mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-18 08:39:15 +00:00
Code Issues 32 Releases Wiki Activity
27,779 Commits 29 Branches 451 Tags
Commit Graph

405 Commits

Author SHA1 Message Date
Nick Pope
326a926bee [3.0.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.http.limited_parse_qsl(). 2021-02-18 10:21:04 +01:00
Mariusz Felisiak
52e409ed17 [3.0.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). 
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.

Thanks Wang Baohua for the report.

Backport of 05413afa8c18cdb978fcdf470e09f7a12b234a23 from master.
 2021-02-01 09:14:22 +01:00
Ad Timmering
d1ff7c50e3 [3.0.x] Fixed #30807 -- Fixed TestArchive.test_extract_file_permissions() when umask is 0o000. 
Fixed test that checks permissions on files extracted from archives
with no permissions set, to not assume a default umask of 0o002.

Test regression in c95d063e776e849cf1a0bf616c654165cb89c706.
Backport of ec5aa2161d8015a3fe57dcbbfe14200cd18f0a16 from master
 2020-06-29 07:52:47 +02:00
Mariusz Felisiak
48ed73fb74 [3.0.x] Fixed E128, E741 flake8 warnings. 
Backport of 0668164b4ac93a5be79f5b87fae83c657124d9ab from master.
 2020-05-12 08:55:06 +02:00
Hasan Ramezani
8e23b89ffd [3.0.x] Fixed #31521 -- Skipped test_parsing_rfc850 test on 32-bit systems. 
Backport of f12162107327b88a2f1faaab15d048e2535ec642 from master
 2020-04-30 07:13:25 +02:00
Ad Timmering
556d0c08bd [3.0.x] Fixed #28690 -- Fixed handling of two-digit years in parse_http_date(). 
Due to RFC7231 ayear that appears to be more than 50 years in the
future are interpreted as representing the past.

Backport of 7b5f8acb9e6395a1660dd7bfeb365866ca8ef47c from master
 2019-09-30 15:39:36 +02:00
Ad Timmering
f38655ed1c [3.0.x] Refs #28690 -- Added more tests for parse_http_date(). 
Backport of 7cbd25a06e820cbd1a0bfbc339fb7d9a737c54fa from master
 2019-09-30 15:39:28 +02:00
Pablo García
49dcb5d3ba [3.0.x] Fixed #30810 -- Fixed WatchmanReloaderTests.test_setting_timeout_from_environment_variable test. 
client_timeout is an instance attribute.

Backport of 2fd610eb301dc01e100befed891e8007fd2e981f from master
 2019-09-27 08:35:55 +02:00
Carlton Gibson
4f61810751 Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme(). 2019-09-02 15:32:23 +02:00
Jon Dufresne
5dac63bb84 Refs #27804 -- Used subTest() in utils_tests/test_encoding.py. 2019-08-26 11:58:06 +02:00
Claude Paroz
9386586f31 Replaced subprocess commands by run() wherever possible. 2019-08-23 10:53:36 +02:00
Claude Paroz
88c0b907e7 Refs #30461 -- Added django.utils._os.to_path(). 2019-08-13 17:17:39 +02:00
swatantra
73ac9e3f04 Fixed #30677 -- Improved error message for urlencode() and Client when None is passed as data. 2019-08-11 20:15:23 +02:00
Florian Apolloner
76ed1c49f8 Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri(). 
Thanks to Guido Vranken for initial report.
 2019-08-01 09:24:54 +02:00
Florian Apolloner
4b78420d25 Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities. 
Thanks to Guido Vranken for initial report.
 2019-08-01 09:24:54 +02:00
Florian Apolloner
7f65974f82 Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML. 
Thanks to Guido Vranken for initial report.
 2019-08-01 09:24:54 +02:00
Nick Pope
f618e033ac Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands. 2019-07-31 10:02:13 +02:00
Nick Pope
c95d063e77 Refs #30160 -- Simplified and improved tests for django.utils.archive. 
The file executable should have 0o775 permission not only u=x.
The file no_permissions should have 0o644 u=r.
 2019-07-31 09:46:24 +02:00
Nick Pope
421c4cd2ee Removed redundant ArchiveTest.test_extract_method() test. 
The extract() function has the same code as used in the test method
for Archive.extract().
 2019-07-30 11:33:53 +02:00
Nick Pope
0509148c24 Refs #30160 -- Made destination path a required argument of extract(). 2019-07-30 11:27:56 +02:00
Tom Forbes
fc75694257 Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved. 2019-07-24 14:08:37 +02:00
Mariusz Felisiak
fed5e19369
Removed unused BaseReloader.watch_file(). 
Unused since its introduction in c8720e7696ca41f3262d5369365cc1bd72a216ca.
 2019-07-24 13:32:02 +02:00
Tom Forbes
2ff517ccb6 Fixed #30506 -- Fixed crash of autoreloader when path contains null characters. 2019-07-23 10:03:23 +02:00
Min ho Kim
9f11939dd1 Fixed typos in comments and a test name. 2019-07-19 18:24:06 +02:00
Jon Dufresne
42b9a23267 Fixed #30400 -- Improved typography of user facing strings. 
Thanks Claude Paroz for assistance with translations.
 2019-06-28 16:46:18 +02:00
Tom Forbes
8454f6dea4 Fixed #30588 -- Fixed crash of autoreloader when __main__ module doesn't have __file__ attribute. 2019-06-26 06:44:10 +02:00
Jon Dufresne
b903bb438f Refs #30485 -- Removed non-representative test that emitted a warning. 
Previously, when running the Django test suite with warnings enabled,
the following was emitted:

    /usr/lib64/python3.7/urllib/parse.py:915: BytesWarning: str() on a bytearray instance
      v = quote_via(str(v), safe, encoding, errors)

This occurred due to the bytearray() being passed to
urllib.parse.urlencode() which eventually calls str() on it. The test
does not represent desired real world behavior. Rather than test for and
assert strange unspecified behavior that emits a warning, remove it.

This was also discussed in PR #11374.
 2019-06-19 13:03:52 +02:00
Tom Forbes
480492fe70 Fixed #30523 -- Fixed updating file modification times on seen files in auto-reloader when using StatReloader. 
Previously we updated the file mtimes if the file has not been seen
before - i.e on the first iteration of the loop.

If the mtime has been changed we triggered the notify_file_changed()
method which in all cases except the translations will result in the
process being terminated. To be strictly correct we need to update the
mtime for either branch of the conditional.

Regression in 6754bffa2b2df15a741008aa611c1bb0e8dff22b.
 2019-05-29 09:41:24 +02:00
Tom Forbes
0344565179 Fixed #30516 -- Fixed crash of autoreloader when re-raising exceptions with custom signature. 
Regression in c8720e7696ca41f3262d5369365cc1bd72a216ca.
 2019-05-29 08:08:50 +02:00
Tom Forbes
b2790f74d4 Fixed #30479 -- Fixed detecting changes in manage.py by autoreloader when using StatReloader. 
Regression in c8720e7696ca41f3262d5369365cc1bd72a216ca.
 2019-05-28 08:31:33 +02:00
Johan Lübcke
0670b1b403 Fixed #30485 -- Adjusted django.utils.http.urlencode for doseq=False case. 2019-05-24 17:15:34 +02:00
Ran Benita
a2c31e12da Fixed #30498 -- Fixed proxy class caching in lazy(). 
lazy() should prepare the proxy class only once (the first time it's
used) not on every call.

Regression in b4e76f30d12bfa8a53cc297c60055c6f4629cc4c.
 2019-05-22 20:41:52 +02:00
Jon Dufresne
b915b9f10f Refs #27753 -- Deprecated django.utils.text.unescape_entities(). 
The function was undocumented and only required for compatibility with
Python 2.

Code should use Python's html.unescape() that was added in Python 3.4.
 2019-05-08 08:00:59 +02:00
Tom Forbes
6754bffa2b Fixed #30323 -- Fixed detecting changes by autoreloader when using StatReloader. 2019-04-29 11:41:00 +02:00
Jacob Green
ed3c59097a
Fixed #30361 -- Increased the default timeout of watchman client to 5 seconds and made it customizable. 
Made the default timeout of watchman client customizable via
DJANGO_WATCHMAN_TIMEOUT environment variable.
 2019-04-26 12:55:49 +02:00
Jon Dufresne
8d76443aba Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape(). 2019-04-25 15:09:07 +02:00
Martijn Jacobs
9141da1a80 Fixed #30366 -- Skipped StatReloaderTests on HFS+ filesystems. 
When on MacOS High Sierra or below (<=10.13) it could be that a HFS+
filesystem is used. HFS+ has a time resolution of only one second
which can be too low for some of the tests.
 2019-04-24 15:28:20 +02:00
Sjoerd Job Postmus
e6d57c4d65 Fixed #30363 -- Do not use exponential notation for small decimal numbers. 
In 9cc6a60040b0f64f8ea066dd215176d4bd16621d a security patch was
introduced to prevent allocating large segments of memory when a
very large or very small decimal number was to be formatted.

As a side-effect, there was a change in formatting of small decimal
numbers even when the `decimal_pos` argument was provided, which meant
that reasonable small decimal numbers (above 1e-199) would be formatted
as `0.00`, while smaller decimal numbers (under 1e-200) would be
formatted as `1e-200`.
 2019-04-13 14:30:33 +02:00
Mariusz Felisiak
c9888bc8ec
Fixed #30264 -- Fixed crash of test_parsing_year_less_than_70() on 32-bit systems. 
Thanks Andreas Beckmann and Chris Lamb for the report.
 2019-03-20 13:44:30 +01:00
Jon Dufresne
95b7699ffc Cleaned up exception message checking in some tests. 2019-03-15 19:27:57 -04:00
shiningfm
99cfb28e99 Fixed #30215 -- Fixed autoreloader crash for modules without __spec__. 
Regression in c8720e7696ca41f3262d5369365cc1bd72a216ca.
 2019-02-27 10:35:30 -05:00
Matthias Kestenholz
e04209e181 Refs #30179 -- Moved topological sort functions to django.utils. 2019-02-25 15:44:49 -05:00
Seunghun Lee
99fc5dc13c Fixed #30141 -- Fixed parse_duration() for some negative durations. 2019-02-23 18:54:09 -05:00
Semen Zhydenko
255d6a26a8 Fixed spelling mistakes in comments and tests. 2019-02-11 08:55:57 -05:00
Carlton Gibson
402c0caa85 Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format(). 
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.
 2019-02-11 11:08:45 +01:00
Sergey Fedoseev
1835563ab8 Removed unneeded list() calls in sorted() argument. 2019-02-09 19:08:22 -05:00
Tim Graham
77d25dbd0f Refs #27753 -- Favored SafeString over SafeText. 2019-02-06 14:12:06 -05:00
Tim Graham
d55e882927 Refs #27753 -- Deprecated django.utils.encoding.force_text() and smart_text(). 2019-02-06 14:12:06 -05:00
Aymeric Augustin
3bb6a4390c Refs #27753 -- Favored force/smart_str() over force/smart_text(). 2019-02-06 14:12:06 -05:00
Tim Graham
83c2bc52c2
Refs #27753 -- Deprecated django.utils.http urllib aliases. 2019-02-04 18:53:11 -05:00