mirror of
				https://github.com/django/django.git
				synced 2025-10-25 06:36:07 +00:00 
			
		
		
		
	[3.1.x] Refs #31670 -- Removed whitelist/blacklist terminology in docs and comments.
Backport of 10df5b7177 from master
			
			
This commit is contained in:
		
				
					committed by
					
						 Mariusz Felisiak
						Mariusz Felisiak
					
				
			
			
				
	
			
			
			
						parent
						
							5ba2dfb9d0
						
					
				
				
					commit
					9b95c3bc09
				
			| @@ -36,7 +36,7 @@ class BaseSpatialOperations: | |||||||
|     # match; used in spatial_function_name(). |     # match; used in spatial_function_name(). | ||||||
|     function_names = {} |     function_names = {} | ||||||
|  |  | ||||||
|     # Blacklist/set of known unsupported functions of the backend |     # Set of known unsupported functions of the backend | ||||||
|     unsupported_functions = { |     unsupported_functions = { | ||||||
|         'Area', 'AsGeoJSON', 'AsGML', 'AsKML', 'AsSVG', 'Azimuth', |         'Area', 'AsGeoJSON', 'AsGML', 'AsKML', 'AsSVG', 'Azimuth', | ||||||
|         'BoundingCircle', 'Centroid', 'Difference', 'Distance', 'Envelope', |         'BoundingCircle', 'Centroid', 'Difference', 'Distance', 'Envelope', | ||||||
|   | |||||||
| @@ -45,6 +45,6 @@ password hashes. | |||||||
| To remedy this, ``django.contrib.admin`` will now validate that | To remedy this, ``django.contrib.admin`` will now validate that | ||||||
| querystring lookup arguments either specify only fields on the model | querystring lookup arguments either specify only fields on the model | ||||||
| being viewed, or cross relations which have been explicitly | being viewed, or cross relations which have been explicitly | ||||||
| whitelisted by the application developer using the pre-existing | allowed by the application developer using the pre-existing | ||||||
| mechanism mentioned above. This is backwards-incompatible for any | mechanism mentioned above. This is backwards-incompatible for any | ||||||
| users relying on the prior ability to insert arbitrary lookups. | users relying on the prior ability to insert arbitrary lookups. | ||||||
|   | |||||||
| @@ -45,7 +45,7 @@ password hashes. | |||||||
| To remedy this, ``django.contrib.admin`` will now validate that | To remedy this, ``django.contrib.admin`` will now validate that | ||||||
| querystring lookup arguments either specify only fields on the model | querystring lookup arguments either specify only fields on the model | ||||||
| being viewed, or cross relations which have been explicitly | being viewed, or cross relations which have been explicitly | ||||||
| whitelisted by the application developer using the pre-existing | allowed by the application developer using the pre-existing | ||||||
| mechanism mentioned above. This is backwards-incompatible for any | mechanism mentioned above. This is backwards-incompatible for any | ||||||
| users relying on the prior ability to insert arbitrary lookups. | users relying on the prior ability to insert arbitrary lookups. | ||||||
|  |  | ||||||
|   | |||||||
| @@ -782,7 +782,6 @@ viewable | |||||||
| virtualized | virtualized | ||||||
| Weblog | Weblog | ||||||
| whitelist | whitelist | ||||||
| whitelisted |  | ||||||
| whitespace | whitespace | ||||||
| whitespaces | whitespaces | ||||||
| whizbang | whizbang | ||||||
|   | |||||||
| @@ -420,7 +420,7 @@ fields, especially when new fields are added to a model. Depending on how the | |||||||
| form is rendered, the problem may not even be visible on the web page. | form is rendered, the problem may not even be visible on the web page. | ||||||
|  |  | ||||||
| The alternative approach would be to include all fields automatically, or | The alternative approach would be to include all fields automatically, or | ||||||
| blacklist only some. This fundamental approach is known to be much less secure | remove only some. This fundamental approach is known to be much less secure | ||||||
| and has led to serious exploits on major websites (e.g. `GitHub | and has led to serious exploits on major websites (e.g. `GitHub | ||||||
| <https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation>`_). | <https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation>`_). | ||||||
|  |  | ||||||
|   | |||||||
| @@ -261,7 +261,7 @@ User-uploaded content | |||||||
|      from something like ``usercontent-example.com``. It's *not* sufficient to |      from something like ``usercontent-example.com``. It's *not* sufficient to | ||||||
|      serve content from a subdomain like ``usercontent.example.com``. |      serve content from a subdomain like ``usercontent.example.com``. | ||||||
|  |  | ||||||
|   #. Beyond this, applications may choose to define a whitelist of allowable |   #. Beyond this, applications may choose to define a list of allowable | ||||||
|      file extensions for user uploaded files and configure the web server |      file extensions for user uploaded files and configure the web server | ||||||
|      to only serve such files. |      to only serve such files. | ||||||
|  |  | ||||||
|   | |||||||
| @@ -791,7 +791,7 @@ class AdminViewBasicTest(AdminViewBasicTestCase): | |||||||
|         self.assertEqual(response.status_code, 200) |         self.assertEqual(response.status_code, 200) | ||||||
|  |  | ||||||
|         # Filters should be allowed if they involve a local field without the |         # Filters should be allowed if they involve a local field without the | ||||||
|         # need to whitelist them in list_filter or date_hierarchy. |         # need to allow them in list_filter or date_hierarchy. | ||||||
|         response = self.client.get("%s?age__gt=30" % reverse('admin:admin_views_person_changelist')) |         response = self.client.get("%s?age__gt=30" % reverse('admin:admin_views_person_changelist')) | ||||||
|         self.assertEqual(response.status_code, 200) |         self.assertEqual(response.status_code, 200) | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user