Tim Graham
58d555caf5
Fixed #16822 -- Added RawPostDataException
...
Thanks jaylett for the patch.
2013-10-08 08:05:39 -04:00
Baptiste Mispelon
20472aa827
Fixed #21189 : Cleaned up usage of bare except clauses.
...
Thanks to berkerpeksag for the report and to claudep
for the review.
2013-10-05 11:50:03 +02:00
e0ne
f2a4452882
Fixed #18403 -- Initialized bad_cookies in SimpleCookie
...
Thanks Stefano Crosta for the report.
2013-09-10 08:26:54 -04:00
Daniel Boeve
6dca603abb
Fixed #20889 -- Prevented email.Header from inserting newlines
...
Passed large maxlinelen to email.Header to prevent newlines from being
inserted into value returned by _convert_to_charset
Thanks mjl at laubach.at for the report.
2013-09-09 08:47:41 -04:00
Aymeric Augustin
365c3e8b73
Replaced "not PY3" by "PY2", new in six 1.4.0.
2013-09-02 12:11:02 +02:00
Claude Paroz
f4e9804567
Fixed #20961 -- Fixed HttpResponse default empty content
...
Thanks epandurski at gmail.com for the report.
2013-08-24 18:10:12 +02:00
Will Hardy
1c3c21b38d
Fixed #19987 -- Disabled host validation when DEBUG=True.
...
The documentation promises that host validation is disabled when
DEBUG=True, that all hostnames are accepted. Domains not compliant with
RFC 1034/1035 were however being validated, this validation has now been
removed when DEBUG=True.
Additionally, when DEBUG=False a more detailed SuspiciousOperation
exception message is provided when host validation fails because the
hostname is not RFC 1034/1035 compliant.
2013-07-31 10:38:59 -04:00
Baptiste Mispelon
3c45fb8589
Fixed #10491 -- Allowed passing lazy objects to HttpResponseRedirect.
...
Thanks liangent for the report.
2013-07-30 13:39:44 -04:00
Claude Paroz
5c1143910e
Removed most of absolute_import imports
...
Should be unneeded with Python 2.7 and up.
Added some unicode_literals along the way.
2013-07-29 20:28:13 +02:00
Benjamin Kagia
b0953dc913
Fixed #13721 -- Added UploadedFile.content_type_extra.
...
Thanks Waldemar Kornewald and mvschaik for work on the patch.
2013-07-11 09:11:59 -04:00
Aymeric Augustin
8b9b8d3bda
Removed compatibility code for streaming responses.
...
This code provided a deprecation path for old-style streaming responses.
Refs #6527 , #7581 .
2013-06-29 18:49:36 +02:00
Ramiro Morales
8eadbc5a03
Removed 'mimetype' arguments from a few places, as per deprecation TL.
...
This includes HttpResponse and co. __init__() methods,
django.shortcuts.render_to_response() and the index(), sitemap() sitemap
app views.
2013-06-28 21:48:16 -03:00
Loic Bistuer
48ce167d89
Fixed missing initializations in WSGIRequest. Refs #20619
2013-06-26 14:36:25 +07:00
CHI Cheng
659d090025
Fixed #20598 -- Add new HTTP status codes defined in rfc6585
...
428, 429, 431 and 511
2013-06-14 23:22:52 +10:00
Claude Paroz
de66b56790
Fixed #18481 -- Wrapped request.FILES read error in UnreadablePostError
...
Thanks KyleMac for the report, André Cruz for the initial patch and
Hiroki Kiyohara for the tests.
2013-06-01 10:26:46 +02:00
Preston Holmes
d228c1192e
Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
...
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.
Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Łukasz Langa
0594fed9ff
Fixed #20472 : response.content should be bytes on both Python 2 and 3
2013-05-21 01:28:16 +02:00
Aymeric Augustin
cb86f707a0
Fixed #12747 -- Made reason phrases customizable.
2013-05-19 13:14:54 +02:00
Eric Urban
c278e56baf
Corrected documentation on the constructor arguments of MultiPartParser
2013-05-17 19:49:33 -04:00
Aymeric Augustin
9c487b5974
Replaced an antiquated pattern.
...
Thanks Lennart Regebro for pointing it out.
2013-05-17 18:08:58 +02:00
Baptiste Mispelon
c250f9c99b
Fixed #20038 -- Better error message for host validation.
2013-04-03 14:27:20 -06:00
konarkmodi
bc4111ba68
Fixed #18003 -- Preserved tracebacks when re-raising errors.
...
Thanks jrothenbuhler for draft patch, Konark Modi for updates.
2013-03-19 15:42:39 -07:00
Aymeric Augustin
ce76fbfc5a
Fixed #20019 -- Ensured HttpRequest.resolver_match always exists.
...
Obviously it isn't set until the URL is resolved.
2013-03-10 23:28:19 +01:00
Carl Meyer
d51fb74360
Added a new required ALLOWED_HOSTS setting for HTTP host header validation.
...
This is a security fix; disclosure and advisory coming shortly.
2013-02-19 11:23:29 -07:00
Hiroki Kiyohara
e94f405d94
Fixed #18558 -- Added url property to HttpResponseRedirect*
...
Thanks coolRR for the report.
2013-02-13 10:29:32 +01:00
Matt Robenolt
222a956ecc
Kill mx.TextTools with fire
2013-01-15 10:15:40 -08:00
Claude Paroz
f08e739bc2
Fixed #19585 -- Fixed loading cookie value as a dict
...
This regression was introduced by the 'unicode_literals' patch.
2013-01-11 21:09:33 +01:00
Aymeric Augustin
acc5396e6d
Fixed #19519 -- Fired request_finished in the WSGI iterable's close().
2012-12-31 12:47:34 +01:00
Aymeric Augustin
ef017a5f00
Advanced pending deprecation warnings.
...
Also added stacklevel argument, fixed #18127 .
2012-12-29 21:59:07 +01:00
Aymeric Augustin
4a6490a4a0
Removed HttpRequest.raw_post_data.
2012-12-29 21:59:07 +01:00
Florian Apolloner
27560924ec
Fixed a security issue in get_host.
...
Full disclosure and new release forthcoming.
2012-12-10 22:11:40 +01:00
Claude Paroz
2a67374b51
Fixed #19036 -- Fixed base64 uploads decoding
...
Thanks anthony at adsorbtion.org for the report, and johannesl for
bringing the patch up-to-date.
2012-11-17 17:25:21 +01:00
Aymeric Augustin
fc10418fba
Fixed #18963 -- Used a subclass-friendly pattern
...
for Python 2 object model compatibility methods.
2012-11-03 22:07:35 +01:00
Aymeric Augustin
095eca8dd8
Fixed #19101 -- Decoding of non-ASCII POST data on Python 3.
...
Thanks Claude Paroz.
2012-11-03 13:03:15 +01:00
Aymeric Augustin
da56e1bac6
Fixed #18796 -- Refactored conversion to bytes in HttpResponse
...
Thanks mrmachine for the review.
2012-10-25 08:49:51 +02:00
Aymeric Augustin
82b3e6ffcb
Fixed #13222 -- Made HttpResponse iterable once
...
response.content can be accessed many times as desired, and always
returns the same result.
iter(response) works only once and consumes the iterator.
2012-10-24 17:19:56 +02:00
Aymeric Augustin
495a8b8107
Fixed #6527 -- Provided repeatable content access
...
in HttpResponses instantiated with iterators.
2012-10-24 17:08:37 +02:00
Aymeric Augustin
ea57112d53
Reverted 6a64822bf4
.
...
This commit caused every test that does two or more assertContains to
fail, because of #6527 . It also made HttpResponse non-pickleable.
Refs #13222 .
2012-10-23 00:11:17 +02:00
Aymeric Augustin
6a64822bf4
Fixed #13222 -- Repeated iteration of HttpResponse
...
Thanks teepark for the report and grahamd for his insights.
2012-10-22 22:52:36 +02:00
Alex Gaynor
b4066d7d21
Cleaned up the the http module. Moved all of the code from __init__.py to request.py, response.py and utils.py
2012-10-21 11:12:59 -07:00
Aymeric Augustin
4b27813198
Fixed #7581 -- Added streaming responses.
...
Thanks mrmachine and everyone else involved on this long-standing ticket.
2012-10-20 20:05:11 +02:00
Claude Paroz
dfd4a71751
Fixed #5611 -- Restricted accepted content types in parsing POST data
...
Thanks paulegan for the report and Preston Holmes for the review.
2012-10-20 14:56:16 +02:00
Preston Holmes
9305c0e12d
Fixed a security issue related to password resets
...
Full disclosure and new release are forthcoming
2012-10-17 14:36:41 -07:00
Aymeric Augustin
9b07b5edeb
Fixed #18916 -- Allowed non-ASCII headers.
...
Thanks Malcolm Tredinnick for the review.
2012-09-07 19:08:57 -04:00
Alex Gaynor
335a9f9cf1
Removed many uses of bare "except:", which were either going to a) silence real issues, or b) were impossible to hit.
2012-09-07 15:08:07 -04:00
Claude Paroz
ae88e73fa6
Replaced some smart_xxx by force_xxx equivalent
...
smart_str/smart_text should only be used when a potential lazy
string should be preserved in the result of the function call.
2012-08-30 15:46:16 +02:00
Claude Paroz
ebc773ada3
Replaced many smart_bytes by force_bytes
...
In all those occurrences, we didn't care about preserving the
lazy status of the strings, but we really wanted to obtain a
real bytestring.
2012-08-29 11:20:32 +02:00
Claude Paroz
44c09de555
Fixed #18678 -- HttpResponse init arguments allowed for subclasses
...
Thanks hp1337@gmail.com for the report.
2012-08-23 10:59:22 +02:00
Claude Paroz
7cfe8e8fce
Fixed #11340 -- Prevented HttpResponseNotModified to have content/content-type
...
The HTTP 1.1 spec tells that the 304 response MUST NOT contain a
message body.
Thanks aparajita for the report.
2012-08-22 20:55:24 +02:00
Claude Paroz
e2b4eddc11
Used the decorator syntax for properties in django.http
2012-08-22 20:55:24 +02:00