Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
27,043 Commits 26 Branches 382 Tags
Commit Graph

62 Commits

Author SHA1 Message Date
Mariusz Felisiak
f27c38ab5d [2.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses. 
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.

[1] https://bugs.python.org/issue36384
 2021-06-02 10:26:22 +02:00
Mariusz Felisiak
d9594c4ea5 [2.2.x] Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+. 
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603

Backport of e1e81aa1c4427411e3c68facdd761229ffea6f6f from main.
 2021-05-06 08:53:27 +02:00
buzzi
24cae0bedc Fixed #29860 -- Allowed BaseValidator to accept a callable limit_value. 2018-10-22 10:26:54 -04:00
Tom Forbes
8c70ba92dd Refactored validators tests to use subtests. 2018-08-18 15:04:48 -04:00
Tim Bell
cdcf4164be Fixed #29528 -- Made URLValidator reject invalid characters in the username and password. 2018-07-23 10:30:01 -04:00
Fabio Bonelli
f636f0bb86 Fixed #29007 -- Fixed DecimalValidator crash on NaN, SNan, Inf, and Infinity values. 2018-01-10 21:43:32 -05:00
Josh Schneier
e8c4596329 Fixed #28562 -- Fixed DecimalValidator handling of positive exponent scientific notation. 2017-09-27 09:42:04 -04:00
Josh Schneier
0dbcd0e87f Added tests for DecimalValidator. 2017-09-11 14:18:02 -04:00
Alejandro Zamora
90d7b912b9 Fixed #28201 -- Added ProhibitNullCharactersValidator and used it on CharField form field. 2017-08-12 20:14:14 -04:00
Mads Jensen
a51c4de194 Used assertRaisesMessage() to test Django's error messages. 2017-07-29 19:07:23 -04:00
Arne de Laat
681d2599ee Fixed #28165 -- Ignored case in FileExtensionValidator's allowed_extensions. 2017-06-07 16:53:36 -04:00
Arne de Laat
b137add6cf Added FileExtensionValidator tests for uppercase and missing file extensions. 2017-06-07 16:53:10 -04:00
Claude Paroz
289fc1bfa5 Refs #23919 -- Removed str_prefix usage 2017-01-20 15:43:28 +01:00
Tim Graham
4e729feaa6 Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage. 
These functions do nothing on Python 3.
 2017-01-20 08:01:02 -05:00
Aymeric Augustin
a556396339 Refs #23919 -- Replaced io.open() with open(). 
io.open() is an alias for open() on Python 3.
 2017-01-18 21:45:12 -05:00
Claude Paroz
d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Ramin Farajpour Cami
967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
za
321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
wim glenn
21dd792349 Fixed #26578 -- Prohibited non-ASCII digits in validate_ipv4_address. 2016-10-28 11:38:49 -04:00
Baptiste Mispelon
a9215b7c36 Refs #21548 -- Skipped tests that rely on pillow when it's not installed 2016-07-02 15:46:16 +02:00
Berker Peksag
12b4280444 Fixed #21548 -- Added FileExtensionValidator and validate_image_file_extension. 2016-06-30 09:08:50 -04:00
Christopher Grebs
a9e188ccd6 Fixed #26119 -- Fixed URLValidator crash on URLs with brackets. 2016-06-28 15:43:43 -04:00
Tim Graham
c9ae09addf Replaced use of TestCase.fail() with assertRaises(). 
Also removed try/except/fail antipattern that hides exceptions.
 2016-06-28 11:21:26 -04:00
Tim Graham
b1afebf882 Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator. 
Thanks Shai Berger for the review.
 2016-02-18 19:06:49 -05:00
Akshesh
d58aaa24e3 Fixed #26107 -- Added option to int_list_validator() to allow negative integers. 2016-02-18 18:58:18 -05:00
Raphael Michel
82976e5c3f Fixed #25637 -- Added URLValidator hostname length validation. 
URLValidator now validates the maximum length of a hostname and the
maximum length of all labels inside the hostname.
 2015-12-08 15:46:45 -05:00
Dheerendra Rathor
06627ef2ca Fixed #25635 -- Made URLValidator allow '+' in scheme. 2015-10-31 17:50:05 -04:00
Dheerendra Rathor
96fe90f535 Fixed #25620 -- Made URLValidator prohibit URLs with consecutive dots in the domain section. 2015-10-29 10:59:22 -04:00
Iulia Chiriac
75ed590032 Fixed #24636 -- Added model field validation for decimal places and max digits. 2015-09-18 14:30:20 -04:00
Maxime Lorant
c92cd22d02 Refs #25345 -- Updated links to code.google.com. 2015-09-04 08:14:21 -04:00
Edward Henderson
f8cc464452 Fixed #16501 -- Added an allow_unicode parameter to SlugField. 
Thanks Flavio Curella and Berker Peksag for the initial patch.
 2015-07-17 13:48:58 -04:00
Shai Berger
17d3a6d804 Fixed catastrophic backtracking in URLValidator. 
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
 2015-07-08 15:23:03 -04:00
Tim Graham
014247ad19 Prevented newlines from being accepted in some validators. 
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
 2015-07-08 15:23:03 -04:00
Alexey Sveshnikov
bc98bc56a5 Fixed #25059 -- Allowed Punycode TLDs in URLValidator 2015-07-06 15:08:43 -04:00
Anoop Thomas Mathew
2400329508 Fixed #24349 -- Limited domain name labels to 63 characters in EmailValidator 2015-04-17 18:08:33 -04:00
Bertrand Bordage
3e64f3d0fc Fixed #24531 -- Improved CommaSeparatedIntegerField validation. 
`','`, `'1,,1'`, `',1'` etc. are no longer considered as valid
comma-separated integer lists.
 2015-03-25 18:49:59 -04:00
Tim Graham
0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Danilo Bargen
2e65d56156 Fixed #20003 -- Improved and extended URLValidator 
This adds support for authentication data (`user:password`) in URLs,
IPv6 addresses, and unicode domains.

The test suite has been improved by adding test URLs from
http://mathiasbynens.be/demo/url-regex (with a few adjustments,
like allowing local and reserved IPs).

The previous URL validation regex failed this test suite on 13
occasions, the validator was updated based on
https://gist.github.com/dperini/729294.
 2015-01-06 14:04:25 -05:00
Danilo Bargen
8b77b64f1c Refactored URLValidator tests by moving URLs to text files. 2014-11-03 13:02:11 -05:00
Anubhav Joshi
5cdb8f8c1e Fixed #16617 -- Added 'value' to BaseValidator params. 
Also allowed overriding the default messages in subclasses of BaseValidator.

Thanks sperrygrove for initial patch.
 2014-07-26 10:03:00 -04:00
Tim Graham
1f8bb95cc2 Corrected domain max length for EmailValidator; refs #20631. 
Thanks MarkusH for the report.
 2014-07-04 20:50:28 -04:00
Tim Graham
7fd55c3481 Fixed #20631 -- Increased the default EmailField max_length to 254. 
Thanks pmartin for the report.
 2014-07-04 14:15:00 -04:00
Erik Romijn
424fe76349 Fixed #22579 -- Corrected validation for email to reject trailing slash 
Thanks to Claude Paroz for the report and patch and Tomasz
Paczkowski for the review.
 2014-05-16 15:13:11 +02:00
David Szotten
7fe60ae64a Fixed #22588 -- Fix RegexValidator __eq__ 
Compare parameters instead of re.pattern instances, and add the other
parameters to the comparison. Also add a __ne__ to make assertNotEqual
work properly.
 2014-05-08 19:51:15 -07:00
Alex Gaynor
2bcb8bfc8d Fix many many typos in comments throughout the codebase 2014-04-26 10:18:45 -07:00
Dejan Noveski
4d0c5f6142 Fixed #22255 -- Added support for specifying re flags in RegexValidator 2014-03-21 11:12:36 +01:00
Erik Romijn
98f13762d7 Fixed #22123 -- EmailValidator now also accepts IPv6 literals in addresses 2014-02-22 17:45:33 +01:00
Si Feng
b102c27ff4 Fixed #20784 -- Added inverse_match parameter to RegexValidator. 2014-02-10 05:38:43 -05:00
Andrew Godwin
a68f325791 Fixed #21638: Validators are now comparable, stops infinite user mig'ns 2014-01-19 18:56:16 +00:00
Claude Paroz
6d66ba5948 Fixed #21242 -- Allowed more IANA schemes in URLValidator 
Thanks Sascha Peilicke for the report and initial patch, and
Tim Graham for the review.
 2013-12-28 21:25:32 +01:00