Tim Graham 536cc64240 [1.6.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths. ...

Thanks Rainer Koirikivi for the report and draft patch.

This is a security fix; disclosure to follow shortly.

Backport of 7fe5b656c9 from master

2013-09-10 21:03:51 -04:00

..

loaders

[1.6.x] Replaced "not PY3" by "PY2", new in six 1.4.0.

2013-09-03 07:34:45 -05:00

__init__.py

Fixed #12248 -- Refactored django.template to get code out of __init__.py, to help with avoiding circular import dependencies. Thanks to Tom Tobin for the patch.

2010-11-27 05:47:30 +00:00

base.py

[1.6.x] Fixed #17778 -- Prevented class attributes on context from resolving as template variables.

2013-08-15 10:22:56 -04:00

context.py

Fixed #17061 -- Factored out importing object from a dotted path

2013-02-04 16:38:25 +01:00

debug.py

Fixed #19819 - Improved template filter errors handling.

2013-02-14 10:22:59 +01:00

defaultfilters.py

Removed several unused imports.

2013-06-19 17:18:40 +02:00

defaulttags.py

[1.6.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths.

2013-09-10 21:03:51 -04:00

loader_tags.py

[1.6.x] Fixed #20949 -- Typo #2 in docstring

2013-08-21 10:50:27 -04:00

loader.py

Fixed #17061 -- Factored out importing object from a dotted path

2013-02-04 16:38:25 +01:00

response.py

Fixed #19262 -- Support cookie pickling in SimpleTemplateResponse

2012-11-09 21:07:53 +01:00

smartif.py

IfParser.next() method renamed to avoid confusion with iterator protocol.

2012-06-14 23:12:15 +01:00