1
0
mirror of https://github.com/django/django.git synced 2024-12-26 02:56:25 +00:00
django/tests/regressiontests/forms
Jacob Kaplan-Moss 9f8287a3f1 SECURITY ALERT: Corrected regular expressions for URL and email fields.
Certain email addresses/URLs could trigger a catastrophic backtracking situation, causing 100% CPU and server overload. If deliberately triggered, this could be the basis of a denial-of-service attack.

This security vulnerability was disclosed in public, so we're skipping our
normal security release process to get the fix out as soon as possible.

This is a security related update. A full announcement, as well as backports for the 1.1.X and 1.0.X series will follow.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11603 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-09 20:57:59 +00:00
..
localflavor Fixed #8515 -- Fixed validation of Polish REGON numbers. 2009-04-10 01:03:44 +00:00
__init__.py
error_messages.py Fixed #10968 - Form.errors should use Form.error_class. 2009-09-11 10:47:40 +00:00
extra.py Fixed #9124: fixed SelectDateWidget with required=False. Thanks, Bernd Schlapsi. 2009-04-18 17:35:53 +00:00
fields.py SECURITY ALERT: Corrected regular expressions for URL and email fields. 2009-10-09 20:57:59 +00:00
forms.py Fixed #10349 -- Modified ManyToManyFields to allow initial form values to be callables. Thanks to fas for the report and patch. 2009-05-02 07:03:33 +00:00
formsets.py Fixed #10082 -- Modified BaseFormSet so that ordering checks work when the formset is empty. Thanks to Petr Marhoun for the report and test case, and bmathieu for the fix. 2009-04-28 14:17:18 +00:00
media.py Fixed #10774: accessing form media types in templates (i.e. `{{ form.media.js }}`) now works. Thanks, tarequeh and Alex Gaynor. 2009-04-10 17:07:25 +00:00
models.py Fixed #10792 -- Ensured that ModelChoiceFields don't provide an empty option when the underlying field has blank=False and there is a default value available. Thanks to carljm for the report and patch. 2009-05-10 07:44:27 +00:00
regressions.py Fixed #9125 -- When displaying errors for a form with only hidden fields, make sure the resulting XHTML is correct. 2008-09-18 07:16:08 +00:00
tests.py Fixed #9066 -- Added Czech localflavor. Thanks to Elvard for the contribution. 2009-02-22 07:51:57 +00:00
util.py Fixed #6160, #9111 -- Consistently apply conditional_escape to form errors and labels when outputing them as HTML. 2008-11-06 19:49:24 +00:00
widgets.py Fixed #10288 -- Corrected _has_changed handling of DateTimeInput, DateInput, TimeInput, and SplitDateTimeWidget when a custom date/time format is in use. Thanks to Koen Biermans for the report and patch. 2009-04-28 13:19:30 +00:00