Tim Graham
536cc64240
[1.6.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths.
...
Thanks Rainer Koirikivi for the report and draft patch.
This is a security fix; disclosure to follow shortly.
Backport of 7fe5b656c9
from master
2013-09-10 21:03:51 -04:00
Aymeric Augustin
115318051c
[1.6.x] Replaced "not PY3" by "PY2", new in six 1.4.0.
...
Conflicts:
django/db/backends/oracle/base.py
django/db/backends/sqlite3/base.py
django/db/models/base.py
Backport of 365c3e8b
from master.
2013-09-03 07:34:45 -05:00
Tim Graham
28b1317fd8
[1.6.x] Fixed #20949 -- Typo #2 in docstring
...
Backport of 0073f1d94f
from master
2013-08-21 10:50:27 -04:00
Tim Graham
b0821e6d3a
[1.6.x] Fixed docstring typo, thanks minddust.
...
Backport of d3ed15b79d
from master
2013-08-21 09:02:19 -04:00
Tim Graham
ccff25b143
[1.6.x] Fixed #17778 -- Prevented class attributes on context from resolving as template variables.
...
Thanks KyleMac for the report, regebro for the patch, and Aymeric for the test.
Backport of 71b5617c24
from master.
2013-08-15 10:22:56 -04:00
Baptiste Mispelon
ec371ace00
Fixed #20650 -- Fixed {% filter %} incorrectly accepting 'escape' as argument
...
Thanks to grzesiof for the report and to loic84 and Alex Gaynor
for the review.
2013-06-25 20:28:35 +02:00
Aymeric Augustin
ffcf24c9ce
Removed several unused imports.
2013-06-19 17:18:40 +02:00
Emil Stenström
7d77e9786a
Fixed #20246 -- Added non-breaking spaces between values an units
2013-05-18 23:01:48 +02:00
Aymeric Augustin
9c487b5974
Replaced an antiquated pattern.
...
Thanks Lennart Regebro for pointing it out.
2013-05-17 18:08:58 +02:00
Claude Paroz
2bcbca3451
Updated some 'Dive Into Python' links
2013-04-01 14:04:41 +02:00
Aymeric Augustin
68905695b8
Fixed #19510 -- Race condition in template loading.
...
Thanks Kronuz and regebro.
2013-03-17 23:56:07 +01:00
Łukasz Langa
40b9f4fb8b
[py3] Always fed hashlib with bytes.
2013-02-27 10:02:07 +01:00
Carl Meyer
87e8dfaa47
Switching to autoescape is not a change in syntax.
2013-02-25 00:43:03 -07:00
Carl Meyer
3ded2aef71
Remove leading underscore from a function that's all growed up now.
...
This function is now the de facto standard function for rendering values in a
template, and is imported by two other built-in template modules. It shouldn't
have a leading underscore.
2013-02-25 00:33:29 -07:00
Christopher Medrela
636c45fc58
Fixed #19890 -- ifchanged templatetag rendered its content twice
...
The content of ifchanged template tag was rendered twice: first time, to
compare it with the previous value and the second time, to return the
rendered output.
2013-02-24 16:49:28 +01:00
Diederik van der Boor
8503120c10
Fixed #15849 -- Made IfChanged node thread safe.
...
Previously, the ifchanged node stored state on `self._last_seen`,
thereby giving undesired results when the node is reused by another
thread at the same time (e.g. globally caching a Template object).
Thanks to akaihola for the report and Diederik van der Boor and
Bas Peschier for the patch.
2013-02-24 16:06:55 +01:00
Lennart Regebro
687d2e967d
Fixed #19827 -- Kept stacktrace in defaulttags exception reraising
...
Thanks Kronuz for the report and the initial patch.
2013-02-23 17:43:17 +01:00
Aymeric Augustin
5278776a88
Merge pull request #751 from bmispelon/ticket-6271
2013-02-23 07:47:58 -08:00
Vladimir A Filonov
f49e9a517f
Fixed #17906 - Autoescaping {% cycle %} and {% firstof %} templatetags.
...
This commit adds "future" version of these two tags with auto-escaping
enabled.
2013-02-23 16:16:39 +01:00
Baptiste Mispelon
069280a689
Used token.split_contents() for tokenisation in template tags accepting variables.
...
Fixed #6271 , #18260 .
2013-02-23 15:15:30 +01:00
Claude Paroz
e5a8df06be
Fixed #19846 -- Optimized a dict of lists in BlockContext class
...
Thanks Curtis Maloney for the report and the patch.
2013-02-22 23:55:11 +01:00
Baptiste Mispelon
f13bfbec70
Fixed #19882 -- Smarter tokenizing of {% for %} tag arguments.
2013-02-22 19:19:33 +01:00
Julien Phalip
7d5e35cdb4
Fixed #19829 -- Fixed index lookups for NumPy arrays in templates.
2013-02-14 23:29:15 -08:00
Michael van Tellingen
138de533ff
Fixed #19819 - Improved template filter errors handling.
...
Wrap the Parser.compile_filter method call with a try/except and call the
newly added Parser.compile_filter_error(). Overwrite this method in the
DebugParser to throw the correct error.
Since this error was otherwise catched by the compile_function try/except
block the debugger highlighted the wrong line.
2013-02-14 10:22:59 +01:00
Ramiro Morales
826d9de00e
Fixed #19729 -- Removed leftover refactoring helper variables.
...
Thanks chrismedrela for the report.
Refs #6262 , 44b9076
and 4d94c0c
.
2013-02-04 20:31:50 -03:00
Claude Paroz
7c5b244826
Fixed #17061 -- Factored out importing object from a dotted path
...
Thanks Carl Meyer for the report.
2013-02-04 16:38:25 +01:00
Aymeric Augustin
a7b7d6320c
Merge pull request #595 from bmispelon/patch-1
...
Fixed a typo in WidthRatioNode.
2012-12-29 13:39:52 -08:00
Aymeric Augustin
5d5e1f5afa
Removed support is_safe and needs_autoescape as function attributes.
2012-12-29 21:59:07 +01:00
Tim Graham
6534a95ac3
Fixed #19470 - Clarified widthratio example.
...
Thanks orblivion for the suggestion.
2012-12-18 08:20:01 -05:00
Baptiste Mispelon
ac8eb82abb
Fixed typo in WidthRatioNode's error.
2012-12-17 10:35:36 +01:00
Aymeric Augustin
49519328b4
Fixed #19392 -- Improved error for old-style url tags with dashes.
...
Thanks dloewenherz for the report.
2012-12-09 16:17:56 +01:00
Danilo Bargen
c10aaa70a4
Fixed #19370 -- Made date filter properly handle midnight value
2012-11-27 21:24:16 +01:00
Aymeric Augustin
7644800070
Change exception type to reduce confusion.
...
TemplateSyntaxError is expected at compile time, not at run time.
Refs #19280 .
2012-11-25 19:51:42 +01:00
Aymeric Augustin
d266919584
Fixed #19280 -- Raised an explicit exception for the old {% url %} syntax.
2012-11-24 22:10:51 +01:00
Riley Strong
d179794c6b
Fix typo in comment
2012-11-19 19:31:21 -06:00
Sean Breant
4d817b3887
Fixed #19262 -- Support cookie pickling in SimpleTemplateResponse
...
Refs #15863 .
2012-11-09 21:07:53 +01:00
Claude Paroz
fa2e28ccc4
Fixed #18484 -- Removed the div around the csrf token input
2012-10-13 11:30:09 +02:00
Ramiro Morales
2100da9dcd
Ensure we ignore __pycache__ PEP 3174 dirs in a few more places.
2012-10-06 18:40:58 -03:00
Martey Dodoo
3fb2662edc
Fixes #18933 . Fixes code example in docstring.
...
Makes code example of silent keyword docstring in cycle templatetag
method the same as in the documentation.
2012-09-09 00:35:40 -04:00
Claude Paroz
ae88e73fa6
Replaced some smart_xxx by force_xxx equivalent
...
smart_str/smart_text should only be used when a potential lazy
string should be preserved in the result of the function call.
2012-08-30 15:46:16 +02:00
Claude Paroz
e2b4eddc11
Used the decorator syntax for properties in django.http
2012-08-22 20:55:24 +02:00
Marc Tamlyn
e4984812cd
Fixed bug in 212b982
-- Removed duplicate code in removetags
2012-08-18 17:09:37 +01:00
Marc Tamlyn
212b9826bd
Fixed #14516 -- Extract methods from removetags and slugify template filters
...
Patch by @jphalip updated to apply, documentation and release notes
added.
I've documented strip_tags as well as remove_tags as the difference
between the two wouldn't be immediately obvious.
2012-08-18 15:07:21 +01:00
Claude Paroz
2d2dca2d8e
[py3] Fixed slugify filter
2012-08-15 12:29:10 +02:00
Aymeric Augustin
2ae58b20ec
[py3] Fixed egg template loader.
2012-08-14 12:29:53 +02:00
Claude Paroz
dce34dc969
[py3] Made __repr__ return str with Python 3
2012-08-12 20:45:39 +02:00
Aymeric Augustin
d4a0b27838
[py3] Refactored __unicode__ to __str__.
...
* Renamed the __unicode__ methods
* Applied the python_2_unicode_compatible decorator
* Removed the StrAndUnicode mix-in that is superseded by
python_2_unicode_compatible
* Kept the __unicode__ methods in classes that specifically
test it under Python 2
2012-08-12 14:44:40 +02:00
Aymeric Augustin
2bb2eecb63
[py3] Removed redundant __str__ methods.
...
These classes already have an identical __unicode__ method, which
will be used after an upcoming refactoring.
2012-08-12 14:44:40 +02:00
Karen Tracey
759ae3c2da
Fixed #18739 -- witdthratio behavior on None args
...
Made behavior given None consistent with how non-numerics were handled.
Thanks to ja.geb@me.com for the report.
2012-08-11 19:24:18 -04:00
Alex Gaynor
4c97101b1f
remove a bunch of unnescesarry iterkeys() calls
2012-08-08 07:33:15 -07:00