Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
24,355 Commits 26 Branches 382 Tags
Commit Graph

265 Commits

Author SHA1 Message Date
Carlton Gibson
0bbb560183 [1.11.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format(). 
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.

Backport of 402c0caa851e265410fbcaa55318f22d2bf22ee2 from master.
 2019-02-11 11:15:45 +01:00
Andreas Hug
d6eaee0927 [1.11.x] Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware. 2018-07-25 12:13:03 -04:00
Tim Graham
a91436360b [1.11.x] Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator. 
Thanks James Davis for suggesting the fix.
 2018-02-27 13:56:26 -05:00
Tim Graham
abf89d729f [1.11.x] Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters. 
Thanks Florian Apolloner for assisting with the patch.
 2018-02-27 13:54:19 -05:00
Mark Rogaski
80a0016c49 [1.11.x] Fixed #28487 -- Fixed runserver crash with non-Unicode system encodings on Python 2 + Windows. 2017-08-31 07:33:01 -04:00
Tim Graham
d9ef8ffb58 [1.11.x] Refs #28174 -- Fixed autoreload test crash on Python 2/non-ASCII path. 2017-07-15 08:48:28 -04:00
Mark Rogaski
fc6b90bdb7 [1.11.x] Fixed #28174 -- Fixed crash in runserver's autoreload with Python 2 on Windows with non-str environment variables. 2017-07-13 13:12:29 -04:00
Sergey Fedoseev
30f334cc58 [1.11.x] Fixed #28389 -- Fixed pickling of LazyObject on Python 2 when wrapped object doesn't have __reduce__(). 
Partial revert of 35355a4ffedb2aeed52d5fe3034380ffc6a438db.
 2017-07-12 09:11:48 -04:00
UmanShahzad
03d0c05fdf [1.11.x] Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs. 
Backport of 856072dd4a3e479aa09b0ab6b498ff599ca2a809 from master
 2017-05-10 09:43:12 -04:00
Tim Graham
97e77b7bc1 [1.11.x] Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs. 
This is a security fix.
 2017-04-04 10:46:50 -04:00
Claude Paroz
427f09ce5e [1.11.x] Updated tests after French translation update 
Backport of 389c3ffc04eaa6186ae0bad523995e8fcf7620df from master.
 2017-04-04 13:09:15 +02:00
Tim Graham
6392bf26ca [1.11.x] Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals. 
Backport of 6ae1b04fb584db0fdb22b8e287784c4ed3ac62ac from master
 2017-03-04 09:04:40 -05:00
Jinank Jain
f4c0eec713 Fixed #27699 -- Added negative timedelta support to parse_duration() 2017-01-14 11:17:54 +01:00
vinay karanam
6128c1736d Refs #27637 -- Fixed timesince, timeuntil on New Year's Eve in a leap year. 2017-01-02 08:40:44 -05:00
Anton Samarchyan
5cf4894836 Fixed #27628 -- Fixed unarchiving a file without permission data. 2016-12-28 19:14:58 -05:00
Tim Graham
51cde873d9 Fixed #27648 -- Deprecated (iLmsu) regex groups in url() patterns. 2016-12-27 15:59:13 -05:00
Mariusz Felisiak
3e5c5e6754 Fixed #27637 -- Fixed timesince, timeuntil in leap year edge case. 2016-12-27 09:29:11 -05:00
Phil Tysoe
bf4516a628 Added tests for django.utils.autoreload. 2016-12-22 09:01:28 -05:00
Mariusz Felisiak
8e3a72f4fb Fixed #27583 -- Fixed MultiValueDict.getlist() crash when values for key is None. 
Restored the behavior before 727d7ce6cba21363470aaefb2dc5353017531be3.
 2016-12-09 15:31:52 -05:00
Tim Graham
b5f0b3478d Fixed #27579 -- Added aliases for Python 3's assertion names in SimpleTestCase. 2016-12-07 17:42:31 -05:00
Anton Samarchyan
d0112cf930 Fixed #26494 -- Made Archive.extract() preserve file permissions. 2016-12-06 08:28:36 -05:00
Keda87
794b7d8033 Refs #27546 -- Tested some __repr__() methods. 2016-12-01 08:09:38 -05:00
Adam Chainz
71609a5b90 Fixed #27555 -- Removed django.utils.functional.lazy_property. 2016-11-29 19:01:12 -05:00
Ramin Farajpour Cami
0a63ef3f61 Fixed #27463 -- Fixed E741 flake8 warnings. 2016-11-14 17:40:28 -05:00
Ramin Farajpour Cami
967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
za
321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
Joachim Jablon
fd78fb82d6 Fixed #27138 -- Restored pre-Python 3.6 behavior of localtime() and make_naive() on Python 3.6. 
Reverted test changes in a7a7ecd2b026c61a39a46d2d7eced0e06a92c970 and
e43ea36b7681e43ea99505a2cf7550d4d36016b3 (refs #27025).
 2016-11-07 19:07:18 -05:00
Tim Graham
3158695365 Completed django.utils.timezone test coverage. 2016-11-01 14:01:40 -04:00
Tim Graham
414ad25b09 Fixed #27327 -- Simplified time zone handling by requiring pytz. 2016-10-27 08:53:20 -04:00
Reto Aebersold
3ab55c1a8a Fixed #27309 -- Added CallableBool.__hash__(). 2016-10-04 07:44:19 -04:00
Tim Graham
e43ea36b76 Refs #27025 -- Fixed a timezone test for Python 3.6. 
Reflects behavior changes in PEP 495 (Local Time Disambiguation).
 2016-09-17 15:44:06 -04:00
Tim Graham
8119b679eb Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6. 
http://bugs.python.org/issue27364
 2016-09-17 15:44:06 -04:00
Jani Tiainen
727d7ce6cb Fixed #27198 -- Made MultiValueDict.getlist() return a new list to prevent mutation. 2016-09-16 15:16:18 -04:00
Kevin Christopher Henry
4ef0e019b7 Fixed #27083 -- Added support for weak ETags. 2016-09-10 08:14:52 -04:00
Jon Dufresne
f227b8d15d Refs #26956 -- Allowed is_safe_url() to validate against multiple hosts 2016-09-07 19:56:25 -07:00
Jon Dufresne
ff1e7b4eb4 Fixed #25181 -- Added localdate() function to get date in a different time zone. 
Thanks Konrad Świat for the original patch.
 2016-08-31 17:19:33 -07:00
Olexander Yermakov
b7fb608142 Fixed #27154 -- Allowed comparing CallableBool with bitwise or. 
Thanks Tim for the review.
 2016-08-31 08:27:37 -04:00
Mattias Loverot
9aaeec337e Fixed #26866 -- Added format_lazy function 
Added format_lazy function to django.utils.text module.
Useful when dealing with relative complex lazy string concatenations
(e.g. in urls.py when translating urls in regular expressions).
 2016-08-24 18:18:17 +02:00
Przemysław Suliga
5e5a17028f Fixed #26902 -- Allowed is_safe_url() to require an https URL. 
Thanks Andrew Nester, Berker Peksag, and Tim Graham for reviews.
 2016-08-19 18:51:33 -04:00
Tim Graham
5a41ca79dc Replaced 'raise SkipTest' with self.skipTest() in a few tests. 2016-08-16 16:42:27 -04:00
Tim Graham
a7a7ecd2b0 Refs #27025 -- Fixed a couple timezone tests for Python 3.6. 
Reflects behavior changes in PEP 495 (Local Time Disambiguation).
 2016-08-09 18:14:15 -04:00
Tim Graham
54afa960d1 Fixed #26988 -- Improved/clarified User.is_authenticated/anonymous compatibility. 
Thanks marktranchant for the report and review.
 2016-08-02 11:01:08 -04:00
Dmitry Dygalo
ca32979cdc
Made miscellaneous code cleanups 2016-07-21 10:08:19 -04:00
Will Hardy
8ef78b8165 Fixed #26656 -- Added duration (timedelta) support to DjangoJSONEncoder. 2016-07-14 13:34:15 -04:00
Jon Dufresne
4f336f6652 Fixed #26747 -- Used more specific assertions in the Django test suite. 2016-06-16 14:19:18 -04:00
Ville Skyttä
fa654da613 Removed usage of a few deprecated unittest assertions. 2016-06-14 09:03:12 -04:00
Scott Vitale
be729b6120 Fixed #10107 -- Allowed using mark_safe() as a decorator. 
Thanks ArcTanSusan for the initial patch.
 2016-06-07 12:24:03 -04:00
Chesco Igual
ffd18732f3 Fixed #24781 -- Fixed repr() for lazy objects. 2016-06-04 19:13:00 -04:00
Tim Graham
37aec6b186 Refs #26653 -- Fixed a feedgenerator test that requires a database query on PostgreSQL. 2016-05-30 19:30:45 -04:00
Ketan Bhatt
f31fbbae1a Fixed #26653 -- Made SyndicationFeed.latest_post_date() return time in UTC. 2016-05-30 18:36:15 -04:00