innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
27,274 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

1576 Commits

Author SHA1 Message Date
Jon Dufresne a44d80f88e Adjusted subprocess.run() calls to use arg list, rather than string. 
The Python docs recommend passing a sequence to subprocess.run() when
possible. Doing so allows for automatic escaping and quoting of
arguments.

https://docs.python.org/3/library/subprocess.html#frequently-used-arguments

> args is required for all calls and should be a string, or a sequence
> of program arguments. Providing a sequence of arguments is generally
> preferred, as it allows the module to take care of any required
> escaping and quoting of arguments (e.g. to permit spaces in file
> names).

Also removed `shell=True` where unnecessary.
 2019-08-28 10:19:30 +02:00
Jon Dufresne 1e6b9e29e6 Refs #27795 -- Removed an unnecessary force_bytes() call in uri_to_iri(). 
The value returned from urllib.parse.quote() is always a string, so can
safely call .encode().
 2019-08-28 09:20:46 +02:00
Claude Paroz 9386586f31 Replaced subprocess commands by run() wherever possible. 2019-08-23 10:53:36 +02:00
Adnan Umer 6805c0f99f Fixed #30701 -- Updated patch_vary_headers() to handle an asterisk according to RFC 7231. 2019-08-16 15:25:42 +02:00
Claude Paroz 88c0b907e7 Refs #30461 -- Added django.utils._os.to_path(). 2019-08-13 17:17:39 +02:00
swatantra 73ac9e3f04 Fixed #30677 -- Improved error message for urlencode() and Client when None is passed as data. 2019-08-11 20:15:23 +02:00
Jon Dufresne e8d0d2a5ef Removed unneeded ValueError catching in django.utils.text._replace_entity(). 
The html.entities.name2codepoint dict contains only valid Unicode
codepoints. Either the key exists and chr() will succeed or the key does
not exist.
 2019-08-01 14:30:20 +02:00
Florian Apolloner 76ed1c49f8 Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri(). 
Thanks to Guido Vranken for initial report.
 2019-08-01 09:24:54 +02:00
Florian Apolloner 4b78420d25 Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities. 
Thanks to Guido Vranken for initial report.
 2019-08-01 09:24:54 +02:00
Florian Apolloner 7f65974f82 Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML. 
Thanks to Guido Vranken for initial report.
 2019-08-01 09:24:54 +02:00
Nick Pope f618e033ac Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands. 2019-07-31 10:02:13 +02:00
Nick Pope 69a30f620e Refs #30160 -- Simplified archive extension map and added other aliases. 2019-07-31 09:46:17 +02:00
Nick Pope 0509148c24 Refs #30160 -- Made destination path a required argument of extract(). 2019-07-30 11:27:56 +02:00
Tom Forbes fc75694257 Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved. 2019-07-24 14:08:37 +02:00
Mariusz Felisiak fed5e19369
Removed unused BaseReloader.watch_file(). 
Unused since its introduction in c8720e7696.
 2019-07-24 13:32:02 +02:00
Tom Forbes 2ff517ccb6 Fixed #30506 -- Fixed crash of autoreloader when path contains null characters. 2019-07-23 10:03:23 +02:00
Mariusz Felisiak f226bdbf4e Refs #30608 -- Added django.utils.encoding.punycode(). 2019-07-03 10:48:02 +02:00
Min ho Kim fbb83fefd4 Fixed typos in comments and docs. 2019-07-02 09:36:17 +02:00
PatOnTheBack 29240a9952 Removed unnecessary import in django/utils/autoreload.py. 2019-07-01 14:50:00 +02:00
nsasaki128 a289e79679 Fixed #30594 -- Added 'private' Cache-Control directive to never_cache() decorator. 2019-06-26 09:25:24 +02:00
Tom Forbes 8454f6dea4 Fixed #30588 -- Fixed crash of autoreloader when __main__ module doesn't have __file__ attribute. 2019-06-26 06:44:10 +02:00
Tom Forbes e286711879 Simplified handling of non-existent paths in autoreloader with Path.resolve(strict=True). 2019-06-24 09:48:59 +02:00
Andrew Godwin a415ce70be Fixed #30451 -- Added ASGI handler and coroutine-safety. 
This adds an ASGI handler, asgi.py file for the default project layout,
a few async utilities and adds async-safety to many parts of Django.
 2019-06-20 12:29:43 +02:00
Jon Dufresne 9e38ed0536 Fixed #27486 -- Fixed Python 3.7 DeprecationWarning in intword and filesizeformat filters. 
intword and filesizeformat passed floats to ngettext() which is
deprecated in Python 3.7. The rationale for this warning is documented
in BPO-28692: https://bugs.python.org/issue28692.

For filesizeformat, the filesize value is expected to be an int -- it
fills %d string formatting placeholders. It was likely coerced to a
float to ensure floating point division on Python 2. Python 3 always
does floating point division, so coerce to an int instead of a float to
fix the warning.

For intword, the number may contain a decimal component. In English, a
decimal component makes the noun plural. A helper function,
round_away_from_one(), was added to convert the float to an integer that
is appropriate for ngettext().
 2019-06-11 20:34:59 +02:00
Tom Forbes 480492fe70 Fixed #30523 -- Fixed updating file modification times on seen files in auto-reloader when using StatReloader. 
Previously we updated the file mtimes if the file has not been seen
before - i.e on the first iteration of the loop.

If the mtime has been changed we triggered the notify_file_changed()
method which in all cases except the translations will result in the
process being terminated. To be strictly correct we need to update the
mtime for either branch of the conditional.

Regression in 6754bffa2b.
 2019-05-29 09:41:24 +02:00
Tom Forbes 0344565179 Fixed #30516 -- Fixed crash of autoreloader when re-raising exceptions with custom signature. 
Regression in c8720e7696.
 2019-05-29 08:08:50 +02:00
Tom Forbes b2790f74d4 Fixed #30479 -- Fixed detecting changes in manage.py by autoreloader when using StatReloader. 
Regression in c8720e7696.
 2019-05-28 08:31:33 +02:00
Simon Charette df46b329e0 Refs #30485 -- Avoided unnecessary instance checks in urlencode. 
Given doseq defaults to False it should avoid an unnecessary instance
check in most cases.
 2019-05-27 22:00:14 +02:00
Johan Lübcke 0670b1b403 Fixed #30485 -- Adjusted django.utils.http.urlencode for doseq=False case. 2019-05-24 17:15:34 +02:00
Ran Benita a2c31e12da Fixed #30498 -- Fixed proxy class caching in lazy(). 
lazy() should prepare the proxy class only once (the first time it's
used) not on every call.

Regression in b4e76f30d1.
 2019-05-22 20:41:52 +02:00
Nick Pope 1d0bab0bfd Fixed #27635 -- Used secrets module in django.utils.crypto. 2019-05-20 11:21:22 +02:00
Nick Pope 068005a349 Refs #27635 -- Removed fallback when SystemRandom() isn't available that doesn't work. 
Fallback was untested and likely never triggered.
 2019-05-20 11:21:22 +02:00
Daniel Hahler 43f54e136e Refs #27685 -- Logged unexpected Watchman autoreloader errors. 2019-05-15 06:57:26 +02:00
Jon Dufresne b915b9f10f Refs #27753 -- Deprecated django.utils.text.unescape_entities(). 
The function was undocumented and only required for compatibility with
Python 2.

Code should use Python's html.unescape() that was added in Python 3.4.
 2019-05-08 08:00:59 +02:00
Daniel Hahler 29601bca9b Ignored pywatchman.SocketTimeout in Watchman autoreloader. 
Bumped minimum supported pywatchman version to 1.2.0.

These exceptions don't require checking a server status.
 2019-05-03 13:56:49 +02:00
Tom Forbes 6754bffa2b Fixed #30323 -- Fixed detecting changes by autoreloader when using StatReloader. 2019-04-29 11:41:00 +02:00
Tom Forbes 0636d4d2aa Refs #30323 -- Prevented crash of autoreloader when get_resolver().urlconf_module raising an exception. 2019-04-29 11:41:00 +02:00
Tom Forbes b5259ab780 Refs #30323 -- Simplified utils.autoreload.ensure_echo_on(). 2019-04-29 11:41:00 +02:00
Jacob Green ed3c59097a
Fixed #30361 -- Increased the default timeout of watchman client to 5 seconds and made it customizable. 
Made the default timeout of watchman client customizable via
DJANGO_WATCHMAN_TIMEOUT environment variable.
 2019-04-26 12:55:49 +02:00
Jon Dufresne 8d76443aba Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape(). 2019-04-25 15:09:07 +02:00
Sjoerd Job Postmus e6d57c4d65 Fixed #30363 -- Do not use exponential notation for small decimal numbers. 
In 9cc6a60040b0f64f8ea066dd215176d4bd16621d a security patch was
introduced to prevent allocating large segments of memory when a
very large or very small decimal number was to be formatted.

As a side-effect, there was a change in formatting of small decimal
numbers even when the `decimal_pos` argument was provided, which meant
that reasonable small decimal numbers (above 1e-199) would be formatted
as `0.00`, while smaller decimal numbers (under 1e-200) would be
formatted as `1e-200`.
 2019-04-13 14:30:33 +02:00
Mariusz Felisiak 881362986a Fixed "byte string" typo in various docs and comments. 2019-03-28 10:00:12 +01:00
shiningfm 99cfb28e99 Fixed #30215 -- Fixed autoreloader crash for modules without __spec__. 
Regression in c8720e7696.
 2019-02-27 10:35:30 -05:00
Tom Forbes 65ef5f467b Refs #27685 -- Removed "watchman unavailable" message. 2019-02-25 21:43:29 -05:00
Matthias Kestenholz e04209e181 Refs #30179 -- Moved topological sort functions to django.utils. 2019-02-25 15:44:49 -05:00
Seunghun Lee 99fc5dc13c Fixed #30141 -- Fixed parse_duration() for some negative durations. 2019-02-23 18:54:09 -05:00
Claude Paroz a8e2a9bac6 Refs #15902 -- Deprecated storing user's language in the session. 2019-02-14 10:23:02 -05:00
Carlton Gibson 402c0caa85 Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format(). 
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.
 2019-02-11 11:08:45 +01:00
Sergey Fedoseev 1835563ab8 Removed unneeded list() calls in sorted() argument. 2019-02-09 19:08:22 -05:00
Jon Dufresne 6eb4996672 Fixed #30165 -- Deprecated ugettext(), ugettext_lazy(), ugettext_noop(), ungettext(), and ungettext_lazy(). 2019-02-08 10:05:53 -05:00