Florian Apolloner
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Andre Cruz
929684d6ee
Fixed #21231 -- Enforced a max size for GET/POST values read into memory.
...
Thanks Tom Christie for review.
2016-05-12 10:17:52 -04:00
Tim Graham
2f0e0eee45
Fixed #24046 -- Deprecated the "escape" half of utils.safestring.
2016-05-10 12:46:47 -04:00
Claude Paroz
c3e1086949
Stopped truncating AdminEmailHandler message subjects
...
Refs #26572 , #17281 . The RFC doesn't limit total length, just the line length
which is already taken care of by Python itself.
Thanks Tim Graham for the review.
2016-05-10 18:17:43 +02:00
Vasiliy Faronov
31e0314979
Fixed #26580 -- Updated references to obsolete RFC 2822.
...
Didn't rename django.utils.feedgenerator.rfc2822_date()
as some external code may rely on it.
2016-05-10 11:24:51 -04:00
Vasiliy Faronov
ac77c55bc5
Fixed #26567 -- Updated references to obsolete RFC2616.
...
Didn't touch comments where it wasn't obvious that the code adhered to
the newer standard.
2016-05-03 11:14:40 -04:00
Marko Benko
45c7acdc50
Fixed #26281 -- Added a helpful error message for an invalid format specifier to dateformat.format().
2016-04-20 20:13:52 -04:00
Jeremy Lainé
c1aec0feda
Fixed #25847 -- Made User.is_(anonymous|authenticated) properties.
2016-04-09 14:54:18 -04:00
Tim Graham
df8d8d4292
Fixed E128 flake8 warnings in django/.
2016-04-08 09:51:06 -04:00
Tim Graham
3913a56558
Removed unused django.utils.http.PROTOCOL_TO_PORT.
...
Unused since b0c56b895f
.
2016-04-06 12:29:20 -04:00
Tim Graham
2cd2d18851
Fixed W503 flake8 warnings.
2016-04-04 17:14:26 -04:00
Tim Graham
2c125bded1
Refs #18239 -- Removed an obsolete workaround for bugs in HTMLParser.
2016-03-26 12:48:29 -04:00
Amine Yaiche
32c8e43ef1
Fixed #26378 -- Allowed a left byte of zero in mixed IPv4/IPv6 validation.
2016-03-23 08:18:29 -04:00
Claude Paroz
11c60b5298
Reused the DjangoTranslation class for the javascript_catalog view
...
Thanks Tim Graham and Cristiano Coelho for the reviews.
Refs #26328 , #26319 .
2016-03-08 21:39:59 +01:00
Claude Paroz
552f03869e
Added safety to URL decoding in is_safe_url() on Python 2
...
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218
and ada7a4aef
.
2016-03-04 23:33:35 +01:00
Claude Paroz
ada7a4aefb
Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()
...
This fixes a regression introduced by c5544d2892
.
Thanks John Eskew for the reporti and Tim Graham for the review.
2016-03-04 21:14:14 +01:00
Mark Striemer
c5544d2892
Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
Nick Malakhov
ee69789f45
Fixed #26269 -- Prohibited spaces in is_valid_ipv6_address().
2016-02-25 18:52:50 -05:00
Alexey Kotlyarov
b59f963ad2
Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable.
2016-02-15 11:44:29 -05:00
Jon Dufresne
dec334cb66
Fixed #26193 -- Made urlize() trim multiple trailing punctuation.
2016-02-15 09:10:15 -05:00
Marcin Markiewicz
f7a9872b91
Fixed #26173 -- Prevented localize_input() from formatting booleans as numbers.
2016-02-09 13:07:33 -05:00
Ben Kraft
13023ba867
Fixed #26122 -- Fixed copying a LazyObject
...
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4
.
2016-01-26 06:56:21 -05:00
userimack
60586dd737
Fixed #26125 -- Fixed E731 flake warnings.
2016-01-25 14:23:43 -05:00
Claude Paroz
104eddbdf6
Fixed #26093 -- Allowed escape sequences extraction by gettext on Python 3
...
Thanks Sylvain Fankhauser for the report and Tim Graham for the review.
2016-01-23 14:00:55 +01:00
Tim Graham
5b94b17fef
Fixed #25999 -- Removed promotion of RemovedInNextVersionWarning to loud by default.
2016-01-14 09:05:43 -05:00
Tim Graham
d45cfefbad
Refs #25769 -- Updated docs to reflect get_version() uses PEP 0440.
2016-01-13 07:06:34 -05:00
Flavio Curella
0bc5cd6280
Fixed #25684 -- Made runserver use logging for request/response output.
...
Thanks andreif for the contributing to the patch.
2016-01-11 07:35:17 -05:00
Claude Paroz
632a9f21bc
Fixed #26046 -- Fixed a crash with translations and Django-unknown language code
...
Thanks Jens Lundstrom for the report and Tim Graham for the review.
2016-01-06 20:30:56 +01:00
Benjamin Bach
8ad18103a1
Replaced dict.setdefault() usage to avoid unnecessary object instantiations.
2016-01-05 13:06:23 -05:00
Denis Cornehl
186b6c61bf
Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.
...
Thanks Denis Cornehl for help with the patch.
2016-01-05 09:37:11 -05:00
Claude Paroz
cd3c042b04
Fixed #25915 -- Allowed language not in Django's default LANGUAGES
...
This fixes a regression introduced by a5f6cbce07
.
Thanks Gavin Wahl for the report and Tim Graham for the review.
2015-12-18 17:50:16 +01:00
Claude Paroz
ed20dd2e85
Fixed #25875 -- Prevented UnicodeDecodeError for Q object repr
...
Thanks Ben Kraft for the report, and Simon Charette for the review.
2015-12-13 15:07:17 +01:00
Iacopo Spalletti
d693074d43
Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().
...
Thanks to bmispelon and uruz for the initial patch.
2015-12-12 14:46:48 -05:00
Raphaël Hertzog
9f4e031bd3
Fixed #25761 -- Added __cause__.__traceback__ to reraised exceptions.
...
When Django reraises an exception, it sets the __cause__ attribute even
in Python 2, mimicking Python's 3 behavior for "raise Foo from Bar".
However, Python 3 also ensures that all exceptions have a __traceback__
attribute and thus the "traceback2" Python 2 module (backport of Python
3's "traceback" module) relies on the fact that whenever you have a
__cause__ attribute, the recorded exception also has a __traceback__
attribute.
This is breaking testtools which is using traceback2 (see
https://github.com/testing-cabal/testtools/issues/162 ).
This commit fixes this inconsistency by ensuring that Django sets
the __traceback__ attribute on any exception stored in a __cause__
attribute of a reraised exception.
2015-12-03 16:31:50 -05:00
Gagaro
34d88944f4
Fixed #25812 -- Restored the ability to use custom formats with the date template filter.
2015-11-28 08:38:45 -05:00
Florian Apolloner
316bc3fc94
Fixed a settings leak possibility in the date template filter.
...
This is a security fix.
2015-11-24 11:20:29 -05:00
Tim Graham
4921d4e59f
Fixed #25769 -- Updated get_version() release candidate naming for PEP 0440.
2015-11-19 10:00:09 -05:00
Tim Graham
c7adfe941b
Removed redundant termcolors.
...
Replaced MIGRATE_SUCCESS and MIGRATE_FAILURE with
SUCCESS and ERROR.
2015-11-18 10:26:39 -05:00
Attila Tovt
0a2d3b7387
Fixed #25682 -- Removed bare except clauses.
2015-11-17 14:39:15 -05:00
Jaap Roes
9a2aca6030
Fixed #25743 -- Optimized utils.localize() and localize_input()
...
Bail early if the input is a string since that's the most common case.
2015-11-12 13:24:53 -05:00
Marti Raudsepp
d3e3703a15
Fixed #25720 -- Made gettext() return bytestring on Python 2 if input is bytestring.
...
This is consistent with the behavior of Django 1.7.x and earlier.
2015-11-11 08:56:10 -05:00
Tim Graham
4c593eaa5f
Updated six to 1.10.0.
2015-11-10 22:05:48 -05:00
Dwight Gunning
1f29164ced
Fixed #6727 -- Made patch_cache_control() patch an empty Cache-Control header.
2015-11-09 14:26:29 -05:00
Aymeric Augustin
1014ba026e
Fixed debug view crash during autumn DST change.
...
This only happens if USE_TZ = False and pytz is installed (perhaps not
the most logical combination, but who am I to jugde?)
Refs #23714 which essentially fixed the same problem when USE_TZ = True.
Thanks Florian and Carl for insisting until I wrote a complete patch.
2015-11-07 23:17:33 +01:00
Neal Todd
c3a974c81e
Amended comment to remove reference to the no longer used NullHandler
2015-11-07 16:35:46 +01:00
Ville Skyttä
3ee18400ae
Fixed #25668 -- Misc spelling errors
2015-11-03 11:58:13 +02:00
Tim Graham
0b5d32faca
Fixed #25611 -- Standardized descriptor signatures.
2015-10-26 11:31:16 -04:00
Claude Paroz
8b5acda821
Fixed #25571 -- Fixed boolean evaluation of ungettext_lazy
2015-10-22 15:17:45 +02:00
Tim Graham
04ecc26223
Removed SimpleLazyObject workaround for a Python 3 bug.
...
The workaround added in fe8484efda
seems unnecessary as the Python bug is fixed in Python 3.4.
2015-10-05 09:46:59 -04:00
Tim Graham
ea8e7fd989
Removed obsolete (since Python 2.3) __safe_for_unpickling__ attribute.
2015-10-05 08:07:27 -04:00