Commit Graph

834 Commits

Author SHA1 Message Date
Jacob Kaplan-Moss ae3535169a Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S.
This is a security fix; disclosure to follow shortly.
2013-08-13 11:06:22 -05:00
David Evans 8a160d5de1 Use `usegmt` flag in formatdate
Slightly cleaner and faster than string manipulation.
 
This flag has been available since Python 2.4:
http://docs.python.org/2/library/email.util.html#email.utils.formatdate
2013-08-07 12:00:39 +01:00
Curtis Maloney 07876cf02b Deprecated SortedDict (replaced with collections.OrderedDict)
Thanks Loic Bistuer for the review.
2013-08-04 07:09:39 -04:00
Claude Paroz fdd7a355bf Deprecated django.utils.importlib
This was a shim for pre-Python 2.7 support.
2013-07-29 17:10:22 +02:00
Florian Apolloner b70c371fc1 Simplified smart_urlquote and added some basic tests. 2013-07-28 10:05:39 +02:00
Matt Deacalion Stevens a269ea4fe0 Fixed #14656 -- Added Atom1Feed `published` element
Some feed aggregators make use of the `published` element as well as
the `updated` element (within the Atom standard -- http://bit.ly/2YySb).

The standard allows for these two elements to be present in the same
entry. `Atom1Feed` had implemented the `updated` element which was
incorrectly taking the date from `pubdate`.
2013-07-19 10:38:34 -04:00
Tim Graham 2456ffa42c Fixed #20746 -- Removed Python 2.6 specific code/docs 2013-07-14 13:02:55 -04:00
Christopher Medrela b4c61c2665 Added clarification comments to django.utils.image; refs #19934 2013-07-12 12:38:00 +02:00
SusanTan d63327d843 Fixed #20711 -- Fixed broken link in timesince.py docstring 2013-07-07 12:40:05 -04:00
Aymeric Augustin 6c66a41c3d Relied on NullHandler from the logging stdlib module. 2013-07-01 23:16:25 +02:00
Aymeric Augustin 72c65fea41 Deprecated django.utils.dictconfig.
The module still exists for whoever uses it in its current state, but it
isn't imported by Django anywhere.
2013-07-01 22:50:58 +02:00
Aymeric Augustin 09b446dfe8 This doesn't need to be a package any more.
Refs #20680.
2013-07-01 22:46:35 +02:00
Aymeric Augustin 7f264e02f4 Fixed #20680 -- Deprecated django.utils.unittest.
Refs #19204.
2013-07-01 14:29:33 +02:00
Aymeric Augustin acd7b34aaf Advanced deprecation warnings for Django 1.7. 2013-06-29 18:49:37 +02:00
Ramiro Morales 24bbf1367a Removed django.utils.encoding.StrAndUnicode class, deprecated in Django 1.5. 2013-06-28 23:16:28 -03:00
Ramiro Morales 7379d9acea Removed insert(), value_for_insert() SortedDict methods deprecated in Django 1.5. 2013-06-28 22:38:13 -03:00
Ramiro Morales bb33ee5e7b Removed django.utils.itercompat.product() as per deprecation TL. 2013-06-28 21:48:16 -03:00
Ramiro Morales da6d303df4 Removed django.utils.simplejson as per deprecation TL. 2013-06-28 21:48:16 -03:00
Tim Graham 1184d07789 Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk.
uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.

Thanks jonash for the initial patch and claudep for the review.
2013-06-26 13:11:47 -04:00
Aymeric Augustin ffcf24c9ce Removed several unused imports. 2013-06-19 17:18:40 +02:00
Loic Bistuer ee77d4b253 Fixed #20199 -- Allow ModelForm fields to override error_messages from model fields 2013-06-18 08:01:17 -04:00
Florian Apolloner c9d07d251f Fixed loaddata for Django checkouts with non ASCII chars in the name. 2013-06-03 13:18:16 +02:00
Alex Gaynor 09d0568697 Switched to using some constants the hmac module exposes. 2013-06-02 10:31:38 -07:00
Danilo Bargen 127d9b2792 Added minor splitting optimization in django.utils.ipv6._unpack_ipv4 2013-06-01 07:08:13 -04:00
Ramiro Morales 0fa8d43e74 Replaced `and...or...` constructs with PEP 308 conditional expressions. 2013-05-26 23:47:50 -03:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Baptiste Mispelon 2ee447fb5f Fixed #20296 -- Allowed SafeData and EscapeData to be lazy 2013-05-25 16:06:44 +02:00
Claude Paroz b7cf44dde8 Fixed some minor translation-related issues 2013-05-25 14:32:44 +02:00
Claude Paroz c0439b6210 Removed obsolete attribute of DjangoTranslation 2013-05-25 14:01:52 +02:00
Claude Paroz b664cb818d Fixed #19237 (again) - Made strip_tags consistent between Python versions 2013-05-23 14:01:27 +02:00
Claude Paroz dc51ec8bc2 Fixed #19237 -- Used HTML parser to strip tags
The regex method used until now for the strip_tags utility is fast,
but subject to flaws and security issues. Consensus and good
practice lead use to use a slower but safer method.
2013-05-22 17:34:02 +02:00
Claude Paroz fd961941cc Imported copyreg from six.moves 2013-05-21 14:41:39 +02:00
Daniel Lindsley e24d486fbc Fixed #20212 - __reduce__ should only be defined for Py3+. 2013-05-21 00:49:21 -07:00
Łukasz Langa 26e3e7ecb5 Fixed #11915: generic Accept-Language matches country-specific variants 2013-05-19 12:50:09 +02:00
Marc Tamlyn 413735b239 Fix a typo in a comment. 2013-05-19 11:24:36 +02:00
Emil Stenström 7d77e9786a Fixed #20246 -- Added non-breaking spaces between values an units 2013-05-18 23:01:48 +02:00
Florian Apolloner acd0bb39df Fixed #14894 -- Ensure that activating a translation doesn't run into threading issues.
Thanks to maxbublis for the report and sergeykolosov for the patch.
2013-05-18 17:36:31 +02:00
Łukasz Langa 92ebb29c53 Fixes #19919: get_language_from_request() disregards "en-us" and "en" languages
when matching Accept-Language
2013-05-18 14:37:04 +02:00
Florian Apolloner 051cb1f4c6 Fixed #20411 -- Don't let invalid referers blow up CSRF same origin checks.
Thanks to edevil for the report and saz for the patch.
2013-05-18 12:32:47 +02:00
Aymeric Augustin 9c487b5974 Replaced an antiquated pattern.
Thanks Lennart Regebro for pointing it out.
2013-05-17 18:08:58 +02:00
Florian Apolloner 4ecc6da20b Removed unicode literals from PIL compat. 2013-05-15 09:00:09 +02:00
Daniel Lindsley 33793f7c3e Fixed #19934 - Use of Pillow is now preferred over PIL.
This starts the deprecation period for PIL (support to end in 1.8).
2013-05-14 19:32:04 -07:00
Carl Meyer 9012833af8 Fixed #17365, #17366, #18727 -- Switched to discovery test runner.
Thanks to Preston Timmons for the bulk of the work on the patch, especially
updating Django's own test suite to comply with the requirements of the new
runner. Thanks also to Jannis Leidel and Mahdi Yusuf for earlier work on the
patch and the discovery runner.

Refs #11077, #17032, and #18670.
2013-05-10 23:08:45 -04:00
Claude Paroz 4769db6b5f Fixed #20321 -- Added missing key name in MergeDict KeyError message
Thanks mark.harviston et gmail.com for the report.
2013-04-26 08:59:34 +02:00
Alex Gaynor 714161c864 Fix != operations on lazy objects. 2013-04-19 10:58:29 -07:00
Anton Baklanov 59d127e45f Fixed #20276 -- Implemented __bool__ for MergeDict
MergeDict evaluates now to False if all contained dicts are empty.
Thanks til for the report and the initial patch.
2013-04-19 10:08:16 +02:00
Baptiste Mispelon e7b9c11c3f Fixed #20231 -- Don't use allow_lazy on smart_split 2013-04-10 13:05:29 +02:00
Claude Paroz b474ffe63a Fixed #20172 -- Ensured urlize supports IPv4/IPv6 addresses
Thanks Marc Aymerich for the report and the initial patch.
2013-04-01 15:37:37 +02:00
Joe Friedl 2d0db67813 Fixed #20167 -- Preserve the traceback of `ImportError`s in `import_by_path`.
Thanks @carljm for the review.
2013-03-31 23:00:06 -04:00
Gavin Wahl ec04fd1344 Fixed spelling errors 2013-03-28 11:16:53 -06:00