Commit Graph

725 Commits

Author SHA1 Message Date
Tim Graham 8119b679eb Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
http://bugs.python.org/issue27364
2016-09-17 15:44:06 -04:00
Kevin Christopher Henry 4ef0e019b7 Fixed #27083 -- Added support for weak ETags. 2016-09-10 08:14:52 -04:00
Tim Graham ef021412d5 Normalized spelling of ETag. 2016-09-09 11:00:21 -04:00
Jon Dufresne f227b8d15d Refs #26956 -- Allowed is_safe_url() to validate against multiple hosts 2016-09-07 19:56:25 -07:00
Anatoly Burov 7b6dccc82f Fixed #27191 -- Fixed debug view crash for requests with 'items' in GET/POST/COOKIES/FILES. 2016-09-07 13:47:09 -04:00
Claude Paroz 2ced2f785d Replaced smart_* by force_* calls whenever possible
The smart_* version should only be used when a lazy string should keep
its lazy status.
2016-09-03 13:46:41 +02:00
Jon Dufresne ff1e7b4eb4 Fixed #25181 -- Added localdate() function to get date in a different time zone.
Thanks Konrad Świat for the original patch.
2016-08-31 17:19:33 -07:00
Przemysław Suliga 1f68bb5683 Refs #26902 -- Protected against insecure redirects in set_language(). 2016-08-19 19:16:00 -04:00
Tim Graham 1e32e1cc95 Fixed #26973 -- Fixed views.static.serve() crash with show_indexes enabled. 2016-08-10 11:27:03 -04:00
Jon Dufresne 348cfccd90
Fixed #26938 -- Fixed invalid HTML in template postmortem on the debug page. 2016-07-24 18:18:57 +02:00
Tim Graham 93c538694e Fixed XSS in admin's add/change related popup.
This is a security fix.
2016-07-18 11:17:01 -04:00
Florian Apolloner 9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Vasiliy Faronov ac77c55bc5 Fixed #26567 -- Updated references to obsolete RFC2616.
Didn't touch comments where it wasn't obvious that the code adhered to
the newer standard.
2016-05-03 11:14:40 -04:00
Anssi Kääriäinen 7f51876f99 Fixed #26207 -- Replaced dynamic classes with non-data descriptors for deferred instance loading. 2016-04-29 13:06:32 -04:00
Tim Graham 0d8b523422 Fixed #26553 -- Removed unneeded loop in views/i18n.py 2016-04-28 09:15:34 -04:00
Claude Paroz de40cfbe74 Fixed #19567 -- Added JavaScriptCatalog and JSONCatalog class-based views
Thanks Cristiano Coelho and Tim Graham for the reviews.
2016-04-15 17:28:54 +02:00
Miikka Salminen 9e3f141701 Fixed #26466 -- Added HTTP_REFERER decoding to i18n set_language() view. 2016-04-09 10:57:43 -04:00
Tim Graham df8d8d4292 Fixed E128 flake8 warnings in django/. 2016-04-08 09:51:06 -04:00
Vaclav Ehrlich 369fa471f4 Fixed #26201 -- Documented the consequences of rotating the CSRF token on login. 2016-04-05 11:02:38 -04:00
Tim Graham 2cd2d18851 Fixed W503 flake8 warnings. 2016-04-04 17:14:26 -04:00
Krzysztof Jurewicz 940b7fd5cb Fixed #21446 -- Allowed not performing redirect in set_language view
Thanks Claude Paroz and Tim Graham for polishing the patch.
2016-03-29 22:15:14 +02:00
Claude Paroz 11c60b5298 Reused the DjangoTranslation class for the javascript_catalog view
Thanks Tim Graham and Cristiano Coelho for the reviews.
Refs #26328, #26319.
2016-03-08 21:39:59 +01:00
Andrew Kuchev e81d1c995c Fixed #25670 -- Allowed dictsort to sort a list of lists.
Thanks Tim Graham for the review.
2016-02-23 12:15:08 -05:00
François Freitag 16a88b4429 Fixed #26209 -- Masked sensitive settings in debug reports regardless of case. 2016-02-11 18:13:03 -05:00
Tim Graham 406675b1a0 Fixed #26176 -- Fixed E123 flake8 warnings. 2016-02-05 15:11:07 -05:00
userimack 60586dd737 Fixed #26125 -- Fixed E731 flake warnings. 2016-01-25 14:23:43 -05:00
Iacopo Spalletti 21bf685f5e Fixed #25697 -- Made default error views error when passed a nonexistent template_name. 2016-01-14 07:05:38 -05:00
Varun Sharma 3d6474e1a5 Fixed #25385 -- Allowed importing views.generic.View from views.View. 2016-01-11 08:18:44 -05:00
pp c8d970a548 Refs #25755 -- Unified a couple more spellings of 'website'. 2016-01-11 06:13:16 -05:00
Tim Graham 98839e9066 Removed British/Austrialian word: whilist. 2015-12-31 14:29:52 -05:00
Marten Kenbeek 16411b8400 Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
Thanks to Tim Graham for the review.
2015-12-31 14:21:29 -05:00
Chris Cogdon e429c5186c Fixed #26018 -- Prevented unecessary get_form() call in FormMixin.get_context_data().
Changed "dict.setdefault" to "if x in dict" pattern so that get_form() would not
be called unnecessarily, specifically in the case where FormMixin.form_invalid()
calls get_context_data() with the current form.
2015-12-30 17:29:39 -05:00
Chris Cogdon 4b2dcfe04f Fixed #26006 -- Fixed incorrect object reference in SingleObjectMixin.get_context_object_name(). 2015-12-30 09:56:45 -05:00
Tim Graham acd3606049 Removed blank line to appease isort. 2015-11-17 19:01:06 -05:00
Raphael Michel 16945f0e9c Fixed #25695 -- Added template_name parameter to csrf_failure() view. 2015-11-17 14:28:18 -05:00
Alex Morozov e171a83b15 Fixed #25548 -- Prevented FormView.form_invalid() from discarding its form argument. 2015-11-11 13:28:34 -05:00
Tim Graham 37ea3cb03e Fixed "URLconf" spelling in code comments. 2015-10-22 14:46:42 -04:00
John Moses 2b6344e944 Fixed #25037 -- Added request.user to the debug view. 2015-10-05 09:36:42 -04:00
Tim Graham fd1e54b923 Removed unused views.debug.linebreak_iter() function. 2015-09-24 09:15:55 -04:00
Tim Graham 491de4f07c Refs #23656 -- Required FormMixin.get_form() form_class parameter to be optional.
Per deprecation timeline.
2015-09-23 19:31:10 -04:00
Tim Graham 6eed9ae747 Refs #24133 -- Removed legacy formatting syntax in success_url placeholders.
Per deprecation timeline.
2015-09-23 19:31:10 -04:00
Dražen Odobašić b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
Vlastimil Zíma cf29b6b561 Fixed #25099 -- Fixed crash in AdminEmailHandler on DisallowedHost. 2015-09-04 09:24:21 -04:00
Maxime Lorant 5153a3bfdc Fixed #25331 -- Removed trailing blank lines in docstrings. 2015-08-31 17:37:21 -04:00
Denis Cornehl 7a40fef17a Fixed #24935 -- Refactored common conditional GET handling. 2015-08-15 09:08:45 -04:00
Tim Graham a3830f6d66 Refs #25236 -- Removed ifequal/ifnotequal usage. 2015-08-08 07:33:15 -04:00
Sergey Kolosov 244404227e Fixed #22404 -- Added a view that exposes i18n catalog as a JSON
Added django.views.i18n.json_catalog() view, which returns a JSON
response containing translations, formats, and a plural expression
for the specified language.
2015-08-05 09:05:21 -04:00
Tim Graham d7848c11e0 Fixed #25147 -- Fixed debug view copy-paste/interactive toggle.
The whitespace added in 1101467ce0
broke the initial comparison.
2015-07-20 11:52:21 -04:00
Vlastimil Zíma 8f8c54f70b Fixed #25099 -- Cleaned up HttpRequest representations in error reporting. 2015-07-13 19:22:39 -04:00
Tim Graham 6bdd3840be Improved whitespace in debug templates.
Removed extra blank lines in the template text debug template,
and prevented overindentation in the HTML debug template.
2015-07-13 19:22:39 -04:00
Tim Graham 7da3923ba0 Sorted imports in __init__.py files. 2015-06-27 11:53:33 -04:00
Tim Graham aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap.
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Tomáš Ehrlich 59383f1e3a Ref #23643 -- Added plain text report of exception chain. 2015-06-01 08:23:54 -04:00
Luca Ferroni 38eacbde62 Refs #23643 -- Fixed debug view regression on Python 2.
Thanks Tomáš Ehrlich for help with the patch.
2015-05-29 11:29:32 -04:00
I am Clinton 0b0bb6100d Fixed typos in HTTP decorator docs. 2015-05-25 07:38:08 -04:00
Piotr Jakimiak 4157c502a5 Removed unnecessary arguments in .get method calls 2015-05-13 20:51:18 +02:00
Claude Paroz 70779d9c1c Fixed #24733 -- Passed the triggering exception to 40x error handlers
Thanks Tim Graham for the review.
2015-05-11 22:02:14 +02:00
Preston Timmons adff499e47 Fixed #24119, #24120 -- Formalized debug integration for template backends. 2015-05-06 17:33:47 -05:00
Artis Avotins 86aaffa5a3 Fixed #24689 -- Fixed DetailView methods with deferred QuerySet. 2015-04-25 19:42:00 -04:00
Andrei Kulakov 8a1824d465 Fixed #24643 -- Added get_context_data() method to FormMixin 2015-04-24 20:17:29 -04:00
Preston Timmons 65a7a0d9ee Improved display of template loader postmortem on debug page.
This now works for multiple Django engines and recursive loaders.
Support for non-Django engines is still pending.

Refs #15053.
2015-04-22 14:49:00 -05:00
Curtis Maloney 14ecbd02a3 Removed cases of six.iter* wrapped in a list()
There's absolutely no advantage [and a mild performance hit] to using six.iter*
in these cases.
2015-04-18 23:29:29 +10:00
andy matthews b4da88b126 Fixed #24440 -- Added padding to debug view stacktrace lines. 2015-03-23 11:17:17 -04:00
Moritz Sichert d94449f37a Removed spaces after 'function' in jsi18n 2015-03-20 17:28:29 -04:00
Moritz Sichert 6bb2175ed6 Fixed #22106 -- Allowed using more than one instance of javascript_catalog per project. 2015-03-20 17:27:41 -04:00
Preston Timmons 55f12f8709 Cleaned up the template debug implementation.
This patch does three major things:

* Merges the django.template.debug implementation into django.template.base.

* Simplifies the debug implementation.

  The old implementation copied debug information to every token and node.
  The django_template_source attribute was set in multiple places, some
  quite hacky, like django.template.defaulttags.ForNode.

  Debug information is now annotated in two high-level places:

  * Template.compile_nodelist for errors during parsing
  * Node.render_annotated for errors during rendering

  These were chosen because they have access to the template and context
  as well as to all exceptions that happen during either the parse or
  render phase.

* Moves the contextual line traceback information creation from
  django.views.debug into django.template.base.Template. The debug views now
  only deal with the presentation of the debug information.
2015-03-20 08:58:07 -04:00
Tomáš Ehrlich 8414fcf16b Fixes #23643 -- Added chained exception details to debug view. 2015-03-14 16:08:23 -04:00
Claude Paroz aa5ab114e3 Fixed #24122 -- Redirected to translated url after setting language
Thanks gbdlin for the initial patch and Tim Graham for the review.
2015-03-13 16:46:40 +01:00
Bas Peschier 756cee46d2 Fixed #24455 -- Fixed crash in debug view with lazy objects 2015-03-09 20:30:01 -04:00
Preston Timmons 70123cf084 Fixed #24399 -- Made filesystem loaders use more specific exceptions. 2015-03-03 21:20:46 +01:00
Aymeric Augustin 556a74879f Fixed a few uses of Template that relied on a default engine.
Refs #24389.
2015-02-22 23:13:55 +01:00
Aymeric Augustin 88a5f17d25 Fixed #24389 -- Isolated the CSRF view from the TEMPLATES setting.
Thanks uranusjr for the report and analysis.
2015-02-22 15:46:35 +01:00
Aymeric Augustin c7a6996df7 Fixed a crash of the debug page.
During the autumn DST change, the template engine would fail to convert
the naive representation of now when USE_TZ = True. Passing now in UTC
eliminates the issue.

Thanks mbertheau and tricoder42.

Refs #23714.
2015-02-10 21:37:53 +01:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Aymeric Augustin 27f9ff459b Caught all exceptions raised by Engine.get_default().
In addition to ImproperlyConfigured, Engine.get_default() may also raise
ImportError or other exceptions. It's better to catch all exceptions in
places where the default engine isn't strictly required.
2015-02-05 20:06:18 +01:00
darkryder 9ec8aa5e5d Fixed #24149 -- Normalized tuple settings to lists. 2015-02-03 14:59:45 -05:00
Tim Graham 118b11221f Fixed #24263 -- Prevented extra queries on BaseDateDetailView with a custom queryset.
Thanks jekka-ua for the report and patch.
2015-02-03 09:12:37 -05:00
Aymeric Augustin 2133f3157e Fixed #24168 -- Allowed selecting a template engine in a few APIs.
Specifically in rendering shortcuts, template responses, and class-based
views that return template responses.

Also added a test for render_to_response(status=...) which was missing
from fdbfc980.

Thanks Tim and Carl for the review.
2015-02-03 08:29:45 +01:00
Tomáš Ehrlich 511be35779 Fixed #24220 - Allowed lazy objects for success_url 2015-01-26 17:58:55 +01:00
Tomáš Ehrlich ea0ea7859a Fixed #24221 - Used precompiled regexp for percent-placeholder matching. 2015-01-26 10:48:31 -05:00
Tim Graham 6e13c0490d Changed RedirectView.permanent to False per deprecation timeline; refs #21587. 2015-01-18 17:43:06 -05:00
Collin Anderson a420f83e7d Fixed #24055 -- Keep reference to view class for resolve() 2015-01-17 22:09:10 +07:00
Claude Paroz f48e2258a9 Fixed #24133 -- Replaced formatting syntax in success_url placeholders
Thanks Laurent Payot for the report, and Markus Holtermann, Tim Graham
for the reviews.
2015-01-12 22:51:22 +01:00
Aymeric Augustin 6b5113ec94 Made debug views not crash when there isn't a default template engine. 2015-01-12 21:01:34 +01:00
Aymeric Augustin a3e783fe11 Deprecated passing a Context to a generic Template.render.
A deprecation path is required because the return type of
django.template.loader.get_template changed during the
multiple template engines refactor.

test_csrf_token_in_404 was incorrect: it tested the case when the
hardcoded template was rendered, and that template doesn't depend on the
CSRF token. This commit makes it test the case when a custom template is
rendered.
2015-01-12 21:01:34 +01:00
Collin Anderson 3d2cae0896 Fixed #24072 -- Added FileResponse for streaming binary files. 2015-01-05 10:51:52 -05:00
Aymeric Augustin cf0fd65ed4 Deprecated TEMPLATE_LOADERS. 2014-12-28 17:02:30 +01:00
Claude Paroz ffa548fb56 Updated link to CSRF docs
Refs #23866.
2014-12-25 14:01:15 +01:00
Claude Paroz 234a2e0b6b Fixed #23866 -- Harmonized refs to Django documentation from code 2014-12-25 13:53:13 +01:00
Thomas Tanner b27db97b23 Fixed #22461 -- Added if-unmodified-since support to the condition decorator. 2014-12-24 12:33:57 -05:00
Jon Dufresne 4468c08d70 Fixed #23968 -- Replaced list comprehension with generators and dict comprehension 2014-12-08 07:58:23 -05:00
Berker Peksag 47789410db Corrected deprecation warnings for RedirectView; refs #21587. 2014-11-28 17:59:55 -05:00
Berker Peksag 9a30acad8a Fixed #21587 -- Added a warning for changing default of RedirectView.permanent. 2014-11-25 09:22:18 -05:00
Aymeric Augustin 18533fb558 Removed direct references to template-related settings. 2014-11-23 11:54:22 +01:00
Aymeric Augustin 29a977ab14 Moved template loaders management in Engine.
Passed the engine instance to loaders. This is a prerequisite for
looking up configuration on the engine instance instead of global
settings.

This is backwards incompatible for custom template loaders that override
__init__. However the documentation doesn't talk about __init__ and the
way to pass arguments to custom template loaders isn't specified. I'm
considering it a private API.
2014-11-23 11:52:12 +01:00
Carl Meyer a9cced7aec Fix another flake8 warning.
I don't agree with flake8 here about the right indentation, but as long as
we're using it, we should stick to it. I don't want to disable its hanging
indent checks just because of this case.
2014-11-22 14:21:32 -07:00
Berker Peksag 343162410f Fixed #21753 -- Raised exception when both `form_class` and `fields` are specified. 2014-11-21 14:23:17 -05:00
Aymeric Augustin 0900815097 Simplified caching of the default exception reporter filter.
Also simplified the logic under the assumption that a false-ish object
won't have an exception_reporter_filter attribute.
2014-11-19 21:35:40 +01:00
Aymeric Augustin 9eeb788cfb Refactored getting the list of template loaders.
This provides the opportunity to move utility functions specific to the
Django Template Language outside of django.template.loader.
2014-11-16 21:41:44 +01:00
Simon Charette f2ddc439b1 Fixed #23656 -- Made FormMixin.get_form's form_class argument optional.
Thanks Tim Graham for the review.
2014-10-30 19:10:52 -04:00