Carl Meyer
d51fb74360
Added a new required ALLOWED_HOSTS setting for HTTP host header validation.
...
This is a security fix; disclosure and advisory coming shortly.
2013-02-19 11:23:29 -07:00
Anssi Kääriäinen
fafee74306
Removed try-except in django.db.close_connection()
...
The reason was that the except clause needed to remove a connection
from the django.db.connections dict, but other parts of Django do not
expect this to happen. In addition the except clause was silently
swallowing the exception messages.
Refs #19707 , special thanks to Carl Meyer for pointing out that this
approach should be taken.
2013-02-13 00:25:09 +02:00
Anssi Kääriäinen
a4e97cf315
Fixed #19707 -- Reset transaction state after requests
2013-02-10 13:55:54 +02:00
Aymeric Augustin
4a6490a4a0
Removed HttpRequest.raw_post_data.
2012-12-29 21:59:07 +01:00
Aymeric Augustin
1e4a27d087
Fixed #19468 -- Decoded request.path correctly on Python 3.
...
Thanks aliva for the report and claudep for the feedback.
2012-12-22 13:32:39 +01:00
Florian Apolloner
27560924ec
Fixed a security issue in get_host.
...
Full disclosure and new release forthcoming.
2012-12-10 22:11:40 +01:00
Aymeric Augustin
095eca8dd8
Fixed #19101 -- Decoding of non-ASCII POST data on Python 3.
...
Thanks Claude Paroz.
2012-11-03 13:03:15 +01:00
Claude Paroz
6de6988f99
Fixed #5076 -- Properly decode POSTs with non-utf-8 payload encoding
...
Thanks daniel at blogg.se for the report and Aymeric Augustin for
his assistance on the patch.
2012-10-30 09:00:32 +01:00
Ian Clelland
02dda22832
Don't use : as an invalid cookie character
...
Since http://bugs.python.org/issue2193 has been resolved in favour of
the colon in cookie names, we need to test invalid cookie removal using
a different character. "@" is still considered invalid by all sources.
2012-10-26 01:40:32 +01:00
Aymeric Augustin
d7c6a57d60
Used @override_settings in several tests.
2012-10-20 23:22:46 +02:00
Claude Paroz
cfb3eb2e3d
Used FakePayload in requests tests
2012-10-20 15:54:26 +02:00
Claude Paroz
dfd4a71751
Fixed #5611 -- Restricted accepted content types in parsing POST data
...
Thanks paulegan for the report and Preston Holmes for the review.
2012-10-20 14:56:16 +02:00
Preston Holmes
4fb510fde4
Added missed poisoned host header tests
2012-10-18 11:10:46 -07:00
Claude Paroz
97fe70d30b
[py3] Used BytesIO to test request streams
2012-08-11 11:11:20 +02:00
Aymeric Augustin
396357741b
[py3] Used compatible imports of StringIO.
2012-08-08 14:50:01 +02:00
Claude Paroz
4a103086d5
Fixed #18269 -- Applied unicode_literals for Python 3 compatibility.
...
Thanks Vinay Sajip for the support of his django3 branch and
Jannis Leidel for the review.
2012-06-07 18:08:47 +02:00
Claude Paroz
38408f8007
Marked bytestrings with b prefix. Refs #18269
...
This is a preparation for unicode literals general usage in
Django (Python 3 compatibility).
2012-05-19 17:43:34 +02:00
Claude Paroz
11a5355517
Inserted more simplefilter calls to be sure warnings are emitted.
...
Thanks to Florian Apolloner for suggesting the patch.
2012-05-03 21:31:23 +02:00
Claude Paroz
00c0d3c44e
Made warning assertions work with or without -Wall python switch
2012-05-03 20:18:05 +02:00
Claude Paroz
10cf3c6427
Used catch_warnings instead of save/restore methods. Refs #17049 .
2012-05-03 18:30:07 +02:00
Aymeric Augustin
e84f79f051
Fixed #18042 -- Advanced deprecation warnings.
...
Thanks Ramiro for the patch.
2012-05-03 15:27:01 +02:00
Claude Paroz
a1ffb02107
Fixed #18029 -- Removed mod_python as of deprecation process. Thanks Aymeric Augustin for the review.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17835 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-31 10:34:11 +00:00
Claude Paroz
9383a2761c
Removed with_statement imports, useless in Python >= 2.6. Refs #17965 . Thanks jonash for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17828 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-30 08:02:08 +00:00
Aymeric Augustin
c8e2f7591d
Fixed #17931 -- Accepted aware datetimes to set cookies expiry dates. Thanks jaddison for the report.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17766 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-18 20:58:22 +00:00
Carl Meyer
0ce6636102
Fixed #17277 - Wrap IOErrors raised due to client disconnect in a specific IOError subclass so they can be distinguished from more serious errors. Thanks David Lowe.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17493 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-10 22:51:07 +00:00
Carl Meyer
1b312edbeb
Refs #17323 -- Updated a test to use try/finally to avoid state leakage. Thanks dstufft for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17211 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-16 23:50:34 +00:00
Adrian Holovaty
3f003a3c4b
Fixed #17323 -- Renamed HttpRequest.raw_post_data to request.body. Thanks for the patch, dstufft
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17210 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-16 23:40:32 +00:00
Russell Keith-Magee
893cea211a
Added protection against spoofing of X_FORWARDED_HOST headers. A security announcement will be made shortly.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16758 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 00:46:38 +00:00
Jannis Leidel
a6cd78662e
Fixed #15785 -- Stopped HttpRequest.read() from reading beyond the end of a wsgi.input stream and removed some redundant code in the multipartparser. Thanks, tomchristie, grahamd and isagalaev.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16479 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-28 10:17:56 +00:00
Russell Keith-Magee
9e952be26f
Fixed #16201 -- Ensure that requests with Content-Length=0 don't break the multipart parser. Thanks to albsen for the report and patch
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16353 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-10 08:39:38 +00:00
Luke Plant
db2f9bfae1
Fixed #16178 - Cleanup request classes' __repr__()
...
Thanks to julien for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16350 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-09 23:15:42 +00:00
Luke Plant
8bb46d8b7c
Fixed #15679 - regression in HttpRequest.POST and raw_post_data access.
...
Thanks to vkryachko for the report.
This also fixes a slight inconsistency with raw_post_data after parsing of a
multipart request, and adds a test for that. (Previously accessing
raw_post_data would have returned the empty string rather than raising an
Exception).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15938 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-28 16:11:40 +00:00
Russell Keith-Magee
b4f0921463
Fixed #15018 -- Corrected the handling of LimitedStream under one edge case involving size restricted buffers and newlines. Thanks to xjdrew for the report, and aaugustin for the patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15222 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-16 07:31:35 +00:00
Russell Keith-Magee
78be884ea7
Fixed #3304 -- Added support for HTTPOnly cookies. Thanks to arvin for the suggestion, and rodolfo for the draft patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14707 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-26 13:30:50 +00:00
Alex Gaynor
035cb99b47
Make the requests test use unittest2, rather than the system unittest.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14487 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-07 15:41:17 +00:00
Russell Keith-Magee
269e921756
Fixed #9886 -- Added a file-like interface to HttpRequest. Thanks to Ivan Sagalaev for the suggestion and patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14394 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-29 16:39:25 +00:00
Russell Keith-Magee
75536fef1f
Modified the requests unit tests so that they aren't dependent on dictionary ordering.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13948 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-28 11:54:58 +00:00
Russell Keith-Magee
d63ee2097f
Migrated requests doctests. Thanks to Stephan Jaekel.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13927 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-28 07:06:37 +00:00
Russell Keith-Magee
1637fefcb0
Fixed #14351 -- Modified the requests test case to avoid an timing problem in the test.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13922 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-28 04:35:50 +00:00
Malcolm Tredinnick
2d4da641a6
Allow setting HttpResponse cookie expiry times with datetime objects.
...
Patch from SmileyChris. Fixed #7770 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-12 20:52:49 +00:00
Malcolm Tredinnick
646f2f6101
Fixed #7494 -- Fixed build_absolute_url() for some types of (uncommon) URLs.
...
Patch from tom@almostobsolete.net and RobotAdam.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8490 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 17:28:12 +00:00
Malcolm Tredinnick
bfcecbffd3
Changed/fixed the way Django handles SCRIPT_NAME and PATH_INFO (or
...
equivalents). Basically, URL resolving will only use the PATH_INFO and the
SCRIPT_NAME will be prepended by reverse() automatically. Allows for more
portable development and installation. Also exposes SCRIPT_NAME in the
HttpRequest instance.
There are a number of cases where things don't work completely transparently,
so mod_python and fastcgi users should read the relevant docs.
Fixed #285 , #1516 , #3414 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8015 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-21 07:57:10 +00:00
Malcolm Tredinnick
30bdabb2b0
Fixed #6764 -- Added some error checking around cookie decoding. Thanks,
...
Michael Axiak.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7257 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-17 13:49:04 +00:00
Gary Wilson Jr
4487be66ef
Fixed tests added in [7200] to not depend on unpredictable key order of dict, which was sometimes causing a test error.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7207 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-08 14:41:13 +00:00
Gary Wilson Jr
d73c70d1ed
Fixed #5595 -- Made ModPythonRequest.__repr__
return a string instead of a unicode object. Fixes the printout of the request object in those server error e-mails I never get :)
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7200 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-08 03:06:30 +00:00