mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-14 03:10:45 +00:00
Code Issues 32 Releases Wiki Activity
django/django
History
Jacob Kaplan-Moss 6e748b5db4 Fixed #11457: tightened the security check for "next" redirects after logins. 
The new behavior still disallows redirects to off-site URLs, but now allows
redirects of the form `/some/other/view?foo=http://...`.

Thanks to brutasse.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12635 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-01 19:58:53 +00:00
..
bin
Fixed #10102 -- Set svn:executable on daily_cleanup script. Thanks to John Scott for the report
2009-03-14 05:18:02 +00:00
conf
Removed more stray tabs in Python files.
2010-02-27 16:30:27 +00:00
contrib
Fixed #11457: tightened the security check for "next" redirects after logins.
2010-03-01 19:58:53 +00:00
core
Fixed #12989 - Fixed verification of IDN URLs. Thanks to Fraser Nevett for the report and patch.
2010-02-28 12:01:18 +00:00
db
Corrected an edge case introduced in r12602. Thanks to Ramiro Morales for the eagle eyes.
2010-02-26 16:11:25 +00:00
dispatch
Fixed #11134: signals recievers that disconnect during their processing no longer mess things up for other handlers. Thanks, Honza Kral.
2009-05-20 16:13:55 +00:00
forms
Fixed #12779 - Sanitize numeric form field input according to decimal and thousand separator settings.
2010-03-01 10:19:24 +00:00
http
Fixed #12470 - django.contrib.messages CookieStorage failing silently in safari when comma is used in message
2010-01-23 23:13:00 +00:00
middleware
Removed an 'assert False' I stupidly committed in [12165]
2010-01-10 17:37:48 +00:00
shortcuts
Fixed #11960 -- Improved error message for redirects. Thanks, mattmcc
2010-01-10 18:44:39 +00:00
template
Removed more stray tabs in Python files.
2010-02-27 16:30:27 +00:00
templatetags
Fixed #5972 - Allow the template filters to be used with the trans tag. Thanks for the initial patch, Dmitri Fedortchenko.
2010-02-21 23:43:28 +00:00
test
Fixed #12932 -- Added an extra argument to suite_result() in the test runner, and added **kwargs as protection against future changes. Thanks to Eric Holscher for the report and patch.
2010-02-22 12:34:52 +00:00
utils
Fixed #12779 - Sanitize numeric form field input according to decimal and thousand separator settings.
2010-03-01 10:19:24 +00:00
views
Fixed #10216. Only try to gather template exception info if the exception is a Django TemplateSyntaxError. Thanks, Alex Gaynor.
2010-02-24 21:58:01 +00:00
__init__.py
Bump version info to 1.2 beta.
2010-02-06 06:05:44 +00:00