25d84d6412
[3.1.x] Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-04-27 19:12:15 +02:00
d6aff369ad
Refs #30116 -- Simplified regex match group access with Match.__getitem__().
...
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
2020-05-11 12:01:28 +02:00
b2bd08bb7a
Fixed #30892 -- Fixed slugify() and admin's URLify.js for "İ".
...
Thanks Luis Nell for the implementation idea and very detailed report.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-12-30 20:47:22 +01:00
e3d0b4d550
Fixed #30899 -- Lazily compiled import time regular expressions.
2019-10-29 09:22:26 +01:00
e8d0d2a5ef
Removed unneeded ValueError catching in django.utils.text._replace_entity().
...
The html.entities.name2codepoint dict contains only valid Unicode
codepoints. Either the key exists and chr() will succeed or the key does
not exist.
2019-08-01 14:30:20 +02:00
7f65974f82
Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
b915b9f10f
Refs #27753 -- Deprecated django.utils.text.unescape_entities().
...
The function was undocumented and only required for compatibility with
Python 2.
Code should use Python's html.unescape() that was added in Python 3.4.
2019-05-08 08:00:59 +02:00
277017aea4
Simplified utils.text.StreamingBuffer.
2018-10-04 08:28:03 -04:00
8c3e0eb1c1
Normalized spelling of "lowercase" and "lowercased".
2018-09-25 10:30:18 -04:00
201017df30
Fixed #29654 -- Made text truncation an ellipsis character instead of three dots.
...
Thanks Sudhanshu Mishra for the initial patch and Tim Graham for the review.
2018-08-21 17:46:45 +02:00
b004bd62e8
Fixed #29412 -- Stopped marking slugify() result as HTML safe.
2018-07-20 10:44:30 -04:00
97b7dd59bb
Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
...
Thanks James Davis for suggesting the fix.
2018-03-06 08:30:40 -05:00
d2afa5eb23
Fixed #28860 -- Removed unnecessary len() calls.
2017-12-04 10:35:23 -05:00
301de774c2
Refs #27795 -- Replaced many force_text() with str()
...
Thanks Tim Graham for the review.
2017-04-27 09:10:02 +02:00
b906c3db63
Removed duplicate lines in slugify().
2017-04-10 08:12:37 -04:00
8346680e1c
Refs #27795 -- Removed unneeded force_text calls
...
Thanks Tim Graham for the review.
2017-03-04 18:18:21 +01:00
9718fa2e8a
Refs #27656 -- Updated django.utils docstring verbs according to PEP 257.
2017-02-11 16:11:08 -05:00
c651331b34
Converted usage of ugettext* functions to their gettext* aliases
...
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
d1bab24e01
Refs #23919 , #27778 -- Removed obsolete mentions of unicode.
2017-01-26 08:19:27 -05:00
d6eaf7c018
Refs #23919 -- Replaced super(ClassName, self) with super().
2017-01-25 12:23:46 -05:00
c22212220a
Refs #23919 -- Removed re.U and re.UNICODE (default on Python 3).
2017-01-21 14:28:16 -05:00
cecc079168
Refs #23919 -- Stopped inheriting from object to define new style classes.
2017-01-19 08:39:46 +01:00
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
7b2f2e74ad
Refs #23919 -- Removed six.<various>_types usage
...
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
967be82443
Fixed E305 flake8 warnings.
2016-11-14 12:30:46 -05:00
6072de727f
Decorated a few functions.
2016-11-14 12:20:44 -05:00
9108696a75
Refs #19705 -- Changed gzip modification times to 0.
...
This makes gzip output deterministic, which allows
ConditionalGetMiddleware to reliably compare ETags on gzipped
content (views using the gzip_page() decorator in particular).
2016-10-14 07:41:42 -04:00
8119b679eb
Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
...
http://bugs.python.org/issue27364
2016-09-17 15:44:06 -04:00
9aaeec337e
Fixed #26866 -- Added format_lazy function
...
Added format_lazy function to django.utils.text module.
Useful when dealing with relative complex lazy string concatenations
(e.g. in urls.py when translating urls in regular expressions).
2016-08-24 18:18:17 +02:00
a2fb2b3a1f
Fixed #27020 -- Used a context manager to close files.
2016-08-04 19:45:14 -04:00
df8d8d4292
Fixed E128 flake8 warnings in django/.
2016-04-08 09:51:06 -04:00
60586dd737
Fixed #26125 -- Fixed E731 flake warnings.
2016-01-25 14:23:43 -05:00
d693074d43
Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().
...
Thanks to bmispelon and uruz for the initial patch.
2015-12-12 14:46:48 -05:00
f8cc464452
Fixed #16501 -- Added an allow_unicode parameter to SlugField.
...
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
caa3562d5b
Fixed #24242 -- Improved efficiency of utils.text.compress_sequence()
...
The function no longer flushes zfile after each write as doing so can
lead to the gzipped streamed content being larger than the original
content; each flush adds a 5/6 byte type 0 block. Removing this means
buf.read() may return nothing, so only yield if that has some data.
Testing shows without the flush() the buffer is being flushed every 17k
or so and compresses the same as if it had been done as a whole string.
2015-02-04 13:04:00 -05:00
df3f3bbe29
Removed utils.text.javascript_quote() per deprecation timeline; refs #21725 .
2015-01-17 12:41:49 -05:00
03467368db
Fixed #23558 -- documented slugify limitations
2014-10-30 09:02:04 -04:00
54e695331b
Fixed #20221 -- Allowed some functions that use mark_safe() to result in SafeText.
...
Thanks Baptiste Mispelon for the report.
2014-10-20 17:08:29 -04:00
acb20016c0
Fixed #6668 -- Optimized utils.text wrap function
...
This fixes a failing test after applying an optimization of the
utils.text.wrap function by user SmileyChris.
2014-05-17 20:42:58 +02:00
210d0489c5
Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings
...
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
2014-03-08 09:57:40 +01:00
926e18d7d1
Deprecated django.utils.text.javascript_quote.
...
Refs #21725 .
2014-02-22 13:50:12 +01:00
1c1dffca75
Fixed #21725 -- Fixed JavaScript quoting encoding.
...
Thanks to nedbatchelder for the report.
2014-02-15 19:39:21 +01:00
f94f466cd3
Fixed #19496 -- Added truncatechars_html filter.
...
Thanks esevece for the suggestion and Nick Sandford and Martin Warne
for the inital work on the patch.
2014-02-13 10:27:27 -05:00
c43c469a2e
Fixed #21731 -- Made javascript_quote escapes '</'.
2014-02-06 04:02:09 -05:00
8f04f53dd8
Removed a few gratuitous lambdas.
2013-12-26 14:03:50 +01:00
b4a11f2720
Fixed #21651 -- Remove recapitalize.
...
It was not used inside Django, is not tested or documented. Consequently
remove without deprecation path.
Thanks to @vajrasky for bringing it to our attention.
2013-12-22 19:43:29 +00:00
2c837233f5
Fixed #21574 -- Handle bytes consistently in utils.text.normalize_newlines.
...
All input is now coerced to text before being normalized.
This changes nothing under Python 2 but it allows bytes
to be passed to the function without a TypeError under Python3
(bytes are assumed to be utf-8 encoded text).
Thanks to trac user vajrasky for the report.
2013-12-12 16:09:12 +01:00
Florian Apolloner
Jon Dufresne
Sjbrgsn
Hasan Ramezani
Sergey Fedoseev
Claude Paroz
Tim Graham
Дилян Палаузов
Anton Samarchyan
Vytis Banaitis
chillaranand
Mariusz Felisiak
Simon Charette
Ramin Farajpour Cami
Kevin Christopher Henry
Mattias Loverot
Ville Skyttä
userimack
Iacopo Spalletti
Edward Henderson
Matthew Somerville
David Hoffman
Markus Amalthea Magnuson
Baptiste Mispelon
MattBlack85
Jeremy
Vajrasky Kok
Aymeric Augustin
Marc Tamlyn