Commit Graph

833 Commits

Author SHA1 Message Date
Florian Apolloner 37aea82b1c [1.6.x] Fixed #21253 -- PBKDF2 with cached HMAC key
This gives a 2x speed increase compared to the existing implementation.

Thanks to Steve Thomas for the initial patch and Tim Graham for finishing it.

Backport of 1e4f53a6eb from master.
2013-10-21 19:55:28 +02:00
Aymeric Augustin 5591fe6829 [1.6.x] Fixed #21256 -- Error in datetime_safe.datetime.combine.
Backport of d9b6fb8 from master
2013-10-13 19:11:43 +02:00
Aymeric Augustin f0c7649b16 Fixed #21198 -- Prevented invalid use of @python_2_unicode_compatible.
Thanks jpic for the report and chmodas for working on a patch.

Reverts 2ea80b94. Refs #19362.

Conflicts:
	tests/utils_tests/test_encoding.py
2013-10-13 18:25:21 +02:00
Baptiste Mispelon 15bdc85117 [1.6.x] Fix #21185: Added tests for unescape_entities.
Also fixed a py3 incompatibility.
Thanks to brutasse for the report.

Backport of 3754f4ad41 from master.
2013-09-27 18:06:28 +02:00
Florian Apolloner e5dc08f2db [1.6.x] Fixed #21138 -- Increased the performance of our PBKDF2 implementation.
Thanks go to Michael Gebetsroither for pointing out this issue and help on
the patch.

Backport of 68540fe4df from master.
2013-09-24 21:10:21 +02:00
Paul McMillan 85ba68cc14 [1.6.x] Increased default PBKDF2 iterations
Increases the default PBKDF2 iterations, since computers have gotten
faster since 2011. In the future, we plan to increment by 10% per
major version.

Backport of a075e2ad0d from master
2013-09-19 15:34:59 -04:00
Tim Graham 275497c570 [1.6.x] Fixed #15625 -- Made message in MultiValueDictKeyError less verbose.
Thanks margieroginski for the suggestion.

Backport of 893198509e from master
2013-09-18 06:49:59 -04:00
Aymeric Augustin f9f792eb04 [1.6.x] Took advantage of django.utils.six.moves.urllib.*.
Backport of 6a6428a36 from master.
2013-09-10 21:29:31 +02:00
Aymeric Augustin 7c31e195db [1.6.x] Fixed #18766 -- Pointed to pytz when LocalTimezone fails.
Thanks void for the report.

Backport of ded11aa6 from master.
2013-09-08 09:17:03 +02:00
Max Burstein 92e89452f1 [1.6.x] Fixed #21049 -- Fixed autoreload for Python 3
Changed th system module values check to return a list.
In Python 3 it returns a dict_view which could occassionally produce
a runtime error of "dictionary changed size during iteration".

Backport of 559cb826b8 from master
2013-09-06 17:32:08 -04:00
Aymeric Augustin 7c1efc2fa6 Updated six to version 1.4.1. 2013-09-04 15:23:24 -05:00
Aymeric Augustin 115318051c [1.6.x] Replaced "not PY3" by "PY2", new in six 1.4.0.
Conflicts:
	django/db/backends/oracle/base.py
	django/db/backends/sqlite3/base.py
	django/db/models/base.py

Backport of 365c3e8b from master.
2013-09-03 07:34:45 -05:00
Aymeric Augustin 50012577f3 [1.6.x] Updated the bundled version of six to 1.4.0.
Backport of 42920970 from master.
2013-09-03 07:34:44 -05:00
Simon Charette e7a6eaf5fe [1.6.x] Correctly format missing Pillow/PIL exceptions messages. refs #19934
Backport of b9590a6935 from master.
2013-08-19 18:51:22 -04:00
Jacob Kaplan-Moss 79594b40c0 Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S.
This is a security fix; disclosure to follow shortly.
2013-08-13 11:05:41 -05:00
Florian Apolloner 081a27c358 [1.6.x] Simplified smart_urlquote and added some basic tests.
Backport of b70c371fc1 from master.
2013-07-28 10:07:01 +02:00
SusanTan 40d2687787 [1.6.x] Fixed #20711 -- Fixed broken link in timesince.py docstring
Backport of d63327d843 from master.
2013-07-07 12:40:44 -04:00
Tim Graham 1184d07789 Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk.
uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.

Thanks jonash for the initial patch and claudep for the review.
2013-06-26 13:11:47 -04:00
Aymeric Augustin ffcf24c9ce Removed several unused imports. 2013-06-19 17:18:40 +02:00
Loic Bistuer ee77d4b253 Fixed #20199 -- Allow ModelForm fields to override error_messages from model fields 2013-06-18 08:01:17 -04:00
Florian Apolloner c9d07d251f Fixed loaddata for Django checkouts with non ASCII chars in the name. 2013-06-03 13:18:16 +02:00
Alex Gaynor 09d0568697 Switched to using some constants the hmac module exposes. 2013-06-02 10:31:38 -07:00
Danilo Bargen 127d9b2792 Added minor splitting optimization in django.utils.ipv6._unpack_ipv4 2013-06-01 07:08:13 -04:00
Ramiro Morales 0fa8d43e74 Replaced `and...or...` constructs with PEP 308 conditional expressions. 2013-05-26 23:47:50 -03:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Baptiste Mispelon 2ee447fb5f Fixed #20296 -- Allowed SafeData and EscapeData to be lazy 2013-05-25 16:06:44 +02:00
Claude Paroz b7cf44dde8 Fixed some minor translation-related issues 2013-05-25 14:32:44 +02:00
Claude Paroz c0439b6210 Removed obsolete attribute of DjangoTranslation 2013-05-25 14:01:52 +02:00
Claude Paroz b664cb818d Fixed #19237 (again) - Made strip_tags consistent between Python versions 2013-05-23 14:01:27 +02:00
Claude Paroz dc51ec8bc2 Fixed #19237 -- Used HTML parser to strip tags
The regex method used until now for the strip_tags utility is fast,
but subject to flaws and security issues. Consensus and good
practice lead use to use a slower but safer method.
2013-05-22 17:34:02 +02:00
Claude Paroz fd961941cc Imported copyreg from six.moves 2013-05-21 14:41:39 +02:00
Daniel Lindsley e24d486fbc Fixed #20212 - __reduce__ should only be defined for Py3+. 2013-05-21 00:49:21 -07:00
Łukasz Langa 26e3e7ecb5 Fixed #11915: generic Accept-Language matches country-specific variants 2013-05-19 12:50:09 +02:00
Marc Tamlyn 413735b239 Fix a typo in a comment. 2013-05-19 11:24:36 +02:00
Emil Stenström 7d77e9786a Fixed #20246 -- Added non-breaking spaces between values an units 2013-05-18 23:01:48 +02:00
Florian Apolloner acd0bb39df Fixed #14894 -- Ensure that activating a translation doesn't run into threading issues.
Thanks to maxbublis for the report and sergeykolosov for the patch.
2013-05-18 17:36:31 +02:00
Łukasz Langa 92ebb29c53 Fixes #19919: get_language_from_request() disregards "en-us" and "en" languages
when matching Accept-Language
2013-05-18 14:37:04 +02:00
Florian Apolloner 051cb1f4c6 Fixed #20411 -- Don't let invalid referers blow up CSRF same origin checks.
Thanks to edevil for the report and saz for the patch.
2013-05-18 12:32:47 +02:00
Aymeric Augustin 9c487b5974 Replaced an antiquated pattern.
Thanks Lennart Regebro for pointing it out.
2013-05-17 18:08:58 +02:00
Florian Apolloner 4ecc6da20b Removed unicode literals from PIL compat. 2013-05-15 09:00:09 +02:00
Daniel Lindsley 33793f7c3e Fixed #19934 - Use of Pillow is now preferred over PIL.
This starts the deprecation period for PIL (support to end in 1.8).
2013-05-14 19:32:04 -07:00
Carl Meyer 9012833af8 Fixed #17365, #17366, #18727 -- Switched to discovery test runner.
Thanks to Preston Timmons for the bulk of the work on the patch, especially
updating Django's own test suite to comply with the requirements of the new
runner. Thanks also to Jannis Leidel and Mahdi Yusuf for earlier work on the
patch and the discovery runner.

Refs #11077, #17032, and #18670.
2013-05-10 23:08:45 -04:00
Claude Paroz 4769db6b5f Fixed #20321 -- Added missing key name in MergeDict KeyError message
Thanks mark.harviston et gmail.com for the report.
2013-04-26 08:59:34 +02:00
Alex Gaynor 714161c864 Fix != operations on lazy objects. 2013-04-19 10:58:29 -07:00
Anton Baklanov 59d127e45f Fixed #20276 -- Implemented __bool__ for MergeDict
MergeDict evaluates now to False if all contained dicts are empty.
Thanks til for the report and the initial patch.
2013-04-19 10:08:16 +02:00
Baptiste Mispelon e7b9c11c3f Fixed #20231 -- Don't use allow_lazy on smart_split 2013-04-10 13:05:29 +02:00
Claude Paroz b474ffe63a Fixed #20172 -- Ensured urlize supports IPv4/IPv6 addresses
Thanks Marc Aymerich for the report and the initial patch.
2013-04-01 15:37:37 +02:00
Joe Friedl 2d0db67813 Fixed #20167 -- Preserve the traceback of `ImportError`s in `import_by_path`.
Thanks @carljm for the review.
2013-03-31 23:00:06 -04:00
Gavin Wahl ec04fd1344 Fixed spelling errors 2013-03-28 11:16:53 -06:00
Andreas 35cab0f8e4 Fixed #20016: worked around Jython not having a buffer. 2013-03-27 13:39:52 -05:00