From 9b95c3bc090ed01b8e46aca14964e23d5b6469f7 Mon Sep 17 00:00:00 2001 From: David Smith <39445562+smithdc1@users.noreply.github.com> Date: Wed, 17 Jun 2020 12:15:56 +0100 Subject: [PATCH] [3.1.x] Refs #31670 -- Removed whitelist/blacklist terminology in docs and comments. Backport of 10df5b71775d8ee98201acb1367266521b17cc00 from master --- django/contrib/gis/db/backends/base/operations.py | 2 +- docs/releases/1.1.3.txt | 2 +- docs/releases/1.2.4.txt | 2 +- docs/spelling_wordlist | 1 - docs/topics/forms/modelforms.txt | 2 +- docs/topics/security.txt | 2 +- tests/admin_views/tests.py | 2 +- 7 files changed, 6 insertions(+), 7 deletions(-) diff --git a/django/contrib/gis/db/backends/base/operations.py b/django/contrib/gis/db/backends/base/operations.py index 63fcf93c91..315735c1eb 100644 --- a/django/contrib/gis/db/backends/base/operations.py +++ b/django/contrib/gis/db/backends/base/operations.py @@ -36,7 +36,7 @@ class BaseSpatialOperations: # match; used in spatial_function_name(). function_names = {} - # Blacklist/set of known unsupported functions of the backend + # Set of known unsupported functions of the backend unsupported_functions = { 'Area', 'AsGeoJSON', 'AsGML', 'AsKML', 'AsSVG', 'Azimuth', 'BoundingCircle', 'Centroid', 'Difference', 'Distance', 'Envelope', diff --git a/docs/releases/1.1.3.txt b/docs/releases/1.1.3.txt index ed4663e18f..c88d676f7e 100644 --- a/docs/releases/1.1.3.txt +++ b/docs/releases/1.1.3.txt @@ -45,6 +45,6 @@ password hashes. To remedy this, ``django.contrib.admin`` will now validate that querystring lookup arguments either specify only fields on the model being viewed, or cross relations which have been explicitly -whitelisted by the application developer using the pre-existing +allowed by the application developer using the pre-existing mechanism mentioned above. This is backwards-incompatible for any users relying on the prior ability to insert arbitrary lookups. diff --git a/docs/releases/1.2.4.txt b/docs/releases/1.2.4.txt index ea0b9a5abc..26a67d9d1e 100644 --- a/docs/releases/1.2.4.txt +++ b/docs/releases/1.2.4.txt @@ -45,7 +45,7 @@ password hashes. To remedy this, ``django.contrib.admin`` will now validate that querystring lookup arguments either specify only fields on the model being viewed, or cross relations which have been explicitly -whitelisted by the application developer using the pre-existing +allowed by the application developer using the pre-existing mechanism mentioned above. This is backwards-incompatible for any users relying on the prior ability to insert arbitrary lookups. diff --git a/docs/spelling_wordlist b/docs/spelling_wordlist index 791309cfaf..ba9e73f100 100644 --- a/docs/spelling_wordlist +++ b/docs/spelling_wordlist @@ -782,7 +782,6 @@ viewable virtualized Weblog whitelist -whitelisted whitespace whitespaces whizbang diff --git a/docs/topics/forms/modelforms.txt b/docs/topics/forms/modelforms.txt index c3e6e5c99e..d1ace729e4 100644 --- a/docs/topics/forms/modelforms.txt +++ b/docs/topics/forms/modelforms.txt @@ -420,7 +420,7 @@ fields, especially when new fields are added to a model. Depending on how the form is rendered, the problem may not even be visible on the web page. The alternative approach would be to include all fields automatically, or -blacklist only some. This fundamental approach is known to be much less secure +remove only some. This fundamental approach is known to be much less secure and has led to serious exploits on major websites (e.g. `GitHub `_). diff --git a/docs/topics/security.txt b/docs/topics/security.txt index 426c33d035..fe692cad2a 100644 --- a/docs/topics/security.txt +++ b/docs/topics/security.txt @@ -261,7 +261,7 @@ User-uploaded content from something like ``usercontent-example.com``. It's *not* sufficient to serve content from a subdomain like ``usercontent.example.com``. - #. Beyond this, applications may choose to define a whitelist of allowable + #. Beyond this, applications may choose to define a list of allowable file extensions for user uploaded files and configure the web server to only serve such files. diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index 4d307486f1..3f621f118e 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -791,7 +791,7 @@ class AdminViewBasicTest(AdminViewBasicTestCase): self.assertEqual(response.status_code, 200) # Filters should be allowed if they involve a local field without the - # need to whitelist them in list_filter or date_hierarchy. + # need to allow them in list_filter or date_hierarchy. response = self.client.get("%s?age__gt=30" % reverse('admin:admin_views_person_changelist')) self.assertEqual(response.status_code, 200)