1
0
mirror of https://github.com/django/django.git synced 2024-12-31 21:46:05 +00:00
Commit Graph

81 Commits

Author SHA1 Message Date
Mariusz Felisiak
9b9c805ced
Removed unneeded escapes in regexes.
Special characters lose their special meaning inside sets of characters.

"-" lose its special meaning if it's placed as the first or last
character.

Follow up to 7c6b66383d.
2023-08-02 19:53:16 +02:00
Mariusz Felisiak
ad0410ec4f Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator.
Thanks Seokchan Yoon for reports.
2023-07-03 08:16:55 +02:00
Jacob Rief
1fe0b167af Fixed #34473 -- Fixed step validation for form fields with non-zero minimum value. 2023-06-16 08:38:28 +02:00
Kamil Turek
ae509f8f08 Fixed #34014 -- Fixed DecimalValidator validating 0 in positive exponent scientific notation.
Thanks Shiplu Mokaddim for the report.
2022-09-17 10:02:55 +02:00
Kapil Bansal
3a82b5f655 Fixed #32559 -- Added 'step_size’ to numeric form fields.
Co-authored-by: Jacob Rief <jacob.rief@uibk.ac.at>
2022-05-12 14:16:52 +02:00
django-bot
9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Mariusz Felisiak
c5cd878382
Refs #33476 -- Refactored problematic code before reformatting by Black.
In these cases Black produces unexpected results, e.g.

def make_random_password(
    self,
    length=10,
    allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):

or

cursor.execute("""
SELECT ...
""",
    [table name],
)
2022-02-03 11:20:46 +01:00
Mariusz Felisiak
d25710a625 Refs #31670 -- Removed whitelist argument and domain_whitelist attribute in EmailValidator per deprecation timeline. 2021-09-20 21:23:01 +02:00
Mariusz Felisiak
61d92c650f Refs #22123 -- Added more URLValidator test for invalid IPv6 literals. 2021-08-06 12:58:55 +02:00
chrishna1
033636286a Fixed #32959 -- Moved tests URLs to validators.tests. 2021-07-28 11:39:36 +02:00
Wu Haotian
65b880b726 Fixed #32930 -- Fixed URLValidator when port numbers < 10. 2021-07-22 11:58:28 +02:00
Wu Haotian
b96cc7f85e Added more test cases with port numbers for URLValidator. 2021-07-22 11:58:28 +02:00
Mariusz Felisiak
e1d787f1b3 Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.

[1] https://bugs.python.org/issue36384
2021-06-02 10:58:39 +02:00
Mariusz Felisiak
e1e81aa1c4
Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
Akshat1Nar
b41d38ae26 Fixed #32298 -- Fixed URLValidator hostname length validation.
URLValidator now validates the maximum length of a hostname without
the userinfo and port.
2021-01-04 09:25:40 +01:00
Claudio Catterina
faa6d41cda
Fixed typo in DecimalValidator tests.
This replaces redundant test for -Infinity with +Infinity.
2020-07-16 11:21:39 +02:00
David Smith
27c09043da Refs #31670 -- Renamed whitelist argument and attribute of EmailValidator. 2020-06-18 21:43:20 +02:00
Yash Saini
ccb1cfb64e Fixed #31548 -- Fixed URLValidator crash on non-strings. 2020-05-08 20:53:05 +02:00
Yash Saini
bda6ade7b7 Added URLValidator test for missing scheme. 2020-05-08 20:50:25 +02:00
Dennis Schwertel
4070d6ceb0 Fixed #31267 -- Added tests cases with empty username or password for URLValidator.
Follow up to cdcf4164be.
2020-02-13 08:32:20 +01:00
ElizabethU
54ea290e5b Fixed #30651 -- Made __eq__() methods return NotImplemented for not implemented comparisons.
Changed __eq__ to return NotImplemented instead of False if compared to
an object of the same type, as is recommended by the Python data model
reference. Now these models can be compared to ANY (or other objects
with __eq__ overwritten) without returning False automatically.
2019-10-01 17:58:19 +02:00
buzzi
24cae0bedc Fixed #29860 -- Allowed BaseValidator to accept a callable limit_value. 2018-10-22 10:26:54 -04:00
Tom Forbes
8c70ba92dd Refactored validators tests to use subtests. 2018-08-18 15:04:48 -04:00
Tim Bell
cdcf4164be Fixed #29528 -- Made URLValidator reject invalid characters in the username and password. 2018-07-23 10:30:01 -04:00
Fabio Bonelli
f636f0bb86 Fixed #29007 -- Fixed DecimalValidator crash on NaN, SNan, Inf, and Infinity values. 2018-01-10 21:43:32 -05:00
Josh Schneier
e8c4596329 Fixed #28562 -- Fixed DecimalValidator handling of positive exponent scientific notation. 2017-09-27 09:42:04 -04:00
Josh Schneier
0dbcd0e87f Added tests for DecimalValidator. 2017-09-11 14:18:02 -04:00
Alejandro Zamora
90d7b912b9 Fixed #28201 -- Added ProhibitNullCharactersValidator and used it on CharField form field. 2017-08-12 20:14:14 -04:00
Mads Jensen
a51c4de194 Used assertRaisesMessage() to test Django's error messages. 2017-07-29 19:07:23 -04:00
Arne de Laat
681d2599ee Fixed #28165 -- Ignored case in FileExtensionValidator's allowed_extensions. 2017-06-07 16:53:36 -04:00
Arne de Laat
b137add6cf Added FileExtensionValidator tests for uppercase and missing file extensions. 2017-06-07 16:53:10 -04:00
Claude Paroz
289fc1bfa5 Refs #23919 -- Removed str_prefix usage 2017-01-20 15:43:28 +01:00
Tim Graham
4e729feaa6 Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage.
These functions do nothing on Python 3.
2017-01-20 08:01:02 -05:00
Aymeric Augustin
a556396339 Refs #23919 -- Replaced io.open() with open().
io.open() is an alias for open() on Python 3.
2017-01-18 21:45:12 -05:00
Claude Paroz
d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Ramin Farajpour Cami
967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
za
321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
wim glenn
21dd792349 Fixed #26578 -- Prohibited non-ASCII digits in validate_ipv4_address. 2016-10-28 11:38:49 -04:00
Baptiste Mispelon
a9215b7c36 Refs #21548 -- Skipped tests that rely on pillow when it's not installed 2016-07-02 15:46:16 +02:00
Berker Peksag
12b4280444 Fixed #21548 -- Added FileExtensionValidator and validate_image_file_extension. 2016-06-30 09:08:50 -04:00
Christopher Grebs
a9e188ccd6 Fixed #26119 -- Fixed URLValidator crash on URLs with brackets. 2016-06-28 15:43:43 -04:00
Tim Graham
c9ae09addf Replaced use of TestCase.fail() with assertRaises().
Also removed try/except/fail antipattern that hides exceptions.
2016-06-28 11:21:26 -04:00
Tim Graham
b1afebf882 Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator.
Thanks Shai Berger for the review.
2016-02-18 19:06:49 -05:00
Akshesh
d58aaa24e3 Fixed #26107 -- Added option to int_list_validator() to allow negative integers. 2016-02-18 18:58:18 -05:00
Raphael Michel
82976e5c3f Fixed #25637 -- Added URLValidator hostname length validation.
URLValidator now validates the maximum length of a hostname and the
maximum length of all labels inside the hostname.
2015-12-08 15:46:45 -05:00
Dheerendra Rathor
06627ef2ca Fixed #25635 -- Made URLValidator allow '+' in scheme. 2015-10-31 17:50:05 -04:00
Dheerendra Rathor
96fe90f535 Fixed #25620 -- Made URLValidator prohibit URLs with consecutive dots in the domain section. 2015-10-29 10:59:22 -04:00
Iulia Chiriac
75ed590032 Fixed #24636 -- Added model field validation for decimal places and max digits. 2015-09-18 14:30:20 -04:00
Maxime Lorant
c92cd22d02 Refs #25345 -- Updated links to code.google.com. 2015-09-04 08:14:21 -04:00
Edward Henderson
f8cc464452 Fixed #16501 -- Added an allow_unicode parameter to SlugField.
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00