mirror of
https://github.com/django/django.git
synced 2025-07-06 18:59:13 +00:00
ac03c5e7df
Suitably crafted requests containing a CRLF sequence in the request path may have allowed log injection, potentially corrupting log files, obscuring other attacks, misleading log post-processing tools, or forging log entries. To mitigate this, all positional formatting arguments passed to the logger are now escaped using "unicode_escape" encoding. Thanks to Seokchan Yoon (https://ch4n3.kr/) for the report. Co-authored-by: Carlton Gibson <carlton@noumenal.es> Co-authored-by: Jake Howard <git@theorangeone.net> Backport of a07ebec5591e233d8bbb38b7d63f35c5479eef0e from main.
The documentation in this tree is in plain text files and can be viewed using any text file viewer. It uses `ReST`_ (reStructuredText), and the `Sphinx`_ documentation system. This allows it to be built into other forms for easier viewing and browsing. To create an HTML version of the docs: * Install Sphinx (using ``python -m pip install Sphinx`` or some other method). * In this docs/ directory, type ``make html`` (or ``make.bat html`` on Windows) at a shell prompt. The documentation in ``_build/html/index.html`` can then be viewed in a web browser. .. _ReST: https://docutils.sourceforge.io/rst.html .. _Sphinx: https://www.sphinx-doc.org/