1
0
mirror of https://github.com/django/django.git synced 2024-12-24 10:05:46 +00:00
Commit Graph

262 Commits

Author SHA1 Message Date
Tim Graham
1555d50ea4 Fixed typos in tests/utils_tests/test_ipv6.py test names. 2016-03-23 08:22:17 -04:00
Amine Yaiche
32c8e43ef1 Fixed #26378 -- Allowed a left byte of zero in mixed IPv4/IPv6 validation. 2016-03-23 08:18:29 -04:00
Claude Paroz
552f03869e Added safety to URL decoding in is_safe_url() on Python 2
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
2016-03-04 23:33:35 +01:00
Claude Paroz
ada7a4aefb Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()
This fixes a regression introduced by c5544d2892.
Thanks John Eskew for the reporti and Tim Graham for the review.
2016-03-04 21:14:14 +01:00
Mark Striemer
c5544d2892 Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
This is a security fix.
2016-03-01 11:25:28 -05:00
Nick Malakhov
ee69789f45 Fixed #26269 -- Prohibited spaces in is_valid_ipv6_address(). 2016-02-25 18:52:50 -05:00
Hasan
26ad01719d Refs #26022 -- Replaced six.assertRaisesRegex with assertRaisesMessage as appropriate. 2016-01-29 13:37:33 -05:00
Hasan
253adc2b8a Refs #26022 -- Used context manager version of assertRaisesMessage in tests. 2016-01-29 13:03:39 -05:00
Hasan
3d0dcd7f5a Refs #26022 -- Used context manager version of assertRaises in tests. 2016-01-29 12:32:18 -05:00
Tim Graham
575706331b Cosmetic cleanups in tests/utils_tests/test_numberformat.py 2016-01-29 10:36:58 -05:00
Ben Kraft
13023ba867 Fixed #26122 -- Fixed copying a LazyObject
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4.
2016-01-26 06:56:21 -05:00
userimack
60586dd737 Fixed #26125 -- Fixed E731 flake warnings. 2016-01-25 14:23:43 -05:00
Tim Graham
2765adc8dc Skipped a dateformat test on Windows as needed.
Refs 1014ba026e
2016-01-05 12:46:45 -05:00
Denis Cornehl
186b6c61bf Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.
Thanks Denis Cornehl for help with the patch.
2016-01-05 09:37:11 -05:00
Iacopo Spalletti
d693074d43 Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().
Thanks to bmispelon and uruz for the initial patch.
2015-12-12 14:46:48 -05:00
Josh Soref
93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Aymeric Augustin
1014ba026e Fixed debug view crash during autumn DST change.
This only happens if USE_TZ = False and pytz is installed (perhaps not
the most logical combination, but who am I to jugde?)

Refs #23714 which essentially fixed the same problem when USE_TZ = True.

Thanks Florian and Carl for insisting until I wrote a complete patch.
2015-11-07 23:17:33 +01:00
Ben Kraft
35355a4ffe Fixed #25389 -- Fixed pickling a SimpleLazyObject wrapping a model.
Pickling a `SimpleLazyObject` wrapping a model did not work correctly; in
particular it did not add the `_django_version` attribute added in 42736ac8.
Now it will handle this and other custom `__reduce__` methods correctly.
2015-10-03 13:00:37 -04:00
Tim Graham
e5c12f6701 Refs #23613 -- Removed django.utils.checksums per deprecation timeline. 2015-09-23 19:31:10 -04:00
Tim Graham
222d063301 Refs #23269 -- Removed the removetags template tag and related functions per deprecation timeline. 2015-09-23 19:31:09 -04:00
Matt Robenolt
b0c56b895f Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
2015-09-16 12:21:50 -04:00
Dražen Odobašić
b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
Zan Anderle
f3dc173240 Fixed #24917 -- Made admindocs display model methods that take arguments. 2015-09-07 15:07:39 -04:00
Aymeric Augustin
b79fc11d73 Made the autoreloader survive all exceptions.
Refs #24704.
2015-08-29 20:50:00 +02:00
Aymeric Augustin
c2fcba2ac7 Ensured gen_filenames() yields native strings.
This also fixes a test failure on Python 2 when Django is installed in a
non-ASCII path. This problem cannot happen on Python 3.
2015-08-29 20:49:25 +02:00
Aymeric Augustin
dfa712efb8 Refactored autoreload tests.
* Added helpers to test uncached and cached access.
* Fixed test_project_root_locale: it duplicated test_locale_paths_setting.
* Rewrote test_only_new_files: test more cases.
2015-08-29 20:49:24 +02:00
Aymeric Augustin
23620cb8e0 Accounted for error files in the autoreloader.
* When some old files contain errors, the second call to
  gen_filenames() should return them.
* When some new files contain errors, the first call to
  gen_filenames(only_new=True) should return them.
2015-08-29 20:47:38 +02:00
Flavio Curella
c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Edward Henderson
f8cc464452 Fixed #16501 -- Added an allow_unicode parameter to SlugField.
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00
darkryder
f675afa13c Fixed #25093 -- Added utils.datastructures.OrderedSet.__len__() 2015-07-09 21:20:52 -04:00
Tim Graham
aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap.
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Marten Kenbeek
290ff35e6c Fixed #25000 -- Fixed cast to string for lazy objects.
Implemented __str__() to return the string-representation of the
proxied object, not the proxy itself, if the lazy object didn't have
a string-like object in its resultclasses.
2015-06-23 09:16:17 -04:00
Moritz Sichert
98df288dda Fixed #24978 -- Escaped special characters in loaddata fixture paths 2015-06-13 19:45:05 -04:00
Moritz Sichert
296919e7a5 Fixed #24965 -- Made LiveServerTestCase.live_server_url accessible from class 2015-06-12 17:44:54 -04:00
Tomasz Kontusz
c2b4967e76 Fixed ImportError message in utils.module_loading.import_string() 2015-06-06 11:45:22 -04:00
Raphael Michel
6700c90935 Fixed #19210 -- Added leap year support to django.utils.timesince() 2015-06-04 21:36:12 -04:00
Raphael Michel
5c125f63f7 Fixed #24728 -- Renamed mime_type to content_type for syndication feeds
Renamed the mime_type properties of RssFeed and Atom1Feed to
content_type and start deprecation for the old names.
2015-06-04 13:24:18 -04:00
zauddelig
262d4db8c4 Fixed #24897 -- Allowed using choices longer than 1 day with DurationField 2015-06-02 12:39:34 -04:00
Tim Graham
70be31bba7 Fixed #24836 -- Made force_text() resolve lazy objects. 2015-05-27 09:48:53 -04:00
Simon Charette
be67400b47 Refs #24652 -- Used SimpleTestCase where appropriate. 2015-05-20 13:46:13 -04:00
Aymeric Augustin
06dc6759d8 Factored skip condition when pytz isn't installed. 2015-05-17 10:23:14 +02:00
Tim Graham
eda12ceef1 Removed redundant list() calls. 2015-05-16 10:44:07 -04:00
Josh Smeaton
143255c8bb Fixed #22598 -- Allowed make_aware() to work with ambiguous datetime 2015-04-24 13:55:40 -04:00
Moritz Sichert
1f2abf784a Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates. 2015-03-27 19:46:20 -04:00
Tim Graham
011a54315e Made is_safe_url() reject URLs that start with control characters.
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Tim Graham
1c83fc88d6 Fixed an infinite loop possibility in strip_tags().
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Claude Paroz
df193b3cef Fixed #24382 -- Allowed unicode chars inside formatted numbers
Thanks Jacob Rief for the report and Tim Graham for the review.
2015-03-09 18:55:28 +01:00
Rik
a5b225084f Fixed #23838 -- added missing __iter__ to LazyObject 2015-03-08 15:42:23 +01:00
Aymeric Augustin
a8fe12417f Normalized usage of the tempfile module.
Specifically stopped using the dir argument.
2015-02-23 16:55:27 +01:00
Tim Graham
307c0f299a Refs #24324 -- Fixed Python 2 test failures when path to Django source contains non-ASCII characters. 2015-02-17 19:03:03 -05:00
Lukas Klein
93b3ef9b2e Fixed #24321 -- Improved utils.http.same_origin compliance with RFC6454 2015-02-12 08:58:35 +01:00
Varun Sharma
540ca563de Fixed #24181 -- Fixed multi-char THOUSAND_SEPARATOR insertion
Report and original patch by Kay Cha.
2015-02-08 20:00:57 +01:00
Tim Graham
0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Matthew Somerville
caa3562d5b Fixed #24242 -- Improved efficiency of utils.text.compress_sequence()
The function no longer flushes zfile after each write as doing so can
lead to the gzipped streamed content being larger than the original
content; each flush adds a 5/6 byte type 0 block. Removing this means
buf.read() may return nothing, so only yield if that has some data.
Testing shows without the flush() the buffer is being flushed every 17k
or so and compresses the same as if it had been done as a whole string.
2015-02-04 13:04:00 -05:00
darkryder
9ec8aa5e5d Fixed #24149 -- Normalized tuple settings to lists. 2015-02-03 14:59:45 -05:00
Loic Bistuer
3a4c9e1b43 Cleaned up some forms tests.
Thanks Berker Peksag and Tim Graham for the reviews. Refs #24219.
2015-01-27 22:39:57 +07:00
Tim Graham
d029fafea1 Removed utils.module_loading.import_by_path() per deprecation timeline; refs #21674. 2015-01-18 12:51:15 -05:00
Tim Graham
df3f3bbe29 Removed utils.text.javascript_quote() per deprecation timeline; refs #21725. 2015-01-17 12:41:49 -05:00
Tim Graham
1b0365ad34 Removed django.utils.tzinfo per deprecation timeline; refs #17262. 2015-01-17 09:32:33 -05:00
Tim Graham
c820892eed Removed django.utils.datastructures.SortedDict per deprecation timeline. 2015-01-17 08:40:23 -05:00
Tim Graham
37b7776a01 Removed django.utils.datastructures.MergeDict per deprecation timeline; refs #18659. 2015-01-17 08:13:36 -05:00
Tim Graham
69b5e66738 Fixed is_safe_url() to handle leading whitespace.
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Aymeric Augustin
79deb6a071 Accounted for multiple template engines in template responses. 2015-01-12 21:01:34 +01:00
Claude Paroz
51890ce889 Applied ignore_warnings to Django tests 2014-12-30 18:16:25 +01:00
Aymeric Augustin
6d52f6f8e6 Fixed #23831 -- Supported strings escaped by third-party libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Aymeric Augustin
5c5eb5fea4 Fixed an inconsistency introduced in 547b1810.
mark_safe and mark_for_escaping should have been kept similar.

On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
2014-12-27 17:44:54 +01:00
Gavin Wahl
b4e76f30d1 Fixed #23346 -- Fixed lazy() to lookup methods on the real object, not resultclasses.
Co-Authored-By: Rocky Meza <rmeza@fusionbox.com>
2014-12-26 11:30:34 -05:00
Oscar Ramirez
54085b0f9b Fixed #23998 -- Added datetime.time support to migrations questioner. 2014-12-22 07:24:54 -05:00
Marc Tamlyn
57554442fe Fixed #2443 -- Added DurationField.
A field for storing periods of time - modeled in Python by timedelta. It
is stored in the native interval data type on PostgreSQL and as a bigint
of microseconds on other backends.

Also includes significant changes to the internals of time related maths
in expressions, including the removal of DateModifierNode.

Thanks to Tim and Josh in particular for reviews.
2014-12-20 18:28:29 +00:00
Michael Hall
895dc880eb Fixed #23812 -- Changed django.utils.six.moves.xrange imports to range 2014-12-13 12:45:58 -05:00
Diego Guimarães
9f427617e4 Refs #23947 -- Worked around a bug in Python that prevents deprecation warnings from appearing in tests. 2014-12-06 14:46:01 -05:00
Berker Peksag
560b4207b1 Removed redundant numbered parameters from str.format().
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Eric Rouleau
9d1a69579b Fixed #23935 -- Converted decimals to fixed point in utils.numberformat.format 2014-12-03 07:49:06 -05:00
Aymeric Augustin
b8ba73cd0c Raised SuspiciousFileOperation in safe_join.
Added a test for the condition safe_join is designed to prevent.

Previously, a generic ValueError was raised. It was impossible to tell
an intentional exception raised to implement safe_join's contract from
an unintentional exception caused by incorrect inputs or unexpected
conditions. That resulted in bizarre exception catching patterns, which
this patch removes.

Since safe_join is a private API and since the change is unlikely to
create security issues for users who use it anyway -- at worst, an
uncaught SuspiciousFileOperation exception will bubble up -- it isn't
documented.
2014-11-11 19:05:14 +01:00
Thomas Chaumeny
d89f56dc4d Fixed #21281 -- Made override_settings act at class level when used as a TestCase decorator. 2014-11-03 14:14:39 -05:00
Berker Peksag
f7969b0920 Fixed #23620 -- Used more specific assertions in the Django test suite. 2014-11-03 11:56:37 -05:00
Unai Zalakain
c548c8d0d1 Fixed #18456 -- Added path escaping to HttpRequest.get_full_path(). 2014-11-03 07:59:19 -05:00
Markus Holtermann
98da408964 Fixed #23670 -- Prevented partial import state during module autodiscovery
Thanks kostko for the report.
2014-10-31 08:01:47 -04:00
John-Scott Atlakson
dbf7a3df45 Fixed #23688 -- Updated cached_property to preserve docstring of original function 2014-10-20 17:59:07 -04:00
Jon Dufresne
54e695331b Fixed #20221 -- Allowed some functions that use mark_safe() to result in SafeText.
Thanks Baptiste Mispelon for the report.
2014-10-20 17:08:29 -04:00
Thomas Chaumeny
b962653060 Fixed #23664 -- Provided a consistent definition for OrderedSet.__bool__
This also defines QuerySet.__bool__ for consistency though this should not have any consequence as bool(qs) used to fallback on QuerySet.__len__ in Py3.
2014-10-16 14:16:24 +02:00
Anubhav Joshi
10b17a22be Fixed #19508 -- Implemented uri_to_iri as per RFC.
Thanks Loic Bistuer for helping in shaping the patch and Claude Paroz
for the review.
2014-10-16 02:31:17 +07:00
Florian Apolloner
3af5af1a61 Fixed remaining test failure in jslex tests. 2014-10-15 17:36:19 +02:00
Florian Apolloner
2ccbaba1f2 Added unicode_literals to the jslexer.
This ensure that ''.join(c) in jslex.py always returns text.
2014-10-15 15:09:35 +02:00
Jaap Roes
115c307184 Fixed #23613 -- Deprecated django.utils.checksums 2014-10-10 09:22:20 -04:00
Thomas Chaumeny
b2aad7b836 Replaced set([foo, ...]) by {foo, ...} literals. Refs PR 3282.
Thanks Collin Anderson for the review.
2014-09-29 00:01:38 +07:00
Loic Bistuer
3c6ac0bab8 Consolidated some text utils into the utils_tests test package. 2014-09-23 19:45:59 +07:00
Claude Paroz
b9d9287f59 Fixed urlize after smart_urlquote rewrite
Refs #22267.
2014-09-09 21:59:35 +02:00
Claude Paroz
4b8a1d2c0d Fixed #22267 -- Fixed unquote/quote in smart_urlquote
Thanks Md. Enzam Hossain for the report and initial patch, and
Tim Graham for the review.
2014-09-09 21:58:07 +02:00
Thomas Chaumeny
032c091659 Fixed #23388 -- Made django.utils.timezone.override usable as a decorator 2014-08-31 09:03:53 +02:00
Ian Foote
03d89168a2 Fixed #23333 -- Made urlsafe_base64_decode() return proper type on Python 3. 2014-08-22 20:07:12 -04:00
Tim Graham
e122facbd8 Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter.
Also the unused, undocumented django.utils.html.strip_entities() function.
2014-08-15 08:20:02 -04:00
Tim Graham
c2ab501bab Fixed test failure on Windows.
os.close(fd) is needed to avoid "The process cannot access the file
because it is being used by another process"
2014-07-30 14:31:59 -04:00
Tim Graham
57d2b3f2a7 Fixed bad usage of rstrip() that caused test failure.
If the temporary file name contained a p or y as its last
characters, it would be stripped. refs #23083.
2014-07-25 15:16:47 -04:00
Tim Graham
b8cb5ba708 Fixed #23083 -- Fixed runserver reloading when deleting a file.
Thanks Collin Anderson for the report and hirokiky for the fix.
2014-07-25 13:23:52 -04:00
Claude Paroz
4e424084e6 Fixed #22991 -- Prevented *.pyc files in autoreload monitoring
This fixes a regression introduced in 6d302f639.
Thanks lorinkoz at gmail.com for the report, Collin Anderson
for the initial patch and Simon Charette for the review.
2014-07-15 09:57:54 +02:00
Tim Graham
38e001ab6c Fixed #22789 -- Deprecated django.contrib.webdesign.
Moved the {% lorem %} tag to built-in tags.
2014-07-14 08:45:19 -04:00
Tim Graham
fddd95254e Fixed flake8 errors. 2014-07-07 19:12:39 -04:00
Tim Graham
89b9e6e5d6 Fixed #22909 -- Removed camelCasing in some tests.
Thanks brylie.
2014-07-07 19:08:42 -04:00
Claude Paroz
6d302f6396 Fixed pyinotify performance regression in 15f82c7011
Refs #9722. Thanks Tim Graham for the review.
2014-07-06 21:41:02 +02:00