Mariusz Felisiak
05413afa8c
Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract().
...
Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.
Thanks Wang Baohua for the report.
2021-02-01 09:07:36 +01:00
Paul Ganssle
10d1261984
Refs #32365 -- Allowed use of non-pytz timezone implementations.
2021-01-19 11:59:37 +01:00
Mariusz Felisiak
b4c5f878bd
Advanced deprecation warnings for Django 4.0.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak
be6e468130
Refs #31359 -- Made get_random_string()'s length argument required.
...
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak
4bb30fe5d5
Refs #26601 -- Made get_response argument required and don't accept None in middleware classes.
...
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak
9e456f3166
Refs #30747 -- Removed django.utils.http.is_safe_url() per deprecation timeline.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak
157ab32f34
Refs #27753 -- Removed django.utils.text.unescape_entities() per deprecation timeline.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak
d134b0b93e
Refs #15902 -- Stopped set_language() storing user's language in the session.
...
Per deprecation timeline.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak
52a238ddf2
Refs #30165 -- Removed ugettext(), ugettext_lazy(), ugettext_noop(), ungettext(), and ungettext_lazy() per deprecation timeline.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak
810f037b29
Refs #27753 -- Removed django.utils.encoding.force_text() and smart_text() per deprecation timeline.
2021-01-14 17:50:04 +01:00
Mariusz Felisiak
88ed1c8d08
Refs #27753 -- Removed django.utils.http urllib aliases per deprecation timeline.
2021-01-14 17:50:04 +01:00
Florian Apolloner
64cc9dcdad
Refs #31358 -- Added constant for get_random_string()'s default alphabet.
2021-01-13 20:40:40 +01:00
William Schwartz
ec6d2531c5
Fixed #32314 -- Fixed detection when started non-django modules with "python -m" in autoreloader.
...
django.utils.autoreload.get_child_arguments() detected when Python was
started with the `-m` option only for `django` module. This commit
changes the logic to check __spec__, see
https://docs.python.org/3/reference/import.html#main-spec
Now packages can implement their own __main__ with the runserver
command.
2021-01-05 21:03:29 +01:00
starryrbs
2a76f43134
Fixed #32269 -- Fixed parse_duration() for negative days in ISO 8601 format.
2020-12-21 10:28:07 +01:00
Hasan Ramezani
577f2338f1
Fixed #32208 -- Allowed adding lazy() objects.
...
Co-authored-by: Claude Paroz <claude@2xlibre.net>
2020-12-21 09:24:41 +01:00
Adam Johnson
ef39a8829b
Added docstring to django.utils.inspect.func_accepts_kwargs().
2020-12-14 18:08:37 +01:00
Florian Apolloner
98e05ccde4
Fixed #32233 -- Cleaned-up duplicate connection functionality.
2020-12-08 08:55:44 +01:00
Mariusz Felisiak
aade2b461a
Fixed #32223 -- Removed strict=True in Path.resolve() in autoreloader.
...
This reverts commit e286711879
which
caused permission errors when users didn't have permissions to all
intermediate directories in a Django installation path.
Thanks Jakub Szafrański for the report.
2020-11-25 20:39:54 +01:00
Carlton Gibson
ead37dfb58
Fixed #32202 -- Fixed autoreloader argument generation for Windows with Python 3.7-.
2020-11-19 12:07:15 +01:00
Nick Pope
0cbccaebeb
Simplified TimeFormat.g().
2020-11-12 15:19:17 +01:00
Sam
895f6e4992
Fixed #32149 -- Added support for years < 1000 to DateFormat.y().
2020-11-12 12:43:06 +01:00
Tom Forbes
658bcc16f1
Fixed #25791 -- Implement autoreload behaviour for cached template loader.
2020-11-05 15:30:52 +01:00
Daniel Hahler
ab943f031c
Protected Watchman autoreloader against busy loops.
...
With an error in the loop above (e.g. using query without args), this
would trigger a busy loop. While this was caused due to changes to the
loop itself, it seems to be just good practice to protect against this.
2020-11-02 07:18:39 +01:00
Nick Pope
966b5b49b6
Updated MultiValueDict.update() to mirror dict.update() behavior.
...
Changes in behavior include:
- Accepting iteration over empty sequences, updating nothing.
- Accepting iterable of 2-tuples providing key-value pairs.
- Failing with the same or comparable exceptions for invalid input.
Notably this replaces the previous attempt to catch TypeError which was
unreachable as the call to .items() resulted in AttributeError on
non-dict objects.
2020-10-30 10:44:44 +01:00
Nick Pope
1a8ad8a5c6
Removed unused custom exception support for ImmutableList.
...
If the warning provided was an instance of Exception, then it would be
used as-is. In practice this is untested, unused and ImmutableList is
an undocumented internal datastructure.
2020-10-30 10:44:44 +01:00
Martin Thoma
302caa40e4
Made small readability improvements.
2020-10-28 20:20:20 +01:00
Florian Apolloner
143d8e1ab3
Removed unneeded calls to iri_to_uri() in cache key generation.
...
request.build_absolute_uri() already applies iri_to_uri()
2020-10-06 12:29:06 +02:00
Simon Charette
4c675523bd
Refs #29838 , Refs #28507 -- Made make_hashable() ignore key order.
2020-10-05 20:42:46 +02:00
Tom Carrick
bcc2befd0e
Fixed #31789 -- Added a new headers interface to HttpResponse.
2020-09-14 08:41:59 +02:00
Francisco Couzo
5ea1621c72
Fixed #31985 -- Corrected salted_hmac()'s docstring about supported algorithms.
...
salted_hmac() validates supported algorithms by checking hashlib
methods.
2020-09-07 10:59:36 +02:00
Nick Pope
fd209f62f1
Refs #21231 -- Backport urllib.parse.parse_qsl() from Python 3.8.
2020-09-03 14:24:42 +02:00
Michael Galler
547a07fa7e
Fixed #31905 -- Made MiddlewareMixin call process_request()/process_response() with thread sensitive.
...
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2020-08-26 07:13:49 +02:00
David Smith
e74b3d724e
Bumped minimum isort version to 5.1.0.
...
Fixed inner imports per isort 5.
isort 5.0.0 to 5.1.0 was unstable.
2020-07-30 10:58:59 +02:00
Tim Park
8fa9a6d29e
Fixed #31623 -- Allowed specifying number of adjacent time units in timesince()/timeuntil().
2020-07-16 09:44:28 +02:00
Tim Park
d1409f51ff
Fixed #31732 -- Cached callables signatures in django.utils.inspect methods.
2020-07-06 10:42:43 +02:00
Claude Paroz
258c88a913
Refs #5691 -- Made cache keys independent of USE_L10N.
...
This mostly reverts af1893c4ff
.
2020-06-22 10:55:12 +02:00
Tom Forbes
8a902b7ee6
Fixed #31716 -- Fixed detection of console scripts in autoreloader on Windows.
2020-06-18 13:04:10 +02:00
Claude Paroz
9e57b1efb5
Fixed #30134 -- Ensured unlocalized numbers are string representation in templates.
2020-06-04 10:34:54 +02:00
Carlton Gibson
dd1ca50b09
Fixed #31570 -- Corrected translation loading for apps providing territorial language variants with different plural equations.
...
Regression in e3e48b0012
.
Thanks to Shai Berger for report, reproduce and suggested fix.
2020-06-01 08:38:54 +02:00
David Smith
0382ecfe02
Fixed #28694 -- Made django.utils.text.slugify() strip dashes and underscores.
2020-05-29 06:47:51 +02:00
David Smith
3111b434e7
Corrected slugify()'s docstring.
2020-05-29 06:42:03 +02:00
François Freitag
7cd88b3fec
Updated logging calls to use arguments instead of string interpolation.
2020-05-13 09:12:18 +02:00
Mariusz Felisiak
d106d07f73
Advanced deprecation warnings for Django 3.2.
2020-05-13 09:07:51 +02:00
Mariusz Felisiak
0668164b4a
Fixed E128, E741 flake8 warnings.
2020-05-12 08:52:23 +02:00
Jon Dufresne
d6aff369ad
Refs #30116 -- Simplified regex match group access with Match.__getitem__().
...
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
2020-05-11 12:01:28 +02:00
Tom Forbes
c00bc27945
Refs #30372 -- Stopped watching built-in Django translation files by auto-reloader.
2020-05-04 09:13:47 +02:00
François Freitag
abea86f9e4
Removed unnecessary tuple wrapping of single format string argument.
2020-04-27 08:30:16 +02:00
Jon Dufresne
505fec6bad
Capitalized Unicode in docs, strings, and comments.
2020-04-20 12:10:33 +02:00
Hasan Ramezani
7b31ba541f
Fixed #29329 -- Made datetime logging from runserver more consistent.
...
Setting default_msec_format=None will make it the same, unfortunately
it's not supported by Python, see https://bugs.python.org/issue40300 .
2020-04-16 12:55:53 +02:00
Deep Sukhwani
4b146e0c83
Fixed #30864 -- Doc'd classproperty decorator.
2020-03-31 10:46:48 +02:00
Andrew Godwin
fc0fa72ff4
Fixed #31224 -- Added support for asynchronous views and middleware.
...
This implements support for asynchronous views, asynchronous tests,
asynchronous middleware, and an asynchronous test client.
2020-03-18 19:59:12 +01:00
Mariusz Felisiak
3c35825009
Fixed typo in django/utils/crypto.py.
2020-03-11 14:38:27 +01:00
Claude Paroz
e663f695fb
Fixed #31359 -- Deprecated get_random_string() calls without an explicit length.
2020-03-11 13:16:44 +01:00
Claude Paroz
e3e48b0012
Fixed #30439 -- Added support for different plural forms for a language.
...
Thanks to Michal Čihař for review.
2020-03-10 15:56:32 +01:00
Jon Dufresne
769cee5252
Fixed #31327 -- Deprecated providing_args argument for Signal.
2020-03-05 09:38:52 +01:00
Hasan Ramezani
bc1c034076
Fixed #28280 -- Prevented numberformat.format() from formatting large/tiny floats in scientific notation.
2020-02-26 16:02:53 +01:00
Claude Paroz
4d973f5939
Refs #26601 -- Deprecated passing None as get_response arg to middleware classes.
...
This is the new contract since middleware refactoring in Django 1.10.
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-18 20:03:44 +01:00
Claude Paroz
50cf183d21
Refs #27468 -- Added algorithm parameter to django.utils.crypto.salted_hmac().
2020-01-27 12:42:21 +01:00
Pavel Lysak
13e4abf83e
Fixed #30752 -- Allowed using ExceptionReporter subclasses in error reports.
2020-01-16 15:25:49 +01:00
Mariusz Felisiak
c5e373d48c
Fixed obsolete comment in django.utils.crypto.salted_hmac().
...
Obsolete since 13864703bc
.
2020-01-15 12:53:21 +01:00
Sjbrgsn
b2bd08bb7a
Fixed #30892 -- Fixed slugify() and admin's URLify.js for "İ".
...
Thanks Luis Nell for the implementation idea and very detailed report.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-12-30 20:47:22 +01:00
leollon
fef2636f28
Fixed typo in django/utils/termcolors.py docstring.
2019-12-27 07:49:15 +01:00
Mike Hansen
d291c72bf2
Fixed #30585 -- Added {% translate %} and {% blocktranslate %} template tags.
2019-12-18 13:15:38 +01:00
Baptiste Mispelon
f138e75910
Fixed outdated import in django/utils/safestring.py.
...
The backported version of functools.wraps was removed in
13864703bc
.
2019-12-06 09:31:33 +01:00
Andrew Godwin
c90ab30fa1
Fixed #31056 -- Allowed disabling async-unsafe check with an environment variable.
2019-12-03 17:29:31 +01:00
Farhaan Bukhsh
1f817daa20
Fixed #30803 -- Allowed comma separators for milliseconds in django.utils.dateparse functions.
...
Co-Authored-By: Ben Wilber <benwilber@gmail.com>
2019-11-27 09:43:12 +01:00
Farhaan Bukhsh
42b23d1e79
Refs #30803 -- Allowed comma separators for decimal fractions in parse_duration().
2019-11-27 09:43:12 +01:00
Baptiste Mispelon
824981b2dc
Removed unused unencoded_ampersands_re regex.
...
Unused since 8b81dee60c
.
2019-11-25 09:01:31 +01:00
Baptiste Mispelon
8929afb8ec
Fixed #9762 -- Made DateFormat.r() locale-independent.
...
Thanks to Antonio Melé for the original report all those years ago
and to all the contributors who helped along the way.
2019-11-22 12:41:53 +01:00
Baptiste Mispelon
76ec032712
Refs #26281 -- Added a helpful error message for an invalid "r" specifier to dateformat.format().
2019-11-22 12:32:30 +01:00
Baptiste Mispelon
cbe4d6203f
Fixed #30989 -- Removed unimplemented B time format.
...
It's never been documented and has always raised a NotImplementedError.
2019-11-18 12:50:41 +01:00
Baptiste Mispelon
5e2839f320
Simplified DateFormat.W() and z().
2019-11-18 11:30:23 +01:00
Baptiste Mispelon
1185c6172b
Fixed #30990 -- Fixed example output in 'z' date format docs.
2019-11-18 11:30:20 +01:00
Hasan Ramezani
6315a272c5
Refs #28428 -- Made filepath_to_uri() support pathlib.Path.
2019-10-30 13:13:15 +01:00
Hasan Ramezani
e3d0b4d550
Fixed #30899 -- Lazily compiled import time regular expressions.
2019-10-29 09:22:26 +01:00
Hasan Ramezani
39a34d4bf9
Refs #30899 -- Made _lazy_re_compile() support bytes.
2019-10-29 09:14:24 +01:00
Hasan Ramezani
c4cba148d8
Refs #30899 -- Moved _lazy_re_compile() to the django.utils.regex_helper.
2019-10-29 09:14:24 +01:00
Hasan Ramezani
52cb419072
Fixed #30918 -- Made timesince()/timeuntil() respect custom time strings for future and the same datetimes.
2019-10-28 12:28:18 +01:00
André Ericson
3120490912
Fixed #30876 -- Moved classproperty() decorator to the django.utils.functional.
2019-10-21 09:57:39 +02:00
Flavio Curella
ed112fadc1
Fixed #23755 -- Added support for multiple field names in the no-cache Cache-Control directive to patch_cache_control().
...
https://tools.ietf.org/html/rfc7234#section-5.2.2.2
2019-10-10 19:30:51 +02:00
Viktor Lomakin
ee6b17187f
Fixed #30812 -- Made ConditionalGetMiddleware set ETag only for responses with non-empty content.
2019-10-10 09:51:05 +02:00
Ad Timmering
7b5f8acb9e
Fixed #28690 -- Fixed handling of two-digit years in parse_http_date().
...
Due to RFC7231 ayear that appears to be more than 50 years in the
future are interpreted as representing the past.
2019-09-30 14:42:56 +02:00
Mariusz Felisiak
9a2a12d415
Advanced deprecation warnings for Django 3.1.
2019-09-10 12:01:00 +02:00
Mariusz Felisiak
cb2be9d5d5
Refs #29546 -- Removed django.utils.timezone.FixedOffset per deprecation timeline.
2019-09-10 12:01:00 +02:00
Nasir Hussain
25706d7285
Fixed #29714 -- Allowed using ExceptionReporter subclass with AdminEmailHandler.
2019-09-04 08:40:46 +02:00
Carlton Gibson
4f61810751
Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme().
2019-09-02 15:32:23 +02:00
Jon Dufresne
a44d80f88e
Adjusted subprocess.run() calls to use arg list, rather than string.
...
The Python docs recommend passing a sequence to subprocess.run() when
possible. Doing so allows for automatic escaping and quoting of
arguments.
https://docs.python.org/3/library/subprocess.html#frequently-used-arguments
> args is required for all calls and should be a string, or a sequence
> of program arguments. Providing a sequence of arguments is generally
> preferred, as it allows the module to take care of any required
> escaping and quoting of arguments (e.g. to permit spaces in file
> names).
Also removed `shell=True` where unnecessary.
2019-08-28 10:19:30 +02:00
Jon Dufresne
1e6b9e29e6
Refs #27795 -- Removed an unnecessary force_bytes() call in uri_to_iri().
...
The value returned from urllib.parse.quote() is always a string, so can
safely call .encode().
2019-08-28 09:20:46 +02:00
Claude Paroz
9386586f31
Replaced subprocess commands by run() wherever possible.
2019-08-23 10:53:36 +02:00
Adnan Umer
6805c0f99f
Fixed #30701 -- Updated patch_vary_headers() to handle an asterisk according to RFC 7231.
2019-08-16 15:25:42 +02:00
Claude Paroz
88c0b907e7
Refs #30461 -- Added django.utils._os.to_path().
2019-08-13 17:17:39 +02:00
swatantra
73ac9e3f04
Fixed #30677 -- Improved error message for urlencode() and Client when None is passed as data.
2019-08-11 20:15:23 +02:00
Jon Dufresne
e8d0d2a5ef
Removed unneeded ValueError catching in django.utils.text._replace_entity().
...
The html.entities.name2codepoint dict contains only valid Unicode
codepoints. Either the key exists and chr() will succeed or the key does
not exist.
2019-08-01 14:30:20 +02:00
Florian Apolloner
76ed1c49f8
Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Florian Apolloner
4b78420d25
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Florian Apolloner
7f65974f82
Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Nick Pope
f618e033ac
Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands.
2019-07-31 10:02:13 +02:00
Nick Pope
69a30f620e
Refs #30160 -- Simplified archive extension map and added other aliases.
2019-07-31 09:46:17 +02:00
Nick Pope
0509148c24
Refs #30160 -- Made destination path a required argument of extract().
2019-07-30 11:27:56 +02:00
Tom Forbes
fc75694257
Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved.
2019-07-24 14:08:37 +02:00