 -04:00
Moritz Sichert
98df288dda Fixed #24978 -- Escaped special characters in loaddata fixture paths 2015-06-13 19:45:05 -04:00
Moritz Sichert
296919e7a5 Fixed #24965 -- Made LiveServerTestCase.live_server_url accessible from class 2015-06-12 17:44:54 -04:00
Tomasz Kontusz
c2b4967e76 Fixed ImportError message in utils.module_loading.import_string() 2015-06-06 11:45:22 -04:00
Raphael Michel
6700c90935 Fixed #19210 -- Added leap year support to django.utils.timesince() 2015-06-04 21:36:12 -04:00
Raphael Michel
5c125f63f7 Fixed #24728 -- Renamed mime_type to content_type for syndication feeds 
Renamed the mime_type properties of RssFeed and Atom1Feed to
content_type and start deprecation for the old names.
 2015-06-04 13:24:18 -04:00
zauddelig
262d4db8c4 Fixed #24897 -- Allowed using choices longer than 1 day with DurationField 2015-06-02 12:39:34 -04:00
Tim Graham
70be31bba7 Fixed #24836 -- Made force_text() resolve lazy objects. 2015-05-27 09:48:53 -04:00
Simon Charette
be67400b47 Refs #24652 -- Used SimpleTestCase where appropriate. 2015-05-20 13:46:13 -04:00
Aymeric Augustin
06dc6759d8 Factored skip condition when pytz isn't installed. 2015-05-17 10:23:14 +02:00
Tim Graham
eda12ceef1 Removed redundant list() calls. 2015-05-16 10:44:07 -04:00
Josh Smeaton
143255c8bb Fixed #22598 -- Allowed make_aware() to work with ambiguous datetime 2015-04-24 13:55:40 -04:00
Moritz Sichert
1f2abf784a Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates. 2015-03-27 19:46:20 -04:00
Tim Graham
011a54315e Made is_safe_url() reject URLs that start with control characters. 
This is a security fix; disclosure to follow shortly.
 2015-03-18 19:20:07 -04:00
Tim Graham
1c83fc88d6 Fixed an infinite loop possibility in strip_tags(). 
This is a security fix; disclosure to follow shortly.
 2015-03-18 19:20:07 -04:00
Claude Paroz
df193b3cef Fixed #24382 -- Allowed unicode chars inside formatted numbers 
Thanks Jacob Rief for the report and Tim Graham for the review.
 2015-03-09 18:55:28 +01:00
Rik
a5b225084f Fixed #23838 -- added missing __iter__ to LazyObject 2015-03-08 15:42:23 +01:00
Aymeric Augustin
a8fe12417f Normalized usage of the tempfile module. 
Specifically stopped using the dir argument.
 2015-02-23 16:55:27 +01:00
Tim Graham
307c0f299a Refs #24324 -- Fixed Python 2 test failures when path to Django source contains non-ASCII characters. 2015-02-17 19:03:03 -05:00
Lukas Klein
93b3ef9b2e Fixed #24321 -- Improved utils.http.same_origin compliance with RFC6454 2015-02-12 08:58:35 +01:00
Varun Sharma
540ca563de Fixed #24181 -- Fixed multi-char THOUSAND_SEPARATOR insertion 
Report and original patch by Kay Cha.
 2015-02-08 20:00:57 +01:00
Tim Graham
0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Matthew Somerville
caa3562d5b Fixed #24242 -- Improved efficiency of utils.text.compress_sequence() 
The function no longer flushes zfile after each write as doing so can
lead to the gzipped streamed content being larger than the original
content; each flush adds a 5/6 byte type 0 block. Removing this means
buf.read() may return nothing, so only yield if that has some data.
Testing shows without the flush() the buffer is being flushed every 17k
or so and compresses the same as if it had been done as a whole string.
 2015-02-04 13:04:00 -05:00
darkryder
9ec8aa5e5d Fixed #24149 -- Normalized tuple settings to lists. 2015-02-03 14:59:45 -05:00
Loic Bistuer
3a4c9e1b43 Cleaned up some forms tests. 
Thanks Berker Peksag and Tim Graham for the reviews. Refs #24219.
 2015-01-27 22:39:57 +07:00
Tim Graham
d029fafea1 Removed utils.module_loading.import_by_path() per deprecation timeline; refs #21674. 2015-01-18 12:51:15 -05:00
Tim Graham
df3f3bbe29 Removed utils.text.javascript_quote() per deprecation timeline; refs #21725. 2015-01-17 12:41:49 -05:00
Tim Graham
1b0365ad34 Removed django.utils.tzinfo per deprecation timeline; refs #17262. 2015-01-17 09:32:33 -05:00
Tim Graham
c820892eed Removed django.utils.datastructures.SortedDict per deprecation timeline. 2015-01-17 08:40:23 -05:00
Tim Graham
37b7776a01 Removed django.utils.datastructures.MergeDict per deprecation timeline; refs #18659. 2015-01-17 08:13:36 -05:00