Since this package is going to hold both the implementation of the Django
Template Language and the infrastructure for Multiple Template Engines,
it should be untied from the DTL as much as possible within our
backwards-compatibility policy.
Only public APIs (i.e. APIs mentioned in the documentation) were left.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.
The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.
Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.
Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.
Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.
Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:
if isinstance(text, SafeData):
return text
else:
return escape(text)
render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.
This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.
Thanks mitsuhiko for the report.
mark_safe and mark_for_escaping should have been kept similar.
On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
A field for storing periods of time - modeled in Python by timedelta. It
is stored in the native interval data type on PostgreSQL and as a bigint
of microseconds on other backends.
Also includes significant changes to the internals of time related maths
in expressions, including the removal of DateModifierNode.
Thanks to Tim and Josh in particular for reviews.
Added a test for the condition safe_join is designed to prevent.
Previously, a generic ValueError was raised. It was impossible to tell
an intentional exception raised to implement safe_join's contract from
an unintentional exception caused by incorrect inputs or unexpected
conditions. That resulted in bizarre exception catching patterns, which
this patch removes.
Since safe_join is a private API and since the change is unlikely to
create security issues for users who use it anyway -- at worst, an
uncaught SuspiciousFileOperation exception will bubble up -- it isn't
documented.
This also defines QuerySet.__bool__ for consistency though this should not have any consequence as bool(qs) used to fallback on QuerySet.__len__ in Py3.
Translating an empty string used to return the gettext catalog
metadata instead of the empty string.
Thanks Ned Batchelder for the suggestion, Tim Graham for the review
and Anton Berezin and Claude Paroz for contributions to the patch.
This reverts commit 66757fee7e.
Discussions have led to think that this functionality does not
bring significant benefits to justify the added complexity.
Read also discussions on ticket #22734.
This fixes a regression introduced in 6d302f639.
Thanks lorinkoz at gmail.com for the report, Collin Anderson
for the initial patch and Simon Charette for the review.
This fixes the Chinese language issues described in #23005 but
also provides for other fallback exceptions by updating the
LANG_INFO structure.
Thanks caxekis at gmail.com for the report and Tim Graham for the
review.
The rate at which we've increased this has not been keeping up with hardware (and software) improvements, and we're now considerably behind where we should be. The delta between our performance and an optimized implementation's performance prevents us from improving that further, but hopefully once Python 2.7.8 and 3.4+ get into more hands we can more aggressively increase this number.
And follow more closely the class of characters defined in the
RFC 3986.
Thanks Erik van Zijst for the report and the initial patch, and
Tim Graham for the review.
This follows commits 80f4487 and 01399fa; original patch had to be
reverted because it wasn't Python 2.6 compatible and we need it to
be in order to build docs on the djangoproject.com server.
This fix should be replaced by @lru_cache as soon as we drop
Python 2.6 compatibility.
Thanks Florian Apolloner for the review and Alexander Schepanovski
for the original patch.
This reverts commit 80f4487 temporarily, because that commit prevented
the djangoproject.com server from building the docs, because it still
uses Python 2.6.
Python 2.7.7 includes compare_digest in the hmac module, but it requires
both arguments to have the same type. This is usually not a problem on
Python 3 since everything is text, but we have mixed unicode and str on
Python 2 -- hence make sure everything is bytes before feeding it into
compare_digest.
Previously the FORMAT_MODULE_PATH setting only accepted one string (dotted
module path). A feature has been added to also allow a list of strings.
This is useful when using several reusable third party apps that define new
formats. We can now use them all and we can even override some of the formats
by providing a project-wide format module.
Previously the FORMAT_MODULE_PATH setting only accepted one string (dotted
module path).
This is useful when using several reusable third party apps that define new
formats. We can now use them all and we can even override some of the formats
by providing a project-wide format module.
While Node class has a useful `__str__`, its `__repr__` is not that
useful. Added a `__repr__` that makes use of the current `__str__`.
This is especially useful since the more popular `Q` class inherits
`tree.Node`. Also created new tests that cover most of `Node` class
functionality.
This is a bit faster than ours, which is good, because it lets you increase
the iteration counts.
This will be used on Python 3.4+, and, pending the acceptance of PEP466, on
newer Python 2.7s.
There may be more than 100 (default maxsize) commonly seen xx-yy values
on some sites. The additional memory consumption isn't significant.
Also added a comment explaining why this cache must have a maxsize.
Since d2e242d16c6dde6f4736086fb38057424bed3edb made isinstance()
calls work correctly on LazyObject, we can simplify the
implementation of is_local_storage added in
7e27885c6e.
By removing the 'supported' keyword from the detection methods and only relying
on a cached settings.LANGUAGES, the speed of said methods has been improved;
around 4x raw performance. This allows us to stop checking Python's incomplete
list of locales, and rely on a less restrictive regular expression for
accepting certain locales.
HTTP Accept-Language is defined as being case-insensitive, based on this fact
extra performance improvements have been made; it wouldn't make sense to
check for case differences.
When a method decorator was used in conjunction with a decorator
implemented as a descriptor, method_decorator did not correctly respect
the method binding.
Thanks for Graham Dumpleton for the report and initial patch.
This reverts commit 2ee447fb5f.
That commit introduced a regression (#21882) and didn't really
do what it was supposed to: while it did delay the evaluation
of lazy objects passed to mark_safe(), they weren't actually
marked as such so they could end up being escaped twice.
Refs #21882.
This is the result of Christopher Medrela's 2013 Summer of Code project.
Thanks also to Preston Holmes, Tim Graham, Anssi Kääriäinen, Florian
Apolloner, and Alex Gaynor for review notes along the way.
Also: Fixes#8579, fixes#3055, fixes#19844.
Python 3.5 will change the default value of convert_charrefs, so 3.4
gives warnings if it's not present. This is slightly technical as 2.7
doesn't have the kwarg. Thankfully, we already have a bunch of
workarounds for different versions.
Since the app registry is always populated before the first request is
processed, the situation described in #18251 for the old app cache
cannot happen any more.
Refs #18251, #21628.
Copied attributes into the decorated method and special case __name__
copy as this will not be present on a Class object. Added regression
test to decorator suite.
It was not used inside Django, is not tested or documented. Consequently
remove without deprecation path.
Thanks to @vajrasky for bringing it to our attention.
All input is now coerced to text before being normalized.
This changes nothing under Python 2 but it allows bytes
to be passed to the function without a TypeError under Python3
(bytes are assumed to be utf-8 encoded text).
Thanks to trac user vajrasky for the report.
Thanks Curtis Malony and Florian Apolloner.
Squashed commit of the following:
commit 3380495e93
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sat Nov 23 14:18:07 2013 +0100
Looked up the template_fragments cache at runtime.
commit 905a74f52b
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sat Nov 23 14:19:48 2013 +0100
Removed all uses of create_cache.
Refactored the cache tests significantly.
Made it safe to override the CACHES setting.
commit 35e289fe92
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sat Nov 23 12:23:57 2013 +0100
Removed create_cache function.
commit 8e274f747a
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sat Nov 23 12:04:52 2013 +0100
Updated docs to describe a simplified cache backend API.
commit ee7eb0f73e
Author: Curtis Maloney <curtis@tinbrain.net>
Date: Sat Oct 19 09:49:24 2013 +1100
Fixed#21012 -- Thread-local caches, like databases.
Replaced the custom, untested memoize with a similar decorator from Python's
3.2 stdlib. Although some minor performance degradation (see ticket), it is
expected that in the long run lru_cache will outperform memoize once it is
implemented in C.
Thanks to EvilDMP for the report and Baptiste Mispelon for the idea of
replacing memoize with lru_cache.
Add the trimmed option to the blocktrans tag to trim any newlines and
whitespace from its content.
This allows the developer to indent the blocktrans tag without adding
new lines and whitespace to the msgid in the PO file.
Thanks to mpessas for the initial patch and Dmitri Fedortchenko for the
report.
Language codes for Chinese are zh_Hans (Simplified) and zh_Hant (Traditional).
Added support for browsers that still send the deprecated language codes.
Thanks to Olli Wang for the report.
Otherwise the kqueue-based autoreloader may not see changes to files
that weren't imported when the server started.
Thanks Bouke Haarsma for the report and Loïc Bistuer for locating the
problem.
Used pyinotify (when available) to replace the "pool-every-one-second"
mechanism in `django.utils.autoreload`.
Thanks Chris Lamb and Pascal Hartig for work on the patch.
The old 'django_language' variable will still be read from in order
to migrate users. The backwards-compatability shim will be removed in
Django 1.8.
Thanks to jdunck for the report and stugots for the initial patch.
The idea is that if an object implements __html__ which returns a string this is
used as HTML representation (eg: on escaping). If the object is a str or unicode
subclass and returns itself the object is a safe string type.
This is an updated patch based on jbalogh and ivank patches.