Tim Graham
|
7feb54bbae
|
[1.4.x] Added additional checks in is_safe_url to account for flexible parsing.
This is a security fix. Disclosure following shortly.
|
2014-05-12 09:46:40 -04:00 |
|
Aymeric Augustin
|
28e23306aa
|
[1.4.x] Dropped fix_IE_for_vary/attach.
This is a security fix. Disclosure following shortly.
|
2014-05-12 09:46:22 -04:00 |
|
Alex Gaynor
|
b9b3e9f0ef
|
Use Python's changed comparisons, which makes this a bit more readable.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17526 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
2012-02-16 01:10:21 +00:00 |
|
Paul McMillan
|
6072e108e2
|
Fixed #17693. Input validation and tests for base36 conversion utils. Thanks Keryn Knight for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17525 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
2012-02-16 00:58:49 +00:00 |
|
Aymeric Augustin
|
affca1369c
|
Fixed #16632 -- Crash on responses without Content-Type with IE. Thanks juan for the report and kenth for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17196 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
2011-12-11 08:58:14 +00:00 |
|
Jannis Leidel
|
f4be8bd53d
|
Fixed #9089 -- Correctly handle list values in MultiValueDict instances when passed to django.utils.http.urlencode. Thanks, kratorius, guettli and obeattie.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16064 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
2011-04-22 12:01:41 +00:00 |
|
Luke Plant
|
243d0bec19
|
Fixed #15617 - CSRF referer checking too strict
Thanks to adam for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15840 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
2011-03-15 20:37:09 +00:00 |
|