1
0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Commit Graph

420 Commits

Author SHA1 Message Date
Tim Graham
97b7dd59bb Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
Thanks James Davis for suggesting the fix.
2018-03-06 08:30:40 -05:00
Tim Graham
8618271caa Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.
Thanks Florian Apolloner for assisting with the patch.
2018-03-06 08:30:40 -05:00
Tim Graham
b832de869e Added tests for utils.html.urlize() (lazy string inputs were untested). 2018-02-10 15:45:57 -05:00
Jonas Haag
8c709d79cb Fixed #17419 -- Added json_tag template filter. 2018-02-07 18:38:12 -05:00
Tim Graham
d0a42a14c0 Fixed imports per isort 4.3.1.
Partially reverted 9bcf73d788.
2018-02-02 14:44:07 -05:00
Mariusz Felisiak
9bcf73d788 Fixed imports per isort 4.3.0. 2018-02-01 09:29:46 +01:00
Jon Dufresne
ff05de760c Fixed #29038 -- Removed closing slash from HTML void tags. 2018-01-21 02:09:10 -05:00
Jon Dufresne
1e81a4b897 Fixed #28638 -- Made allowed_hosts a required argument of is_safe_url(). 2018-01-11 07:03:50 -05:00
Tim Graham
ab7f4c3306 Refs #28965 -- Deprecated unused django.utils.http.cookie_date(). 2018-01-02 11:23:04 -05:00
Sergey Fedoseev
ae6fa914aa Fixed #28926 -- Fixed loss of precision of big DurationField values on SQLite and MySQL. 2017-12-28 17:35:41 -05:00
Sergey Fedoseev
93cdd07e8f Used bytes.hex() and bytes.fromhex() to simplify. 2017-11-23 08:52:23 -05:00
Yusuke Miyazaki
278d66b94b Fixed #28501 -- Fixed "python -m django runserver" crash. 2017-11-06 09:58:15 -05:00
Yusuke Miyazaki
ac21f2e391 Added RestartWithReloaderTests. 2017-11-06 09:54:31 -05:00
medmunds
d1317edad0 Fixed #28739 -- Fixed get_fixed_timezone() for negative timedeltas. 2017-10-24 21:27:53 -04:00
François Freitag
41be85862d Fixed #28679 -- Fixed urlencode()'s handling of bytes.
Regression in fee42fd99e.

Thanks Claude Paroz, Jon Dufresne, and Tim Graham for the guidance.
2017-10-12 09:08:33 -04:00
François Freitag
0e212a705e Split django.utils.http tests into separate test classes. 2017-10-10 08:53:01 -04:00
Mariusz Felisiak
fc6528b25a Fixed #28629 -- Made tree.Node instances hashable.
Regression in 508b5debfb which
added Node.__eq__().
2017-09-28 12:07:19 -04:00
Mads Jensen
8ddbe01760 Added a test for pbkdf2()'s default digest algorithm. 2017-09-27 10:36:26 -04:00
Tim Graham
ba42456c2e Refs #27648 -- Removed support for (iLmsu) regex groups in url() patterns.
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
Tim Graham
96107e2844 Refs #26956 -- Removed the host parameter of django.utils.http.is_safe_url().
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
Mads Jensen
41a7876991 Added test for too large input to django.utils.http.base36_to_int(). 2017-09-21 10:21:02 -04:00
LBerrocal
54f7aa04a7 Fixed #28306 -- Completed test coverage for django.utils.lorem_ipsum.
Thanks Idan Melamed for the original patch.
2017-09-02 15:50:43 -04:00
Sergey Fedoseev
83440a1258 Refs #28389 -- Added release note and test for pickling of LazyObject when wrapped object doesn't have __reduce__().
Forwardport of 30f334cc58 from stable/1.11.x
2017-07-12 09:30:29 -04:00
Matthew Schinckel
493f7e9e1e Fixed #28076 -- Added support for PostgreSQL's interval format to parse_duration(). 2017-07-03 19:53:19 -04:00
Matthew Schinckel
684c0a35f6 Refs #27804 -- Used subTest() in dateparse tests. 2017-07-03 17:08:58 -04:00
Wil Tan
b94d99af5b Refs #28280 -- Added more tests for utils.numberformat.format(). 2017-06-29 13:31:41 -04:00
Georg Sauthoff
d0f59054d0 Fixed #28324 -- Made feedgenerators write feeds with deterministically ordered attributes. 2017-06-20 05:38:41 -04:00
Thomas Khyn
f6bd00131e Fixed #28241 -- Allowed module_has_submodule()'s module_name arg to be a dotted path. 2017-06-08 14:34:20 -04:00
Jon Dufresne
21046e7773 Fixed #28249 -- Removed unnecessary dict.keys() calls.
iter(dict) is equivalent to iter(dict.keys()).
2017-05-27 19:08:46 -04:00
UmanShahzad
856072dd4a Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs. 2017-05-10 09:02:20 -04:00
Tim Graham
309c10c2cb Refs #20094 -- Removed obsolete tests/utils_tests/test_itercompat.py
The is_iterator() function was removed in 2456ffa42c.
2017-04-26 10:54:06 -04:00
petedmarsh
14671affc3 Fixed #28064 -- Removed double-quoting of key names in MultiValueDictKeyError. 2017-04-11 12:44:52 -04:00
Tim Graham
5ea48a70af Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.
This is a security fix.
2017-04-04 10:42:06 -04:00
Claude Paroz
389c3ffc04 Updated tests after French translation update 2017-04-04 13:07:47 +02:00
Tim Graham
6b4f018b2b Replaced type-specific assertions with assertEqual().
Python docs say, "it's usually not necessary to invoke these methods directly."
2017-03-17 07:51:48 -04:00
Claude Paroz
8346680e1c Refs #27795 -- Removed unneeded force_text calls
Thanks Tim Graham for the review.
2017-03-04 18:18:21 +01:00
Tim Graham
6ae1b04fb5 Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals. 2017-03-04 09:04:16 -05:00
Pavlo Kapyshin
b6fbf3e8e5 Fixed #27879 -- Fixed crash if enclosures aren't provided to Atom1Feed.add_item().
Regression in 75cf9b5ac0
2017-02-24 09:46:31 -05:00
Ian Foote
508b5debfb Refs #11964 -- Made Q objects deconstructible. 2017-02-23 20:47:48 -05:00
Tim Graham
007d4e030c Completed test coverage for django.utils.encoding. 2017-02-22 20:54:55 -05:00
Chronial
03281d8fe7 Fixed #26005 -- Fixed some percent decoding cases in uri_to_iri(). 2017-02-09 09:22:00 -05:00
Tim Graham
500532c95d Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode(). 2017-02-09 09:03:47 -05:00
Claude Paroz
c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Tim Graham
26619ad7b0 Removed an untested and broken branch in force_bytes() (refs #6353).
The new test crashed in the removed branch. It's unclear if the branch has
value since c6a2bd9b96 didn't include tests.
2017-02-03 19:36:53 -05:00
Tim Graham
2f1394c76d Added a test for force_text()'s DjangoUnicodeDecodeError path. 2017-02-03 19:15:50 -05:00
Claude Paroz
a21ec12409 Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escape 2017-02-02 21:01:39 +01:00
Tim Graham
f8d52521ab Refs #27804 -- Used subTest() in tests.utils_tests.test_html. 2017-02-02 08:17:00 -05:00
Tim Graham
2af8cd22a9 Imported specific functions in tests.utils_tests.test_html. 2017-02-02 07:23:10 -05:00
Claude Paroz
ccfd1295f9 Refs #27795 -- Prevented SafeText from losing safe status on str()
This will allow to replace force_text() by str() in several places (as one of
the features of force_text is to keep the safe status).
2017-01-30 21:10:32 +01:00
Claude Paroz
c182d66f69 Reintroduced lazy import from commit 52138b1fd0 2017-01-30 15:17:39 +01:00