Commit Graph

80 Commits

Author SHA1 Message Date
Keryn Knight c8a6bf951b [4.0.x] Fixed #33426 -- Fixed ResolverMatch.__repr_() for class-based views.
Regression in 7c08f26bf0.

Backport of f4b06a3cc1 from main
2022-01-10 18:39:59 +01:00
Florian Apolloner 20b9ad36ff [4.0.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths.
Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports.

Backport of d4dcd5b9dd from main.
2021-12-07 06:29:34 +01:00
Jonathan Davis 4c6a6d5ac7
Fixed #23895 -- Prevented pickling of ResolverMatch.
Pickling a ResolverMatch did not work correctly in many cases,
especially with CBVs and URLResolvers in the list of tried URL paths.
2021-07-29 07:04:56 +02:00
Igor Fernandes e85d9c02ad Fixed #32870 -- Improved error message when URLconf is empty. 2021-06-22 08:09:53 +02:00
Angus Holder 3e73c65ffc Fixed #32195 -- Added system check for invalid view in path() and improved error messages. 2021-06-09 09:06:42 +02:00
Adam Johnson 0c0b87725b Refs #32260 -- Made admindocs and technical 404 debug page use view_func.view_class.
Internals of admindocs and technical 404 debug page should use the
view_class attribute and do not rely on __name__.
2021-03-30 06:51:27 +02:00
Nick Pope 41850eec99 Fixed #32572 -- Improved ResolverMatch.__repr__().
When a partial function was passed as the view, the __repr__() would
show the `func` argument as `functools.partial` which isn't very
helpful, especially as it doesn't reveal the underlying function or
arguments provided.
2021-03-29 11:28:56 +02:00
Sandro Covo 6822aa5c6c Fixed #32345 -- Fixed preserving encoded query strings in set_language() view.
Thanks Johannes Maron for the review.
2021-01-29 11:58:43 +01:00
David Smith 622fcb8119
Refs #31791 -- Improved performance of URLResolver.resolve().
Performance regression in 11ebc6479f.
2021-01-11 07:49:01 +01:00
Carlton Gibson ad11f5b8c9 Fixed #32124 -- Added per-view opt-out for APPEND_SLASH behavior. 2020-10-22 14:15:19 +02:00
Florian Apolloner 75d2af2c89 Removed unneeded iri_to_uri() call in reverse().
_reverse_with_prefix() already quotes using a stricter subset of the
safe characters used by iri_to_uri().
2020-10-06 12:29:06 +02:00
Jon Dufresne 11ebc6479f Fixed #31791 -- Made technical 404 debug page display the tried URL patterns for Http404. 2020-09-07 06:54:19 +02:00
Tim Park ece18207cb Fixed #31858 -- Reallowed whitespaces in URL paths outside of parameters.
Regression in 22394bd3a1.

Thanks David Smith for the review.
2020-09-02 10:24:14 +02:00
Adam Johnson 6e5041f57c
Removed unused param_dict return from URLResolver.resolve_error_handler().
Unused since its introduction in ed114e1510.
2020-06-22 21:28:56 +02:00
Jon Dufresne d6aff369ad Refs #30116 -- Simplified regex match group access with Match.__getitem__().
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
2020-05-11 12:01:28 +02:00
François Freitag abea86f9e4 Removed unnecessary tuple wrapping of single format string argument. 2020-04-27 08:30:16 +02:00
Adam Johnson 4bb33bb074 Fixed #31459 -- Fixed handling invalid indentifiers in URL path conversion.
This patch adjusted existing tests that used invalid identifiers.
2020-04-15 11:29:35 +02:00
Ram Rachum bf3e8227a9 Fixed #31166 -- Used "raise from" when raising ImproperlyConfigured exceptions in django.urls.resolvers.
This change sets the __cause__ attribute to raised exceptions and makes
small cleanups in error messages.
2020-01-17 11:44:22 +01:00
Jack Cushman eb629f4c02 Fixed #30995 -- Allowed converter.to_url() to raise ValueError to indicate no match. 2020-01-09 14:41:41 +01:00
Mariusz Felisiak 82a88d2f48
Fixed #31061 -- Ignored positional args in django.urls.resolve() when all optional named parameters are missing.
Regression in 76b993a117.

Thanks Claude Paroz for the report and Carlton Gibson for reviews.
2019-12-06 09:32:51 +01:00
Hasan Ramezani e3d0b4d550 Fixed #30899 -- Lazily compiled import time regular expressions. 2019-10-29 09:22:26 +01:00
Hasan Ramezani 22394bd3a1 Fixed #29667 -- Prohibited whitespaces in path() URLs. 2019-08-20 11:53:10 +02:00
Benjamin Woodruff 54dcfbc367 Fixed #29744 -- Fixed caching of URLResolver for a default URLconf.
get_resolver() for a default URLconf (passing no argument) and for
settings.ROOT_URLCONF should return the same cached object.
2019-07-03 11:37:28 +02:00
daniel a rios 76b993a117 Fixed #26431 -- Prevented django.urls.resolve() from returning missing optional parameters.
Previous behavior was inconsistent with django.urls.reverse() and
caused that translate_url() created an incorrect URL when an optional
parameter was missing.
2019-06-24 11:47:56 +02:00
Andrew Godwin a415ce70be Fixed #30451 -- Added ASGI handler and coroutine-safety.
This adds an ASGI handler, asgi.py file for the default project layout,
a few async utilities and adds async-safety to many parts of Django.
2019-06-20 12:29:43 +02:00
Sergey Fedoseev 6fa71872ae Simplified django.urls.reverse() a bit. 2019-06-12 12:15:40 +02:00
Alasdair Nicol a5accc0368 Fixed #30318 -- Added check for importability of arguments of custom error handler views.
Thanks to Jon on Stack Overflow for reporting the issue.
2019-04-25 11:08:22 +02:00
Tim Graham 0367bc6d04 Removed django.utils.lru_cache usage. 2019-02-04 20:07:49 -05:00
Benjamin Wohlwend 79c196cfb2 Fixed #28766 -- Added ResolverMatch.route.
Co-Authored-By: Xavier Fernandez <xavier.fernandez@polyconseil.fr>
2018-12-06 18:05:40 -05:00
Eric Brandwein b0b4aac555 Fixed #29775 -- Fixed URL converters in a nested namespaced path.
When using include() without namespaces of some urlpatterns that
have an include() with namespace, the converters of the parent
include() weren't being used to convert the arguments of reverse().
2018-10-04 11:42:27 -04:00
Adam Johnson 245c36d7b6 Fixed #29642 -- Added check for arguments of custom error handler views. 2018-09-14 11:59:56 -04:00
Andreas Hug a656a68127 Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware. 2018-08-01 09:28:42 -04:00
Xaroth Brook 39283c8edb Fixed #29415 -- Fixed detection of custom URL converters in included patterns. 2018-05-26 20:13:48 -04:00
Дилян Палаузов d7b2aa24f7 Fixed #28982 -- Simplified code with and/or. 2018-01-03 20:12:23 -05:00
Дилян Палаузов 4c599ece57 Fixed #28930 -- Simplified code with any() and all(). 2017-12-26 17:11:15 -05:00
Tilmann Becker 01384ce36c Fixed #28947 -- Fixed crash when coercing a translatable URL pattern to str.
Regression in df41b5a05d.
2017-12-20 20:36:41 -05:00
Nick Pope d13a9e44de Fixed #28909 -- Simplified code using tuple/list/set/dict unpacking. 2017-12-11 07:08:45 -05:00
Дилян Палаузов d2afa5eb23 Fixed #28860 -- Removed unnecessary len() calls. 2017-12-04 10:35:23 -05:00
Andrei Fokau 3ae9c356c5 Refs #28593 -- Updated old class names in comments following URL routing changes. 2017-11-08 08:43:39 -05:00
Chris Lamb 998c9dd599 Fixed #28663 -- Add a check for likely incorrectly migrated django.urls.path() routes. 2017-11-07 11:39:59 -05:00
Mariusz Felisiak 0f722d865e Removed redundant inner imports. 2017-10-20 18:30:41 -04:00
Jon Dufresne f0ffa3f4ea Refs #27025, #28593 -- Fixed "invalid escape sequence" warnings in urls/resolvers.py. 2017-09-30 20:33:07 -04:00
Tim Graham cfff2af02b Fixed #27857 -- Dropped support for Python 3.4. 2017-09-25 17:11:03 -04:00
Mariusz Felisiak 00709d704e Merged startswith() calls. 2017-09-25 09:18:29 -04:00
Daniel Tao 6f7279c4b1 Refs #28593 -- Made URLResolver._populate() more resilient to signal interrupts.
_populate() sets the populating attribute to prevent infinite recursion in
case a urlconf includes itself. The flag is a threadlocal to avoid a race
condition [1] where one thread sets the flag and another checks it, then
proceeds to access data that's supposed to be populated (e.g. _reverse_dict)
but isn't yet.

The potential still exists for a thread to set the threadlocal, then be
interrupted by a signal such as SIGALRM and raise before resetting the
threadlocal flag. In this scenario, subsequent calls to _populate() in the
same thread will short-circuit erroneously.

The bulk of the method was already wrapped in a try/finally in df41b5a, but
since a signal interrupt can occur at any line executed by the interpreter,
this moves up the try to ensure threadlocal gets reset.

[1]: https://groups.google.com/d/msg/django-developers/D_bIeinKHjE/4NmVQUJqAgAJ
2017-09-22 10:16:05 -04:00
Sjoerd Job Postmus df41b5a05d Fixed #28593 -- Added a simplified URL routing syntax per DEP 0201.
Thanks Aymeric Augustin for shepherding the DEP and patch review.
Thanks Marten Kenbeek and Tim Graham for contributing to the code.
Thanks Tom Christie, Shai Berger, and Tim Graham for the docs.
2017-09-20 18:04:42 -04:00
Tim Graham ee4043f735 Refs #28593 -- Moved django.conf.urls.include() to django.urls().
The old location remains for backwards compatibility. Documentation
will be updated separately along with the rest of the URL routing changes.
2017-09-13 16:32:03 -04:00
Tim Graham 6e4c6281db Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."
This reverts commit 550cb3a365
because try/except performs better.
2017-09-07 08:16:21 -04:00
Sergey Fedoseev 38988f289f Avoided creation of temporary sets. 2017-07-29 10:16:43 -04:00
Mads Jensen 550cb3a365 Fixed #27818 -- Replaced try/except/pass with contextlib.suppress(). 2017-06-28 14:07:55 -04:00