1
0
mirror of https://github.com/django/django.git synced 2024-12-26 19:16:11 +00:00
Commit Graph

41 Commits

Author SHA1 Message Date
Berker Peksag
f7969b0920 Fixed #23620 -- Used more specific assertions in the Django test suite. 2014-11-03 11:56:37 -05:00
Jon Dufresne
c1ef234e31 Fixed #23522 -- Changed reverse() to return a Unicode string; not bytes 2014-10-07 13:06:39 -04:00
Florian Apolloner
28e765810d Prevented reverse() from generating URLs pointing to other hosts.
This is a security fix. Disclosure following shortly.
2014-08-20 14:39:40 -04:00
Claude Paroz
e167e96cfe Fixed #22223 -- Prevented over-escaping URLs in reverse()
And follow more closely the class of characters defined in the
RFC 3986.
Thanks Erik van Zijst for the report and the initial patch, and
Tim Graham for the review.
2014-07-09 09:54:34 +02:00
Anubhav Joshi
7f76251fb7 Refactored common code in handlers/base.py and urlresolvers.py 2014-06-23 15:27:25 -04:00
Tim Graham
b341f33697 Added database migration for contrib.auth.
refs #22170.
2014-06-16 16:21:37 -04:00
Tim Graham
4445d36d47 Fixed #22384 -- Deprecated reversing URLs by dotted path. 2014-06-03 07:30:14 -04:00
Alex Gaynor
d240b29c08 Fixed a typo that Tim Graham noticed 2014-05-28 17:46:06 -07:00
Alex Gaynor
1dcc603eff Fixed several typos in Django 2014-05-28 17:39:14 -07:00
Kevin Christopher Henry
91afc00513 Fixed #21157 -- Fixed problems with ResolverMatch
- Fixed bug in get_callable() that caused resolve() to put a string
  in ResolverMatch.func.
- Made ResolverMatch.url_name match the actual url name (or None).
- Updated tests that used the string value in ResolverMatch.func, and
  added regression tests for this bug.
- Corrected test urls whose dummy view paths caused failures (behavior
  that was previously masked by this bug).
2014-04-23 20:12:34 -04:00
Tim Graham
8b93b31487 Fixed a remote code execution vulnerabilty in URL reversing.
Thanks Benjamin Bach for the report and initial patch.

This is a security fix; disclosure to follow shortly.
2014-04-21 18:11:26 -04:00
Anubhav Joshi
cd914e31c9 Fixed #21977 -- Deprecated SimpleTestCase.urls 2014-04-06 17:33:43 -04:00
Athena
5d568bcfa6 Fixed #7571 -- Fixed parameter matching in include()'d urlpattern
Fixed URL resolving in the case where an outer regex includes an inner
regex and both regexes use positional parameters instead of named
groups, causing the outer regex's parameters to override the inner
regex's.

Modified the regex url resolver so that it will concatenates and then
normalizes, instead of normalizing and then concatenating.
2014-03-05 00:35:03 +01:00
Baptiste Mispelon
173aa51997 Fixed #21435 -- Improved error message when urlconf is empty.
The new error message now hints that the most likely issue
is a circular import.

Thanks to trac user elena for the report and to
bpeschier for the original patch.
2014-02-22 15:36:49 +01:00
Claude Paroz
203f55b5d5 Replaced 'test' by 'sqlall' management command in reverse_lazy test 2014-02-18 13:21:25 +01:00
Claude Paroz
45edb9d235 Fixed #22057 -- Ensured reverse_lazy can be used in settings
And without causing a circular import. Thanks Akis Kesoglou for
the report.
2014-02-18 10:23:30 +01:00
Grzegorz Nosek
0b6f9f7c6f Improved fix for #18373 -- backward compatibility
Commit 79558c78 cleaned up the (undocumented) interface of Resolver404
exception, which breaks compatibility with code messing with .args[0]
directly. Revert the cleanup part and simply leave the fix itself.
2014-02-15 17:51:18 +01:00
Grzegorz Nosek
79558c787e Fixed #18373 - improved handling of Resolver404s from views
When django.core.urlresolvers.resolve was called from a view, failed
and the exception was propagated and rendered by technical_404_response,
the URL mentioned on the page was the current URL instead of the URL
passed to resolve().

Fixed by using the path attribute from the Resolver404 exception instead
of request.path_info. Also cleaned up the exceptions to use standard
named parameters instead of stuffing a dict in args[0]
2014-02-15 15:56:04 +01:00
Aymeric Augustin
e32095616c Imported override_settings from its new location. 2013-12-23 21:37:56 +01:00
Alex Gaynor
bc742ca110 Flake8 fixes -- including not runnign flake8 over a backported file 2013-11-11 14:05:14 -08:00
Bouke Haarsma
9b7455e918 Fixed #21351 -- Replaced memoize with Python's lru_cache.
Replaced the custom, untested memoize with a similar decorator from Python's
3.2 stdlib. Although some minor performance degradation (see ticket), it is
expected that in the long run lru_cache will outperform memoize once it is
implemented in C.

Thanks to EvilDMP for the report and Baptiste Mispelon for the idea of
replacing memoize with lru_cache.
2013-11-11 08:53:09 +01:00
Jason Myers
c3791463a5 Fixing E302 Errors
Signed-off-by: Jason Myers <jason@jasonamyers.com>
2013-11-02 23:48:47 -05:00
Boryslav Larin
e737c009b8 Fixed flake8 E241 2013-11-02 21:45:40 +02:00
Tim Graham
36ded01527 Fixed #21302 -- Fixed unused imports and import *. 2013-11-02 15:24:56 -04:00
Alex Gaynor
9d740eb8b1 Fix all violators of E231 2013-10-26 12:15:03 -07:00
Bouke Haarsma
3565efaa45 Removed some direct settings manipulations in tests; refs #21230. 2013-10-21 11:31:05 -04:00
Tim Graham
96d1d4e292 Removed unused local variables in tests. 2013-10-19 08:31:38 -04:00
Tim Graham
1dae4ac177 Whitespace cleanup.
* Removed trailing whitespace.
* Added newline to EOF if missing.
* Removed blank lines at EOF.
* Removed some stray tabs.
2013-10-10 16:49:20 -04:00
Aymeric Augustin
a5b062576b Removed a few trailing backslashes.
We have always been at war with trailing backslashes.
2013-09-22 14:04:10 +02:00
Dan Johnson
df462cf760 Fixed #21043 -- Made resolve() handle reverse_lazy objects.
Thanks Keryn Knight for the report.
2013-09-06 15:46:43 -04:00
Claude Paroz
5c1143910e Removed most of absolute_import imports
Should be unneeded with Python 2.7 and up.
Added some unicode_literals along the way.
2013-07-29 20:28:13 +02:00
Aymeric Augustin
cfcf4b3605 Stopped using django.utils.unittest in the test suite.
Refs #20680.
2013-07-01 14:29:33 +02:00
Wilfred Hughes
8365ed08b8 Fixed #17076 -- When reversing a URL fails, inform the user which patterns were tried. 2013-06-14 10:26:30 +01:00
Preston Holmes
d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Marc Tamlyn
09f8652765 Use assertIsInstance in tests.
Gives much nicer errors when it fails.
2013-05-21 10:42:15 +01:00
Loic Bistuer
521765f63d Fixed #19541 -- Fixed BaseHandler to enable reversing URLs in response middlewares
and streamed responses with respect to per-request urlconf.
2013-03-25 03:19:19 +07:00
Aymeric Augustin
31b5275235 Fixed #13260 -- Quoted arguments interpolated in URLs in reverse. 2013-03-18 23:58:22 +01:00
Baptiste Mispelon
4fa7f3cdd9 Fix #20022: Correctly handle prefixes with url-unsafe characters in reverse(). 2013-03-13 18:19:29 +01:00
Aymeric Augustin
ce76fbfc5a Fixed #20019 -- Ensured HttpRequest.resolver_match always exists.
Obviously it isn't set until the URL is resolved.
2013-03-10 23:28:19 +01:00
Florian Apolloner
33836cf88d Renamed some tests and removed references to modeltests/regressiontests. 2013-02-26 14:36:57 +01:00
Florian Apolloner
89f40e3624 Merged regressiontests and modeltests into the test root. 2013-02-26 14:36:57 +01:00