25d84d6412
[3.1.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-04-27 19:12:15 +02:00
8f6d431b08
[3.1.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via django.utils.http.limited_parse_qsl().
2021-02-18 10:15:30 +01:00
02e6592835
[3.1.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract().
...
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.
Thanks Wang Baohua for the report.
Backport of 05413afa8c
2021-02-01 09:13:58 +01:00
012822c7f9
[3.1.x] Fixed #32202 -- Fixed autoreloader argument generation for Windows with Python 3.7-.
...
Backport of ead37dfb58
2020-11-19 12:12:47 +01:00
12ba61ed17
[3.1.x] Bumped minimum isort version to 5.1.0.
...
Fixed inner imports per isort 5.
isort 5.0.0 to 5.1.0 was unstable.
Backport of e74b3d724e
2020-09-30 09:51:31 +02:00
b6d2419120
[3.1.x] Fixed #31905 -- Made MiddlewareMixin call process_request()/process_response() with thread sensitive.
...
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Backport of 547a07fa7e
2020-08-26 07:54:55 +02:00
ac7f7eab0f
[3.1.x] Fixed #31716 -- Fixed detection of console scripts in autoreloader on Windows.
...
Backport of 8a902b7ee6
2020-06-18 13:04:44 +02:00
acaa201527
[3.1.x] Fixed #30134 -- Ensured unlocalized numbers are string representation in templates.
...
Backport of 9e57b1efb5
2020-06-04 11:00:40 +02:00
98fada7244
[3.1.x] Fixed #31570 -- Corrected translation loading for apps providing territorial language variants with different plural equations.
...
Regression in e3e48b0012dd1ca50b09
2020-06-01 09:27:02 +02:00
0668164b4a
Fixed E128, E741 flake8 warnings.
2020-05-12 08:52:23 +02:00
d6aff369ad
Refs #30116 -- Simplified regex match group access with Match.__getitem__().
...
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
2020-05-11 12:01:28 +02:00
c00bc27945
Refs #30372 -- Stopped watching built-in Django translation files by auto-reloader.
2020-05-04 09:13:47 +02:00
abea86f9e4
Removed unnecessary tuple wrapping of single format string argument.
2020-04-27 08:30:16 +02:00
505fec6bad
Capitalized Unicode in docs, strings, and comments.
2020-04-20 12:10:33 +02:00
7b31ba541f
Fixed #29329 -- Made datetime logging from runserver more consistent.
...
Setting default_msec_format=None will make it the same, unfortunately
it's not supported by Python, see https://bugs.python.org/issue40300 .
2020-04-16 12:55:53 +02:00
4b146e0c83
Fixed #30864 -- Doc'd classproperty decorator.
2020-03-31 10:46:48 +02:00
fc0fa72ff4
Fixed #31224 -- Added support for asynchronous views and middleware.
...
This implements support for asynchronous views, asynchronous tests,
asynchronous middleware, and an asynchronous test client.
2020-03-18 19:59:12 +01:00
3c35825009
Fixed typo in django/utils/crypto.py.
2020-03-11 14:38:27 +01:00
e663f695fb
Fixed #31359 -- Deprecated get_random_string() calls without an explicit length.
2020-03-11 13:16:44 +01:00
e3e48b0012
Fixed #30439 -- Added support for different plural forms for a language.
...
Thanks to Michal Čihař for review.
2020-03-10 15:56:32 +01:00
769cee5252
Fixed #31327 -- Deprecated providing_args argument for Signal.
2020-03-05 09:38:52 +01:00
bc1c034076
Fixed #28280 -- Prevented numberformat.format() from formatting large/tiny floats in scientific notation.
2020-02-26 16:02:53 +01:00
4d973f5939
Refs #26601 -- Deprecated passing None as get_response arg to middleware classes.
...
This is the new contract since middleware refactoring in Django 1.10.
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-18 20:03:44 +01:00
50cf183d21
Refs #27468 -- Added algorithm parameter to django.utils.crypto.salted_hmac().
2020-01-27 12:42:21 +01:00
13e4abf83e
Fixed #30752 -- Allowed using ExceptionReporter subclasses in error reports.
2020-01-16 15:25:49 +01:00
c5e373d48c
Fixed obsolete comment in django.utils.crypto.salted_hmac().
...
Obsolete since 13864703bc
2020-01-15 12:53:21 +01:00
b2bd08bb7a
Fixed #30892 -- Fixed slugify() and admin's URLify.js for "İ".
...
Thanks Luis Nell for the implementation idea and very detailed report.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-12-30 20:47:22 +01:00
fef2636f28
Fixed typo in django/utils/termcolors.py docstring.
2019-12-27 07:49:15 +01:00
d291c72bf2
Fixed #30585 -- Added {% translate %} and {% blocktranslate %} template tags.
2019-12-18 13:15:38 +01:00
f138e75910
Fixed outdated import in django/utils/safestring.py.
...
The backported version of functools.wraps was removed in
13864703bc
2019-12-06 09:31:33 +01:00
c90ab30fa1
Fixed #31056 -- Allowed disabling async-unsafe check with an environment variable.
2019-12-03 17:29:31 +01:00
1f817daa20
Fixed #30803 -- Allowed comma separators for milliseconds in django.utils.dateparse functions.
...
Co-Authored-By: Ben Wilber <benwilber@gmail.com>
2019-11-27 09:43:12 +01:00
42b23d1e79
Refs #30803 -- Allowed comma separators for decimal fractions in parse_duration().
2019-11-27 09:43:12 +01:00
824981b2dc
Removed unused unencoded_ampersands_re regex.
...
Unused since 8b81dee60c
2019-11-25 09:01:31 +01:00
8929afb8ec
Fixed #9762 -- Made DateFormat.r() locale-independent.
...
Thanks to Antonio Melé for the original report all those years ago
and to all the contributors who helped along the way.
2019-11-22 12:41:53 +01:00
76ec032712
Refs #26281 -- Added a helpful error message for an invalid "r" specifier to dateformat.format().
2019-11-22 12:32:30 +01:00
cbe4d6203f
Fixed #30989 -- Removed unimplemented B time format.
...
It's never been documented and has always raised a NotImplementedError.
2019-11-18 12:50:41 +01:00
5e2839f320
Simplified DateFormat.W() and z().
2019-11-18 11:30:23 +01:00
1185c6172b
Fixed #30990 -- Fixed example output in 'z' date format docs.
2019-11-18 11:30:20 +01:00
6315a272c5
Refs #28428 -- Made filepath_to_uri() support pathlib.Path.
2019-10-30 13:13:15 +01:00
e3d0b4d550
Fixed #30899 -- Lazily compiled import time regular expressions.
2019-10-29 09:22:26 +01:00
39a34d4bf9
Refs #30899 -- Made _lazy_re_compile() support bytes.
2019-10-29 09:14:24 +01:00
c4cba148d8
Refs #30899 -- Moved _lazy_re_compile() to the django.utils.regex_helper.
2019-10-29 09:14:24 +01:00
52cb419072
Fixed #30918 -- Made timesince()/timeuntil() respect custom time strings for future and the same datetimes.
2019-10-28 12:28:18 +01:00
3120490912
Fixed #30876 -- Moved classproperty() decorator to the django.utils.functional.
2019-10-21 09:57:39 +02:00
ed112fadc1
Fixed #23755 -- Added support for multiple field names in the no-cache Cache-Control directive to patch_cache_control().
...
https://tools.ietf.org/html/rfc7234#section-5.2.2.2
2019-10-10 19:30:51 +02:00
ee6b17187f
Fixed #30812 -- Made ConditionalGetMiddleware set ETag only for responses with non-empty content.
2019-10-10 09:51:05 +02:00
7b5f8acb9e
Fixed #28690 -- Fixed handling of two-digit years in parse_http_date().
...
Due to RFC7231 ayear that appears to be more than 50 years in the
future are interpreted as representing the past.
2019-09-30 14:42:56 +02:00
9a2a12d415
Advanced deprecation warnings for Django 3.1.
2019-09-10 12:01:00 +02:00
cb2be9d5d5
Refs #29546 -- Removed django.utils.timezone.FixedOffset per deprecation timeline.
2019-09-10 12:01:00 +02:00
Florian Apolloner
Nick Pope
Mariusz Felisiak
Carlton Gibson
David Smith
Michael Galler
Tom Forbes
Claude Paroz
Carlton Gibson
Jon Dufresne
François Freitag
Hasan Ramezani
Deep Sukhwani
Andrew Godwin
Pavel Lysak
Sjbrgsn
leollon
Mike Hansen
Baptiste Mispelon
Farhaan Bukhsh
André Ericson
Flavio Curella
Viktor Lomakin
Ad Timmering