1
0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Commit Graph

309 Commits

Author SHA1 Message Date
Claude Paroz
ada7a4aefb Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()
This fixes a regression introduced by c5544d2892.
Thanks John Eskew for the reporti and Tim Graham for the review.
2016-03-04 21:14:14 +01:00
Mark Striemer
c5544d2892 Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
This is a security fix.
2016-03-01 11:25:28 -05:00
Nick Malakhov
ee69789f45 Fixed #26269 -- Prohibited spaces in is_valid_ipv6_address(). 2016-02-25 18:52:50 -05:00
Hasan
26ad01719d Refs #26022 -- Replaced six.assertRaisesRegex with assertRaisesMessage as appropriate. 2016-01-29 13:37:33 -05:00
Hasan
253adc2b8a Refs #26022 -- Used context manager version of assertRaisesMessage in tests. 2016-01-29 13:03:39 -05:00
Hasan
3d0dcd7f5a Refs #26022 -- Used context manager version of assertRaises in tests. 2016-01-29 12:32:18 -05:00
Tim Graham
575706331b Cosmetic cleanups in tests/utils_tests/test_numberformat.py 2016-01-29 10:36:58 -05:00
Ben Kraft
13023ba867 Fixed #26122 -- Fixed copying a LazyObject
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4.
2016-01-26 06:56:21 -05:00
userimack
60586dd737 Fixed #26125 -- Fixed E731 flake warnings. 2016-01-25 14:23:43 -05:00
Tim Graham
2765adc8dc Skipped a dateformat test on Windows as needed.
Refs 1014ba026e
2016-01-05 12:46:45 -05:00
Denis Cornehl
186b6c61bf Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.
Thanks Denis Cornehl for help with the patch.
2016-01-05 09:37:11 -05:00
Iacopo Spalletti
d693074d43 Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().
Thanks to bmispelon and uruz for the initial patch.
2015-12-12 14:46:48 -05:00
Josh Soref
93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Aymeric Augustin
1014ba026e Fixed debug view crash during autumn DST change.
This only happens if USE_TZ = False and pytz is installed (perhaps not
the most logical combination, but who am I to jugde?)

Refs #23714 which essentially fixed the same problem when USE_TZ = True.

Thanks Florian and Carl for insisting until I wrote a complete patch.
2015-11-07 23:17:33 +01:00
Ben Kraft
35355a4ffe Fixed #25389 -- Fixed pickling a SimpleLazyObject wrapping a model.
Pickling a `SimpleLazyObject` wrapping a model did not work correctly; in
particular it did not add the `_django_version` attribute added in 42736ac8.
Now it will handle this and other custom `__reduce__` methods correctly.
2015-10-03 13:00:37 -04:00
Tim Graham
e5c12f6701 Refs #23613 -- Removed django.utils.checksums per deprecation timeline. 2015-09-23 19:31:10 -04:00
Tim Graham
222d063301 Refs #23269 -- Removed the removetags template tag and related functions per deprecation timeline. 2015-09-23 19:31:09 -04:00
Matt Robenolt
b0c56b895f Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
2015-09-16 12:21:50 -04:00
Dražen Odobašić
b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
Zan Anderle
f3dc173240 Fixed #24917 -- Made admindocs display model methods that take arguments. 2015-09-07 15:07:39 -04:00
Aymeric Augustin
b79fc11d73 Made the autoreloader survive all exceptions.
Refs #24704.
2015-08-29 20:50:00 +02:00
Aymeric Augustin
c2fcba2ac7 Ensured gen_filenames() yields native strings.
This also fixes a test failure on Python 2 when Django is installed in a
non-ASCII path. This problem cannot happen on Python 3.
2015-08-29 20:49:25 +02:00
Aymeric Augustin
dfa712efb8 Refactored autoreload tests.
* Added helpers to test uncached and cached access.
* Fixed test_project_root_locale: it duplicated test_locale_paths_setting.
* Rewrote test_only_new_files: test more cases.
2015-08-29 20:49:24 +02:00
Aymeric Augustin
23620cb8e0 Accounted for error files in the autoreloader.
* When some old files contain errors, the second call to
  gen_filenames() should return them.
* When some new files contain errors, the first call to
  gen_filenames(only_new=True) should return them.
2015-08-29 20:47:38 +02:00
Flavio Curella
c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Edward Henderson
f8cc464452 Fixed #16501 -- Added an allow_unicode parameter to SlugField.
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00
darkryder
f675afa13c Fixed #25093 -- Added utils.datastructures.OrderedSet.__len__() 2015-07-09 21:20:52 -04:00
Tim Graham
aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap.
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Marten Kenbeek
290ff35e6c Fixed #25000 -- Fixed cast to string for lazy objects.
Implemented __str__() to return the string-representation of the
proxied object, not the proxy itself, if the lazy object didn't have
a string-like object in its resultclasses.
2015-06-23 09:16:17 -04:00
Moritz Sichert
98df288dda Fixed #24978 -- Escaped special characters in loaddata fixture paths 2015-06-13 19:45:05 -04:00
Moritz Sichert
296919e7a5 Fixed #24965 -- Made LiveServerTestCase.live_server_url accessible from class 2015-06-12 17:44:54 -04:00
Tomasz Kontusz
c2b4967e76 Fixed ImportError message in utils.module_loading.import_string() 2015-06-06 11:45:22 -04:00
Raphael Michel
6700c90935 Fixed #19210 -- Added leap year support to django.utils.timesince() 2015-06-04 21:36:12 -04:00
Raphael Michel
5c125f63f7 Fixed #24728 -- Renamed mime_type to content_type for syndication feeds
Renamed the mime_type properties of RssFeed and Atom1Feed to
content_type and start deprecation for the old names.
2015-06-04 13:24:18 -04:00
zauddelig
262d4db8c4 Fixed #24897 -- Allowed using choices longer than 1 day with DurationField 2015-06-02 12:39:34 -04:00
Tim Graham
70be31bba7 Fixed #24836 -- Made force_text() resolve lazy objects. 2015-05-27 09:48:53 -04:00
Simon Charette
be67400b47 Refs #24652 -- Used SimpleTestCase where appropriate. 2015-05-20 13:46:13 -04:00
Aymeric Augustin
06dc6759d8 Factored skip condition when pytz isn't installed. 2015-05-17 10:23:14 +02:00
Tim Graham
eda12ceef1 Removed redundant list() calls. 2015-05-16 10:44:07 -04:00
Josh Smeaton
143255c8bb Fixed #22598 -- Allowed make_aware() to work with ambiguous datetime 2015-04-24 13:55:40 -04:00
Moritz Sichert
1f2abf784a Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates. 2015-03-27 19:46:20 -04:00
Tim Graham
011a54315e Made is_safe_url() reject URLs that start with control characters.
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Tim Graham
1c83fc88d6 Fixed an infinite loop possibility in strip_tags().
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Claude Paroz
df193b3cef Fixed #24382 -- Allowed unicode chars inside formatted numbers
Thanks Jacob Rief for the report and Tim Graham for the review.
2015-03-09 18:55:28 +01:00
Rik
a5b225084f Fixed #23838 -- added missing __iter__ to LazyObject 2015-03-08 15:42:23 +01:00
Aymeric Augustin
a8fe12417f Normalized usage of the tempfile module.
Specifically stopped using the dir argument.
2015-02-23 16:55:27 +01:00
Tim Graham
307c0f299a Refs #24324 -- Fixed Python 2 test failures when path to Django source contains non-ASCII characters. 2015-02-17 19:03:03 -05:00
Lukas Klein
93b3ef9b2e Fixed #24321 -- Improved utils.http.same_origin compliance with RFC6454 2015-02-12 08:58:35 +01:00
Varun Sharma
540ca563de Fixed #24181 -- Fixed multi-char THOUSAND_SEPARATOR insertion
Report and original patch by Kay Cha.
2015-02-08 20:00:57 +01:00
Tim Graham
0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00