Commit Graph

102 Commits

Author SHA1 Message Date
Aymeric Augustin 7fef18ba9e [1.7.x] Dropped fix_IE_for_vary/attach.
This is a security fix. Disclosure following shortly.
2014-05-14 10:18:26 +02:00
Aaron France 1150053b99 Fixed #21912 -- Improved error message if a view returns None.
Thanks brycenesbitt for the report.
2014-02-15 11:18:16 -05:00
Berker Peksag 5d263dee30 Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string().
Thanks Aymeric Augustin for the suggestion and review.
2014-02-08 11:12:19 -05:00
Claude Paroz e6dd70b4db Fixed #21383 -- Added request details in SuspiciousOperation messages 2013-11-09 12:11:58 +01:00
coagulant 3bc0d46a84 Fixed all E261 warnings 2013-11-02 18:20:39 -04:00
Alasdair Nicol b289fcf1bf Fixed #21288 -- Fixed E126 pep8 warnings 2013-10-21 08:31:30 -04:00
Alasdair Nicol bab9123daa Fixed #21268 -- Fixed E303 pep8 warnings 2013-10-18 01:46:24 +01:00
Aymeric Augustin 636860fbfb Moved two WSGI-specific functions to the WSGI handler.
They were defined in base when the mod_python handler used them. See bfcecbff.
2013-09-07 10:03:49 -05:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Aymeric Augustin 6633eeb886 Changed API to disable ATOMIC_REQUESTS per view.
A decorator is easier to apply to CBVs. Backwards compatibility isn't an
issue here, except for people running on a recent clone of master.

Fixed a few minor problems in the transactions docs while I was there.
2013-05-19 19:53:16 +02:00
Aymeric Augustin 1267d2d9bc Fixed #20330 -- Normalized spelling of "web server".
Thanks Baptiste Mispelon for the report.
2013-04-29 19:40:43 +02:00
Loic Bistuer 521765f63d Fixed #19541 -- Fixed BaseHandler to enable reversing URLs in response middlewares
and streamed responses with respect to per-request urlconf.
2013-03-25 03:19:19 +07:00
Aymeric Augustin ac37ed21b3 Deprecated TransactionMiddleware and TRANSACTIONS_MANAGED.
Replaced them with per-database options, for proper multi-db support.

Also toned down the recommendation to tie transactions to HTTP requests.
Thanks Jeremy for sharing his experience.
2013-03-11 15:04:05 +01:00
Claude Paroz 7c5b244826 Fixed #17061 -- Factored out importing object from a dotted path
Thanks Carl Meyer for the report.
2013-02-04 16:38:25 +01:00
Aymeric Augustin 1e4a27d087 Fixed #19468 -- Decoded request.path correctly on Python 3.
Thanks aliva for the report and claudep for the feedback.
2012-12-22 13:32:39 +01:00
Aymeric Augustin be9f2919e0 Edited the middleware doc for completeness, clarity, and consistency. 2012-12-09 22:30:01 +01:00
Florian Apolloner 6a6f589bfe Merge branch 'ticket15695' 2012-09-29 21:57:50 +02:00
Florian Apolloner b946db5241 Fixed #15695 -- Added `ResolverMatch` to the request object. 2012-09-27 15:06:58 +02:00
Claude Paroz 26ff2be787 Imported getLogger directly from logging module
This was a remainder of some 2.4 compatibility code.
2012-09-20 21:03:24 +02:00
Aymeric Augustin 27d16a3ca4 [py3] Fixed middleware_exceptions tests. 2012-08-15 22:53:52 +02:00
Claude Paroz 64531df5df Sent got_request_exception signal before handle_uncaught_exception
In some cases (notably Python 3), when handle_uncaught_exception was
itself raising an exception, the got_request_exception was storing
the latter exception instead of the original exception.
2012-08-15 10:58:26 +02:00
Claude Paroz 15fffcc751 [py3] Fixed reraising of exceptions
reraise with second argument to None is not supported.
2012-08-11 23:46:23 +02:00
Aymeric Augustin c5ef65bcf3 [py3] Ported django.utils.encoding.
* Renamed smart_unicode to smart_text (but kept the old name under
  Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
  and smart_bytes under Python 2 (which is backwards compatible).
  Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
  want a str.
2012-08-07 12:00:22 +02:00
Aymeric Augustin d796c94b03 [py3] Used six.reraise wherever necessary. 2012-07-22 09:29:52 +02:00
Claude Paroz 4a103086d5 Fixed #18269 -- Applied unicode_literals for Python 3 compatibility.
Thanks Vinay Sajip for the support of his django3 branch and
Jannis Leidel for the review.
2012-06-07 18:08:47 +02:00
Claude Paroz 3904b74a3f Fixed #18013 -- Use the new 'as' syntax for exceptions.
Thanks Clueless for the initial patch.
Note that unittest has been purposely left out (external package only used by Python 2.6).
2012-04-29 20:57:15 +02:00
Jannis Leidel f0a1633425 Fixed #17358 -- Updated logging calls to use official syntax for arguments instead of string interpolation. Thanks, spulec.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17480 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-09 18:58:36 +00:00
Carl Meyer 145a77edc9 Fixed #16360 -- Added WSGI entrypoint to startproject layout, and enabled internal servers (runserver and runfcgi) to use an externally-defined WSGI application. Thanks to Armin Ronacher, Jannis Leidel, Alex Gaynor, ptone, and Jacob Kaplan-Moss.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17022 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-22 04:30:10 +00:00
Alex Gaynor 8e1226b4a0 Kill some more dead code.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16795 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 22:46:44 +00:00
Alex Gaynor e95d0afe9e Fixed #16810, corrected a bad docstring. Thanks to kenkam for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16790 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 21:29:21 +00:00
Jannis Leidel 1ca6e9b9e2 Fixed #9847 -- Added 403 response handler. Many thanks to kgrandis, adamnelson, vkryachko, fvox13 and Chris Beaven.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16606 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-12 14:15:31 +00:00
Jannis Leidel cb2d8cd3a4 Fixed #16399 -- Minor cleanup in core handler. Thanks, aaugustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16506 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-04 16:20:16 +00:00
Carl Meyer 43503b093a Fixed #16288 -- Enabled django.request exception logger regardless of DEBUG setting.
Thanks Matt Bennett for report and draft patch; Vinay Sajip and Russell Keith-Magee for review.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16444 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-22 06:01:44 +00:00
Luke Plant 45e55b9143 Fixed #14614 - filtering of sensitive information in 500 error reports.
This adds a flexible mechanism for filtering what request/traceback
information is shown in 500 error emails and logs. It also applies
screening to some views known to be sensitive e.g. views that handle
passwords.

Thanks to oaylanc for the report and many thanks to Julien Phalip for the
patch and the rest of the work on this.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16339 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-08 22:18:46 +00:00
Luke Plant a482cc0ba3 Fixed #16004 - csrf_protect does not send cookie if view returns TemplateResponse
The root bug was in decorator_from_middleware, and the fix also corrects
bugs with gzip_page and other decorators.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16276 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-24 21:28:43 +00:00
Russell Keith-Magee f89f1c8acb Fixed #15083 -- Corrected the order of TemplateResponse middleware handling, ensuring that custom URLConfs are valid, and that ResponseMiddleware is invoked if the TemplateResponseMiddleware causes errors. Thanks to Sayane for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15226 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-16 15:38:03 +00:00
Russell Keith-Magee e0dcd7666a Fixed #12815 -- Added TemplateResponse, a lazy-evaluated Response class. Thanks to Simon Willison for the original idea, and to Mikhail Korobov and Ivan Sagalaev for their assistance, including the draft patch from Mikhail.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14850 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-07 13:57:01 +00:00
Alex Gaynor 96cc7baf0c Fixed #13684 -- if settings.ROOT_URLCONF isn't defined don't blow up with an UnboundLocalError.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14488 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-07 16:02:22 +00:00
Russell Keith-Magee 52e0bcbc62 Fixed #14588 -- Corrected r14393 to ensure that response middlewares are are always applied. Includes a battery of tests to validate the expected behavior of the middleware cycle. Thanks to Petr Marhoun for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14398 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-30 07:19:04 +00:00
Russell Keith-Magee 3086b55b0e Fixed #14523 -- Modified response handling so that exceptions raised by process_response() in a middleware are caught and handled like any other exception. Thanks to Ivan Sagalaev for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14393 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-29 07:43:56 +00:00
Russell Keith-Magee a904e55859 Fixed #11509 -- Modified usage of "Web" to match our style guide in various documentation, comments and code. Thanks to timo and Simon Meers for the work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14069 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 08:12:50 +00:00
Russell Keith-Magee fea159282b Fixed #14406 -- Added a Python 2.4 compatibility to the logging interface. Thanks to Łukasz Rekucki for the report, and to Luke Plant for original patch this was based on.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13989 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-06 15:02:26 +00:00
Russell Keith-Magee 24acca4139 Fixed #12012 -- Added support for logging. Thanks to Vinay Sajip for his draft patch, and to the many people who gave feedback during development of the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13981 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-04 15:12:39 +00:00
Luke Plant 3e1e04d6d0 Fixed #10758 - sys.exc_info() should not be stored on a local variable
Thanks piotr.findeisen for report, kevinh for patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@13318 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-06-03 18:50:04 +00:00
Russell Keith-Magee 667ced2abc Fixed #12594 -- Ensured that a meaningful exception is raised when the urlconf_module is None. Thanks to buriy for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12854 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-26 15:08:24 +00:00
Russell Keith-Magee 794690c272 Fixed #13090 -- Corrected handling of errors in middleware when DEBUG=False. Thanks to EroSennin for the report, and Ivan Sagalaev for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12773 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-12 16:45:29 +00:00
Adrian Holovaty 7d9de178e7 Fixed #6094 again -- fixed broken unit tests. Thanks, isagalaev
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12186 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 18:48:08 +00:00
Adrian Holovaty 5ceed0a053 Changed a whole bunch of places to raise exception instances instead of old-style raising exception classes plus a comma. Good for the future Python 3 conversion
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12180 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 18:36:20 +00:00
Adrian Holovaty ca6f64a43f Fixed #6094 -- Middleware exceptions are now caught by the core handler. Thanks, isagalaev
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12165 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 17:35:01 +00:00
Brian Rosner 6c61ca3d74 Fixed #5034 -- honor request.urlconf in reverse and resolve.
This enables {% url %} to honor request.urlconf set from process_request
middleware methods.

Thanks SmileyChris for the initial patch work.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11740 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-11-16 01:58:00 +00:00