| 
							
							
								 Przemysław Suliga | d22b90b4ea | Fixed #29525 -- Allowed is_safe_url()'s allowed_hosts arg to be a string. | 2018-06-29 10:17:52 -04:00 |  | 
			
				
					| 
							
							
								 Jon Dufresne | 1e81a4b897 | Fixed #28638 -- Made allowed_hosts a required argument of is_safe_url(). | 2018-01-11 07:03:50 -05:00 |  | 
			
				
					| 
							
							
								 Tim Graham | ab7f4c3306 | Refs #28965 -- Deprecated unused django.utils.http.cookie_date(). | 2018-01-02 11:23:04 -05:00 |  | 
			
				
					| 
							
							
								 François Freitag | 41be85862d | Fixed #28679 -- Fixed urlencode()'s handling of bytes. Regression in fee42fd99e.
Thanks Claude Paroz, Jon Dufresne, and Tim Graham for the guidance. | 2017-10-12 09:08:33 -04:00 |  | 
			
				
					| 
							
							
								 François Freitag | 0e212a705e | Split django.utils.http tests into separate test classes. | 2017-10-10 08:53:01 -04:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 96107e2844 | Refs #26956 -- Removed the host parameter of django.utils.http.is_safe_url(). Per deprecation timeline. | 2017-09-22 12:51:18 -04:00 |  | 
			
				
					| 
							
							
								 Mads Jensen | 41a7876991 | Added test for too large input to django.utils.http.base36_to_int(). | 2017-09-21 10:21:02 -04:00 |  | 
			
				
					| 
							
							
								 UmanShahzad | 856072dd4a | Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs. | 2017-05-10 09:02:20 -04:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 5ea48a70af | Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs. This is a security fix. | 2017-04-04 10:42:06 -04:00 |  | 
			
				
					| 
							
							
								 Claude Paroz | c716fe8782 | Refs #23919 -- Removed six.PY2/PY3 usage Thanks Tim Graham for the review. | 2017-01-18 16:21:28 +01:00 |  | 
			
				
					| 
							
							
								 Claude Paroz | d7b9aaa366 | Refs #23919 -- Removed encoding preambles and future imports | 2017-01-18 09:55:19 +01:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 8119b679eb | Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6. http://bugs.python.org/issue27364 | 2016-09-17 15:44:06 -04:00 |  | 
			
				
					| 
							
							
								 Kevin Christopher Henry | 4ef0e019b7 | Fixed #27083 -- Added support for weak ETags. | 2016-09-10 08:14:52 -04:00 |  | 
			
				
					| 
							
							
								 Jon Dufresne | f227b8d15d | Refs #26956 -- Allowed is_safe_url() to validate against multiple hosts | 2016-09-07 19:56:25 -07:00 |  | 
			
				
					| 
							
							
								 Przemysław Suliga | 5e5a17028f | Fixed #26902 -- Allowed is_safe_url() to require an https URL. Thanks Andrew Nester, Berker Peksag, and Tim Graham for reviews. | 2016-08-19 18:51:33 -04:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 92053acbb9 | Fixed E128 flake8 warnings in tests/. | 2016-04-08 10:12:33 -04:00 |  | 
			
				
					| 
							
							
								 Claude Paroz | 552f03869e | Added safety to URL decoding in is_safe_url() on Python 2 The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218andada7a4aef. | 2016-03-04 23:33:35 +01:00 |  | 
			
				
					| 
							
							
								 Claude Paroz | ada7a4aefb | Fixed #26308 -- Prevented crash with binary URLs in is_safe_url() This fixes a regression introduced by c5544d2892.
Thanks John Eskew for the reporti and Tim Graham for the review. | 2016-03-04 21:14:14 +01:00 |  | 
			
				
					| 
							
							
								 Mark Striemer | c5544d2892 | Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth. This is a security fix. | 2016-03-01 11:25:28 -05:00 |  | 
			
				
					| 
							
							
								 Hasan | 3d0dcd7f5a | Refs #26022 -- Used context manager version of assertRaises in tests. | 2016-01-29 12:32:18 -05:00 |  | 
			
				
					| 
							
							
								 Denis Cornehl | 186b6c61bf | Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support. Thanks Denis Cornehl for help with the patch. | 2016-01-05 09:37:11 -05:00 |  | 
			
				
					| 
							
							
								 Josh Soref | 93452a70e8 | Fixed many spelling mistakes in code, comments, and docs. | 2015-12-03 12:48:24 -05:00 |  | 
			
				
					| 
							
							
								 Matt Robenolt | b0c56b895f | Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN. Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews. | 2015-09-16 12:21:50 -04:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 011a54315e | Made is_safe_url() reject URLs that start with control characters. This is a security fix; disclosure to follow shortly. | 2015-03-18 19:20:07 -04:00 |  | 
			
				
					| 
							
							
								 Lukas Klein | 93b3ef9b2e | Fixed #24321 -- Improved utils.http.same_origincompliance with RFC6454 | 2015-02-12 08:58:35 +01:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 0ed7d15563 | Sorted imports with isort; refs #23860. | 2015-02-06 08:16:28 -05:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 69b5e66738 | Fixed is_safe_url() to handle leading whitespace. This is a security fix. Disclosure following shortly. | 2015-01-13 13:03:06 -05:00 |  | 
			
				
					| 
							
							
								 Berker Peksag | f7969b0920 | Fixed #23620 -- Used more specific assertions in the Django test suite. | 2014-11-03 11:56:37 -05:00 |  | 
			
				
					| 
							
							
								 Loic Bistuer | 3c6ac0bab8 | Consolidated some text utils into the utils_tests test package. | 2014-09-23 19:45:59 +07:00 |  | 
			
				
					| 
							
							
								 Ian Foote | 03d89168a2 | Fixed #23333 -- Made urlsafe_base64_decode() return proper type on Python 3. | 2014-08-22 20:07:12 -04:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 89b9e6e5d6 | Fixed #22909 -- Removed camelCasing in some tests. Thanks brylie. | 2014-07-07 19:08:42 -04:00 |  | 
			
				
					| 
							
							
								 Erik Romijn | 255449c1ee | Added additional checks in is_safe_url to account for flexible parsing. This is a security fix. Disclosure following shortly. | 2014-05-14 10:19:48 +02:00 |  | 
			
				
					| 
							
							
								 Aymeric Augustin | 3800f63721 | Dropped fix_IE_for_vary/attach. This is a security fix. Disclosure following shortly. | 2014-05-14 10:19:48 +02:00 |  | 
			
				
					| 
							
							
								 Larry O'Neill | 83b9bfea44 | Fixed #21266 -- Fixed E201,E202 pep8 warnings. | 2013-10-14 18:12:00 -04:00 |  | 
			
				
					| 
							
							
								 Aymeric Augustin | 365c3e8b73 | Replaced "not PY3" by "PY2", new in six 1.4.0. | 2013-09-02 12:11:02 +02:00 |  | 
			
				
					| 
							
							
								 Aymeric Augustin | cfcf4b3605 | Stopped using django.utils.unittest in the test suite. Refs #20680. | 2013-07-01 14:29:33 +02:00 |  | 
			
				
					| 
							
							
								 Preston Timmons | 612ef3e5c9 | Modified utils_tests for unittest2 discovery. | 2013-04-12 15:31:58 -06:00 |  |