1
0
mirror of https://github.com/django/django.git synced 2025-01-18 06:12:23 +00:00

54 Commits

Author SHA1 Message Date
Shai Berger
3394fc6132 [5.0.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in Truncator.words().
Thanks Seokchan Yoon for the report.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2024-03-04 08:22:40 +01:00
Natalia
8124c42601 [5.0.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text.
Thanks Wenchao Li of Alibaba Group for the report.
2023-10-04 09:38:26 -03:00
konsti
48a1929ca0
Removed unnecessary trailing commas in tests. 2023-08-22 12:42:57 +02:00
Mariusz Felisiak
7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Florian Apolloner
e1d673c373 Fixed unescape_string_literal() crash on empty strings. 2021-12-14 20:19:44 +01:00
Florian Apolloner
5d9c512e5b Added test for ValueErrors in unescape_string_literal(). 2021-12-14 20:18:43 +01:00
Florian Apolloner
0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Mariusz Felisiak
157ab32f34 Refs #27753 -- Removed django.utils.text.unescape_entities() per deprecation timeline. 2021-01-14 17:50:04 +01:00
Jon Dufresne
f47d5aac62
Refs #27804 -- Used subTest() in tests.utils_tests.test_text. 2020-06-04 11:16:21 +02:00
David Smith
0382ecfe02 Fixed #28694 -- Made django.utils.text.slugify() strip dashes and underscores. 2020-05-29 06:47:51 +02:00
David Smith
dde05e192c Added more tests for slugify(). 2020-05-29 06:28:57 +02:00
Jon Dufresne
505fec6bad Capitalized Unicode in docs, strings, and comments. 2020-04-20 12:10:33 +02:00
Sjbrgsn
b2bd08bb7a Fixed #30892 -- Fixed slugify() and admin's URLify.js for "İ".
Thanks Luis Nell for the implementation idea and very detailed report.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-12-30 20:47:22 +01:00
Nick Pope
7552de7866 Used more specific unittest assertions in tests.
* assertIsNone()/assertIsNotNone() instead of comparing to None.
* assertLess() for < comparisons.
* assertIs() for 'is' expressions.
* assertIsInstance() for isinstance() expressions.
* rounding of assertAlmostEqual() for round() expressions.
* assertIs(..., True/False) instead of comparing to True/False.
* assertIs()/assertIsNot() for ==/!= comparisons.
* assertNotEqual() for == comparisons.
* assertTrue()/assertFalse() instead of comparing to True/False.
2019-10-29 12:37:30 +01:00
Florian Apolloner
7f65974f82 Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Jon Dufresne
42b9a23267 Fixed #30400 -- Improved typography of user facing strings.
Thanks Claude Paroz for assistance with translations.
2019-06-28 16:46:18 +02:00
Jon Dufresne
b915b9f10f Refs #27753 -- Deprecated django.utils.text.unescape_entities().
The function was undocumented and only required for compatibility with
Python 2.

Code should use Python's html.unescape() that was added in Python 3.4.
2019-05-08 08:00:59 +02:00
Hasan Ramezani
7e978fdc42 Completed test coverage for utils.text._replace_entity(). 2019-01-23 19:33:21 -05:00
Hasan Ramezani
838e432e3e Completed test coverage for utils.text.Truncator.chars(). 2019-01-19 18:45:41 -05:00
Claude Paroz
201017df30 Fixed #29654 -- Made text truncation an ellipsis character instead of three dots.
Thanks Sudhanshu Mishra for the initial patch and Tim Graham for the review.
2018-08-21 17:46:45 +02:00
Claude Paroz
b004bd62e8 Fixed #29412 -- Stopped marking slugify() result as HTML safe. 2018-07-20 10:44:30 -04:00
Tim Graham
97b7dd59bb Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
Thanks James Davis for suggesting the fix.
2018-03-06 08:30:40 -05:00
Claude Paroz
389c3ffc04 Updated tests after French translation update 2017-04-04 13:07:47 +02:00
Claude Paroz
8346680e1c Refs #27795 -- Removed unneeded force_text calls
Thanks Tim Graham for the review.
2017-03-04 18:18:21 +01:00
Tim Graham
500532c95d Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode(). 2017-02-09 09:03:47 -05:00
Claude Paroz
c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Claude Paroz
7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz
d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
za
321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
Mattias Loverot
9aaeec337e Fixed #26866 -- Added format_lazy function
Added format_lazy function to django.utils.text module.
Useful when dealing with relative complex lazy string concatenations
(e.g. in urls.py when translating urls in regular expressions).
2016-08-24 18:18:17 +02:00
Tim Graham
92053acbb9 Fixed E128 flake8 warnings in tests/. 2016-04-08 10:12:33 -04:00
Iacopo Spalletti
d693074d43 Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().
Thanks to bmispelon and uruz for the initial patch.
2015-12-12 14:46:48 -05:00
Edward Henderson
f8cc464452 Fixed #16501 -- Added an allow_unicode parameter to SlugField.
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00
Matthew Somerville
caa3562d5b Fixed #24242 -- Improved efficiency of utils.text.compress_sequence()
The function no longer flushes zfile after each write as doing so can
lead to the gzipped streamed content being larger than the original
content; each flush adds a 5/6 byte type 0 block. Removing this means
buf.read() may return nothing, so only yield if that has some data.
Testing shows without the flush() the buffer is being flushed every 17k
or so and compresses the same as if it had been done as a whole string.
2015-02-04 13:04:00 -05:00
Tim Graham
df3f3bbe29 Removed utils.text.javascript_quote() per deprecation timeline; refs #21725. 2015-01-17 12:41:49 -05:00
Claude Paroz
51890ce889 Applied ignore_warnings to Django tests 2014-12-30 18:16:25 +01:00
Diego Guimarães
9f427617e4 Refs #23947 -- Worked around a bug in Python that prevents deprecation warnings from appearing in tests. 2014-12-06 14:46:01 -05:00
Loic Bistuer
3c6ac0bab8 Consolidated some text utils into the utils_tests test package. 2014-09-23 19:45:59 +07:00
Claude Paroz
210d0489c5 Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
2014-03-08 09:57:40 +01:00
Claude Paroz
ac699cdc17 Really hidden warnings in javascript_quote tests
Refs #21725.
2014-03-05 09:00:55 +01:00
Baptiste Mispelon
926e18d7d1 Deprecated django.utils.text.javascript_quote.
Refs #21725.
2014-02-22 13:50:12 +01:00
Baptiste Mispelon
847171b0d0 Fixed test failures when running in a narrow Python build. 2014-02-22 13:50:12 +01:00
MattBlack85
1c1dffca75 Fixed #21725 -- Fixed JavaScript quoting encoding.
Thanks to nedbatchelder for the report.
2014-02-15 19:39:21 +01:00
Vajrasky Kok
c43c469a2e Fixed #21731 -- Made javascript_quote escapes '</'. 2014-02-06 04:02:09 -05:00
Baptiste Mispelon
2c837233f5 Fixed #21574 -- Handle bytes consistently in utils.text.normalize_newlines.
All input is now coerced to text before being normalized.
This changes nothing under Python 2 but it allows bytes
to be passed to the function without a TypeError under Python3
(bytes are assumed to be utf-8 encoded text).

Thanks to trac user vajrasky for the report.
2013-12-12 16:09:12 +01:00
Vajrasky Kok
a1a26690b9 Fixed #21572 -- Added unit test for django.utils.text.normalize_newlines. 2013-12-07 16:28:22 +08:00
Vajrasky Kok
7169722d5c Fixed #21505 -- Added unit test for django.utils.text.get_valid_filename. 2013-11-24 11:10:34 +01:00
Jason Myers
c3791463a5 Fixing E302 Errors
Signed-off-by: Jason Myers <jason@jasonamyers.com>
2013-11-02 23:48:47 -05:00
Tim Graham
36ded01527 Fixed #21302 -- Fixed unused imports and import *. 2013-11-02 15:24:56 -04:00