mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00
Code Issues 25 Releases Wiki Activity
32,806 Commits 28 Branches 426 Tags 666 MiB
e9e14709ff
Commit Graph

571 Commits

Author SHA1 Message Date
Adam Johnson
d666457453 Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thank you to Elias Myllymäki for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-07-09 09:21:19 -03:00
Baptiste Mispelon
62300b81cf Fixed #12978 -- Added support for RSS feed stylesheets. 2024-06-18 17:25:43 +02:00
Shai Berger
f6ad8c7676 Refs CVE-2024-27351 -- Forwardported release notes and tests. 
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2024-03-04 08:22:00 +01:00
David Smith
6ee37ada32 Fixed #30686 -- Used Python HTMLParser in utils.text.Truncator. 2024-02-07 09:46:25 +01:00
David Smith
70f39e46f8 Refs #30686 -- Fixed text truncation for negative or zero lengths. 2024-02-07 05:18:35 +01:00
David Smith
48a4693951 Refs #30686 -- Improved test coverage of Truncator. 2024-02-06 16:35:08 +01:00
Mariusz Felisiak
305757aec1
Applied Black's 2024 stable style. 
https://github.com/psf/black/releases/tag/24.1.0
 2024-01-26 12:45:07 +01:00
Tim Graham
ecd3071dac
Fixed #35097 -- Tested parse_datetime() with bare date. 
Regression test for behavior change in
f35ab74752.
 2024-01-09 14:08:03 -03:00
Mariusz Felisiak
0c5456ef37
Used enterClassContext() where appropriate. 2024-01-04 05:55:29 +01:00
Mariusz Felisiak
d88ec42bd0
Used addCleanup() in tests where appropriate. 2023-12-31 10:01:31 +01:00
Nick Pope
baf705f34a Refs #34986 -- Fixed some test assertions for PyPy. 
These failures were due to minor inconsistencies or implementation
differences between CPython and PyPy.
 2023-11-28 06:19:38 +01:00
Nick Pope
6089230d3e Refs #34986 -- Fixed mocking in utils_tests.test_http.HttpDateProcessingTests.test_parsing_rfc850. 
Mocking in the `datetime` module can be tricky. In CPython the datetime
C module is used, but PyPy uses a pure Python implementation. This
caused issues with the prior approach to mocking `datetime.datetime`.

See https://docs.python.org/3/library/unittest.mock-examples.html#partial-mocking
 2023-11-28 06:19:38 +01:00
Nick Pope
5e28cd3f2c
Fixed #34983 -- Deprecated django.utils.itercompat.is_iterable(). 2023-11-24 12:06:29 +01:00
Nick Pope
74afcee234 Refs #34899 -- Extracted Field.flatchoices to flatten_choices helper function. 
Co-authored-by: Natalia Bidart <124304+nessita@users.noreply.github.com>
 2023-10-23 13:44:23 -03:00
Nick Pope
07fa79ef2b Refs #31262 -- Added __eq__() and __getitem__() to BaseChoiceIterator. 
This makes it easier to work with lazy iterators used for callables,
etc. when extracting items or comparing to lists, e.g. during testing.

Also added `BaseChoiceIterator.__iter__()` to make it clear that
subclasses must implement this and added `__all__` to the module.

Co-authored-by: Adam Johnson <me@adamj.eu>
Co-authored-by: Natalia Bidart <124304+nessita@users.noreply.github.com>
 2023-10-23 13:44:16 -03:00
Natalia
17b51094d7 Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text. 
Thanks Wenchao Li of Alibaba Group for the report.
 2023-10-04 09:22:26 -03:00
Mariusz Felisiak
3f41d6d629 Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding.uri_to_iri(). 
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.

Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
 2023-09-04 11:58:37 +02:00
Nick Pope
500e01073a
Fixed #31262 -- Added support for mappings on model fields and ChoiceField's choices. 2023-08-30 22:57:40 -03:00
sarahboyce
f6ed2c36dd Fixed #34787 -- Fixed autoreloader crash when run from installed script on Windows. 2023-08-28 12:57:14 +02:00
konsti
48a1929ca0
Removed unnecessary trailing commas in tests. 2023-08-22 12:42:57 +02:00
Mariusz Felisiak
4c85d94bc0
Fixed utils_tests.test_lazyobject.SimpleLazyObjectPickleTestCase. 
SimpleLazyObjectPickleTestCase executes database queries so it must
inherit from django.test.TestCase.
 2023-08-20 16:09:07 +02:00
Mariusz Felisiak
4afaeb14c2
Refs #30116 -- Simplified tests related with dictionary order. 
Dicts preserve order since Python 3.6.
 2023-07-12 11:06:59 +02:00
Nick Pope
e042024b28 Allowed custom formatting of lazy() objects. 
This allows for formatting of lazy objects which have a custom formatter
defined by overriding the default implementation from `object`.
 2023-06-12 06:09:20 +02:00
Nick Pope
fd97b0471b Allowed multiplication of lazy() objects with int return type. 2023-06-12 05:59:40 +02:00
Ran Benita
ae94077e7d Made proxy class in lazy() prepare eagerly. 
Previously, the proxy class was prepared lazily:

  lazy_identity = lazy(identity, int)
  lazy_identity(10)  # prepared here
  lazy_identity(10)

This has a slight advantage that if the lazy doesn't end up getting
used, the preparation work is skipped, however that's not very likely.

Besides this laziness, it is also inconsistent in that the methods which
are wrapped directly (__str__ etc.) are prepared already when __proxy__
is defined, and there is a weird half-initialized state.

This change it so that everything is prepared already on the first line
of the example above.
 2023-06-12 05:45:44 +02:00
Nick Pope
e0e0204477 Added more tests for django.utils.functional.lazy(). 2023-06-12 05:29:30 +02:00
Ran Benita
a57d5d9bbc Made bytes and str return types no longer mutually exclusive in lazy(). 
They are no longer special cased.
 2023-06-08 09:15:40 +02:00
Ran Benita
f5817c24f4 Refs #34445 -- Fixed string-casting of non-string lazy objects when value may be bytes. 
If the result type is bytes, then calling bytes() on it does nothing.

If the result type is not bytes, we should not cast to bytes, just
because the return value may be bytes.
 2023-06-08 06:38:11 +02:00
devilsautumn
094b0bea2c Fixed #34609 -- Deprecated calling format_html() without arguments. 2023-06-06 14:14:57 +02:00
Mariusz Felisiak
fc9c90d9c4
Refs #34118 -- Fixed FunctionalTests.test_cached_property_reuse_different_names() on Python 3.12+. 
Python 3.12+ no longer wraps exceptions in __set_name__, see
55c99d97e1
 2023-05-23 12:56:33 +02:00
Mariusz Felisiak
198a19b692
Refs #34483 -- Fixed timesince()/timeuntil() with timezone-aware dates on different days and interval less than 1 day. 
Follow up to 813015d67e.
Regression in 8d67e16493.
 2023-04-14 17:41:03 +02:00
nessita
813015d67e
Fixed #34483 -- Fixed timesince()/timeuntil() with timezone-aware dates and interval less than 1 day. 
Regression in 8d67e16493.

Thanks Lorenzo Peña for the report.
 2023-04-13 13:16:33 -03:00
Ran Benita
066aabcb77 Fixed #34445 -- Fixed string-casting of non-string lazy objects. 
This removes __text_cast() as it's the same as __cast().
_delegate_bytes and __delegate_text are mutually exclusive so the
`if self._delegate_bytes` branch in __cast() is unreachable.

Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com>
 2023-03-30 11:42:10 +02:00
Marcelo Galigniana
f9f0092346 Completed test coverage for django.utils.datastructures. 2023-02-15 07:45:00 +01:00
David Smith
097e3a70c1 Refs #33476 -- Applied Black's 2023 stable style. 
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.

https://github.com/psf/black/releases/tag/23.1.0
 2023-02-01 11:04:38 +01:00
Nick Pope
1282b5e420 Fixed #32528 -- Replaced django.utils.topological_sort with graphlib.TopologicalSort(). 
graphlib.TopologicalSort() is available since Python 3.9.
 2023-01-19 06:31:40 +01:00
Mariusz Felisiak
3bbe22dafc
Fixed #34233 -- Dropped support for Python 3.8 and 3.9. 2023-01-18 09:46:01 +01:00
Mariusz Felisiak
5c10041f46 Refs #30127 -- Removed name argument for django.utils.functional.cached_property(). 
Per deprecation timeline.
 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
2fad163257 Refs #32365 -- Removed is_dst argument for various methods and functions. 
Per deprecation timeline.
 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
e6f82438d4 Refs #32365 -- Removed support for pytz timezones per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
4aa0689080 Refs #32738 -- Removed django.utils.datetime_safe module per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
ef46f3778a Refs #32712 -- Removed django.utils.baseconv module per deprecation timeline. 2023-01-17 11:49:15 +01:00
sag᠎e
8cf3831822
Fixed #34243 -- Fixed timesince() crash with timezone-aware dates and interval longer than 1 month. 
Regression in 8d67e16493.
 2023-01-05 16:38:19 +01:00
Nick Pope
65477fd7da Added support for datetime.date to DateFormat.r(). 2023-01-05 12:51:55 +01:00
GianpaoloBranca
8d67e16493
Fixed #33879 -- Improved timesince handling of long intervals. 2023-01-04 11:14:06 +01:00
Alex Vandiver
cbce427c17 Fixed #34194 -- Added django.utils.http.content_disposition_header(). 2022-12-05 13:08:00 +01:00
Nick Pope
9bd174b9a7 Updated documentation and comments for RFC updates. 
- Updated references to RFC 1123 to RFC 5322
  - Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
  - Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents
 2022-11-10 13:52:17 +01:00
Jimmy Angelakos
07ebef566f Refs #34000 -- Optimized handling None values in numberformat.format(). 2022-09-12 13:02:50 +02:00
Jimmy Angelakos
e911e0996f Fixed #34000 -- Fixed numberformat.format() crash on empty strings. 2022-09-12 12:54:12 +02:00
Carlton Gibson
e34dfad0a3 Refs #30213 -- Removed post-startup check for Watchman availability. 
This is checked at startup in get_reloader(). The runtime check ties
the implementation to Watchman excessively.
 2022-08-11 11:02:03 +02:00