1
0
mirror of https://github.com/django/django.git synced 2024-11-18 07:26:04 +00:00
Commit Graph

37 Commits

Author SHA1 Message Date
Przemysław Suliga
d22b90b4ea Fixed #29525 -- Allowed is_safe_url()'s allowed_hosts arg to be a string. 2018-06-29 10:17:52 -04:00
Jon Dufresne
1e81a4b897 Fixed #28638 -- Made allowed_hosts a required argument of is_safe_url(). 2018-01-11 07:03:50 -05:00
Tim Graham
ab7f4c3306 Refs #28965 -- Deprecated unused django.utils.http.cookie_date(). 2018-01-02 11:23:04 -05:00
François Freitag
41be85862d Fixed #28679 -- Fixed urlencode()'s handling of bytes.
Regression in fee42fd99e.

Thanks Claude Paroz, Jon Dufresne, and Tim Graham for the guidance.
2017-10-12 09:08:33 -04:00
François Freitag
0e212a705e Split django.utils.http tests into separate test classes. 2017-10-10 08:53:01 -04:00
Tim Graham
96107e2844 Refs #26956 -- Removed the host parameter of django.utils.http.is_safe_url().
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
Mads Jensen
41a7876991 Added test for too large input to django.utils.http.base36_to_int(). 2017-09-21 10:21:02 -04:00
UmanShahzad
856072dd4a Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs. 2017-05-10 09:02:20 -04:00
Tim Graham
5ea48a70af Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.
This is a security fix.
2017-04-04 10:42:06 -04:00
Claude Paroz
c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz
d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Tim Graham
8119b679eb Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
http://bugs.python.org/issue27364
2016-09-17 15:44:06 -04:00
Kevin Christopher Henry
4ef0e019b7 Fixed #27083 -- Added support for weak ETags. 2016-09-10 08:14:52 -04:00
Jon Dufresne
f227b8d15d Refs #26956 -- Allowed is_safe_url() to validate against multiple hosts 2016-09-07 19:56:25 -07:00
Przemysław Suliga
5e5a17028f Fixed #26902 -- Allowed is_safe_url() to require an https URL.
Thanks Andrew Nester, Berker Peksag, and Tim Graham for reviews.
2016-08-19 18:51:33 -04:00
Tim Graham
92053acbb9 Fixed E128 flake8 warnings in tests/. 2016-04-08 10:12:33 -04:00
Claude Paroz
552f03869e Added safety to URL decoding in is_safe_url() on Python 2
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
2016-03-04 23:33:35 +01:00
Claude Paroz
ada7a4aefb Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()
This fixes a regression introduced by c5544d2892.
Thanks John Eskew for the reporti and Tim Graham for the review.
2016-03-04 21:14:14 +01:00
Mark Striemer
c5544d2892 Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
This is a security fix.
2016-03-01 11:25:28 -05:00
Hasan
3d0dcd7f5a Refs #26022 -- Used context manager version of assertRaises in tests. 2016-01-29 12:32:18 -05:00
Denis Cornehl
186b6c61bf Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.
Thanks Denis Cornehl for help with the patch.
2016-01-05 09:37:11 -05:00
Josh Soref
93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Matt Robenolt
b0c56b895f Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
2015-09-16 12:21:50 -04:00
Tim Graham
011a54315e Made is_safe_url() reject URLs that start with control characters.
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Lukas Klein
93b3ef9b2e Fixed #24321 -- Improved utils.http.same_origin compliance with RFC6454 2015-02-12 08:58:35 +01:00
Tim Graham
0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Tim Graham
69b5e66738 Fixed is_safe_url() to handle leading whitespace.
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Berker Peksag
f7969b0920 Fixed #23620 -- Used more specific assertions in the Django test suite. 2014-11-03 11:56:37 -05:00
Loic Bistuer
3c6ac0bab8 Consolidated some text utils into the utils_tests test package. 2014-09-23 19:45:59 +07:00
Ian Foote
03d89168a2 Fixed #23333 -- Made urlsafe_base64_decode() return proper type on Python 3. 2014-08-22 20:07:12 -04:00
Tim Graham
89b9e6e5d6 Fixed #22909 -- Removed camelCasing in some tests.
Thanks brylie.
2014-07-07 19:08:42 -04:00
Erik Romijn
255449c1ee Added additional checks in is_safe_url to account for flexible parsing.
This is a security fix. Disclosure following shortly.
2014-05-14 10:19:48 +02:00
Aymeric Augustin
3800f63721 Dropped fix_IE_for_vary/attach.
This is a security fix. Disclosure following shortly.
2014-05-14 10:19:48 +02:00
Larry O'Neill
83b9bfea44 Fixed #21266 -- Fixed E201,E202 pep8 warnings. 2013-10-14 18:12:00 -04:00
Aymeric Augustin
365c3e8b73 Replaced "not PY3" by "PY2", new in six 1.4.0. 2013-09-02 12:11:02 +02:00
Aymeric Augustin
cfcf4b3605 Stopped using django.utils.unittest in the test suite.
Refs #20680.
2013-07-01 14:29:33 +02:00
Preston Timmons
612ef3e5c9 Modified utils_tests for unittest2 discovery. 2013-04-12 15:31:58 -06:00