1
0
mirror of https://github.com/django/django.git synced 2024-12-23 09:36:06 +00:00
django/docs/ref
Shai Berger 42cd8c390d Fixed #33986 -- Hardened binary lookup in template commands.
Made template commands look up formatters before writing files.
This makes sure files included in the template are not identified
as executable formatter commands, even in case the template is
rendered into the system path (as might easily happen on Windows,
where the current directory is on the system path by default).

While at it, Warned about trusting custom templates for
startapp/startproject.

Thanks Trung Pham of Viettel Cyber Security for reporting the issue,
Django Security Team for discussions, and Adam Johnson and
Carlton Gibson for reviews.
2022-09-07 11:08:43 +02:00
..
class-based-views Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
contrib Reverted "Fixed #30711 -- Doc'd django.contrib.postgres.fields.hstore.KeyTransform()." 2022-08-31 22:12:30 +02:00
files Refs #26029 -- Doc'd django.core.files.storage.default_storage. 2022-08-10 12:23:13 +02:00
forms Fixed #33842 -- Used :source: role for links to repo files on GitHub. 2022-08-09 14:44:51 +02:00
models Corrected heading level of "Registering and fetching lookups" section in docs. 2022-09-04 14:32:24 +02:00
templates Fixed #33864 -- Deprecated length_is template filter. 2022-07-23 12:36:21 +02:00
applications.txt Removed hyphen from pre-/re- prefixes. 2022-04-28 10:44:14 +02:00
checks.txt Fixed #33872 -- Deprecated django.contrib.postgres.fields.CIText/CICharField/CIEmailField/CITextField. 2022-08-03 11:42:51 +02:00
clickjacking.txt
csrf.txt Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
databases.txt Refs #30511 -- Updated docs about auto-incrementing primary keys on PostgreSQL. 2022-08-26 21:42:44 +02:00
django-admin.txt Fixed #33986 -- Hardened binary lookup in template commands. 2022-09-07 11:08:43 +02:00
exceptions.txt
index.txt
logging.txt Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
middleware.txt Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
migration-operations.txt Refs #27236 -- Doc'd that AlterIndexTogether is no longer officially supported for Django 4.2+ migration files. 2022-07-26 11:42:54 +02:00
paginator.txt
request-response.txt Fixed #33683 -- Document HttpResponseBase and allow import from django.http 2022-05-17 09:51:16 +02:00
schema-editor.txt Refs #27064 -- Added RenameIndex migration operation. 2022-05-12 20:44:03 +02:00
settings.txt Fixed #33920 -- Doc'd dependency of LOGGING_CONFIG callback on non-empty LOGGING. 2022-08-24 11:38:43 +02:00
signals.txt Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
template-response.txt Removed hyphen from pre-/re- prefixes. 2022-04-28 10:44:14 +02:00
unicode.txt Updated Oracle docs links to Oracle 21c. 2022-03-29 09:41:57 +02:00
urlresolvers.txt Fixed #16406 -- Added ResolveMatch.captured_kwargs and extra_kwargs. 2022-03-29 10:27:40 +02:00
urls.txt
utils.txt Fixed #33779 -- Allowed customizing encoder class in django.utils.html.json_script(). 2022-06-28 10:54:38 +02:00
validators.txt Fixed #32559 -- Added 'step_size’ to numeric form fields. 2022-05-12 14:16:52 +02:00
views.txt