Commit Graph

1230 Commits

Author SHA1 Message Date
Aymeric Augustin 76220fe730 Optimized two functions slightly.
This avoids calling date.tzinfo.utcoffset(date) twice. It's also
robust to cases where that function returns None -- which never
happens in practice :-)
2015-05-02 21:11:25 +02:00
Aymeric Augustin 432678dbc1 Simplified the implementation of timezone.is_aware/naive. 2015-05-02 21:11:03 +02:00
Markus Bertheau 4a438e400b Fixed #13008 -- Added more Cache-Control headers to never_cache() decorator. 2015-04-28 12:07:02 -04:00
Michal Čihař 76d26d8922 Fixed #24063 -- Allowed locale variants supported by gettext.
The locale code can contain a variant after @, so allowed that.
2015-04-24 20:31:16 -04:00
Josh Smeaton 143255c8bb Fixed #22598 -- Allowed make_aware() to work with ambiguous datetime 2015-04-24 13:55:40 -04:00
Tim Graham 8efea1b8d5 Fixed #24526 -- Combined django.request/security loggers with the root logger.
Thanks Carl Meyer for review.
2015-04-24 11:07:42 -04:00
Curtis Maloney 14ecbd02a3 Removed cases of six.iter* wrapped in a list()
There's absolutely no advantage [and a mild performance hit] to using six.iter*
in these cases.
2015-04-18 23:29:29 +10:00
Tim Graham ad53213066 Fixed #24562 -- Renamed get_major_version() to get_main_version()
This reflects the actual behavior of the method.
2015-04-06 09:19:34 -04:00
Claude Paroz 7a0d9b5cda Fixed #24569 -- Made some translation functions accept None value
get_language() can return None when translations are deactivated.
Thanks Nicola Peduzzi for the reporti and Tim Graham for the review.
2015-04-04 10:54:16 +02:00
Moritz Sichert 1f2abf784a Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates. 2015-03-27 19:46:20 -04:00
Tim Graham 13bc311cdb Removed getLogger alias in django.utils.log. 2015-03-24 08:41:05 -04:00
Tim Graham 987e4b91d6 Removed the null handler in Django's default logging config.
It's unused since f0f327bb.
2015-03-24 08:26:14 -04:00
Bas Peschier b4382b7055 Fixed #16362 -- Allowed lookaround assertions in URL patterns. 2015-03-23 09:00:07 -04:00
Claude Paroz 9e83f30cd3 Fixed #24515 -- Fixed DjangoTranslation plural handling 2015-03-21 10:27:30 +01:00
Preston Timmons 55f12f8709 Cleaned up the template debug implementation.
This patch does three major things:

* Merges the django.template.debug implementation into django.template.base.

* Simplifies the debug implementation.

  The old implementation copied debug information to every token and node.
  The django_template_source attribute was set in multiple places, some
  quite hacky, like django.template.defaulttags.ForNode.

  Debug information is now annotated in two high-level places:

  * Template.compile_nodelist for errors during parsing
  * Node.render_annotated for errors during rendering

  These were chosen because they have access to the template and context
  as well as to all exceptions that happen during either the parse or
  render phase.

* Moves the contextual line traceback information creation from
  django.views.debug into django.template.base.Template. The debug views now
  only deal with the presentation of the debug information.
2015-03-20 08:58:07 -04:00
Tim Graham 011a54315e Made is_safe_url() reject URLs that start with control characters.
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Tim Graham 1c83fc88d6 Fixed an infinite loop possibility in strip_tags().
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Tim Graham 3ed9c7bdfe Fixed #24471 -- Enhanced urlize regex to exclude quotes and angle brackets. 2015-03-10 19:24:46 -04:00
Tim Graham 7b1a67cce5 Fixed escaping regression in urlize filter.
Now that the URL is always unescaped as of refs #22267,
we should re-escape it before inserting it into the anchor.
2015-03-10 18:58:34 -04:00
Claude Paroz df193b3cef Fixed #24382 -- Allowed unicode chars inside formatted numbers
Thanks Jacob Rief for the report and Tim Graham for the review.
2015-03-09 18:55:28 +01:00
Rik a5b225084f Fixed #23838 -- added missing `__iter__` to LazyObject 2015-03-08 15:42:23 +01:00
Claude Paroz ec808e807a Fixed urlize regression with entities in query strings
Refs #22267.
Thanks Shai Berger for spotting the issue and Tim Graham for the
initial patch.
2015-03-06 22:20:14 +01:00
Benjamin Wohlwend d6969abf23 Moved definition of chunks out of timesince function.
This speeds up the timesince function/filter substantially.
2015-03-04 22:30:14 +01:00
Claude Paroz 3cf1c02695 Fixed #24413 -- Prevented translation fallback for English
Thanks Tomasz Kontusz for the report, Baptiste Mispelon for
analysis and Tim Graham for the review.
2015-02-28 10:07:12 +01:00
Aymeric Augustin b9c619abc1 Prevented makemigrations from writing in sys.path[0].
There's no reason to assume that sys.path[0] is an appropriate location
for generating code. Specifically that doesn't work with extend_sys_path
which puts the additional directories at the end of sys.path.

In order to create a new migrations module, instead of using an
arbitrary entry from sys.path, import as much as possible from the path
to the module, then create missing submodules from there.

Without this change, the tests introduced in the following commit fail,
which seems sufficient to prevent regressions for such a refactoring.
2015-02-23 19:55:10 +01:00
Aymeric Augustin c688460df6 Removed rmtree_errorhandler.
The stated reason for its introduction in d18d37ce no longer applies
since Django's code repository was switched from Subversion to git.

Furthermore it never had any effect because shutil.rmtree ignores its
onerror argument when ignore_errors is True.

The reason for its use in template management commands is unclear.
2015-02-22 23:09:42 +01:00
Tim Graham bebc1e53a3 Refs #24324 -- Fixed UnicodeDecodeError in template_backends tests
The message for the SuspiciousFileOperation exception needs to
be a unicode string.
2015-02-17 18:44:31 -05:00
Lukas Klein 93b3ef9b2e Fixed #24321 -- Improved `utils.http.same_origin` compliance with RFC6454 2015-02-12 08:58:35 +01:00
Tim Graham 2ee9bce654 Removed some obsolete absolute_imports. 2015-02-09 13:37:23 -05:00
Alex Gaynor 82e0cd1571 Optimized allow_lazy() by not generating a new lazy wrapper on each invocation.
This dramatically improves performance on PyPy. The following benchmark:

python -mtimeit -s "from django.utils.functional import allow_lazy; from django.utils.translation import ugettext_lazy; f = allow_lazy(lambda s: s, str)" "f(ugettext_lazy('abc'))"

goes from 390us per loop to 165us.
2015-02-08 14:56:57 -05:00
Varun Sharma 540ca563de Fixed #24181 -- Fixed multi-char THOUSAND_SEPARATOR insertion
Report and original patch by Kay Cha.
2015-02-08 20:00:57 +01:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Tim Graham 607af78bb8 Removed django-2to3.py
Aymeric says, "It was fun to write, but I don't think it's very useful."
2015-02-06 06:22:00 -05:00
Tim Graham bbe28496d3 Removed old import aliases. 2015-02-05 19:37:01 -05:00
Matthew Somerville caa3562d5b Fixed #24242 -- Improved efficiency of utils.text.compress_sequence()
The function no longer flushes zfile after each write as doing so can
lead to the gzipped streamed content being larger than the original
content; each flush adds a 5/6 byte type 0 block. Removing this means
buf.read() may return nothing, so only yield if that has some data.
Testing shows without the flush() the buffer is being flushed every 17k
or so and compresses the same as if it had been done as a whole string.
2015-02-04 13:04:00 -05:00
darkryder 9ec8aa5e5d Fixed #24149 -- Normalized tuple settings to lists. 2015-02-03 14:59:45 -05:00
Claude Paroz cd0ceaa102 Fixed #24252 -- Forced lazy __str__ to utf-8 on Python 2
Thanks Stanislas Guerra for the report and Tomas Ehrlich for
the review.
2015-02-03 18:23:41 +01:00
Tim Graham 18f3e79b13 Removed threading fallback imports.
Django imports threading in many other places without fallback.
2015-01-28 10:23:25 -05:00
Adam Taylor 039465a6a7 Fixed typos in code comments. 2015-01-20 12:18:03 -05:00
Tim Graham 378a0d27d6 Advanced deprecation warnings for Django 1.9. 2015-01-19 12:22:41 -05:00
Tim Graham 5008a4db44 Removed legacy ORM lookup support per deprecation timeline; refs #16187. 2015-01-19 11:11:30 -05:00
Tim Graham d029fafea1 Removed utils.module_loading.import_by_path() per deprecation timeline; refs #21674. 2015-01-18 12:51:15 -05:00
Tim Graham df3f3bbe29 Removed utils.text.javascript_quote() per deprecation timeline; refs #21725. 2015-01-17 12:41:49 -05:00
Tim Graham f0a1df0b01 Removed deprecated Chinese language codes; refs #18149. 2015-01-17 11:23:43 -05:00
Tim Graham 1b0365ad34 Removed django.utils.tzinfo per deprecation timeline; refs #17262. 2015-01-17 09:32:33 -05:00
Tim Graham fed25f1105 Removed compatibility with Python 3.2. 2015-01-17 09:00:17 -05:00
Tim Graham c820892eed Removed django.utils.datastructures.SortedDict per deprecation timeline. 2015-01-17 08:40:23 -05:00
Tim Graham 41f0d3d3bc Removed FastCGI support per deprecation timeline; refs #20766. 2015-01-17 08:32:31 -05:00
Tim Graham 37b7776a01 Removed django.utils.datastructures.MergeDict per deprecation timeline; refs #18659. 2015-01-17 08:13:36 -05:00
Tim Graham 61ad1ea92b Removed django.utils.functional.memoize per deprecation timeline.
refs #21351.
2015-01-17 07:55:32 -05:00
Tim Graham b952c3fc60 Removed django.utils.unittest per deprecation timeline. 2015-01-17 07:32:22 -05:00
Tim Graham ce78b954cf Removed django.utils.importlib per deprecation timeline. 2015-01-17 07:14:21 -05:00
Tim Graham 1c8b637ed9 Removed django.utils.dictconfig per deprecation timeline. 2015-01-17 07:13:51 -05:00
Tim Graham 69b5e66738 Fixed is_safe_url() to handle leading whitespace.
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Claude Paroz 543df07720 Fixed #24073 -- Returned None for get_language when translations are deactivated
This fixes a regression caused by f7c287fca9. Thanks Markus Holtermann
for identifying the regression.
2015-01-08 17:43:07 +01:00
Tim Graham 52f0b2b622 Updated six to 1.9.0. 2015-01-02 12:35:41 -05:00
Aymeric Augustin 7eefdbf7ab Cleaned up the django.template namespace.
Since this package is going to hold both the implementation of the Django
Template Language and the infrastructure for Multiple Template Engines,
it should be untied from the DTL as much as possible within our
backwards-compatibility policy.

Only public APIs (i.e. APIs mentioned in the documentation) were left.
2014-12-28 14:47:31 +01:00
Aymeric Augustin 6d52f6f8e6 Fixed #23831 -- Supported strings escaped by third-party libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Aymeric Augustin 5c5eb5fea4 Fixed an inconsistency introduced in 547b1810.
mark_safe and mark_for_escaping should have been kept similar.

On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
2014-12-27 17:44:54 +01:00
Gavin Wahl b4e76f30d1 Fixed #23346 -- Fixed lazy() to lookup methods on the real object, not resultclasses.
Co-Authored-By: Rocky Meza <rmeza@fusionbox.com>
2014-12-26 11:30:34 -05:00
Tim Graham 3325ec869c Fixed #24045 -- Removed useless mark_safe() call in trans_null.py 2014-12-26 07:42:49 -05:00
Claude Paroz 234a2e0b6b Fixed #23866 -- Harmonized refs to Django documentation from code 2014-12-25 13:53:13 +01:00
Collin Anderson 5dddd79433 Fixed #20349 -- Moved setting_changed signal to django.core.signals.
This removes the need to load django.test when not testing.
2014-12-24 07:18:43 -05:00
Oscar Ramirez 54085b0f9b Fixed #23998 -- Added datetime.time support to migrations questioner. 2014-12-22 07:24:54 -05:00
Marc Tamlyn 57554442fe Fixed #2443 -- Added DurationField.
A field for storing periods of time - modeled in Python by timedelta. It
is stored in the native interval data type on PostgreSQL and as a bigint
of microseconds on other backends.

Also includes significant changes to the internals of time related maths
in expressions, including the removal of DateModifierNode.

Thanks to Tim and Josh in particular for reviews.
2014-12-20 18:28:29 +00:00
Michael Hall 895dc880eb Fixed #23812 -- Changed django.utils.six.moves.xrange imports to range 2014-12-13 12:45:58 -05:00
Jon Dufresne 4468c08d70 Fixed #23968 -- Replaced list comprehension with generators and dict comprehension 2014-12-08 07:58:23 -05:00
Berker Peksag 560b4207b1 Removed redundant numbered parameters from str.format().
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Eric Rouleau 9d1a69579b Fixed #23935 -- Converted decimals to fixed point in utils.numberformat.format 2014-12-03 07:49:06 -05:00
Tom V d049b36f91 Fixed typo in django/utils/decorators.py comment. 2014-11-24 10:45:29 -05:00
Aymeric Augustin 9d3d1a0321 Simplified caching of supported languages. 2014-11-19 21:35:40 +01:00
Aymeric Augustin e23240474b Simplified caching of get_default_timezone(). 2014-11-19 21:35:39 +01:00
Berker Peksag d552da1f8d Fixed #22407 -- Added AdminEmailHandler.send_mail(). 2014-11-15 09:38:19 +01:00
Tim Graham 7ef81b5cdd Removed thread customizations of six which are now built-in. 2014-11-13 10:30:53 +01:00
Aymeric Augustin b8ba73cd0c Raised SuspiciousFileOperation in safe_join.
Added a test for the condition safe_join is designed to prevent.

Previously, a generic ValueError was raised. It was impossible to tell
an intentional exception raised to implement safe_join's contract from
an unintentional exception caused by incorrect inputs or unexpected
conditions. That resulted in bizarre exception catching patterns, which
this patch removes.

Since safe_join is a private API and since the change is unlikely to
create security issues for users who use it anyway -- at worst, an
uncaught SuspiciousFileOperation exception will bubble up -- it isn't
documented.
2014-11-11 19:05:14 +01:00
Tim Graham b07aa52e8a Added a dummy class for HTMLParserError; refs #23763. 2014-11-05 09:54:35 -05:00
Tim Graham 81477c91f6 Updated six to 1.8.0. 2014-11-04 20:38:38 -05:00
Unai Zalakain c548c8d0d1 Fixed #18456 -- Added path escaping to HttpRequest.get_full_path(). 2014-11-03 07:59:19 -05:00
Markus Holtermann ed2f96819c Fixed #23715 -- Prevented urlize from treating a trailing ! as part of an URL
Thanks to 57even for the report.
2014-10-31 08:06:40 -04:00
Markus Holtermann 98da408964 Fixed #23670 -- Prevented partial import state during module autodiscovery
Thanks kostko for the report.
2014-10-31 08:01:47 -04:00
David Hoffman 03467368db Fixed #23558 -- documented slugify limitations 2014-10-30 09:02:04 -04:00
John-Scott Atlakson dbf7a3df45 Fixed #23688 -- Updated cached_property to preserve docstring of original function 2014-10-20 17:59:07 -04:00
Jon Dufresne 54e695331b Fixed #20221 -- Allowed some functions that use mark_safe() to result in SafeText.
Thanks Baptiste Mispelon for the report.
2014-10-20 17:08:29 -04:00
Jon Dufresne 59026bfbf9 Fixed #23668 -- Changed make_aware() and make_naive() to use the current timezone by default
Thanks Aymeric Augustin for review.
2014-10-20 12:42:10 -04:00
Thomas Chaumeny b962653060 Fixed #23664 -- Provided a consistent definition for OrderedSet.__bool__
This also defines QuerySet.__bool__ for consistency though this should not have any consequence as bool(qs) used to fallback on QuerySet.__len__ in Py3.
2014-10-16 14:16:24 +02:00
Anubhav Joshi 10b17a22be Fixed #19508 -- Implemented uri_to_iri as per RFC.
Thanks Loic Bistuer for helping in shaping the patch and Claude Paroz
for the review.
2014-10-16 02:31:17 +07:00
Florian Apolloner 2ccbaba1f2 Added unicode_literals to the jslexer.
This ensure that ''.join(c) in jslex.py always returns text.
2014-10-15 15:09:35 +02:00
Jaap Roes 115c307184 Fixed #23613 -- Deprecated django.utils.checksums 2014-10-10 09:22:20 -04:00
Tim Graham 9dff5ce7c7 Fixed #23593 -- Fixed crash in AdminEmailHandler with non-ASCII characters in request.
Thanks edevil for the report and Simon Charette for review.
2014-10-06 17:35:53 -04:00
Seth Hill fe2afcd318 Fixed #23569 -- Allowed using configs besides dictConfig in LOGGING_CONFIG. 2014-09-30 17:13:27 -04:00
Thomas Chaumeny b2aad7b836 Replaced set([foo, ...]) by {foo, ...} literals. Refs PR 3282.
Thanks Collin Anderson for the review.
2014-09-29 00:01:38 +07:00
Yuri Kriachko 11f307a5a8 Fixed #23196 -- Short-circuited empty string translation
Translating an empty string used to return the gettext catalog
metadata instead of the empty string.
Thanks Ned Batchelder for the suggestion, Tim Graham for the review
and Anton Berezin and Claude Paroz for contributions to the patch.
2014-09-21 17:08:17 +02:00
Tim Graham fbeb7979ee Avoided using deprecated version of importlib; refs #23418. 2014-09-10 13:07:40 -04:00
Tim Graham a4c23f70de Fixed flake8 warnings. 2014-09-09 20:57:26 -04:00
Claude Paroz b9d9287f59 Fixed urlize after smart_urlquote rewrite
Refs #22267.
2014-09-09 21:59:35 +02:00
Claude Paroz 4b8a1d2c0d Fixed #22267 -- Fixed unquote/quote in smart_urlquote
Thanks Md. Enzam Hossain for the report and initial patch, and
Tim Graham for the review.
2014-09-09 21:58:07 +02:00
Tim Graham 2508be35ca Fixed #23399 -- Optimized django.utils.http.int_to_bas36()
Thanks liminspace for the patch and Keryn Knight for benchmarking.
2014-09-08 19:31:21 -04:00
Tim Graham 5cba975d26 Fixed flake8 warning. 2014-09-08 17:28:55 -04:00
Markus Holtermann d28b5f13b3 Fixed #23418 -- Fail when migration deconstruct produces invalid import 2014-09-08 21:27:34 +02:00
Claude Paroz 885ff6845e Revert "Fixed #23384 -- Allowed overriding part of a dictionary-type setting"
This reverts commit 66757fee7e.
Discussions have led to think that this functionality does not
bring significant benefits to justify the added complexity.
Read also discussions on ticket #22734.
2014-09-05 20:06:02 +02:00