Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
22,021 Commits 26 Branches 382 Tags
Commit Graph

20 Commits

Author SHA1 Message Date
Claude Paroz
9c195d45a6 [1.9.x] Added safety to URL decoding in is_safe_url() on Python 2 
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
Backport of 552f03869e from master.
 2016-03-04 23:38:32 +01:00
Claude Paroz
78f4830056 [1.9.x] Fixed #26308 -- Prevented crash with binary URLs in is_safe_url() 
This fixes a regression introduced by c5544d28923.
Thanks John Eskew for the reporti and Tim Graham for the review.
Backport of ada7a4aef from master.
 2016-03-04 21:15:44 +01:00
Mark Striemer
fc6d147a63 [1.9.x] Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth. 
This is a security fix.
 2016-03-01 11:38:49 -05:00
Denis Cornehl
ee2835e69c [1.9.x] Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support. 
Backport of 186b6c61bfe85afa4d6bf213d04a28dd2853fed2 from master
 2016-01-05 09:41:13 -05:00
Josh Soref
8897f4b0df [1.9.x] Fixed many spelling mistakes in code, comments, and docs. 
Backport of 93452a70e8a62c7408eeded444f5088d4a26212d from master
 2015-12-03 12:49:03 -05:00
Matt Robenolt
b0c56b895f Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN. 
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
 2015-09-16 12:21:50 -04:00
Tim Graham
011a54315e Made is_safe_url() reject URLs that start with control characters. 
This is a security fix; disclosure to follow shortly.
 2015-03-18 19:20:07 -04:00
Lukas Klein
93b3ef9b2e Fixed #24321 -- Improved utils.http.same_origin compliance with RFC6454 2015-02-12 08:58:35 +01:00
Tim Graham
0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Tim Graham
69b5e66738 Fixed is_safe_url() to handle leading whitespace. 
This is a security fix. Disclosure following shortly.
 2015-01-13 13:03:06 -05:00
Berker Peksag
f7969b0920 Fixed #23620 -- Used more specific assertions in the Django test suite. 2014-11-03 11:56:37 -05:00
Loic Bistuer
3c6ac0bab8 Consolidated some text utils into the utils_tests test package. 2014-09-23 19:45:59 +07:00
Ian Foote
03d89168a2 Fixed #23333 -- Made urlsafe_base64_decode() return proper type on Python 3. 2014-08-22 20:07:12 -04:00
Tim Graham
89b9e6e5d6 Fixed #22909 -- Removed camelCasing in some tests. 
Thanks brylie.
 2014-07-07 19:08:42 -04:00
Erik Romijn
255449c1ee Added additional checks in is_safe_url to account for flexible parsing. 
This is a security fix. Disclosure following shortly.
 2014-05-14 10:19:48 +02:00
Aymeric Augustin
3800f63721 Dropped fix_IE_for_vary/attach. 
This is a security fix. Disclosure following shortly.
 2014-05-14 10:19:48 +02:00
Larry O'Neill
83b9bfea44 Fixed #21266 -- Fixed E201,E202 pep8 warnings. 2013-10-14 18:12:00 -04:00
Aymeric Augustin
365c3e8b73 Replaced "not PY3" by "PY2", new in six 1.4.0. 2013-09-02 12:11:02 +02:00
Aymeric Augustin
cfcf4b3605 Stopped using django.utils.unittest in the test suite. 
Refs #20680.
 2013-07-01 14:29:33 +02:00
Preston Timmons
612ef3e5c9 Modified utils_tests for unittest2 discovery. 2013-04-12 15:31:58 -06:00