swatantra
73ac9e3f04
Fixed #30677 -- Improved error message for urlencode() and Client when None is passed as data.
2019-08-11 20:15:23 +02:00
Jon Dufresne
e8d0d2a5ef
Removed unneeded ValueError catching in django.utils.text._replace_entity().
...
The html.entities.name2codepoint dict contains only valid Unicode
codepoints. Either the key exists and chr() will succeed or the key does
not exist.
2019-08-01 14:30:20 +02:00
Florian Apolloner
76ed1c49f8
Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Florian Apolloner
4b78420d25
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Florian Apolloner
7f65974f82
Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
Nick Pope
f618e033ac
Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands.
2019-07-31 10:02:13 +02:00
Nick Pope
69a30f620e
Refs #30160 -- Simplified archive extension map and added other aliases.
2019-07-31 09:46:17 +02:00
Nick Pope
0509148c24
Refs #30160 -- Made destination path a required argument of extract().
2019-07-30 11:27:56 +02:00
Tom Forbes
fc75694257
Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved.
2019-07-24 14:08:37 +02:00
Mariusz Felisiak
fed5e19369
Removed unused BaseReloader.watch_file().
...
Unused since its introduction in c8720e7696
.
2019-07-24 13:32:02 +02:00
Tom Forbes
2ff517ccb6
Fixed #30506 -- Fixed crash of autoreloader when path contains null characters.
2019-07-23 10:03:23 +02:00
Mariusz Felisiak
f226bdbf4e
Refs #30608 -- Added django.utils.encoding.punycode().
2019-07-03 10:48:02 +02:00
Min ho Kim
fbb83fefd4
Fixed typos in comments and docs.
2019-07-02 09:36:17 +02:00
PatOnTheBack
29240a9952
Removed unnecessary import in django/utils/autoreload.py.
2019-07-01 14:50:00 +02:00
nsasaki128
a289e79679
Fixed #30594 -- Added 'private' Cache-Control directive to never_cache() decorator.
2019-06-26 09:25:24 +02:00
Tom Forbes
8454f6dea4
Fixed #30588 -- Fixed crash of autoreloader when __main__ module doesn't have __file__ attribute.
2019-06-26 06:44:10 +02:00
Tom Forbes
e286711879
Simplified handling of non-existent paths in autoreloader with Path.resolve(strict=True).
2019-06-24 09:48:59 +02:00
Andrew Godwin
a415ce70be
Fixed #30451 -- Added ASGI handler and coroutine-safety.
...
This adds an ASGI handler, asgi.py file for the default project layout,
a few async utilities and adds async-safety to many parts of Django.
2019-06-20 12:29:43 +02:00
Jon Dufresne
9e38ed0536
Fixed #27486 -- Fixed Python 3.7 DeprecationWarning in intword and filesizeformat filters.
...
intword and filesizeformat passed floats to ngettext() which is
deprecated in Python 3.7. The rationale for this warning is documented
in BPO-28692: https://bugs.python.org/issue28692 .
For filesizeformat, the filesize value is expected to be an int -- it
fills %d string formatting placeholders. It was likely coerced to a
float to ensure floating point division on Python 2. Python 3 always
does floating point division, so coerce to an int instead of a float to
fix the warning.
For intword, the number may contain a decimal component. In English, a
decimal component makes the noun plural. A helper function,
round_away_from_one(), was added to convert the float to an integer that
is appropriate for ngettext().
2019-06-11 20:34:59 +02:00
Tom Forbes
480492fe70
Fixed #30523 -- Fixed updating file modification times on seen files in auto-reloader when using StatReloader.
...
Previously we updated the file mtimes if the file has not been seen
before - i.e on the first iteration of the loop.
If the mtime has been changed we triggered the notify_file_changed()
method which in all cases except the translations will result in the
process being terminated. To be strictly correct we need to update the
mtime for either branch of the conditional.
Regression in 6754bffa2b
.
2019-05-29 09:41:24 +02:00
Tom Forbes
0344565179
Fixed #30516 -- Fixed crash of autoreloader when re-raising exceptions with custom signature.
...
Regression in c8720e7696
.
2019-05-29 08:08:50 +02:00
Tom Forbes
b2790f74d4
Fixed #30479 -- Fixed detecting changes in manage.py by autoreloader when using StatReloader.
...
Regression in c8720e7696
.
2019-05-28 08:31:33 +02:00
Simon Charette
df46b329e0
Refs #30485 -- Avoided unnecessary instance checks in urlencode.
...
Given doseq defaults to False it should avoid an unnecessary instance
check in most cases.
2019-05-27 22:00:14 +02:00
Johan Lübcke
0670b1b403
Fixed #30485 -- Adjusted django.utils.http.urlencode for doseq=False case.
2019-05-24 17:15:34 +02:00
Ran Benita
a2c31e12da
Fixed #30498 -- Fixed proxy class caching in lazy().
...
lazy() should prepare the proxy class only once (the first time it's
used) not on every call.
Regression in b4e76f30d1
.
2019-05-22 20:41:52 +02:00
Nick Pope
1d0bab0bfd
Fixed #27635 -- Used secrets module in django.utils.crypto.
2019-05-20 11:21:22 +02:00
Nick Pope
068005a349
Refs #27635 -- Removed fallback when SystemRandom() isn't available that doesn't work.
...
Fallback was untested and likely never triggered.
2019-05-20 11:21:22 +02:00
Daniel Hahler
43f54e136e
Refs #27685 -- Logged unexpected Watchman autoreloader errors.
2019-05-15 06:57:26 +02:00
Jon Dufresne
b915b9f10f
Refs #27753 -- Deprecated django.utils.text.unescape_entities().
...
The function was undocumented and only required for compatibility with
Python 2.
Code should use Python's html.unescape() that was added in Python 3.4.
2019-05-08 08:00:59 +02:00
Daniel Hahler
29601bca9b
Ignored pywatchman.SocketTimeout in Watchman autoreloader.
...
Bumped minimum supported pywatchman version to 1.2.0.
These exceptions don't require checking a server status.
2019-05-03 13:56:49 +02:00
Tom Forbes
6754bffa2b
Fixed #30323 -- Fixed detecting changes by autoreloader when using StatReloader.
2019-04-29 11:41:00 +02:00
Tom Forbes
0636d4d2aa
Refs #30323 -- Prevented crash of autoreloader when get_resolver().urlconf_module raising an exception.
2019-04-29 11:41:00 +02:00
Tom Forbes
b5259ab780
Refs #30323 -- Simplified utils.autoreload.ensure_echo_on().
2019-04-29 11:41:00 +02:00
Jacob Green
ed3c59097a
Fixed #30361 -- Increased the default timeout of watchman client to 5 seconds and made it customizable.
...
Made the default timeout of watchman client customizable via
DJANGO_WATCHMAN_TIMEOUT environment variable.
2019-04-26 12:55:49 +02:00
Jon Dufresne
8d76443aba
Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape().
2019-04-25 15:09:07 +02:00
Sjoerd Job Postmus
e6d57c4d65
Fixed #30363 -- Do not use exponential notation for small decimal numbers.
...
In 9cc6a60040b0f64f8ea066dd215176d4bd16621d a security patch was
introduced to prevent allocating large segments of memory when a
very large or very small decimal number was to be formatted.
As a side-effect, there was a change in formatting of small decimal
numbers even when the `decimal_pos` argument was provided, which meant
that reasonable small decimal numbers (above 1e-199) would be formatted
as `0.00`, while smaller decimal numbers (under 1e-200) would be
formatted as `1e-200`.
2019-04-13 14:30:33 +02:00
Mariusz Felisiak
881362986a
Fixed "byte string" typo in various docs and comments.
2019-03-28 10:00:12 +01:00
shiningfm
99cfb28e99
Fixed #30215 -- Fixed autoreloader crash for modules without __spec__.
...
Regression in c8720e7696
.
2019-02-27 10:35:30 -05:00
Tom Forbes
65ef5f467b
Refs #27685 -- Removed "watchman unavailable" message.
2019-02-25 21:43:29 -05:00
Matthias Kestenholz
e04209e181
Refs #30179 -- Moved topological sort functions to django.utils.
2019-02-25 15:44:49 -05:00
Seunghun Lee
99fc5dc13c
Fixed #30141 -- Fixed parse_duration() for some negative durations.
2019-02-23 18:54:09 -05:00
Claude Paroz
a8e2a9bac6
Refs #15902 -- Deprecated storing user's language in the session.
2019-02-14 10:23:02 -05:00
Carlton Gibson
402c0caa85
Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format().
...
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.
2019-02-11 11:08:45 +01:00
Sergey Fedoseev
1835563ab8
Removed unneeded list() calls in sorted() argument.
2019-02-09 19:08:22 -05:00
Jon Dufresne
6eb4996672
Fixed #30165 -- Deprecated ugettext(), ugettext_lazy(), ugettext_noop(), ungettext(), and ungettext_lazy().
2019-02-08 10:05:53 -05:00
Tim Graham
77d25dbd0f
Refs #27753 -- Favored SafeString over SafeText.
2019-02-06 14:12:06 -05:00
Tim Graham
d55e882927
Refs #27753 -- Deprecated django.utils.encoding.force_text() and smart_text().
2019-02-06 14:12:06 -05:00
Aymeric Augustin
3bb6a4390c
Refs #27753 -- Favored force/smart_str() over force/smart_text().
2019-02-06 14:12:06 -05:00
Nick Pope
24b82cd201
Fixed #30159 -- Removed unneeded use of OrderedDict.
...
Dicts preserve order since Python 3.6.
2019-02-06 13:48:39 -05:00
Tim Graham
f09b0f6483
Refs #27753 -- Removed django.utils.safestring.SafeBytes.
2019-02-05 13:00:15 -05:00
Tim Graham
3004d7057f
Refs #27753 -- Removed django.utils.functional.curry().
2019-02-05 13:00:15 -05:00
Tim Graham
9a750cbd5c
Refs #27753 -- Removed django.utils.decorators.ContextDecorator alias.
2019-02-05 13:00:11 -05:00
Tim Graham
41384812ef
Refs #27753 -- Removed django.utils.six.
2019-02-05 12:58:55 -05:00
Tim Graham
efe28d3f56
Refs #27753 -- Removed django.utils._os.abspathu(), upath(), and npath().
2019-02-05 12:57:11 -05:00
Tim Graham
d1f4b3c68a
Refs #27753 -- Removed django.utils.decorators.available_attrs().
2019-02-05 12:52:07 -05:00
Tim Graham
c679f357a8
Refs #27753 -- Removed django.utils.lru_cache.
2019-02-05 12:52:07 -05:00
Tim Graham
83c2bc52c2
Refs #27753 -- Deprecated django.utils.http urllib aliases.
2019-02-04 18:53:11 -05:00
Jon Dufresne
290d8471bb
Fixed #30147 -- Simplified directory creation with os.makedirs(..., exist_ok=True).
2019-01-31 12:53:36 -05:00
Tim Graham
7e6b214ed3
Fixed #30116 -- Dropped support for Python 3.5.
2019-01-30 10:19:48 -05:00
Tom Forbes
1e92407f83
Fixed #25624 -- Fixed autoreload crash with jinja2.ModuleLoader.
2019-01-28 14:17:50 -05:00
Jon Dufresne
7785e03ba8
Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
...
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
Tom Forbes
d8a2f4ec09
Removed redundant period in Watchman unavailable message.
2019-01-19 18:25:01 -05:00
Tim Graham
f5060a1385
Advanced deprecation warnings for Django 3.0.
2019-01-17 11:15:27 -05:00
Tim Graham
958a7b4ca6
Refs #28965 -- Removed utils.http.cookie_date() per deprecation timeline.
2019-01-17 10:52:19 -05:00
Santiago Basulto
4fc35a9c3e
Fixed #20147 -- Added HttpRequest.headers.
2019-01-16 13:38:47 -05:00
Tom Forbes
c8720e7696
Fixed #27685 -- Added watchman support to the autoreloader.
...
Removed support for pyinotify (refs #9722 ).
2019-01-13 20:33:47 -05:00
Tim Graham
0004daa536
Used 4 space hanging indent for dictionaries.
...
Thanks Mariusz Felisiak for auditing.
2019-01-02 18:18:19 -05:00
Jon Dufresne
6fe9c45b72
Fixed #30024 -- Made urlencode() and Client raise TypeError when None is passed as data.
2018-12-27 11:19:55 -05:00
Patrick Arminio
ae180fa4b7
Fixed #29986 -- Added .format() support to ngettext_lazy strings.
2018-12-06 15:12:34 -05:00
Jaap Roes
fc71bb11b1
Improved readability of translation's to_locale().
2018-11-23 14:53:19 -05:00
Thomas Grainger
0607699902
Fixed #29478 -- Added support for mangled names to cached_property.
...
Co-Authored-By: Sergey Fedoseev <fedoseev.sergey@gmail.com>
2018-11-19 13:40:49 -05:00
Tim Graham
803840abf7
Refs #29926 -- Removed usage of gettext.translation()'s deprecated codeset parameter.
...
https://bugs.python.org/issue33710
2018-11-06 20:22:47 -05:00
aspalding
dc5e75d419
Fixed #29838 -- Fixed crash when combining Q objects with __in lookups and lists.
...
Regression in fc6528b25a
.
2018-10-17 11:34:49 -04:00
aspalding
217f82d713
Refs #29838 -- Fixed make_hashable() for values that have lists or dicts nested in tuples.
...
And for non-hashable values that are iterable, e.g. sets.
2018-10-17 11:17:50 -04:00
aspalding
834c4ec8e4
Moved make_hashable() to django.utils and added tests.
2018-10-17 11:17:23 -04:00
Taoufik
f07091a30f
Fixed typo in django/utils/datastructures.py.
2018-10-14 11:20:22 -04:00
Tim Graham
1e3cd51163
Simplified django.utils.html.urlize().
2018-10-12 12:15:26 -04:00
Tim Graham
910548634a
Refs #29826 -- Removed unused characters from urlize configuration.
...
The HTML characters are unused because urlize is meant to be applied to
plain text and these characters aren't properly detected (refs #29826 ).
Angle brackets and quotes are present in word_split_re and therefore
won't be used in WRAPPING_PUNCTUATION.
2018-10-12 08:13:52 +02:00
Jon Dufresne
c82893cb8c
Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.
...
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.
As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-10-10 14:38:22 -04:00
Sergey Fedoseev
277017aea4
Simplified utils.text.StreamingBuffer.
2018-10-04 08:28:03 -04:00
Sergey Fedoseev
8ef8bc0f64
Refs #28909 -- Simplifed code using unpacking generalizations.
2018-09-28 09:57:12 -04:00
Jon Dufresne
82f286cf6f
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
Jon Dufresne
bb81c22d90
Refs #27795 -- Removed force_bytes() usage in utils/_os.py.
2018-09-25 11:27:36 -04:00
Jon Dufresne
8c3e0eb1c1
Normalized spelling of "lowercase" and "lowercased".
2018-09-25 10:30:18 -04:00
Javier Buzzi
a0d63b02c3
Fixed #29772 -- Made LazyObject proxy __lt__() and __gt__().
2018-09-19 13:51:01 -04:00
Jon Dufresne
ee184e13cb
Refs #27795 -- Removed force_bytes() usage in django/utils/cache.py.
2018-08-28 08:03:23 -04:00
Claude Paroz
201017df30
Fixed #29654 -- Made text truncation an ellipsis character instead of three dots.
...
Thanks Sudhanshu Mishra for the initial patch and Tim Graham for the review.
2018-08-21 17:46:45 +02:00
Mariusz Felisiak
9fee229874
Fixed #29643 -- Fixed crash when combining Q objects with __in lookups and lists.
...
Regression in fc6528b25a
.
2018-08-08 08:51:20 +02:00
Josh Schneier
f1bf069ec1
Refs #29244 -- Fixed django.utils.inspect.method_has_no_args() for bound methods.
2018-08-07 17:37:35 -04:00
Josh Schneier
756b859576
Renamed django.utils.inspect.func_has_no_args() to method_has_no_args().
2018-08-07 17:37:35 -04:00
Tim Graham
2092206bee
Refs #29600 -- Updated django.utils.datetime_safe now that Python 2 is unsupported.
2018-08-02 10:20:24 -04:00
Andreas Hug
a656a68127
Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.
2018-08-01 09:28:42 -04:00
Tim Graham
2ac7cd52b4
Refs #29600 -- Removed datetime_safe usage in feedgenerator.
...
The only effect would be if items in Atom feeds had a published date
year of < 1000 (ensuring those years are padded with leading zeros).
2018-07-26 16:49:15 -04:00
Claude Paroz
b004bd62e8
Fixed #29412 -- Stopped marking slugify() result as HTML safe.
2018-07-20 10:44:30 -04:00
Claude Paroz
0adfba968e
Fixed #29578 -- Made numberformat.format() honor forced l10n usage.
...
Thanks Sassan Haradji for the report.
2018-07-19 16:44:40 -04:00
Mariusz Felisiak
a73cf8110e
Removed duplicate words in various comments.
2018-07-18 11:54:15 -04:00
Sergey Fedoseev
338f741c5e
Fixed #29546 -- Deprecated django.utils.timezone.FixedOffset.
2018-07-09 16:33:36 -04:00
Sergey Fedoseev
7d6fe18dde
Simplified force_bytes().
2018-07-09 12:25:55 -04:00
Sergey Fedoseev
857f860d56
Removed unneded str() calls prior to mark_safe(); simplified mark_safe().
2018-07-09 11:25:11 -04:00
Przemysław Suliga
d22b90b4ea
Fixed #29525 -- Allowed is_safe_url()'s allowed_hosts arg to be a string.
2018-06-29 10:17:52 -04:00