django

mirror of https://github.com/django/django.git synced 2025-03-13 10:50:55 +00:00

Author	SHA1	Message	Date
Tim Graham	4352a50871	[1.6.x] Fixed a remote code execution vulnerabilty in URL reversing. Thanks Benjamin Bach for the report and initial patch. This is a security fix; disclosure to follow shortly. Backport of 8b93b31487d6d3b0fcbbd0498991ea0db9088054 from master	2014-04-21 18:30:27 -04:00
Wilfred Hughes	8365ed08b8	Fixed #17076 -- When reversing a URL fails, inform the user which patterns were tried.	2013-06-14 10:26:30 +01:00
Preston Holmes	d228c1192e	Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation. SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.	2013-05-25 16:27:34 -07:00
Marc Tamlyn	09f8652765	Use assertIsInstance in tests. Gives much nicer errors when it fails.	2013-05-21 10:42:15 +01:00
Loic Bistuer	521765f63d	Fixed #19541 -- Fixed BaseHandler to enable reversing URLs in response middlewares and streamed responses with respect to per-request urlconf.	2013-03-25 03:19:19 +07:00
Aymeric Augustin	31b5275235	Fixed #13260 -- Quoted arguments interpolated in URLs in reverse.	2013-03-18 23:58:22 +01:00
Baptiste Mispelon	4fa7f3cdd9	Fix #20022 : Correctly handle prefixes with url-unsafe characters in reverse().	2013-03-13 18:19:29 +01:00
Aymeric Augustin	ce76fbfc5a	Fixed #20019 -- Ensured HttpRequest.resolver_match always exists. Obviously it isn't set until the URL is resolved.	2013-03-10 23:28:19 +01:00
Florian Apolloner	33836cf88d	Renamed some tests and removed references to modeltests/regressiontests.	2013-02-26 14:36:57 +01:00
Florian Apolloner	89f40e3624	Merged regressiontests and modeltests into the test root.	2013-02-26 14:36:57 +01:00

10 Commits