Commit Graph

211 Commits

Author SHA1 Message Date
Aymeric Augustin 47a9347b98 Fixed #6992 -- Improved error when middleware omits HttpResponse.
Thanks guettli for the report.
2014-06-07 19:48:45 +02:00
Unai Zalakain 11284a63d4 Fixed #18314 -- Corrected request.build_absolute_uri() handling of paths starting with //
``HttpRequest.build_absolute_uri()`` now correctly handles paths starting with ``//``.
``WSGIRequest`` now doesn't remove all the leading slashes either,
because ``http://test/server`` and http://test//server`` aren't the same thing
(RFC2396).

Thanks to SmileyChris for the initial patch.
2014-06-07 08:59:02 -04:00
Aymeric Augustin 3800f63721 Dropped fix_IE_for_vary/attach.
This is a security fix. Disclosure following shortly.
2014-05-14 10:19:48 +02:00
Claude Paroz 210d0489c5 Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
2014-03-08 09:57:40 +01:00
Rodolfo Carvalho 0d91225892 Fixed many typos in comments and docstrings.
Thanks Piotr Kasprzyk for help with the patch.
2014-03-03 07:38:09 -05:00
Aaron France 1150053b99 Fixed #21912 -- Improved error message if a view returns None.
Thanks brycenesbitt for the report.
2014-02-15 11:18:16 -05:00
Curtis f43e895b15 Replace _parse_content_type with cgi.parse_header 2014-02-09 10:01:16 +11:00
Berker Peksag 5d263dee30 Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string().
Thanks Aymeric Augustin for the suggestion and review.
2014-02-08 11:12:19 -05:00
Curtis d7a4b156d9 Use cached_property for request.GET and request.COOKIES 2013-12-24 21:57:57 +11:00
Claude Paroz e6dd70b4db Fixed #21383 -- Added request details in SuspiciousOperation messages 2013-11-09 12:11:58 +01:00
coagulant 3bc0d46a84 Fixed all E261 warnings 2013-11-02 18:20:39 -04:00
Tim Graham 36ded01527 Fixed #21302 -- Fixed unused imports and import *. 2013-11-02 15:24:56 -04:00
Alasdair Nicol b289fcf1bf Fixed #21288 -- Fixed E126 pep8 warnings 2013-10-21 08:31:30 -04:00
Alasdair Nicol bab9123daa Fixed #21268 -- Fixed E303 pep8 warnings 2013-10-18 01:46:24 +01:00
Bouke Haarsma 2fb5a51fa3 Fixed #18659 -- Deprecated request.REQUEST and MergeDict
Thanks Aymeric Augustin for the suggestion.
2013-10-17 09:42:28 -04:00
Unai Zalakain c7634cd7fe Fixed #7603 -- Added a 'scheme' property to the HttpRequest object
`HttpRequest.scheme` is `https` if `settings.SECURE_PROXY_SSL_HEADER` is
appropriately set and falls back to `HttpRequest._get_scheme()` (a hook
for subclasses to implement) otherwise.

`WSGIRequest._get_scheme()` makes use of the `wsgi.url_scheme` WSGI
environ variable to determine the request scheme.

`HttpRequest.is_secure()` simply checks if `HttpRequest.scheme` is
`https`.

This provides a way to check the current scheme in templates, for example.
It also allows us to deal with other schemes.

Thanks nslater for the suggestion.
2013-10-15 09:04:12 -04:00
Aymeric Augustin 8aaca651cf Fixed #20557 -- Properly decoded non-ASCII cookies on Python 3.
Thanks mitsuhiko for the report.

Non-ASCII values are supported. Non-ASCII keys still aren't, because the
current parser mangles them. That's another bug.
2013-09-07 10:25:43 -05:00
Aymeric Augustin ae7f9afaf6 Minor cleanup in the WSGI handler. 2013-09-07 10:25:16 -05:00
Aymeric Augustin 4e88d106dc Refactored the unmangling of the WSGI environ. 2013-09-07 10:03:50 -05:00
Aymeric Augustin 636860fbfb Moved two WSGI-specific functions to the WSGI handler.
They were defined in base when the mod_python handler used them. See bfcecbff.
2013-09-07 10:03:49 -05:00
Alex Gaynor 3e0eb2d788 Fixed a number of lint warnings, particularly around unused variables. 2013-08-04 09:17:10 -07:00
Loic Bistuer 48ce167d89 Fixed missing initializations in WSGIRequest. Refs #20619 2013-06-26 14:36:25 +07:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Aymeric Augustin 6633eeb886 Changed API to disable ATOMIC_REQUESTS per view.
A decorator is easier to apply to CBVs. Backwards compatibility isn't an
issue here, except for people running on a recent clone of master.

Fixed a few minor problems in the transactions docs while I was there.
2013-05-19 19:53:16 +02:00
Aymeric Augustin cb86f707a0 Fixed #12747 -- Made reason phrases customizable. 2013-05-19 13:14:54 +02:00
Alex Gaynor ea3a378c22 Added an HTTP status code to Django's WSGI application that was missing (reason unknown). 2013-05-08 12:45:31 -07:00
Aymeric Augustin 1267d2d9bc Fixed #20330 -- Normalized spelling of "web server".
Thanks Baptiste Mispelon for the report.
2013-04-29 19:40:43 +02:00
Julien Phalip 2f81a0ca65 Fixed #20169 -- Ensured that the WSGI request's path is correctly based on the `SCRIPT_NAME` environment parameter or the `FORCE_SCRIPT_NAME` setting, regardless of whether or not those have a trailing slash. Thanks to bmispelon for the review. 2013-04-01 12:04:44 -07:00
Loic Bistuer 521765f63d Fixed #19541 -- Fixed BaseHandler to enable reversing URLs in response middlewares
and streamed responses with respect to per-request urlconf.
2013-03-25 03:19:19 +07:00
Aymeric Augustin f5dbb566ee Fixed #17550 -- Removed a workaround for a bug in flup 1.0.1.
This reverts commit 948a833eb7.

flup appears to be dead, and this fix breaks legitimate uses of Django.

Refs #8490.
2013-03-24 10:57:38 +01:00
Aymeric Augustin ac37ed21b3 Deprecated TransactionMiddleware and TRANSACTIONS_MANAGED.
Replaced them with per-database options, for proper multi-db support.

Also toned down the recommendation to tie transactions to HTTP requests.
Thanks Jeremy for sharing his experience.
2013-03-11 15:04:05 +01:00
Claude Paroz 7c5b244826 Fixed #17061 -- Factored out importing object from a dotted path
Thanks Carl Meyer for the report.
2013-02-04 16:38:25 +01:00
Aymeric Augustin acc5396e6d Fixed #19519 -- Fired request_finished in the WSGI iterable's close(). 2012-12-31 12:47:34 +01:00
Aymeric Augustin 1e4a27d087 Fixed #19468 -- Decoded request.path correctly on Python 3.
Thanks aliva for the report and claudep for the feedback.
2012-12-22 13:32:39 +01:00
Aymeric Augustin be9f2919e0 Edited the middleware doc for completeness, clarity, and consistency. 2012-12-09 22:30:01 +01:00
Claude Paroz 6de6988f99 Fixed #5076 -- Properly decode POSTs with non-utf-8 payload encoding
Thanks daniel at blogg.se for the report and Aymeric Augustin for
his assistance on the patch.
2012-10-30 09:00:32 +01:00
Alex Gaynor 1b096ad773 Removed a function that is already fully implemented by a base class. 2012-10-24 12:49:57 -07:00
Florian Apolloner 6a6f589bfe Merge branch 'ticket15695' 2012-09-29 21:57:50 +02:00
Florian Apolloner b946db5241 Fixed #15695 -- Added `ResolverMatch` to the request object. 2012-09-27 15:06:58 +02:00
Claude Paroz 26ff2be787 Imported getLogger directly from logging module
This was a remainder of some 2.4 compatibility code.
2012-09-20 21:03:24 +02:00
Florian Apolloner 9ca17f883d Replace nested try/finally try/except with try/except/finally. 2012-09-09 13:00:10 +02:00
Claude Paroz ae88e73fa6 Replaced some smart_xxx by force_xxx equivalent
smart_str/smart_text should only be used when a potential lazy
string should be preserved in the result of the function call.
2012-08-30 15:46:16 +02:00
Aymeric Augustin 27d16a3ca4 [py3] Fixed middleware_exceptions tests. 2012-08-15 22:53:52 +02:00
Claude Paroz f8ea12f36b [py3] Removed excessive usage of smart_bytes 2012-08-15 12:13:54 +02:00
Claude Paroz 64531df5df Sent got_request_exception signal before handle_uncaught_exception
In some cases (notably Python 3), when handle_uncaught_exception was
itself raising an exception, the got_request_exception was storing
the latter exception instead of the original exception.
2012-08-15 10:58:26 +02:00
Claude Paroz 15fffcc751 [py3] Fixed reraising of exceptions
reraise with second argument to None is not supported.
2012-08-11 23:46:23 +02:00
Aymeric Augustin c5ef65bcf3 [py3] Ported django.utils.encoding.
* Renamed smart_unicode to smart_text (but kept the old name under
  Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
  and smart_bytes under Python 2 (which is backwards compatible).
  Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
  want a str.
2012-08-07 12:00:22 +02:00
Claude Paroz 9908201d7f Replaced some byte strings by str() calls
This is a useful trick when Python 2 awaits byte strings and
Python 3 Unicode (regular) strings.
2012-08-03 15:18:13 +02:00
Aymeric Augustin d796c94b03 [py3] Used six.reraise wherever necessary. 2012-07-22 09:29:52 +02:00
Alex Gaynor e0fce8706d Switch to using context managers for acquiring and releasing locks. 2012-06-23 08:11:15 -07:00