1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00
Go to file
Aymeric Augustin 7f6fbc906a Prevented static file corruption when URL fragment contains '..'.
When running collectstatic with a hashing static file storage backend,
URLs referencing other files were normalized with posixpath.normpath.
This could corrupt URLs: for example 'a.css#b/../c' became just 'c'.

Normalization seems to be an artifact of the historical implementation.
It contained a home-grown implementation of posixpath.join which relied
on counting occurrences of .. and /, so multiple / had to be collapsed.

The new implementation introduced in the previous commit doesn't suffer
from this issue. So it seems safe to remove the normalization.

There was a test for this normalization behavior but I don't think it's
a good test. Django shouldn't modify CSS that way. If a developer has
rendundant /s, it's mostly an aesthetic issue and it isn't Django's job
to fix it. Conversely, if the user wants a series of /s, perhaps in the
URL fragment, Django shouldn't destroy it.

Refs #26249.
2016-02-23 19:35:16 +01:00
.tx
django
docs
extras
js_tests
scripts
tests
.editorconfig Fixed #22463 -- Added code style guide and JavaScript linting (EditorConfig and ESLint) 2015-06-27 16:36:26 -04:00
.eslintignore Fixed #22463 -- Added code style guide and JavaScript linting (EditorConfig and ESLint) 2015-06-27 16:36:26 -04:00
.eslintrc Fixed #25165 -- Removed inline JavaScript from the admin. 2015-12-05 15:51:57 -05:00
.gitattributes Added git attribute merge=union for release notes 2015-06-02 12:04:40 -04:00
.gitignore Added a note in .gitignore to discourage pull requests containing IDE specific files. 2015-08-18 19:46:28 -04:00
.hgignore Synced .hgignore with .gitignore 2015-07-01 10:23:05 -04:00
AUTHORS Fixed #25735 -- Added support for test tags to DiscoverRunner. 2016-02-17 09:44:18 -05:00
CONTRIBUTING.rst Added link to the code of conduct from contributing guides. 2015-04-17 18:12:41 -04:00
Gruntfile.js
INSTALL Bumped minimum Python version requirement to 2.7 in Django 1.7. 2013-07-01 12:01:59 +02:00
LICENSE Whitespace cleanup. 2013-10-10 16:49:20 -04:00
LICENSE.python Updated Python license for 2016. 2016-01-19 06:43:32 -05:00
MANIFEST.in Simplified MANIFEST.in 2015-12-12 12:07:21 -05:00
package.json Refs #25803 -- Documented npm compatibility in package.json 2015-12-08 15:13:22 -05:00
README.rst Updated contributing link in the README. 2015-03-02 08:23:18 -05:00
setup.cfg
setup.py

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Thanks for checking it out.

All documentation is in the "docs" directory and online at
https://docs.djangoproject.com/en/stable/. If you're just getting started,
here's how we recommend you read the docs:

* First, read docs/intro/install.txt for instructions on installing Django.

* Next, work through the tutorials in order (docs/intro/tutorial01.txt,
  docs/intro/tutorial02.txt, etc.).

* If you want to set up an actual deployment server, read
  docs/howto/deployment/index.txt for instructions.

* You'll probably want to read through the topical guides (in docs/topics)
  next; from there you can jump to the HOWTOs (in docs/howto) for specific
  problems, and check out the reference (docs/ref) for gory details.

* See docs/README for instructions on building an HTML version of the docs.

Docs are updated rigorously. If you find any problems in the docs, or think
they should be clarified in any way, please take 30 seconds to fill out a
ticket here: https://code.djangoproject.com/newticket

To get more help:

* Join the #django channel on irc.freenode.net. Lots of helpful people hang out
  there. Read the archives at http://django-irc-logs.com/.

* Join the django-users mailing list, or read the archives, at
  https://groups.google.com/group/django-users.

To contribute to Django:

* Check out https://docs.djangoproject.com/en/dev/internals/contributing/ for
  information about getting involved.

To run Django's test suite:

* Follow the instructions in the "Unit tests" section of
  docs/internals/contributing/writing-code/unit-tests.txt, published online at
  https://docs.djangoproject.com/en/dev/internals/contributing/writing-code/unit-tests/#running-the-unit-tests