[1.3.X] Altered the behavior of URLField to avoid a potential DOS vector, and to avoid potential leakage of local filesystem data. A security announcement will be made shortly.

Backport of r16760 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16763 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-10-24 22:26:08 +00:00 · 2011-09-10 01:08:24 +00:00
parent fbe2eead2f
commit 1a76dbefdf
10 changed files with 87 additions and 57 deletions
--- a/docs/ref/forms/fields.txt
+++ b/docs/ref/forms/fields.txt
@@ -756,6 +756,11 @@ Takes the following optional arguments:
    If ``True``, the validator will attempt to load the given URL, raising
    ``ValidationError`` if the page gives a 404. Defaults to ``False``.

+.. deprecated:: 1.3.1
+
+   ``verify_exists`` was deprecated for security reasons and will be
+   removed in 1.4. This deprecation also removes ``validator_user_agent``.
+
 .. attribute:: URLField.validator_user_agent

    String used as the user-agent used when checking for a URL's existence.