1
0
mirror of https://github.com/django/django.git synced 2025-10-25 14:46:09 +00:00
Commit Graph

28 Commits

Author SHA1 Message Date
Jacob Kaplan-Moss
9f8287a3f1 SECURITY ALERT: Corrected regular expressions for URL and email fields.
Certain email addresses/URLs could trigger a catastrophic backtracking situation, causing 100% CPU and server overload. If deliberately triggered, this could be the basis of a denial-of-service attack.

This security vulnerability was disclosed in public, so we're skipping our
normal security release process to get the fix out as soon as possible.

This is a security related update. A full announcement, as well as backports for the 1.1.X and 1.0.X series will follow.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11603 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-09 20:57:59 +00:00
Russell Keith-Magee
f6cca736a0 Fixed #9609 -- Modified the clean method of(Null)Boolean field to accept '1' and '0' as valid inputs. Thanks to psagers for the patch.
This is required to support the use of non-default form widgets such as RadioSelect when the data comes from MySQL, which uses 1/0 to represent booleans.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-02 14:52:34 +00:00
Russell Keith-Magee
6590061a00 Fixed #9948 -- Corrected URLField validation to match RFC1035 (URL analog of #9890). Thanks to kratorius for the report and fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10574 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-16 14:25:18 +00:00
Russell Keith-Magee
48b459a83e Fixed #9890 -- Modified the regex validation for email addresses to match RFC822/1035. Thanks to ozgur for the report, and kratorius for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10573 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-16 14:24:27 +00:00
Joseph Kocherhans
fea6c73538 Fixed #10149. FileFields in a form now validate max_length. Based on a patch by Massimo Scamarcia.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10227 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-30 22:52:16 +00:00
Karen Tracey
ad4e1a7a72 Add tests mistakenly left out of r9397.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9388 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-10 20:01:51 +00:00
Karen Tracey
d82aaef844 Fixed #7064: Made DemicmalField validation support max_digits equal to decimal_places.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9387 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-10 19:52:53 +00:00
Karen Tracey
8cdc53a265 Fixed #6035 -- Gave the SplitDateTimeField the proper default widget. Thanks dtulig.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9385 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-10 19:42:55 +00:00
Malcolm Tredinnick
a27ff1c8ae Fixed #8865 -- Improved the robustness of some file path tests.
Based on a patch from pythonhead@gentoo.org.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9065 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-17 09:32:36 +00:00
Jacob Kaplan-Moss
4ae746b574 Added a TypedChoiceField which acts just like ChoiceField, except that it
returns a value coerced by some provided function. Refs #6967.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8771 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-31 20:10:50 +00:00
Jacob Kaplan-Moss
b99cc935eb Fixed #7753: clean NullBooleanField correctly when using HiddenInput. Thanks to julien and ElliottM.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-28 15:06:18 +00:00
Gary Wilson Jr
727133109c Fixed #8290 -- Fixed DecimalField's cleaning of values with a large number of decimal places, based on patch from dgouldin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8391 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15 20:09:47 +00:00
Gary Wilson Jr
cbbd54d5cd Fixed #7920 -- Made tests compatible with Python 2.6's Decimal repr change, patch from Karen Tracey.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8190 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-02 04:48:14 +00:00
Malcolm Tredinnick
108b604b51 Fixed #7345 -- When normalising the URLField form field, attach a trailing
slash when only a host (no path) is given. Thanks, jpwatts.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8089 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-26 05:18:39 +00:00
Malcolm Tredinnick
344383284c Fixed #6009 -- Added regression tests to show that uploading non-ASCII
filenames now works properly. Patch from Leah Culver.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7987 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-19 18:47:59 +00:00
Russell Keith-Magee
649463dd34 Fixed #4412 -- Added support for optgroups, both in the model when defining choices, and in the form field and widgets when the optgroups are displayed. Thanks to Matt McClanahan <cardinal@dodds.net>, Tai Lee <real.human@mrmachine.net> and SmileyChris for their contributions at various stages in the life of this ticket.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7977 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-19 07:53:02 +00:00
Jacob Kaplan-Moss
46786b4193 Fixed #7741: django.newforms is now django.forms. This is obviously a backwards-incompatible change. There's a warning upon import of django.newforms itself, but deeper imports will raise errors.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7971 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-19 01:22:26 +00:00
Jacob Kaplan-Moss
a28b75b0ba Fixed #7614: the quickening has come, and there now is only one UploadedFile. On top of that, UploadedFile's interface has been improved:
* The API now more closely matches a proper file API. This unfortunately means a few backwards-incompatible renamings; see BackwardsIncompatibleChanges. This refs #7593.
  * While we were at it, renamed chunk() to chunks() to clarify that it's an iterator.
  * Temporary uploaded files now property use the tempfile library behind the scenes which should ensure better cleanup of tempfiles (refs #7593 again).

Thanks to Mike Axiak for the bulk of this patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7859 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-07 23:16:00 +00:00
Jacob Kaplan-Moss
d725cc9734 Fixed #2070: refactored Django's file upload capabilities.
A description of the new features can be found in the new [http://www.djangoproject.com/documentation/upload_handing/ upload handling documentation]; the executive summary is that Django will now happily handle uploads of large files without issues.

This changes the representation of uploaded files from dictionaries to bona fide objects; see BackwardsIncompatibleChanges for details.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7814 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-01 15:10:51 +00:00
Malcolm Tredinnick
abcf1cb36d Fixed #5957 -- Enforce the "required" attribute on BooleanField in newforms.
This has been the documented behaviour for ages, but it wasn't correctly
implemented. A required BooleanField must be True/checked, since False values
aren't submitted. Ideal for things like "terms of service" agreements.

Backwards incompatible (since required=True is the default for all fields).

Unclear who the original patch was from, but Tai Lee and Alex have kept it up
to date recently.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7799 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-30 10:44:56 +00:00
Malcolm Tredinnick
be6ff148c1 Fixed the fix from [7775].
The previous change was failing Django's "check for well-formed domain name"
validation, rather than failing on the network side. Providing we don't ever
set up www.broken.djangoproject.com as a valid domain name, this change should
let us control our own destiny.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7776 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-28 10:55:26 +00:00
Adrian Holovaty
40d2b419ab Fixed #7559 -- Updated newforms unit tests to reflect the fact that http://www.jfoiwjfoi23jfoijoaijfoiwjofiwjefewl.com is no longer a valid domain name
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7775 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-27 21:47:58 +00:00
Malcolm Tredinnick
622a6447f9 Fixed #6868 -- Fixed test results for Windows systems. Thanks, Ned Batchelder.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7355 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-24 13:10:48 +00:00
Jacob Kaplan-Moss
4457ba002d Fixed #5894: added FilePathField to newforms. Thanks, Alex Gaynor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7323 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-19 22:29:11 +00:00
Joseph Kocherhans
fd20365b27 Fixed #6302. FileField no longer requires a value if one already exists. Thanks Brian Rosner and Øyvind Saltvik.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7021 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-01-17 18:03:21 +00:00
Malcolm Tredinnick
29892d02fa Fixed #6014 -- More robust error handling when validating decimal fields.
Thanks, pigletto.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6746 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-29 19:30:38 +00:00
Malcolm Tredinnick
7a166f1a1c Fixed #5959 -- Fixed handling of False values in hidden boolean fields. Thanks,
SmileyChris.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6745 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-29 19:22:03 +00:00
Jacob Kaplan-Moss
35fa1f4d8e Fixed #5546: split form unit tests into manageable chunks. This isn't a perfect fix since the chunks aren't yet autodiscovered, but that shouldn't prevent checking this in. Thanks, Leo Soto.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6379 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-19 23:40:47 +00:00