Commit Graph

788 Commits

Author SHA1 Message Date
Tim Baxter f6b5cecc71 Refs #28457 -- Updated the colors of the 'Congrats' page for WCAG AA compliance. 2017-10-28 07:57:27 -04:00
Scot Hacker 6642a646f0 Fixed #28735 -- Fixed typo in django/views/templates/default_urlconf.html. 2017-10-24 11:17:47 -04:00
Stefan Sinca 347551c2a1 Fixed #28508 -- Set the foreground color to black in CSRF and 404 error templates. 2017-09-21 10:23:23 -04:00
Sjoerd Job Postmus df41b5a05d Fixed #28593 -- Added a simplified URL routing syntax per DEP 0201.
Thanks Aymeric Augustin for shepherding the DEP and patch review.
Thanks Marten Kenbeek and Tim Graham for contributing to the code.
Thanks Tom Christie, Shai Berger, and Tim Graham for the docs.
2017-09-20 18:04:42 -04:00
Tim Graham 6e4c6281db Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."
This reverts commit 550cb3a365
because try/except performs better.
2017-09-07 08:16:21 -04:00
Tim Graham 46e2b9e059 Fixed CVE-2017-12794 -- Fixed XSS possibility in traceback section of technical 500 debug page.
This is a security fix.
2017-09-05 10:58:38 -04:00
Sebastian Sassi 5848305218 Fixed #28082 -- Made BaseDateListView pass context from get_dated_items() to subclasses.
Thanks leon-matthews for the report and fix.
2017-09-04 10:55:18 -04:00
Sergey Fedoseev f2b93b509c Removed unneeded iter() calls.
A few of these were unnecessarily added in 2b281cc35e.
2017-08-23 16:48:29 -04:00
Allen, Timothy 9229e005aa Django -> django when styled as a logo with font. This was pointed out at DjangoCon US. 2017-08-21 08:00:54 +02:00
Martin von Gagern 71d39571f4 Fixed #28485 -- Made ExceptionReporter.get_traceback_frames() include frames without source code. 2017-08-12 20:32:39 -04:00
Timothy Allen 5fe9b7b40a Fixed #28457 -- Updated the design of the 'Congrats' page for new Django projects.
Developed by Timothy Allen and Chad Whitman of The Wharton School with
shepherding from Aymeric Augustin and Collin Anderson.
2017-08-07 10:33:55 -04:00
Tim Graham 293608a2e0 Refs #7697 -- Removed unnecessary force_escape of technical 500 debug view "unicode hint".
The test passes before and after the removal. unicode_hint will never
be SafeText, so normal autoescaping is sufficient.
2017-08-02 15:16:22 -04:00
Tim Graham 8df7681d0e Removed unneeded escape filter in templates where autoescaping is enabled. 2017-08-01 10:52:29 -04:00
Bruno Alla 604341c85f Fixed #28331 -- Added ContextMixin.extra_context to allowing passing context in as_view(). 2017-07-06 10:34:54 -04:00
Mads Jensen 550cb3a365 Fixed #27818 -- Replaced try/except/pass with contextlib.suppress(). 2017-06-28 14:07:55 -04:00
Flávio Juvenal 0af14b2eaa Refs #16870 -- Doc'd that CSRF protection requires the Referer header. 2017-06-22 11:50:00 -04:00
Josh Schneier 37c9b81ebc Fixed #28104 -- Prevented condition decorator from setting ETag/Last-Modified headers for non-safe requests. 2017-06-06 15:37:14 -04:00
Claude Paroz 23142eea85 Fixed #18394 -- Added error for invalid JavaScriptCatalog packages
Thanks Tim Graham for the review.
2017-06-06 18:02:22 +02:00
partizan ff099f9db8 Fixed #28271 -- Added charset to technical_500_response() AJAX response. 2017-06-05 14:43:40 -04:00
Jon Dufresne 2c69824e5a Refs #23968 -- Removed unnecessary lists, generators, and tuple calls. 2017-06-01 19:08:59 -04:00
Adit Biswas c2eea61dff Fixed #28209 -- Made date-based generic views return a 404 rather than crash when given an out of range date. 2017-05-30 13:20:35 -04:00
Tom 7afb476469 Fixed #28226 -- Replaced use of str.join() with concatenation. 2017-05-27 13:59:05 -04:00
Claude Paroz 2cbb095bec Fixed #28221 -- Fixed plural fallback translations in JavaScriptCatalog view
Thanks Waldemar Kornewald for the report and initial patch.
2017-05-25 22:47:21 +02:00
Claude Paroz eb66057c1e Refs #28221 -- Honor plural number in JavaScriptCatalog 2017-05-20 13:23:54 +02:00
Claude Paroz d842ada305 Refs #27795 -- Stopped converting integer format settings to str in JS/JSON i18n views
Thanks Tim Graham for the review.
2017-05-08 19:32:03 +02:00
Claude Paroz 301de774c2 Refs #27795 -- Replaced many force_text() with str()
Thanks Tim Graham for the review.
2017-04-27 09:10:02 +02:00
Tim Graham 56970c5b61 Fixed #28122 -- Fixed crash when overriding views.static.directory_index()'s template. 2017-04-25 11:01:21 -04:00
Tim Graham 8c6a3062dd Fixed #28079 -- Restored "No POST data" (rather than an empty table) in HTML debug page.
Regression in 7b6dccc82f
2017-04-15 09:21:35 -04:00
Abhishek Gautam 941b869135 Fixed #28008 -- Replaced getElementsByClassName() JavaScript in debug view template. 2017-04-14 08:12:14 -04:00
Claude Paroz ea542a9c72 Fixed #28007 -- Moved debug templates to the filesystem
Thanks Tim Graham for the review.
2017-04-12 11:36:47 -04:00
Tim Graham a1f948b468 Fixed CVE-2017-7234 -- Fixed open redirect vulnerability in views.static.serve().
This is a security fix.
2017-04-04 10:42:06 -04:00
Ionuț Ciocîrlan 78619bcb0a Fixed #27987 -- Added default colors in debug view CSS. 2017-03-28 08:55:16 -04:00
Tim Graham b536dcf656 Fixed #27948 -- Removed incorrect unquote() in static serving views. 2017-03-17 07:55:00 -04:00
Claude Paroz 8346680e1c Refs #27795 -- Removed unneeded force_text calls
Thanks Tim Graham for the review.
2017-03-04 18:18:21 +01:00
Anton Samarchyan 711123e1cd Refs #27656 -- Updated django.views docstring verbs according to PEP 257. 2017-03-03 17:05:42 -05:00
Grzegorz Tężycki fede65260a Fixed #26911 -- Removed NoReverseMatch silencing in RedirectView. 2017-03-01 15:56:39 -05:00
Asif Saifuddin Auvi 5f3a689f71 Imported django.http classes instead of django.http. 2017-02-27 14:47:11 -05:00
Tim Graham 21f13ff5b3 Refs #23919 -- Removed an used block in ExceptionReporter.get_traceback_data().
The test from refs #20368 only runs this block on Python 2.
2017-02-09 09:03:28 -05:00
Claude Paroz c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Tim Graham 597bfcbf8b Removed unused ExceptionReporter.format_exception() method.
Unused since its introduction in e7e4b8b0f7.
2017-02-01 19:55:31 -05:00
Tim Graham 0205e04ce7 Removed ExceptionReporter support for string exceptions.
Reverted refs #6423 since raising string exceptions is prohibited
since Python 2.5.
2017-02-01 19:47:39 -05:00
Vytis Banaitis 8838d4dd49 Refs #23919 -- Replaced kwargs.pop() with keyword-only arguments. 2017-02-01 11:41:56 -05:00
Claude Paroz fee42fd99e Refs #23919 -- Replaced usage of django.utils.http utilities with Python equivalents
Thanks Tim Graham for the review.
2017-01-26 19:49:03 +01:00
Vytis Banaitis d1bab24e01 Refs #23919, #27778 -- Removed obsolete mentions of unicode. 2017-01-26 08:19:27 -05:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Tim Graham 9e6e32bf5d Refs #23919 -- Removed django.utils.decorators.available_attrs() usage.
It's only needed to workaround a bug on Python 2.
2017-01-21 13:20:17 -05:00
Claude Paroz dc8834cad4 Refs #23919 -- Removed unneeded force_str calls 2017-01-20 08:44:31 +01:00
Simon Charette cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Aymeric Augustin 3cc5f01d9b Refs #23919 -- Stopped using django.utils.lru_cache(). 2017-01-18 21:42:40 -05:00
Claude Paroz 2b281cc35e Refs #23919 -- Removed most of remaining six usage
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz 7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Tim Graham d334f46b7a Refs #26601 -- Removed support for old-style middleware using settings.MIDDLEWARE_CLASSES. 2017-01-17 20:52:04 -05:00
Tim Graham 2b20e4148f Refs #19567 -- Removed deprecated javascript_catalog() and json_catalog() views. 2017-01-17 20:52:03 -05:00
Shivang Bharadwaj 6a74950513 Fixed #27258 -- Prohibited django.Template.render() with non-dict context.
Thanks Shivang Bharadwaj for the initial patch.
2016-12-28 16:03:20 -05:00
Waldemar Kornewald b24af2f405 Fixed #27418 -- Fixed occasional missing plural forms in JavaScriptCatalog. 2016-12-14 18:20:30 -05:00
Merrin Macleod eb7fb565e6 Removed an unnecessary, discouraging sentence on the "It worked!" page. 2016-12-13 13:45:09 -05:00
Collederas 07ac5d830a Added period in BaseFormView docstring. 2016-12-08 07:39:15 -05:00
Andreas Pelme 373140b07a Fixed #27567 -- Fixed crash in the debug view when request.user errors. 2016-12-06 12:28:00 -05:00
Ramin Farajpour Cami 967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
Mariusz Felisiak c7f86d3eec Fixed #27373 -- Corrected 404 debug page message for an empty request path. 2016-10-27 16:58:41 -04:00
Alvin Lindstam 6b5106b1ce Fixed #27374 -- Made JavaScriptCatalog respect the packages argument. 2016-10-22 19:26:08 -04:00
Tim Graham 8119b679eb Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
http://bugs.python.org/issue27364
2016-09-17 15:44:06 -04:00
Kevin Christopher Henry 4ef0e019b7 Fixed #27083 -- Added support for weak ETags. 2016-09-10 08:14:52 -04:00
Tim Graham ef021412d5 Normalized spelling of ETag. 2016-09-09 11:00:21 -04:00
Jon Dufresne f227b8d15d Refs #26956 -- Allowed is_safe_url() to validate against multiple hosts 2016-09-07 19:56:25 -07:00
Anatoly Burov 7b6dccc82f Fixed #27191 -- Fixed debug view crash for requests with 'items' in GET/POST/COOKIES/FILES. 2016-09-07 13:47:09 -04:00
Claude Paroz 2ced2f785d Replaced smart_* by force_* calls whenever possible
The smart_* version should only be used when a lazy string should keep
its lazy status.
2016-09-03 13:46:41 +02:00
Jon Dufresne ff1e7b4eb4 Fixed #25181 -- Added localdate() function to get date in a different time zone.
Thanks Konrad Świat for the original patch.
2016-08-31 17:19:33 -07:00
Przemysław Suliga 1f68bb5683 Refs #26902 -- Protected against insecure redirects in set_language(). 2016-08-19 19:16:00 -04:00
Tim Graham 1e32e1cc95 Fixed #26973 -- Fixed views.static.serve() crash with show_indexes enabled. 2016-08-10 11:27:03 -04:00
Jon Dufresne 348cfccd90
Fixed #26938 -- Fixed invalid HTML in template postmortem on the debug page. 2016-07-24 18:18:57 +02:00
Tim Graham 93c538694e Fixed XSS in admin's add/change related popup.
This is a security fix.
2016-07-18 11:17:01 -04:00
Florian Apolloner 9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Vasiliy Faronov ac77c55bc5 Fixed #26567 -- Updated references to obsolete RFC2616.
Didn't touch comments where it wasn't obvious that the code adhered to
the newer standard.
2016-05-03 11:14:40 -04:00
Anssi Kääriäinen 7f51876f99 Fixed #26207 -- Replaced dynamic classes with non-data descriptors for deferred instance loading. 2016-04-29 13:06:32 -04:00
Tim Graham 0d8b523422 Fixed #26553 -- Removed unneeded loop in views/i18n.py 2016-04-28 09:15:34 -04:00
Claude Paroz de40cfbe74 Fixed #19567 -- Added JavaScriptCatalog and JSONCatalog class-based views
Thanks Cristiano Coelho and Tim Graham for the reviews.
2016-04-15 17:28:54 +02:00
Miikka Salminen 9e3f141701 Fixed #26466 -- Added HTTP_REFERER decoding to i18n set_language() view. 2016-04-09 10:57:43 -04:00
Tim Graham df8d8d4292 Fixed E128 flake8 warnings in django/. 2016-04-08 09:51:06 -04:00
Vaclav Ehrlich 369fa471f4 Fixed #26201 -- Documented the consequences of rotating the CSRF token on login. 2016-04-05 11:02:38 -04:00
Tim Graham 2cd2d18851 Fixed W503 flake8 warnings. 2016-04-04 17:14:26 -04:00
Krzysztof Jurewicz 940b7fd5cb Fixed #21446 -- Allowed not performing redirect in set_language view
Thanks Claude Paroz and Tim Graham for polishing the patch.
2016-03-29 22:15:14 +02:00
Claude Paroz 11c60b5298 Reused the DjangoTranslation class for the javascript_catalog view
Thanks Tim Graham and Cristiano Coelho for the reviews.
Refs #26328, #26319.
2016-03-08 21:39:59 +01:00
Andrew Kuchev e81d1c995c Fixed #25670 -- Allowed dictsort to sort a list of lists.
Thanks Tim Graham for the review.
2016-02-23 12:15:08 -05:00
François Freitag 16a88b4429 Fixed #26209 -- Masked sensitive settings in debug reports regardless of case. 2016-02-11 18:13:03 -05:00
Tim Graham 406675b1a0 Fixed #26176 -- Fixed E123 flake8 warnings. 2016-02-05 15:11:07 -05:00
userimack 60586dd737 Fixed #26125 -- Fixed E731 flake warnings. 2016-01-25 14:23:43 -05:00
Iacopo Spalletti 21bf685f5e Fixed #25697 -- Made default error views error when passed a nonexistent template_name. 2016-01-14 07:05:38 -05:00
Varun Sharma 3d6474e1a5 Fixed #25385 -- Allowed importing views.generic.View from views.View. 2016-01-11 08:18:44 -05:00
pp c8d970a548 Refs #25755 -- Unified a couple more spellings of 'website'. 2016-01-11 06:13:16 -05:00
Tim Graham 98839e9066 Removed British/Austrialian word: whilist. 2015-12-31 14:29:52 -05:00
Marten Kenbeek 16411b8400 Fixed #26013 -- Moved django.core.urlresolvers to django.urls.
Thanks to Tim Graham for the review.
2015-12-31 14:21:29 -05:00
Chris Cogdon e429c5186c Fixed #26018 -- Prevented unecessary get_form() call in FormMixin.get_context_data().
Changed "dict.setdefault" to "if x in dict" pattern so that get_form() would not
be called unnecessarily, specifically in the case where FormMixin.form_invalid()
calls get_context_data() with the current form.
2015-12-30 17:29:39 -05:00
Chris Cogdon 4b2dcfe04f Fixed #26006 -- Fixed incorrect object reference in SingleObjectMixin.get_context_object_name(). 2015-12-30 09:56:45 -05:00
Tim Graham acd3606049 Removed blank line to appease isort. 2015-11-17 19:01:06 -05:00
Raphael Michel 16945f0e9c Fixed #25695 -- Added template_name parameter to csrf_failure() view. 2015-11-17 14:28:18 -05:00
Alex Morozov e171a83b15 Fixed #25548 -- Prevented FormView.form_invalid() from discarding its form argument. 2015-11-11 13:28:34 -05:00
Tim Graham 37ea3cb03e Fixed "URLconf" spelling in code comments. 2015-10-22 14:46:42 -04:00