[1.3.X] Altered the behavior of URLField to avoid a potential DOS vector, and to avoid potential leakage of local filesystem data. A security announcement will be made shortly.

Backport of r16760 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16763 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-10-26 07:06:08 +00:00 · 2011-09-10 01:08:24 +00:00
parent fbe2eead2f
commit 1a76dbefdf
10 changed files with 87 additions and 57 deletions
--- a/docs/internals/deprecation.txt
+++ b/docs/internals/deprecation.txt
@@ -108,6 +108,12 @@ their deprecation, as per the :ref:`Django deprecation policy
          beyond that of a simple ``TextField`` since the removal of oldforms.
          All uses of ``XMLField`` can be replaced with ``TextField``.

+       * ``django.db.models.fields.URLField.verify_exists`` has been
+         deprecated due to intractable security and performance
+         issues. Validation behavior has been removed in 1.4, and the
+         argument will be removed in 1.5.
+
+
    * 1.5
        * The ``mod_python`` request handler has been deprecated since the 1.3
          release. The ``mod_wsgi`` handler should be used instead.