Jacob Kaplan-Moss
ae3535169a
Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S.
...
This is a security fix; disclosure to follow shortly.
2013-08-13 11:06:22 -05:00
David Evans
8a160d5de1
Use `usegmt` flag in formatdate
...
Slightly cleaner and faster than string manipulation.
This flag has been available since Python 2.4:
http://docs.python.org/2/library/email.util.html#email.utils.formatdate
2013-08-07 12:00:39 +01:00
Curtis Maloney
07876cf02b
Deprecated SortedDict (replaced with collections.OrderedDict)
...
Thanks Loic Bistuer for the review.
2013-08-04 07:09:39 -04:00
Claude Paroz
fdd7a355bf
Deprecated django.utils.importlib
...
This was a shim for pre-Python 2.7 support.
2013-07-29 17:10:22 +02:00
Florian Apolloner
b70c371fc1
Simplified smart_urlquote and added some basic tests.
2013-07-28 10:05:39 +02:00
Matt Deacalion Stevens
a269ea4fe0
Fixed #14656 -- Added Atom1Feed `published` element
...
Some feed aggregators make use of the `published` element as well as
the `updated` element (within the Atom standard -- http://bit.ly/2YySb ).
The standard allows for these two elements to be present in the same
entry. `Atom1Feed` had implemented the `updated` element which was
incorrectly taking the date from `pubdate`.
2013-07-19 10:38:34 -04:00
Tim Graham
2456ffa42c
Fixed #20746 -- Removed Python 2.6 specific code/docs
2013-07-14 13:02:55 -04:00
Christopher Medrela
b4c61c2665
Added clarification comments to django.utils.image; refs #19934
2013-07-12 12:38:00 +02:00
SusanTan
d63327d843
Fixed #20711 -- Fixed broken link in timesince.py docstring
2013-07-07 12:40:05 -04:00
Aymeric Augustin
6c66a41c3d
Relied on NullHandler from the logging stdlib module.
2013-07-01 23:16:25 +02:00
Aymeric Augustin
72c65fea41
Deprecated django.utils.dictconfig.
...
The module still exists for whoever uses it in its current state, but it
isn't imported by Django anywhere.
2013-07-01 22:50:58 +02:00
Aymeric Augustin
09b446dfe8
This doesn't need to be a package any more.
...
Refs #20680 .
2013-07-01 22:46:35 +02:00
Aymeric Augustin
7f264e02f4
Fixed #20680 -- Deprecated django.utils.unittest.
...
Refs #19204 .
2013-07-01 14:29:33 +02:00
Aymeric Augustin
acd7b34aaf
Advanced deprecation warnings for Django 1.7.
2013-06-29 18:49:37 +02:00
Ramiro Morales
24bbf1367a
Removed django.utils.encoding.StrAndUnicode class, deprecated in Django 1.5.
2013-06-28 23:16:28 -03:00
Ramiro Morales
7379d9acea
Removed insert(), value_for_insert() SortedDict methods deprecated in Django 1.5.
2013-06-28 22:38:13 -03:00
Ramiro Morales
bb33ee5e7b
Removed django.utils.itercompat.product() as per deprecation TL.
2013-06-28 21:48:16 -03:00
Ramiro Morales
da6d303df4
Removed django.utils.simplejson as per deprecation TL.
2013-06-28 21:48:16 -03:00
Tim Graham
1184d07789
Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk.
...
uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.
Thanks jonash for the initial patch and claudep for the review.
2013-06-26 13:11:47 -04:00
Aymeric Augustin
ffcf24c9ce
Removed several unused imports.
2013-06-19 17:18:40 +02:00
Loic Bistuer
ee77d4b253
Fixed #20199 -- Allow ModelForm fields to override error_messages from model fields
2013-06-18 08:01:17 -04:00
Florian Apolloner
c9d07d251f
Fixed loaddata for Django checkouts with non ASCII chars in the name.
2013-06-03 13:18:16 +02:00
Alex Gaynor
09d0568697
Switched to using some constants the hmac module exposes.
2013-06-02 10:31:38 -07:00
Danilo Bargen
127d9b2792
Added minor splitting optimization in django.utils.ipv6._unpack_ipv4
2013-06-01 07:08:13 -04:00
Ramiro Morales
0fa8d43e74
Replaced `and...or...` constructs with PEP 308 conditional expressions.
2013-05-26 23:47:50 -03:00
Preston Holmes
d228c1192e
Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
...
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.
Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Baptiste Mispelon
2ee447fb5f
Fixed #20296 -- Allowed SafeData and EscapeData to be lazy
2013-05-25 16:06:44 +02:00
Claude Paroz
b7cf44dde8
Fixed some minor translation-related issues
2013-05-25 14:32:44 +02:00
Claude Paroz
c0439b6210
Removed obsolete attribute of DjangoTranslation
2013-05-25 14:01:52 +02:00
Claude Paroz
b664cb818d
Fixed #19237 (again) - Made strip_tags consistent between Python versions
2013-05-23 14:01:27 +02:00
Claude Paroz
dc51ec8bc2
Fixed #19237 -- Used HTML parser to strip tags
...
The regex method used until now for the strip_tags utility is fast,
but subject to flaws and security issues. Consensus and good
practice lead use to use a slower but safer method.
2013-05-22 17:34:02 +02:00
Claude Paroz
fd961941cc
Imported copyreg from six.moves
2013-05-21 14:41:39 +02:00
Daniel Lindsley
e24d486fbc
Fixed #20212 - __reduce__ should only be defined for Py3+.
2013-05-21 00:49:21 -07:00
Łukasz Langa
26e3e7ecb5
Fixed #11915 : generic Accept-Language matches country-specific variants
2013-05-19 12:50:09 +02:00
Marc Tamlyn
413735b239
Fix a typo in a comment.
2013-05-19 11:24:36 +02:00
Emil Stenström
7d77e9786a
Fixed #20246 -- Added non-breaking spaces between values an units
2013-05-18 23:01:48 +02:00
Florian Apolloner
acd0bb39df
Fixed #14894 -- Ensure that activating a translation doesn't run into threading issues.
...
Thanks to maxbublis for the report and sergeykolosov for the patch.
2013-05-18 17:36:31 +02:00
Łukasz Langa
92ebb29c53
Fixes #19919 : get_language_from_request() disregards "en-us" and "en" languages
...
when matching Accept-Language
2013-05-18 14:37:04 +02:00
Florian Apolloner
051cb1f4c6
Fixed #20411 -- Don't let invalid referers blow up CSRF same origin checks.
...
Thanks to edevil for the report and saz for the patch.
2013-05-18 12:32:47 +02:00
Aymeric Augustin
9c487b5974
Replaced an antiquated pattern.
...
Thanks Lennart Regebro for pointing it out.
2013-05-17 18:08:58 +02:00
Florian Apolloner
4ecc6da20b
Removed unicode literals from PIL compat.
2013-05-15 09:00:09 +02:00
Daniel Lindsley
33793f7c3e
Fixed #19934 - Use of Pillow is now preferred over PIL.
...
This starts the deprecation period for PIL (support to end in 1.8).
2013-05-14 19:32:04 -07:00
Carl Meyer
9012833af8
Fixed #17365 , #17366 , #18727 -- Switched to discovery test runner.
...
Thanks to Preston Timmons for the bulk of the work on the patch, especially
updating Django's own test suite to comply with the requirements of the new
runner. Thanks also to Jannis Leidel and Mahdi Yusuf for earlier work on the
patch and the discovery runner.
Refs #11077 , #17032 , and #18670 .
2013-05-10 23:08:45 -04:00
Claude Paroz
4769db6b5f
Fixed #20321 -- Added missing key name in MergeDict KeyError message
...
Thanks mark.harviston et gmail.com for the report.
2013-04-26 08:59:34 +02:00
Alex Gaynor
714161c864
Fix != operations on lazy objects.
2013-04-19 10:58:29 -07:00
Anton Baklanov
59d127e45f
Fixed #20276 -- Implemented __bool__ for MergeDict
...
MergeDict evaluates now to False if all contained dicts are empty.
Thanks til for the report and the initial patch.
2013-04-19 10:08:16 +02:00
Baptiste Mispelon
e7b9c11c3f
Fixed #20231 -- Don't use allow_lazy on smart_split
2013-04-10 13:05:29 +02:00
Claude Paroz
b474ffe63a
Fixed #20172 -- Ensured urlize supports IPv4/IPv6 addresses
...
Thanks Marc Aymerich for the report and the initial patch.
2013-04-01 15:37:37 +02:00
Joe Friedl
2d0db67813
Fixed #20167 -- Preserve the traceback of `ImportError`s in `import_by_path`.
...
Thanks @carljm for the review.
2013-03-31 23:00:06 -04:00
Gavin Wahl
ec04fd1344
Fixed spelling errors
2013-03-28 11:16:53 -06:00