Commit Graph

485 Commits

Author SHA1 Message Date
Tim Graham 7fe5b656c9 Prevented arbitrary file inclusion with {% ssi %} tag and relative paths.
Thanks Rainer Koirikivi for the report and draft patch.

This is a security fix; disclosure to follow shortly.
2013-09-10 21:02:48 -04:00
Gregor MacGregor b2b763448f Fixed #20841 -- Added messages to NotImplementedErrors
Thanks joseph at vertstudios.com for the suggestion.
2013-09-10 11:09:59 -04:00
Curtis Maloney 7c6f2ddcd9 Simplify FilterExpression.args_check 2013-09-09 09:03:50 -04:00
Baptiste Mispelon 28a571348b Fix #20745: Don't silence TypeError raised inside templates.
Thanks to robin for the report and claudep for the review.
2013-09-08 22:05:35 +02:00
Alex Gaynor 2530735d2d Fixed a number of flake8 errors -- particularly around unused imports and local variables 2013-09-06 21:56:40 -07:00
Preston Timmons 8625c7aab3 Fixed #16096 -- Added origin attribute to template instances.
Thanks jdunck for the suggestion.
2013-09-06 09:14:52 -04:00
Aymeric Augustin 365c3e8b73 Replaced "not PY3" by "PY2", new in six 1.4.0. 2013-09-02 12:11:02 +02:00
Simon Charette 11cd7388f7 Fixed #20989 -- Removed useless explicit list comprehensions. 2013-08-30 10:57:51 -04:00
Curtis Maloney e2f06226ea Improved {% include %} implementation
Merged BaseIncludeNode, ConstantIncludeNode and Include node.

This avoids raising TemplateDoesNotExist at parsing time, allows recursion
when passing a literal template name, and should make TEMPLATE_DEBUG behavior
consistant.

Thanks loic84 for help with the tests.

Fixed #3544, fixed #12064, fixed #16147
2013-08-30 10:36:36 +03:00
Tim Graham c7d0ff0cad Fixed #20989 -- Removed explicit list comprehension inside dict() and tuple()
Thanks jeroen.pulles at redslider.net for the suggestion and
helper script.
2013-08-29 12:11:03 -04:00
Curtis Maloney 8d473b2c54 Fixed #7116 -- Optimize RequestContext construction 2013-08-29 10:25:56 +03:00
Curtis Maloney 5cdacbda03 Fixed #17356 -- Allowed {% include %} to render compiled templates
Reviewed by Loic Bistuer and Tim Graham.
2013-08-29 10:22:24 +03:00
Tim Graham 12023887ea Fixed #14765 -- Removed unncessary usage of NodeList in ForNode.
Thanks traff and FunkyBob for work on the patch.
2013-08-28 09:48:47 -04:00
Ramiro Morales b785a80d19 Added further fixes, tests for #19949/f33db5a09a.
Thanks Susan Tan. Refs #19949.
2013-08-26 08:47:24 -03:00
SusanTan f33db5a09a Fixed 19949 -- Cached template loader now caches TemplateDoesNotExist
Thanks @timgraham and @jdunck for the code reviews and Kronuz for bug
report and initial patch.
2013-08-24 09:19:55 -04:00
Tim Graham 0073f1d94f Fixed #20949 -- Typo #2 in docstring 2013-08-21 10:50:08 -04:00
Tim Graham d3ed15b79d Fixed docstring typo, thanks minddust. 2013-08-21 09:01:52 -04:00
Jonathan Slenders ff410565bf Fixed #20709 -- Allowed {% widthratio %} to accept an "as" parameter.
Thanks clay.evil@ for the suggestion.
2013-08-14 12:40:19 -04:00
Tim Graham 71b5617c24 Fixed #17778 -- Prevented class attributes on context from resolving as template variables.
Thanks KyleMac for the report, regebro for the patch, and Aymeric for the test.
2013-08-12 12:41:39 -04:00
Gavin Wahl 5154c9f92c Fixed #20806 -- Cached loader caches find_template
The cached template loader should cache find_template in addition to
load_template.
2013-07-30 14:25:30 -04:00
Claude Paroz 5c1143910e Removed most of absolute_import imports
Should be unneeded with Python 2.7 and up.
Added some unicode_literals along the way.
2013-07-29 20:28:13 +02:00
Claude Paroz fdd7a355bf Deprecated django.utils.importlib
This was a shim for pre-Python 2.7 support.
2013-07-29 17:10:22 +02:00
Curtis Maloney a3e7d73ed7 Allowed Context.push to behave as a context mananger.
Thanks Loic Bistuer for the review.
2013-07-17 13:32:32 -04:00
Aymeric Augustin acd7b34aaf Advanced deprecation warnings for Django 1.7. 2013-06-29 18:49:37 +02:00
Ramiro Morales 8eadbc5a03 Removed 'mimetype' arguments from a few places, as per deprecation TL.
This includes HttpResponse and co. __init__() methods,
django.shortcuts.render_to_response() and the index(), sitemap() sitemap
app views.
2013-06-28 21:48:16 -03:00
Baptiste Mispelon ec371ace00 Fixed #20650 -- Fixed {% filter %} incorrectly accepting 'escape' as argument
Thanks to grzesiof for the report and to loic84 and Alex Gaynor
for the review.
2013-06-25 20:28:35 +02:00
Aymeric Augustin ffcf24c9ce Removed several unused imports. 2013-06-19 17:18:40 +02:00
Emil Stenström 7d77e9786a Fixed #20246 -- Added non-breaking spaces between values an units 2013-05-18 23:01:48 +02:00
Aymeric Augustin 9c487b5974 Replaced an antiquated pattern.
Thanks Lennart Regebro for pointing it out.
2013-05-17 18:08:58 +02:00
Claude Paroz 2bcbca3451 Updated some 'Dive Into Python' links 2013-04-01 14:04:41 +02:00
Aymeric Augustin 68905695b8 Fixed #19510 -- Race condition in template loading.
Thanks Kronuz and regebro.
2013-03-17 23:56:07 +01:00
Łukasz Langa 40b9f4fb8b [py3] Always fed hashlib with bytes. 2013-02-27 10:02:07 +01:00
Carl Meyer 87e8dfaa47 Switching to autoescape is not a change in syntax. 2013-02-25 00:43:03 -07:00
Carl Meyer 3ded2aef71 Remove leading underscore from a function that's all growed up now.
This function is now the de facto standard function for rendering values in a
template, and is imported by two other built-in template modules. It shouldn't
have a leading underscore.
2013-02-25 00:33:29 -07:00
Christopher Medrela 636c45fc58 Fixed #19890 -- ifchanged templatetag rendered its content twice
The content of ifchanged template tag was rendered twice: first time, to
compare it with the previous value and the second time, to return the
rendered output.
2013-02-24 16:49:28 +01:00
Diederik van der Boor 8503120c10 Fixed #15849 -- Made IfChanged node thread safe.
Previously, the ifchanged node stored state on `self._last_seen`,
thereby giving undesired results when the node is reused by another
thread at the same time (e.g. globally caching a Template object).

Thanks to akaihola for the report and Diederik van der Boor and
Bas Peschier for the patch.
2013-02-24 16:06:55 +01:00
Lennart Regebro 687d2e967d Fixed #19827 -- Kept stacktrace in defaulttags exception reraising
Thanks Kronuz for the report and the initial patch.
2013-02-23 17:43:17 +01:00
Aymeric Augustin 5278776a88 Merge pull request #751 from bmispelon/ticket-6271 2013-02-23 07:47:58 -08:00
Vladimir A Filonov f49e9a517f Fixed #17906 - Autoescaping {% cycle %} and {% firstof %} templatetags.
This commit adds "future" version of these two tags with auto-escaping
enabled.
2013-02-23 16:16:39 +01:00
Baptiste Mispelon 069280a689 Used token.split_contents() for tokenisation in template tags accepting variables.
Fixed #6271, #18260.
2013-02-23 15:15:30 +01:00
Claude Paroz e5a8df06be Fixed #19846 -- Optimized a dict of lists in BlockContext class
Thanks Curtis Maloney for the report and the patch.
2013-02-22 23:55:11 +01:00
Baptiste Mispelon f13bfbec70 Fixed #19882 -- Smarter tokenizing of {% for %} tag arguments. 2013-02-22 19:19:33 +01:00
Julien Phalip 7d5e35cdb4 Fixed #19829 -- Fixed index lookups for NumPy arrays in templates. 2013-02-14 23:29:15 -08:00
Michael van Tellingen 138de533ff Fixed #19819 - Improved template filter errors handling.
Wrap the Parser.compile_filter method call with a try/except and call the
newly added Parser.compile_filter_error(). Overwrite this method in the
DebugParser to throw the correct error.

Since this error was otherwise catched by the compile_function try/except
block the debugger highlighted the wrong line.
2013-02-14 10:22:59 +01:00
Ramiro Morales 826d9de00e Fixed #19729 -- Removed leftover refactoring helper variables.
Thanks chrismedrela for the report.

Refs #6262, 44b9076 and 4d94c0c.
2013-02-04 20:31:50 -03:00
Claude Paroz 7c5b244826 Fixed #17061 -- Factored out importing object from a dotted path
Thanks Carl Meyer for the report.
2013-02-04 16:38:25 +01:00
Aymeric Augustin a7b7d6320c Merge pull request #595 from bmispelon/patch-1
Fixed a typo in WidthRatioNode.
2012-12-29 13:39:52 -08:00
Aymeric Augustin 5d5e1f5afa Removed support is_safe and needs_autoescape as function attributes. 2012-12-29 21:59:07 +01:00
Tim Graham 6534a95ac3 Fixed #19470 - Clarified widthratio example.
Thanks orblivion for the suggestion.
2012-12-18 08:20:01 -05:00
Baptiste Mispelon ac8eb82abb Fixed typo in WidthRatioNode's error. 2012-12-17 10:35:36 +01:00
Aymeric Augustin 49519328b4 Fixed #19392 -- Improved error for old-style url tags with dashes.
Thanks dloewenherz for the report.
2012-12-09 16:17:56 +01:00
Danilo Bargen c10aaa70a4 Fixed #19370 -- Made date filter properly handle midnight value 2012-11-27 21:24:16 +01:00
Aymeric Augustin 7644800070 Change exception type to reduce confusion.
TemplateSyntaxError is expected at compile time, not at run time.

Refs #19280.
2012-11-25 19:51:42 +01:00
Aymeric Augustin d266919584 Fixed #19280 -- Raised an explicit exception for the old {% url %} syntax. 2012-11-24 22:10:51 +01:00
Riley Strong d179794c6b Fix typo in comment 2012-11-19 19:31:21 -06:00
Sean Breant 4d817b3887 Fixed #19262 -- Support cookie pickling in SimpleTemplateResponse
Refs #15863.
2012-11-09 21:07:53 +01:00
Claude Paroz fa2e28ccc4 Fixed #18484 -- Removed the div around the csrf token input 2012-10-13 11:30:09 +02:00
Ramiro Morales 2100da9dcd Ensure we ignore __pycache__ PEP 3174 dirs in a few more places. 2012-10-06 18:40:58 -03:00
Martey Dodoo 3fb2662edc Fixes #18933. Fixes code example in docstring.
Makes code example of silent keyword docstring in cycle templatetag
method the same as in the documentation.
2012-09-09 00:35:40 -04:00
Claude Paroz ae88e73fa6 Replaced some smart_xxx by force_xxx equivalent
smart_str/smart_text should only be used when a potential lazy
string should be preserved in the result of the function call.
2012-08-30 15:46:16 +02:00
Claude Paroz e2b4eddc11 Used the decorator syntax for properties in django.http 2012-08-22 20:55:24 +02:00
Marc Tamlyn e4984812cd Fixed bug in 212b982 -- Removed duplicate code in removetags 2012-08-18 17:09:37 +01:00
Marc Tamlyn 212b9826bd Fixed #14516 -- Extract methods from removetags and slugify template filters
Patch by @jphalip updated to apply, documentation and release notes
added.

I've documented strip_tags as well as remove_tags as the difference
between the two wouldn't be immediately obvious.
2012-08-18 15:07:21 +01:00
Claude Paroz 2d2dca2d8e [py3] Fixed slugify filter 2012-08-15 12:29:10 +02:00
Aymeric Augustin 2ae58b20ec [py3] Fixed egg template loader. 2012-08-14 12:29:53 +02:00
Claude Paroz dce34dc969 [py3] Made __repr__ return str with Python 3 2012-08-12 20:45:39 +02:00
Aymeric Augustin d4a0b27838 [py3] Refactored __unicode__ to __str__.
* Renamed the __unicode__ methods
* Applied the python_2_unicode_compatible decorator
* Removed the StrAndUnicode mix-in that is superseded by
  python_2_unicode_compatible
* Kept the __unicode__ methods in classes that specifically
  test it under Python 2
2012-08-12 14:44:40 +02:00
Aymeric Augustin 2bb2eecb63 [py3] Removed redundant __str__ methods.
These classes already have an identical __unicode__ method, which
will be used after an upcoming refactoring.
2012-08-12 14:44:40 +02:00
Karen Tracey 759ae3c2da Fixed #18739 -- witdthratio behavior on None args
Made behavior given None consistent with how non-numerics were handled.
Thanks to ja.geb@me.com for the report.
2012-08-11 19:24:18 -04:00
Alex Gaynor 4c97101b1f remove a bunch of unnescesarry iterkeys() calls 2012-08-08 07:33:15 -07:00
Aymeric Augustin fa4cb34817 [py3] Fixed filesystem encoding handling
in the app directories template loader.
2012-08-08 13:07:49 +02:00
Aymeric Augustin c5ef65bcf3 [py3] Ported django.utils.encoding.
* Renamed smart_unicode to smart_text (but kept the old name under
  Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
  and smart_bytes under Python 2 (which is backwards compatible).
  Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
  want a str.
2012-08-07 12:00:22 +02:00
Aymeric Augustin ee191715ea [py3] Fixed access to dict keys/values/items. 2012-08-07 12:00:22 +02:00
Aymeric Augustin bdca5ea345 [py3] Replaced unicode/str by six.text_type/bytes. 2012-07-22 09:29:54 +02:00
Aymeric Augustin 3cb2457f46 [py3] Replaced basestring by six.string_types. 2012-07-22 09:29:54 +02:00
Aymeric Augustin 1e89a208d0 Fixed #18645 -- Clarified filesizeformat implementation
Thanks Jérôme Renard for the patch.
2012-07-18 15:01:12 +02:00
Luke Plant 2ba4278cb3 Fixed #18484 - 'display:none' on CSRF token div is redundant and causes problems with some browsers
Thanks to hedleyroos for the report
2012-07-06 15:33:29 +01:00
Luke Plant 8fdc56d2a6 Fixed #18572 - Python26 string format incompatibility
Thanks to anonymous/AeroNotix for the report
2012-07-06 00:23:02 +01:00
Luke Plant a92e7f37c4 Changed a lot of internal code to use 'format_html' where appropriate/possible 2012-07-03 22:20:12 +01:00
Claude Paroz da200c5e35 Fixed #16519 -- Deprecated mimetype kwarg of HttpResponse __init__
This keyword was already deprecated in the code (supported for
backwards compatibility only), but never formally deprecated.
Thanks Paul McMillan for the report and yasar11732 for the initial
patch.
2012-06-30 21:27:47 +02:00
Chris Beaven c57ba67331 Fixed #14502 again -- saner verbatim closing token
Previously, the closing token for the verbatim tag was specified as the
first argument of the opening token. As pointed out by Jannis, this is
a rather major departure from the core tag standard.

The new method reflects how you can give a specific closing name to
{% block %} tags.
2012-06-19 10:49:33 +12:00
Luke Plant fd6a9d35d9 IfParser.next() method renamed to avoid confusion with iterator protocol. 2012-06-14 23:12:15 +01:00
Luke Plant edee20ff50 Reverted part of 169b1a40 which was mistakenly applied to a non-iterator class.
Doing next(IfParser()) works for Python 2.7, because it calls
IfParser.next(), but in Python 3 will call IfParser.__next__() which does
not work since it is not an iterator and does not have that method.
2012-06-14 23:12:15 +01:00
Claude Paroz 4a103086d5 Fixed #18269 -- Applied unicode_literals for Python 3 compatibility.
Thanks Vinay Sajip for the support of his django3 branch and
Jannis Leidel for the review.
2012-06-07 18:08:47 +02:00
Aymeric Augustin 4464bbba15 Fixed #14502 -- Added a verbatim template tag.
Thanks SmileyChris for the patch.
2012-06-07 09:59:14 +02:00
Claude Paroz edfa95c22f Specified when open should use binary mode.
Thanks Vinaj Sajip for the help of his django3 branch.
2012-05-25 20:43:43 +02:00
Claude Paroz 169b1a404c Replaced foo.next() by next(foo).
This new syntax for next() has been introduced in Python 2.6 and is
compatible with Python 3.
2012-05-10 20:15:49 +02:00
Claude Paroz 865cd35c9b Made more extensive usage of context managers with open. 2012-05-05 14:06:36 +02:00
Aymeric Augustin e84f79f051 Fixed #18042 -- Advanced deprecation warnings.
Thanks Ramiro for the patch.
2012-05-03 15:27:01 +02:00
Aymeric Augustin ddfc7c2530 Fixed #4746 -- Allowed spaces around filter separator. 2012-04-30 21:01:06 +02:00
Claude Paroz 3904b74a3f Fixed #18013 -- Use the new 'as' syntax for exceptions.
Thanks Clueless for the initial patch.
Note that unittest has been purposely left out (external package only used by Python 2.6).
2012-04-29 20:57:15 +02:00
Aymeric Augustin 3e8b40f479 Fixed #17992 -- Added a public API for localtime.
Thanks Bradley Ayers for the report.
2012-04-29 15:37:23 +02:00
Claude Paroz eb351ac9cb Fixed #18037 -- Changed behaviour of url and ssi template tags to the new syntax, as per official deprecation timeline. Thanks Ramiro Morales and Jannis Leidel for the review.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17934 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-24 19:55:52 +00:00
Aymeric Augustin f0697570e9 Fixed #18103 -- Regression introduced in r17895.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17896 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-11 13:00:38 +00:00
Aymeric Augustin 93240b7d90 Fixed #17229 -- Allow 'True', 'False' and 'None' to resolve to the corresponding Python objects in templates.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17894 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-10 20:49:45 +00:00
Claude Paroz 8dd04fd84b Fixed #15683 -- Prevented escaped string to be needlessly marked safe twice in force_escape filter. Thanks tyrion for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17876 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-07 15:16:11 +00:00
Chris Beaven 0e54c23caf Fixed #17660 -- Standardize extends tag token parsing
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17568 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-21 02:59:05 +00:00
Aymeric Augustin 2000f375cd Fixed #17675 -- Changed the implementation of the {% regroup %} template tag to use the context properly when resolving expressions.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17522 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-14 21:29:50 +00:00
Adrian Holovaty 086697b231 Fixed loader_tags.py to import token_kwargs from the correct module
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17419 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-02 17:03:32 +00:00
Adrian Holovaty d6d4d60109 Made a tiny performance improvement in the template system's Parser.parse() -- don't look up the global variables TOKEN_TEXT, etc.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17400 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-01-28 01:50:14 +00:00