Commit Graph

397 Commits

Author SHA1 Message Date
Matthew Schinckel 493f7e9e1e Fixed #28076 -- Added support for PostgreSQL's interval format to parse_duration(). 2017-07-03 19:53:19 -04:00
Matthew Schinckel 684c0a35f6 Refs #27804 -- Used subTest() in dateparse tests. 2017-07-03 17:08:58 -04:00
Wil Tan b94d99af5b Refs #28280 -- Added more tests for utils.numberformat.format(). 2017-06-29 13:31:41 -04:00
Georg Sauthoff d0f59054d0 Fixed #28324 -- Made feedgenerators write feeds with deterministically ordered attributes. 2017-06-20 05:38:41 -04:00
Thomas Khyn f6bd00131e Fixed #28241 -- Allowed module_has_submodule()'s module_name arg to be a dotted path. 2017-06-08 14:34:20 -04:00
Jon Dufresne 21046e7773 Fixed #28249 -- Removed unnecessary dict.keys() calls.
iter(dict) is equivalent to iter(dict.keys()).
2017-05-27 19:08:46 -04:00
UmanShahzad 856072dd4a Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs. 2017-05-10 09:02:20 -04:00
Tim Graham 309c10c2cb Refs #20094 -- Removed obsolete tests/utils_tests/test_itercompat.py
The is_iterator() function was removed in 2456ffa42c.
2017-04-26 10:54:06 -04:00
petedmarsh 14671affc3 Fixed #28064 -- Removed double-quoting of key names in MultiValueDictKeyError. 2017-04-11 12:44:52 -04:00
Tim Graham 5ea48a70af Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.
This is a security fix.
2017-04-04 10:42:06 -04:00
Claude Paroz 389c3ffc04 Updated tests after French translation update 2017-04-04 13:07:47 +02:00
Tim Graham 6b4f018b2b Replaced type-specific assertions with assertEqual().
Python docs say, "it's usually not necessary to invoke these methods directly."
2017-03-17 07:51:48 -04:00
Claude Paroz 8346680e1c Refs #27795 -- Removed unneeded force_text calls
Thanks Tim Graham for the review.
2017-03-04 18:18:21 +01:00
Tim Graham 6ae1b04fb5 Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals. 2017-03-04 09:04:16 -05:00
Pavlo Kapyshin b6fbf3e8e5 Fixed #27879 -- Fixed crash if enclosures aren't provided to Atom1Feed.add_item().
Regression in 75cf9b5ac0
2017-02-24 09:46:31 -05:00
Ian Foote 508b5debfb Refs #11964 -- Made Q objects deconstructible. 2017-02-23 20:47:48 -05:00
Tim Graham 007d4e030c Completed test coverage for django.utils.encoding. 2017-02-22 20:54:55 -05:00
Chronial 03281d8fe7 Fixed #26005 -- Fixed some percent decoding cases in uri_to_iri(). 2017-02-09 09:22:00 -05:00
Tim Graham 500532c95d Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode(). 2017-02-09 09:03:47 -05:00
Claude Paroz c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Tim Graham 26619ad7b0 Removed an untested and broken branch in force_bytes() (refs #6353).
The new test crashed in the removed branch. It's unclear if the branch has
value since c6a2bd9b96 didn't include tests.
2017-02-03 19:36:53 -05:00
Tim Graham 2f1394c76d Added a test for force_text()'s DjangoUnicodeDecodeError path. 2017-02-03 19:15:50 -05:00
Claude Paroz a21ec12409 Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escape 2017-02-02 21:01:39 +01:00
Tim Graham f8d52521ab Refs #27804 -- Used subTest() in tests.utils_tests.test_html. 2017-02-02 08:17:00 -05:00
Tim Graham 2af8cd22a9 Imported specific functions in tests.utils_tests.test_html. 2017-02-02 07:23:10 -05:00
Claude Paroz ccfd1295f9 Refs #27795 -- Prevented SafeText from losing safe status on str()
This will allow to replace force_text() by str() in several places (as one of
the features of force_text is to keep the safe status).
2017-01-30 21:10:32 +01:00
Claude Paroz c182d66f69 Reintroduced lazy import from commit 52138b1fd0 2017-01-30 15:17:39 +01:00
Claude Paroz 52138b1fd0 Refs #23919 -- Removed usage of obsolete SafeBytes class
The class will be removed as part of #27753.
Thanks Tim Graham for the review.
2017-01-30 15:04:45 +01:00
Tim Graham 9e9e73735e Refs #23919 -- Removed an obsolete test for a Python 2 code path (refs #15662).
Fixed #21628 by removing the last usage of the imp module.
2017-01-27 17:39:49 -05:00
Claude Paroz fee42fd99e Refs #23919 -- Replaced usage of django.utils.http utilities with Python equivalents
Thanks Tim Graham for the review.
2017-01-26 19:49:03 +01:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Claude Paroz 2366100872 Removed unneeded force_text calls in the test suite 2017-01-24 18:45:54 +01:00
Tim Graham d170c63351 Refs #23919 -- Removed misc references to Python 2. 2017-01-21 20:02:00 -05:00
Tim Graham 7aba69145d Refs #23919 -- Removed django.test.mock Python 2 compatibility shim. 2017-01-20 08:17:20 -05:00
Claude Paroz 042b7350a0 Refs #23919 -- Removed unneeded str() calls 2017-01-20 14:13:55 +01:00
Tim Graham 4e729feaa6 Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage.
These functions do nothing on Python 3.
2017-01-20 08:01:02 -05:00
Tim Graham 109b33f64c Refs #23919 -- Simplified assertRaisesRegex()'s that accounted for Python 2. 2017-01-20 08:49:47 +01:00
Simon Charette cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Claude Paroz 2b281cc35e Refs #23919 -- Removed most of remaining six usage
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz 7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Tim Graham 60ca37d2e5 Refs #24046 -- Removed mark_for_escaping() per deprecation timeline. 2017-01-17 20:52:04 -05:00
Tim Graham eba093e8b0 Refs #25847 -- Removed support for User.is_(anonymous|authenticated) as methods.
Per deprecation timeline.
2017-01-17 20:52:03 -05:00
Jinank Jain f4c0eec713 Fixed #27699 -- Added negative timedelta support to parse_duration() 2017-01-14 11:17:54 +01:00
vinay karanam 6128c1736d Refs #27637 -- Fixed timesince, timeuntil on New Year's Eve in a leap year. 2017-01-02 08:40:44 -05:00
Anton Samarchyan 5cf4894836 Fixed #27628 -- Fixed unarchiving a file without permission data. 2016-12-28 19:14:58 -05:00
Tim Graham 51cde873d9 Fixed #27648 -- Deprecated (iLmsu) regex groups in url() patterns. 2016-12-27 15:59:13 -05:00
Mariusz Felisiak 3e5c5e6754 Fixed #27637 -- Fixed timesince, timeuntil in leap year edge case. 2016-12-27 09:29:11 -05:00
Phil Tysoe bf4516a628 Added tests for django.utils.autoreload. 2016-12-22 09:01:28 -05:00
Mariusz Felisiak 8e3a72f4fb Fixed #27583 -- Fixed MultiValueDict.getlist() crash when values for key is None.
Restored the behavior before 727d7ce6cb.
2016-12-09 15:31:52 -05:00
Tim Graham b5f0b3478d Fixed #27579 -- Added aliases for Python 3's assertion names in SimpleTestCase. 2016-12-07 17:42:31 -05:00
Anton Samarchyan d0112cf930 Fixed #26494 -- Made Archive.extract() preserve file permissions. 2016-12-06 08:28:36 -05:00
Keda87 794b7d8033 Refs #27546 -- Tested some __repr__() methods. 2016-12-01 08:09:38 -05:00
Adam Chainz 71609a5b90 Fixed #27555 -- Removed django.utils.functional.lazy_property. 2016-11-29 19:01:12 -05:00
Ramin Farajpour Cami 0a63ef3f61 Fixed #27463 -- Fixed E741 flake8 warnings. 2016-11-14 17:40:28 -05:00
Ramin Farajpour Cami 967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
za 321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
Joachim Jablon fd78fb82d6 Fixed #27138 -- Restored pre-Python 3.6 behavior of localtime() and make_naive() on Python 3.6.
Reverted test changes in a7a7ecd2b0 and
e43ea36b76 (refs #27025).
2016-11-07 19:07:18 -05:00
Tim Graham 3158695365 Completed django.utils.timezone test coverage. 2016-11-01 14:01:40 -04:00
Tim Graham 414ad25b09 Fixed #27327 -- Simplified time zone handling by requiring pytz. 2016-10-27 08:53:20 -04:00
Reto Aebersold 3ab55c1a8a Fixed #27309 -- Added CallableBool.__hash__(). 2016-10-04 07:44:19 -04:00
Tim Graham e43ea36b76 Refs #27025 -- Fixed a timezone test for Python 3.6.
Reflects behavior changes in PEP 495 (Local Time Disambiguation).
2016-09-17 15:44:06 -04:00
Tim Graham 8119b679eb Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
http://bugs.python.org/issue27364
2016-09-17 15:44:06 -04:00
Jani Tiainen 727d7ce6cb Fixed #27198 -- Made MultiValueDict.getlist() return a new list to prevent mutation. 2016-09-16 15:16:18 -04:00
Kevin Christopher Henry 4ef0e019b7 Fixed #27083 -- Added support for weak ETags. 2016-09-10 08:14:52 -04:00
Jon Dufresne f227b8d15d Refs #26956 -- Allowed is_safe_url() to validate against multiple hosts 2016-09-07 19:56:25 -07:00
Jon Dufresne ff1e7b4eb4 Fixed #25181 -- Added localdate() function to get date in a different time zone.
Thanks Konrad Świat for the original patch.
2016-08-31 17:19:33 -07:00
Olexander Yermakov b7fb608142 Fixed #27154 -- Allowed comparing CallableBool with bitwise or.
Thanks Tim for the review.
2016-08-31 08:27:37 -04:00
Mattias Loverot 9aaeec337e Fixed #26866 -- Added format_lazy function
Added format_lazy function to django.utils.text module.
Useful when dealing with relative complex lazy string concatenations
(e.g. in urls.py when translating urls in regular expressions).
2016-08-24 18:18:17 +02:00
Przemysław Suliga 5e5a17028f Fixed #26902 -- Allowed is_safe_url() to require an https URL.
Thanks Andrew Nester, Berker Peksag, and Tim Graham for reviews.
2016-08-19 18:51:33 -04:00
Tim Graham 5a41ca79dc Replaced 'raise SkipTest' with self.skipTest() in a few tests. 2016-08-16 16:42:27 -04:00
Tim Graham a7a7ecd2b0 Refs #27025 -- Fixed a couple timezone tests for Python 3.6.
Reflects behavior changes in PEP 495 (Local Time Disambiguation).
2016-08-09 18:14:15 -04:00
Tim Graham 54afa960d1 Fixed #26988 -- Improved/clarified User.is_authenticated/anonymous compatibility.
Thanks marktranchant for the report and review.
2016-08-02 11:01:08 -04:00
Dmitry Dygalo ca32979cdc
Made miscellaneous code cleanups 2016-07-21 10:08:19 -04:00
Will Hardy 8ef78b8165 Fixed #26656 -- Added duration (timedelta) support to DjangoJSONEncoder. 2016-07-14 13:34:15 -04:00
Jon Dufresne 4f336f6652 Fixed #26747 -- Used more specific assertions in the Django test suite. 2016-06-16 14:19:18 -04:00
Ville Skyttä fa654da613 Removed usage of a few deprecated unittest assertions. 2016-06-14 09:03:12 -04:00
Scott Vitale be729b6120 Fixed #10107 -- Allowed using mark_safe() as a decorator.
Thanks ArcTanSusan for the initial patch.
2016-06-07 12:24:03 -04:00
Chesco Igual ffd18732f3 Fixed #24781 -- Fixed repr() for lazy objects. 2016-06-04 19:13:00 -04:00
Tim Graham 37aec6b186 Refs #26653 -- Fixed a feedgenerator test that requires a database query on PostgreSQL. 2016-05-30 19:30:45 -04:00
Ketan Bhatt f31fbbae1a Fixed #26653 -- Made SyndicationFeed.latest_post_date() return time in UTC. 2016-05-30 18:36:15 -04:00
Tim Graham 2f0e0eee45 Fixed #24046 -- Deprecated the "escape" half of utils.safestring. 2016-05-10 12:46:47 -04:00
Marko Benko 45c7acdc50 Fixed #26281 -- Added a helpful error message for an invalid format specifier to dateformat.format(). 2016-04-20 20:13:52 -04:00
Tim Graham 92053acbb9 Fixed E128 flake8 warnings in tests/. 2016-04-08 10:12:33 -04:00
Tim Graham 1555d50ea4 Fixed typos in tests/utils_tests/test_ipv6.py test names. 2016-03-23 08:22:17 -04:00
Amine Yaiche 32c8e43ef1 Fixed #26378 -- Allowed a left byte of zero in mixed IPv4/IPv6 validation. 2016-03-23 08:18:29 -04:00
Claude Paroz 552f03869e Added safety to URL decoding in is_safe_url() on Python 2
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
2016-03-04 23:33:35 +01:00
Claude Paroz ada7a4aefb Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()
This fixes a regression introduced by c5544d2892.
Thanks John Eskew for the reporti and Tim Graham for the review.
2016-03-04 21:14:14 +01:00
Mark Striemer c5544d2892 Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
This is a security fix.
2016-03-01 11:25:28 -05:00
Nick Malakhov ee69789f45 Fixed #26269 -- Prohibited spaces in is_valid_ipv6_address(). 2016-02-25 18:52:50 -05:00
Hasan 26ad01719d Refs #26022 -- Replaced six.assertRaisesRegex with assertRaisesMessage as appropriate. 2016-01-29 13:37:33 -05:00
Hasan 253adc2b8a Refs #26022 -- Used context manager version of assertRaisesMessage in tests. 2016-01-29 13:03:39 -05:00
Hasan 3d0dcd7f5a Refs #26022 -- Used context manager version of assertRaises in tests. 2016-01-29 12:32:18 -05:00
Tim Graham 575706331b Cosmetic cleanups in tests/utils_tests/test_numberformat.py 2016-01-29 10:36:58 -05:00
Ben Kraft 13023ba867 Fixed #26122 -- Fixed copying a LazyObject
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4.
2016-01-26 06:56:21 -05:00
userimack 60586dd737 Fixed #26125 -- Fixed E731 flake warnings. 2016-01-25 14:23:43 -05:00
Tim Graham 2765adc8dc Skipped a dateformat test on Windows as needed.
Refs 1014ba026e
2016-01-05 12:46:45 -05:00
Denis Cornehl 186b6c61bf Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.
Thanks Denis Cornehl for help with the patch.
2016-01-05 09:37:11 -05:00
Iacopo Spalletti d693074d43 Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().
Thanks to bmispelon and uruz for the initial patch.
2015-12-12 14:46:48 -05:00
Josh Soref 93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Aymeric Augustin 1014ba026e Fixed debug view crash during autumn DST change.
This only happens if USE_TZ = False and pytz is installed (perhaps not
the most logical combination, but who am I to jugde?)

Refs #23714 which essentially fixed the same problem when USE_TZ = True.

Thanks Florian and Carl for insisting until I wrote a complete patch.
2015-11-07 23:17:33 +01:00
Ben Kraft 35355a4ffe Fixed #25389 -- Fixed pickling a SimpleLazyObject wrapping a model.
Pickling a `SimpleLazyObject` wrapping a model did not work correctly; in
particular it did not add the `_django_version` attribute added in 42736ac8.
Now it will handle this and other custom `__reduce__` methods correctly.
2015-10-03 13:00:37 -04:00
Tim Graham e5c12f6701 Refs #23613 -- Removed django.utils.checksums per deprecation timeline. 2015-09-23 19:31:10 -04:00
Tim Graham 222d063301 Refs #23269 -- Removed the removetags template tag and related functions per deprecation timeline. 2015-09-23 19:31:09 -04:00
Matt Robenolt b0c56b895f Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
2015-09-16 12:21:50 -04:00
Dražen Odobašić b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
Zan Anderle f3dc173240 Fixed #24917 -- Made admindocs display model methods that take arguments. 2015-09-07 15:07:39 -04:00
Aymeric Augustin b79fc11d73 Made the autoreloader survive all exceptions.
Refs #24704.
2015-08-29 20:50:00 +02:00
Aymeric Augustin c2fcba2ac7 Ensured gen_filenames() yields native strings.
This also fixes a test failure on Python 2 when Django is installed in a
non-ASCII path. This problem cannot happen on Python 3.
2015-08-29 20:49:25 +02:00
Aymeric Augustin dfa712efb8 Refactored autoreload tests.
* Added helpers to test uncached and cached access.
* Fixed test_project_root_locale: it duplicated test_locale_paths_setting.
* Rewrote test_only_new_files: test more cases.
2015-08-29 20:49:24 +02:00
Aymeric Augustin 23620cb8e0 Accounted for error files in the autoreloader.
* When some old files contain errors, the second call to
  gen_filenames() should return them.
* When some new files contain errors, the first call to
  gen_filenames(only_new=True) should return them.
2015-08-29 20:47:38 +02:00
Flavio Curella c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Edward Henderson f8cc464452 Fixed #16501 -- Added an allow_unicode parameter to SlugField.
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00
darkryder f675afa13c Fixed #25093 -- Added utils.datastructures.OrderedSet.__len__() 2015-07-09 21:20:52 -04:00
Tim Graham aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap.
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Marten Kenbeek 290ff35e6c Fixed #25000 -- Fixed cast to string for lazy objects.
Implemented __str__() to return the string-representation of the
proxied object, not the proxy itself, if the lazy object didn't have
a string-like object in its resultclasses.
2015-06-23 09:16:17 -04:00
Moritz Sichert 98df288dda Fixed #24978 -- Escaped special characters in loaddata fixture paths 2015-06-13 19:45:05 -04:00
Moritz Sichert 296919e7a5 Fixed #24965 -- Made LiveServerTestCase.live_server_url accessible from class 2015-06-12 17:44:54 -04:00
Tomasz Kontusz c2b4967e76 Fixed ImportError message in utils.module_loading.import_string() 2015-06-06 11:45:22 -04:00
Raphael Michel 6700c90935 Fixed #19210 -- Added leap year support to django.utils.timesince() 2015-06-04 21:36:12 -04:00
Raphael Michel 5c125f63f7 Fixed #24728 -- Renamed mime_type to content_type for syndication feeds
Renamed the mime_type properties of RssFeed and Atom1Feed to
content_type and start deprecation for the old names.
2015-06-04 13:24:18 -04:00
zauddelig 262d4db8c4 Fixed #24897 -- Allowed using choices longer than 1 day with DurationField 2015-06-02 12:39:34 -04:00
Tim Graham 70be31bba7 Fixed #24836 -- Made force_text() resolve lazy objects. 2015-05-27 09:48:53 -04:00
Simon Charette be67400b47 Refs #24652 -- Used SimpleTestCase where appropriate. 2015-05-20 13:46:13 -04:00
Aymeric Augustin 06dc6759d8 Factored skip condition when pytz isn't installed. 2015-05-17 10:23:14 +02:00
Tim Graham eda12ceef1 Removed redundant list() calls. 2015-05-16 10:44:07 -04:00
Josh Smeaton 143255c8bb Fixed #22598 -- Allowed make_aware() to work with ambiguous datetime 2015-04-24 13:55:40 -04:00
Moritz Sichert 1f2abf784a Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates. 2015-03-27 19:46:20 -04:00
Tim Graham 011a54315e Made is_safe_url() reject URLs that start with control characters.
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Tim Graham 1c83fc88d6 Fixed an infinite loop possibility in strip_tags().
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Claude Paroz df193b3cef Fixed #24382 -- Allowed unicode chars inside formatted numbers
Thanks Jacob Rief for the report and Tim Graham for the review.
2015-03-09 18:55:28 +01:00
Rik a5b225084f Fixed #23838 -- added missing `__iter__` to LazyObject 2015-03-08 15:42:23 +01:00
Aymeric Augustin a8fe12417f Normalized usage of the tempfile module.
Specifically stopped using the dir argument.
2015-02-23 16:55:27 +01:00
Tim Graham 307c0f299a Refs #24324 -- Fixed Python 2 test failures when path to Django source contains non-ASCII characters. 2015-02-17 19:03:03 -05:00
Lukas Klein 93b3ef9b2e Fixed #24321 -- Improved `utils.http.same_origin` compliance with RFC6454 2015-02-12 08:58:35 +01:00
Varun Sharma 540ca563de Fixed #24181 -- Fixed multi-char THOUSAND_SEPARATOR insertion
Report and original patch by Kay Cha.
2015-02-08 20:00:57 +01:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Matthew Somerville caa3562d5b Fixed #24242 -- Improved efficiency of utils.text.compress_sequence()
The function no longer flushes zfile after each write as doing so can
lead to the gzipped streamed content being larger than the original
content; each flush adds a 5/6 byte type 0 block. Removing this means
buf.read() may return nothing, so only yield if that has some data.
Testing shows without the flush() the buffer is being flushed every 17k
or so and compresses the same as if it had been done as a whole string.
2015-02-04 13:04:00 -05:00
darkryder 9ec8aa5e5d Fixed #24149 -- Normalized tuple settings to lists. 2015-02-03 14:59:45 -05:00
Loic Bistuer 3a4c9e1b43 Cleaned up some forms tests.
Thanks Berker Peksag and Tim Graham for the reviews. Refs #24219.
2015-01-27 22:39:57 +07:00
Tim Graham d029fafea1 Removed utils.module_loading.import_by_path() per deprecation timeline; refs #21674. 2015-01-18 12:51:15 -05:00
Tim Graham df3f3bbe29 Removed utils.text.javascript_quote() per deprecation timeline; refs #21725. 2015-01-17 12:41:49 -05:00
Tim Graham 1b0365ad34 Removed django.utils.tzinfo per deprecation timeline; refs #17262. 2015-01-17 09:32:33 -05:00
Tim Graham c820892eed Removed django.utils.datastructures.SortedDict per deprecation timeline. 2015-01-17 08:40:23 -05:00
Tim Graham 37b7776a01 Removed django.utils.datastructures.MergeDict per deprecation timeline; refs #18659. 2015-01-17 08:13:36 -05:00
Tim Graham 69b5e66738 Fixed is_safe_url() to handle leading whitespace.
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Aymeric Augustin 79deb6a071 Accounted for multiple template engines in template responses. 2015-01-12 21:01:34 +01:00
Claude Paroz 51890ce889 Applied ignore_warnings to Django tests 2014-12-30 18:16:25 +01:00
Aymeric Augustin 6d52f6f8e6 Fixed #23831 -- Supported strings escaped by third-party libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00