Commit Graph

210 Commits

Author SHA1 Message Date
Florian Apolloner 1ff11304dc [1.7.x] Fixed #22680 -- I/O operation on closed file.
This patch is two-fold; first it ensure that Django does close everything in
request.FILES at the end of the request and secondly the storage system should
no longer close any files during save, it's up to the caller to handle that --
or let Django close the files at the end of the request.

Backport of e2efc8965e from master.
2014-06-11 09:03:11 +02:00
Aymeric Augustin 7fef18ba9e [1.7.x] Dropped fix_IE_for_vary/attach.
This is a security fix. Disclosure following shortly.
2014-05-14 10:18:26 +02:00
Claude Paroz 210d0489c5 Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
2014-03-08 09:57:40 +01:00
Rodolfo Carvalho 0d91225892 Fixed many typos in comments and docstrings.
Thanks Piotr Kasprzyk for help with the patch.
2014-03-03 07:38:09 -05:00
Aaron France 1150053b99 Fixed #21912 -- Improved error message if a view returns None.
Thanks brycenesbitt for the report.
2014-02-15 11:18:16 -05:00
Curtis f43e895b15 Replace _parse_content_type with cgi.parse_header 2014-02-09 10:01:16 +11:00
Berker Peksag 5d263dee30 Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string().
Thanks Aymeric Augustin for the suggestion and review.
2014-02-08 11:12:19 -05:00
Curtis d7a4b156d9 Use cached_property for request.GET and request.COOKIES 2013-12-24 21:57:57 +11:00
Claude Paroz e6dd70b4db Fixed #21383 -- Added request details in SuspiciousOperation messages 2013-11-09 12:11:58 +01:00
coagulant 3bc0d46a84 Fixed all E261 warnings 2013-11-02 18:20:39 -04:00
Tim Graham 36ded01527 Fixed #21302 -- Fixed unused imports and import *. 2013-11-02 15:24:56 -04:00
Alasdair Nicol b289fcf1bf Fixed #21288 -- Fixed E126 pep8 warnings 2013-10-21 08:31:30 -04:00
Alasdair Nicol bab9123daa Fixed #21268 -- Fixed E303 pep8 warnings 2013-10-18 01:46:24 +01:00
Bouke Haarsma 2fb5a51fa3 Fixed #18659 -- Deprecated request.REQUEST and MergeDict
Thanks Aymeric Augustin for the suggestion.
2013-10-17 09:42:28 -04:00
Unai Zalakain c7634cd7fe Fixed #7603 -- Added a 'scheme' property to the HttpRequest object
`HttpRequest.scheme` is `https` if `settings.SECURE_PROXY_SSL_HEADER` is
appropriately set and falls back to `HttpRequest._get_scheme()` (a hook
for subclasses to implement) otherwise.

`WSGIRequest._get_scheme()` makes use of the `wsgi.url_scheme` WSGI
environ variable to determine the request scheme.

`HttpRequest.is_secure()` simply checks if `HttpRequest.scheme` is
`https`.

This provides a way to check the current scheme in templates, for example.
It also allows us to deal with other schemes.

Thanks nslater for the suggestion.
2013-10-15 09:04:12 -04:00
Aymeric Augustin 8aaca651cf Fixed #20557 -- Properly decoded non-ASCII cookies on Python 3.
Thanks mitsuhiko for the report.

Non-ASCII values are supported. Non-ASCII keys still aren't, because the
current parser mangles them. That's another bug.
2013-09-07 10:25:43 -05:00
Aymeric Augustin ae7f9afaf6 Minor cleanup in the WSGI handler. 2013-09-07 10:25:16 -05:00
Aymeric Augustin 4e88d106dc Refactored the unmangling of the WSGI environ. 2013-09-07 10:03:50 -05:00
Aymeric Augustin 636860fbfb Moved two WSGI-specific functions to the WSGI handler.
They were defined in base when the mod_python handler used them. See bfcecbff.
2013-09-07 10:03:49 -05:00
Alex Gaynor 3e0eb2d788 Fixed a number of lint warnings, particularly around unused variables. 2013-08-04 09:17:10 -07:00
Loic Bistuer 48ce167d89 Fixed missing initializations in WSGIRequest. Refs #20619 2013-06-26 14:36:25 +07:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Aymeric Augustin 6633eeb886 Changed API to disable ATOMIC_REQUESTS per view.
A decorator is easier to apply to CBVs. Backwards compatibility isn't an
issue here, except for people running on a recent clone of master.

Fixed a few minor problems in the transactions docs while I was there.
2013-05-19 19:53:16 +02:00
Aymeric Augustin cb86f707a0 Fixed #12747 -- Made reason phrases customizable. 2013-05-19 13:14:54 +02:00
Alex Gaynor ea3a378c22 Added an HTTP status code to Django's WSGI application that was missing (reason unknown). 2013-05-08 12:45:31 -07:00
Aymeric Augustin 1267d2d9bc Fixed #20330 -- Normalized spelling of "web server".
Thanks Baptiste Mispelon for the report.
2013-04-29 19:40:43 +02:00
Julien Phalip 2f81a0ca65 Fixed #20169 -- Ensured that the WSGI request's path is correctly based on the `SCRIPT_NAME` environment parameter or the `FORCE_SCRIPT_NAME` setting, regardless of whether or not those have a trailing slash. Thanks to bmispelon for the review. 2013-04-01 12:04:44 -07:00
Loic Bistuer 521765f63d Fixed #19541 -- Fixed BaseHandler to enable reversing URLs in response middlewares
and streamed responses with respect to per-request urlconf.
2013-03-25 03:19:19 +07:00
Aymeric Augustin f5dbb566ee Fixed #17550 -- Removed a workaround for a bug in flup 1.0.1.
This reverts commit 948a833eb7.

flup appears to be dead, and this fix breaks legitimate uses of Django.

Refs #8490.
2013-03-24 10:57:38 +01:00
Aymeric Augustin ac37ed21b3 Deprecated TransactionMiddleware and TRANSACTIONS_MANAGED.
Replaced them with per-database options, for proper multi-db support.

Also toned down the recommendation to tie transactions to HTTP requests.
Thanks Jeremy for sharing his experience.
2013-03-11 15:04:05 +01:00
Claude Paroz 7c5b244826 Fixed #17061 -- Factored out importing object from a dotted path
Thanks Carl Meyer for the report.
2013-02-04 16:38:25 +01:00
Aymeric Augustin acc5396e6d Fixed #19519 -- Fired request_finished in the WSGI iterable's close(). 2012-12-31 12:47:34 +01:00
Aymeric Augustin 1e4a27d087 Fixed #19468 -- Decoded request.path correctly on Python 3.
Thanks aliva for the report and claudep for the feedback.
2012-12-22 13:32:39 +01:00
Aymeric Augustin be9f2919e0 Edited the middleware doc for completeness, clarity, and consistency. 2012-12-09 22:30:01 +01:00
Claude Paroz 6de6988f99 Fixed #5076 -- Properly decode POSTs with non-utf-8 payload encoding
Thanks daniel at blogg.se for the report and Aymeric Augustin for
his assistance on the patch.
2012-10-30 09:00:32 +01:00
Alex Gaynor 1b096ad773 Removed a function that is already fully implemented by a base class. 2012-10-24 12:49:57 -07:00
Florian Apolloner 6a6f589bfe Merge branch 'ticket15695' 2012-09-29 21:57:50 +02:00
Florian Apolloner b946db5241 Fixed #15695 -- Added `ResolverMatch` to the request object. 2012-09-27 15:06:58 +02:00
Claude Paroz 26ff2be787 Imported getLogger directly from logging module
This was a remainder of some 2.4 compatibility code.
2012-09-20 21:03:24 +02:00
Florian Apolloner 9ca17f883d Replace nested try/finally try/except with try/except/finally. 2012-09-09 13:00:10 +02:00
Claude Paroz ae88e73fa6 Replaced some smart_xxx by force_xxx equivalent
smart_str/smart_text should only be used when a potential lazy
string should be preserved in the result of the function call.
2012-08-30 15:46:16 +02:00
Aymeric Augustin 27d16a3ca4 [py3] Fixed middleware_exceptions tests. 2012-08-15 22:53:52 +02:00
Claude Paroz f8ea12f36b [py3] Removed excessive usage of smart_bytes 2012-08-15 12:13:54 +02:00
Claude Paroz 64531df5df Sent got_request_exception signal before handle_uncaught_exception
In some cases (notably Python 3), when handle_uncaught_exception was
itself raising an exception, the got_request_exception was storing
the latter exception instead of the original exception.
2012-08-15 10:58:26 +02:00
Claude Paroz 15fffcc751 [py3] Fixed reraising of exceptions
reraise with second argument to None is not supported.
2012-08-11 23:46:23 +02:00
Aymeric Augustin c5ef65bcf3 [py3] Ported django.utils.encoding.
* Renamed smart_unicode to smart_text (but kept the old name under
  Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
  and smart_bytes under Python 2 (which is backwards compatible).
  Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
  want a str.
2012-08-07 12:00:22 +02:00
Claude Paroz 9908201d7f Replaced some byte strings by str() calls
This is a useful trick when Python 2 awaits byte strings and
Python 3 Unicode (regular) strings.
2012-08-03 15:18:13 +02:00
Aymeric Augustin d796c94b03 [py3] Used six.reraise wherever necessary. 2012-07-22 09:29:52 +02:00
Alex Gaynor e0fce8706d Switch to using context managers for acquiring and releasing locks. 2012-06-23 08:11:15 -07:00
Claude Paroz 4a103086d5 Fixed #18269 -- Applied unicode_literals for Python 3 compatibility.
Thanks Vinay Sajip for the support of his django3 branch and
Jannis Leidel for the review.
2012-06-07 18:08:47 +02:00