Commit Graph

1279 Commits

Author SHA1 Message Date
Ketan Bhatt f31fbbae1a Fixed #26653 -- Made SyndicationFeed.latest_post_date() return time in UTC. 2016-05-30 18:36:15 -04:00
Tim Graham 6f520bf7d8 Added RemovedInDjango21Warning 2016-05-28 21:12:39 -04:00
Florian Apolloner 9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Andre Cruz 929684d6ee Fixed #21231 -- Enforced a max size for GET/POST values read into memory.
Thanks Tom Christie for review.
2016-05-12 10:17:52 -04:00
Tim Graham 2f0e0eee45 Fixed #24046 -- Deprecated the "escape" half of utils.safestring. 2016-05-10 12:46:47 -04:00
Claude Paroz c3e1086949 Stopped truncating AdminEmailHandler message subjects
Refs #26572, #17281. The RFC doesn't limit total length, just the line length
which is already taken care of by Python itself.
Thanks Tim Graham for the review.
2016-05-10 18:17:43 +02:00
Vasiliy Faronov 31e0314979 Fixed #26580 -- Updated references to obsolete RFC 2822.
Didn't rename django.utils.feedgenerator.rfc2822_date()
as some external code may rely on it.
2016-05-10 11:24:51 -04:00
Vasiliy Faronov ac77c55bc5 Fixed #26567 -- Updated references to obsolete RFC2616.
Didn't touch comments where it wasn't obvious that the code adhered to
the newer standard.
2016-05-03 11:14:40 -04:00
Marko Benko 45c7acdc50 Fixed #26281 -- Added a helpful error message for an invalid format specifier to dateformat.format(). 2016-04-20 20:13:52 -04:00
Jeremy Lainé c1aec0feda Fixed #25847 -- Made User.is_(anonymous|authenticated) properties. 2016-04-09 14:54:18 -04:00
Tim Graham df8d8d4292 Fixed E128 flake8 warnings in django/. 2016-04-08 09:51:06 -04:00
Tim Graham 3913a56558 Removed unused django.utils.http.PROTOCOL_TO_PORT.
Unused since b0c56b895f.
2016-04-06 12:29:20 -04:00
Tim Graham 2cd2d18851 Fixed W503 flake8 warnings. 2016-04-04 17:14:26 -04:00
Tim Graham 2c125bded1 Refs #18239 -- Removed an obsolete workaround for bugs in HTMLParser. 2016-03-26 12:48:29 -04:00
Amine Yaiche 32c8e43ef1 Fixed #26378 -- Allowed a left byte of zero in mixed IPv4/IPv6 validation. 2016-03-23 08:18:29 -04:00
Claude Paroz 11c60b5298 Reused the DjangoTranslation class for the javascript_catalog view
Thanks Tim Graham and Cristiano Coelho for the reviews.
Refs #26328, #26319.
2016-03-08 21:39:59 +01:00
Claude Paroz 552f03869e Added safety to URL decoding in is_safe_url() on Python 2
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
2016-03-04 23:33:35 +01:00
Claude Paroz ada7a4aefb Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()
This fixes a regression introduced by c5544d2892.
Thanks John Eskew for the reporti and Tim Graham for the review.
2016-03-04 21:14:14 +01:00
Mark Striemer c5544d2892 Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
This is a security fix.
2016-03-01 11:25:28 -05:00
Nick Malakhov ee69789f45 Fixed #26269 -- Prohibited spaces in is_valid_ipv6_address(). 2016-02-25 18:52:50 -05:00
Alexey Kotlyarov b59f963ad2 Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable. 2016-02-15 11:44:29 -05:00
Jon Dufresne dec334cb66 Fixed #26193 -- Made urlize() trim multiple trailing punctuation. 2016-02-15 09:10:15 -05:00
Marcin Markiewicz f7a9872b91 Fixed #26173 -- Prevented localize_input() from formatting booleans as numbers. 2016-02-09 13:07:33 -05:00
Ben Kraft 13023ba867 Fixed #26122 -- Fixed copying a LazyObject
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4.
2016-01-26 06:56:21 -05:00
userimack 60586dd737 Fixed #26125 -- Fixed E731 flake warnings. 2016-01-25 14:23:43 -05:00
Claude Paroz 104eddbdf6 Fixed #26093 -- Allowed escape sequences extraction by gettext on Python 3
Thanks Sylvain Fankhauser for the report and Tim Graham for the review.
2016-01-23 14:00:55 +01:00
Tim Graham 5b94b17fef Fixed #25999 -- Removed promotion of RemovedInNextVersionWarning to loud by default. 2016-01-14 09:05:43 -05:00
Tim Graham d45cfefbad Refs #25769 -- Updated docs to reflect get_version() uses PEP 0440. 2016-01-13 07:06:34 -05:00
Flavio Curella 0bc5cd6280 Fixed #25684 -- Made runserver use logging for request/response output.
Thanks andreif for the contributing to the patch.
2016-01-11 07:35:17 -05:00
Claude Paroz 632a9f21bc Fixed #26046 -- Fixed a crash with translations and Django-unknown language code
Thanks Jens Lundstrom for the report and Tim Graham for the review.
2016-01-06 20:30:56 +01:00
Benjamin Bach 8ad18103a1 Replaced dict.setdefault() usage to avoid unnecessary object instantiations. 2016-01-05 13:06:23 -05:00
Denis Cornehl 186b6c61bf Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.
Thanks Denis Cornehl for help with the patch.
2016-01-05 09:37:11 -05:00
Claude Paroz cd3c042b04 Fixed #25915 -- Allowed language not in Django's default LANGUAGES
This fixes a regression introduced by a5f6cbce07.
Thanks Gavin Wahl for the report and Tim Graham for the review.
2015-12-18 17:50:16 +01:00
Claude Paroz ed20dd2e85 Fixed #25875 -- Prevented UnicodeDecodeError for Q object repr
Thanks Ben Kraft for the report, and Simon Charette for the review.
2015-12-13 15:07:17 +01:00
Iacopo Spalletti d693074d43 Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().
Thanks to bmispelon and uruz for the initial patch.
2015-12-12 14:46:48 -05:00
Raphaël Hertzog 9f4e031bd3 Fixed #25761 -- Added __cause__.__traceback__ to reraised exceptions.
When Django reraises an exception, it sets the __cause__ attribute even
in Python 2, mimicking Python's 3 behavior for "raise Foo from Bar".
However, Python 3 also ensures that all exceptions have a __traceback__
attribute and thus the "traceback2" Python 2 module (backport of Python
3's "traceback" module) relies on the fact that whenever you have a
__cause__ attribute, the recorded exception also has a __traceback__
attribute.

This is breaking testtools which is using traceback2 (see
https://github.com/testing-cabal/testtools/issues/162).

This commit fixes this inconsistency by ensuring that Django sets
the __traceback__ attribute on any exception stored in a __cause__
attribute of a reraised exception.
2015-12-03 16:31:50 -05:00
Gagaro 34d88944f4 Fixed #25812 -- Restored the ability to use custom formats with the date template filter. 2015-11-28 08:38:45 -05:00
Florian Apolloner 316bc3fc94 Fixed a settings leak possibility in the date template filter.
This is a security fix.
2015-11-24 11:20:29 -05:00
Tim Graham 4921d4e59f Fixed #25769 -- Updated get_version() release candidate naming for PEP 0440. 2015-11-19 10:00:09 -05:00
Tim Graham c7adfe941b Removed redundant termcolors.
Replaced MIGRATE_SUCCESS and MIGRATE_FAILURE with
SUCCESS and ERROR.
2015-11-18 10:26:39 -05:00
Attila Tovt 0a2d3b7387 Fixed #25682 -- Removed bare except clauses. 2015-11-17 14:39:15 -05:00
Jaap Roes 9a2aca6030 Fixed #25743 -- Optimized utils.localize() and localize_input()
Bail early if the input is a string since that's the most common case.
2015-11-12 13:24:53 -05:00
Marti Raudsepp d3e3703a15 Fixed #25720 -- Made gettext() return bytestring on Python 2 if input is bytestring.
This is consistent with the behavior of Django 1.7.x and earlier.
2015-11-11 08:56:10 -05:00
Tim Graham 4c593eaa5f Updated six to 1.10.0. 2015-11-10 22:05:48 -05:00
Dwight Gunning 1f29164ced Fixed #6727 -- Made patch_cache_control() patch an empty Cache-Control header. 2015-11-09 14:26:29 -05:00
Aymeric Augustin 1014ba026e Fixed debug view crash during autumn DST change.
This only happens if USE_TZ = False and pytz is installed (perhaps not
the most logical combination, but who am I to jugde?)

Refs #23714 which essentially fixed the same problem when USE_TZ = True.

Thanks Florian and Carl for insisting until I wrote a complete patch.
2015-11-07 23:17:33 +01:00
Neal Todd c3a974c81e Amended comment to remove reference to the no longer used NullHandler 2015-11-07 16:35:46 +01:00
Ville Skyttä 3ee18400ae Fixed #25668 -- Misc spelling errors 2015-11-03 11:58:13 +02:00
Tim Graham 0b5d32faca Fixed #25611 -- Standardized descriptor signatures. 2015-10-26 11:31:16 -04:00
Claude Paroz 8b5acda821 Fixed #25571 -- Fixed boolean evaluation of ungettext_lazy 2015-10-22 15:17:45 +02:00