Commit Graph

822 Commits

Author SHA1 Message Date
Marten Kenbeek bc7923beff Fixed #24127 -- Changed the default current_app to the current namespace.
Changed the url template tag to use request.resolver_match.namespace as a
default for the current_app argument if request.current_app is not set.
2015-07-27 09:14:48 -04:00
Luke Plant 8a5eadd140 Corrected HTML-escaping behaviour of url template tag.
Due to the URL encoding applied by the tag for all parameters that might be
partly controllable by an end-user, there are no XSS/security problems
caused by this bug, only invalid HTML.
2015-07-21 14:04:58 +01:00
Tim Graham 1fed8dd715 Fixed #25120 -- Deprecated egg template loader. 2015-07-16 09:32:42 -04:00
Tim Graham 69483e022a Removed some u string prefixes in code comments. 2015-07-06 09:17:28 -04:00
Tim Graham 8556978078 Removed unused variable template.base.ALLOWED_VARIABLE_CHARS.
Unused since 5d863f1fbd.
2015-07-06 08:49:24 -04:00
Ned Batchelder 3b81dbe844 Used %r in the TextNode repr to show newlines better. 2015-06-30 09:54:18 -04:00
Andriy Sokolovskiy 1d40204f82 Removed unnecessary return 2015-06-29 17:14:29 -04:00
Andriy Sokolovskiy 4359be023b Removed unreachable code 2015-06-29 17:14:29 -04:00
Luke Plant aef2a0ec59 Fixed #25018 -- Changed simple_tag to apply conditional_escape() to its output.
This is a security hardening fix to help prevent XSS (and incorrect HTML)
for the common use case of simple_tag.

Thanks to Tim Graham for the review.
2015-06-29 08:16:19 -04:00
Tim Graham 7da3923ba0 Sorted imports in __init__.py files. 2015-06-27 11:53:33 -04:00
Noam e291fc4757 Fixed #25031 -- Fixed a regression in the unordered_list template filter. 2015-06-27 09:37:41 -04:00
Tim Graham aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap.
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Tim Graham 3872a33132 Fixed #24979 -- Removed usage of inspect.getargspec(). 2015-06-15 13:43:22 -04:00
Matthew Somerville a391b17ad2 Fixed #23516 -- Added caching of include tag Template objects
This also speeds up for loops that render the same template
multiple times.
2015-06-06 09:25:11 -04:00
Paweł Marczewski 300e8baf94 Fixed #24847 -- Prevented items set on a RequestContext from being lost. 2015-05-27 10:04:57 -04:00
Preston Timmons 655f524915 Fixed #17085, #24783 -- Refactored template library registration.
* Converted the ``libraries`` and ``builtins`` globals of
  ``django.template.base`` into properties of the Engine class.
* Added a public API for explicit registration of libraries and builtins.
2015-05-21 09:12:06 -05:00
Piotr Jakimiak 4157c502a5 Removed unnecessary arguments in .get method calls 2015-05-13 20:51:18 +02:00
Preston Timmons d17a035132 Moved engine-related exceptions to django.template.exceptions.
With the introduction of multiple template engines these exceptions are no
longer DTL-specific. It makes more sense for them to be moved out of
DTL-related modules.
2015-05-06 17:33:47 -05:00
Preston Timmons adff499e47 Fixed #24119, #24120 -- Formalized debug integration for template backends. 2015-05-06 17:33:47 -05:00
Aymeric Augustin 1563b897c4 Fixed #24685 -- Fixed check for template name unicity.
Thanks Preston Timmons for the report.
2015-05-03 21:49:16 +02:00
Preston Timmons fc21471526 Fixed #15053 -- Enabled recursive template loading. 2015-04-22 14:49:00 -05:00
Curtis Maloney 14ecbd02a3 Removed cases of six.iter* wrapped in a list()
There's absolutely no advantage [and a mild performance hit] to using six.iter*
in these cases.
2015-04-18 23:29:29 +10:00
Tommy Beadle 6bfd864ff2 Fixed #24603 -- Allowed Context.update() to be used as a context manager. 2015-04-14 08:01:16 -04:00
Craig Oldford 75bc5bc634 Fixed #12199 -- Added the ability to use "as" with the firstof template tag. 2015-04-14 07:19:47 -04:00
Preston Timmons a1842e3299 Updated docstring for firstof tag to reflect new auto-escaping behavior. 2015-04-03 07:28:18 -04:00
Preston Timmons 0808ccce38 Fixed #23441, #24555 -- Improved the behavior of InclusionNode.
This change:

* Makes the InclusionNode cache-safe by removing render-time side effects
  to its nodelist.
* Ensures the render_context stack is properly scoped and reset by updating
  the render call to use Template.render rather than Nodelist.render.
2015-04-01 13:02:19 -04:00
Tim Heap 4ea1909d3c Fixed #24538 -- Allowed self in Jinja context
Rendering a Jinja template with self in the context threw an error.
While self is a reserved variable in Jinja, including self in the
context is not an error, so Django should respect that.
2015-04-01 12:26:57 -04:00
Caroline Simpson dc5b01ad05 Fixed #18773 -- Added logging for template variable resolving
Added a django.template logger without a default handler. Added
logging if there is an exception while resolving variables in a
template.
2015-03-27 19:19:48 -04:00
Preston Timmons 55f12f8709 Cleaned up the template debug implementation.
This patch does three major things:

* Merges the django.template.debug implementation into django.template.base.

* Simplifies the debug implementation.

  The old implementation copied debug information to every token and node.
  The django_template_source attribute was set in multiple places, some
  quite hacky, like django.template.defaulttags.ForNode.

  Debug information is now annotated in two high-level places:

  * Template.compile_nodelist for errors during parsing
  * Node.render_annotated for errors during rendering

  These were chosen because they have access to the template and context
  as well as to all exceptions that happen during either the parse or
  render phase.

* Moves the contextual line traceback information creation from
  django.views.debug into django.template.base.Template. The debug views now
  only deal with the presentation of the debug information.
2015-03-20 08:58:07 -04:00
Jon Walsh 8d90489fe0 Fixed typo in escape_filter() docstring. 2015-03-19 07:21:38 -04:00
Preston Timmons 388e79e9fc Fixed #24493 -- Added BaseContext.setdefault() 2015-03-16 13:13:02 -04:00
Claude Paroz a52cd407b8 Fed tuples to startswith when appropriate 2015-03-13 21:58:28 +01:00
Erik Romijn fa350e2f30 Fixed #24464 -- Made built-in HTML template filter functions escape their input by default.
This may cause some backwards compatibility issues, but may also
resolve security issues in third party projects that fail to heed warnings
in our documentation.

Thanks Markus Holtermann for help with tests and docs.
2015-03-09 09:29:58 -04:00
Tim Graham c36b60836b Fixed #24451 -- Deprecated comma-separated {% cycle %} syntax. 2015-03-07 07:42:39 -05:00
Preston Timmons 70123cf084 Fixed #24399 -- Made filesystem loaders use more specific exceptions. 2015-03-03 21:20:46 +01:00
Preston Timmons 358850781f Fixed #24372 - Replaced TokenParser usage with traditional parsing. 2015-03-02 18:25:28 -05:00
Corey Farwell 4fdc7015c0 Used dict comprehension in URLNode
4468c08d7 replaced a lot of the old `dict()` comprehensions
with the new style, but missed this one.
2015-03-02 08:50:27 -05:00
Preston Timmons 80d6b6b863 Fixed #24409 -- Combined the app_directories and filesystem loader implementation.
Besides the directories they look in, these two loaders are functionally
the same. This removes unnecessary code duplication between the two.
2015-03-02 07:53:58 -05:00
Aymeric Augustin 51b606f75d Removed a non-obvious side-effect of assigning Context.template.
Explicit is better than implicit.
2015-02-20 22:27:48 +01:00
Aymeric Augustin 1bfcc950ab Set context.template instead of context.engine while rendering.
This opens more possibilities, like accessing context.template.origin.

It also follows the chain of objects instead of following a shortcut.
2015-02-19 22:08:11 +01:00
Tim Graham 098fa12dd3 Refs #24324 -- Fixed crash in {% debug %} tag on Python 2.
If Django is installed in a path that contains non-ASCII characters,
the tag failed with UnicodeDecodeError.
2015-02-18 07:24:13 -05:00
Tim Graham bad6280c4e Refs #24324 -- Fixed get_app_template_dirs() UnicodeDecodeError on Python 2.
The function implemented most of upath(), but skipped the check for
strings that are already unicode.
2015-02-17 08:19:58 -05:00
Preston Timmons ad9ecc2c20 Removed unnecessary __init__ definition from DebugLexer. 2015-02-16 19:00:02 +01:00
Aymeric Augustin 15b711b5ee Deprecated TEMPLATE_DEBUG setting. 2015-02-15 20:47:04 +01:00
Aymeric Augustin 47ee7b48ad Fixed #24338 -- Accepted Template wrapper in {% extends %}.
Explicitly checking for django.template.Template subclasses is
preferrable to duck-typing because both the django.template.Template and
django.template.backends.django.Template have a render() method.

Thanks spectras for the report.
2015-02-14 10:21:06 +01:00
Aymeric Augustin f2c104ada6 Split DTL context creation into its own function.
This reduces the length of rope RequestContext gives users to hang
themselves with.

Thanks Alex Hill for the report and Tim Graham for the review.
2015-02-10 14:34:05 +01:00
Alex Gaynor 8099d33b65 Simplified the lazy CSRF token implementation in csrf context processor.
This significantly improves performance on PyPy. The previous
implementation would generate a new class on every single request,
which is relatively slow.
2015-02-08 15:02:43 -05:00
Collin Anderson db77915c9f Fixed E265 comment style 2015-02-06 09:30:35 -05:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Aymeric Augustin 44ad691558 Fixed #24265 -- Preserved template backend loading exceptions.
If importing or initializing a template backend fails, attempting to
access this template backend again must raise the same exception.
2015-02-05 20:06:18 +01:00
Aymeric Augustin 31d3a35579 Fixed #24273 -- Allowed copying RequestContext more than once.
Thanks Collin Anderson for the report.
2015-02-05 13:21:50 +01:00
Preston Timmons 5bc5ddd8b5 Fixed #24235 -- Removed is_usable attribute from template loaders. 2015-02-04 07:47:28 -05:00
Preston Timmons cd4282816d Fixed #18651 -- Enabled optional assignments for simple_tag(). 2015-02-03 10:44:33 -05:00
Aymeric Augustin 2133f3157e Fixed #24168 -- Allowed selecting a template engine in a few APIs.
Specifically in rendering shortcuts, template responses, and class-based
views that return template responses.

Also added a test for render_to_response(status=...) which was missing
from fdbfc980.

Thanks Tim and Carl for the review.
2015-02-03 08:29:45 +01:00
David Robles d60b96d988 Fixed typo in 'Django Template Language' 2015-01-17 03:05:28 +01:00
Aymeric Augustin 79deb6a071 Accounted for multiple template engines in template responses. 2015-01-12 21:01:34 +01:00
Aymeric Augustin a3e783fe11 Deprecated passing a Context to a generic Template.render.
A deprecation path is required because the return type of
django.template.loader.get_template changed during the
multiple template engines refactor.

test_csrf_token_in_404 was incorrect: it tested the case when the
hardcoded template was rendered, and that template doesn't depend on the
CSRF token. This commit makes it test the case when a custom template is
rendered.
2015-01-12 21:01:34 +01:00
Aymeric Augustin 71b7668b75 Rewrapped TemplateSyntaxError in Jinja2 backend.
Changed import style to avoid confusion between Django's and Jinja2's
APIs.
2015-01-12 21:01:34 +01:00
Ola Sitarska d563e3be68 Fixed #23913 -- Deprecated the `=` comparison in `if` template tag. 2015-01-11 15:21:01 -05:00
Aymeric Augustin eaa1a22341 Added a request argument to render_to_string.
This is for consistency with Template.render.

It adds a little bit of knowledge about HTTP requests in
django.template.loader but I think consistency trumps purity.
2015-01-07 21:54:22 +01:00
Aymeric Augustin 118592663d Exposed Engine in the django.template namespace.
It's the main entrypoint to the refactored template system.
2015-01-07 21:54:22 +01:00
Aymeric Augustin 0cdb09d489 Made context take priority over context processors.
This is the expected behavior, but given RequestContext's tortuous
implementation, a straightforward use of its API results in the
opposite.

This commits fixes a regression that must have happened at different
points in the multiple templates engine refactor for different features.
2015-01-06 22:02:27 +01:00
Aymeric Augustin ed220c4cbe Added comments to remove Engine.render_to_string in Django 2.0.
Since this is a private API introduced in Django 1.8, no documentation
is required.
2015-01-06 22:02:26 +01:00
Preston Timmons de9ebdd39c Fixed #24022 -- Deprecated the ssi tag. 2015-01-05 19:35:02 -05:00
Aymeric Augustin 932d449f00 Explained the structure of django.template. 2014-12-28 17:02:31 +01:00
Aymeric Augustin b7282db833 Raised a warning when using the legacy TEMPLATE_* settings.
All tests now rely on TEMPLATES.
2014-12-28 17:02:31 +01:00
Aymeric Augustin 9eb4f28e89 Deprecated TEMPLATE_CONTEXT_PROCESSORS. 2014-12-28 17:02:31 +01:00
Aymeric Augustin 84d7c93feb Raised an error when allowed_include_roots is a string.
This avoids leaving projects silently vulnerable when this option is set
to a string instead of a one-item tuple containing that string, a very
common misconfiguration.
2014-12-28 17:02:29 +01:00
Aymeric Augustin cf1f36bb6e Deprecated current_app in TemplateResponse and render(_to_response). 2014-12-28 17:02:29 +01:00
Aymeric Augustin e53495ba33 Preserved context class in inclusion_tag.
Previously, when a template was rendered with RequestContext, inclusion
tags were rendered with a plain context, losing additional information
available in the RequestContext.

The (admittedly bizarre) implementation of RequestContext.new() has the
side-effect of not running template context processors, making this
change backwards-compatible.
2014-12-28 17:02:29 +01:00
Aymeric Augustin a0141f9eac Simplified implementation of django.shortcuts.render(_to_response).
*args, **kwargs brought more confusion than concision.
2014-12-28 17:00:07 +01:00
Aymeric Augustin 92e8f1f302 Moved context_processors from django.core to django.template. 2014-12-28 17:00:07 +01:00
Aymeric Augustin c599f233b1 Added a comment about the last use of Engine.get_default(). 2014-12-28 17:00:07 +01:00
Aymeric Augustin 90805b240f Supported multiple template engines in render_to_string.
Adjusted its API through a deprecation path according to the DEP.
2014-12-28 16:23:02 +01:00
Aymeric Augustin f9a6ebf6f5 Removed extraneous arguments in Engine.from_string.
This aligns the Django Template Engine API with the common template
backend API.
2014-12-28 16:23:02 +01:00
Aymeric Augustin f50a09f2cd Removed private API get_template_from_string.
It wasn't documented and it wasn't used anywhere.
2014-12-28 16:23:01 +01:00
Aymeric Augustin 5523e4cdbb Removed private API find_template.
It wasn't documented and it wasn't used anywhere, except in a few tests
that don't test it specifically and can be rewritten with get_template.
2014-12-28 16:23:01 +01:00
Aymeric Augustin 4ea43ac915 Supported multiple template engines in get_template and select_template.
This commit changes the return type of these two functions. Instead of
returning a django.template.Template they return a backend-specific
Template class that must implement render(self, context).
2014-12-28 16:23:01 +01:00
Aymeric Augustin 6854998c8f Looked up the default template engine in the list of all engines. 2014-12-28 16:23:01 +01:00
Aymeric Augustin b34b8a12b7 Passed a reference to the current engine when instantiating Template. 2014-12-28 16:23:00 +01:00
Aymeric Augustin 24dffaf0cb Removed some uses of global APIs from django.template.loader. 2014-12-28 16:23:00 +01:00
Aymeric Augustin 1eca0e95cf Added Django template backend. 2014-12-28 16:08:35 +01:00
Aymeric Augustin 44de7218a5 Added jinja2 template backend. 2014-12-28 16:08:34 +01:00
Aymeric Augustin 86c75996f0 Added dummy template backend. 2014-12-28 16:08:34 +01:00
Aymeric Augustin 1acfd624d6 Added initial support for loading template engines. 2014-12-28 16:08:31 +01:00
Aymeric Augustin b19693e6d8 Imported BaseEngine from the DEP.
i18n is left aside for now.
2014-12-28 15:57:11 +01:00
Aymeric Augustin 7eefdbf7ab Cleaned up the django.template namespace.
Since this package is going to hold both the implementation of the Django
Template Language and the infrastructure for Multiple Template Engines,
it should be untied from the DTL as much as possible within our
backwards-compatibility policy.

Only public APIs (i.e. APIs mentioned in the documentation) were left.
2014-12-28 14:47:31 +01:00
Aymeric Augustin bfa21ddf76 Renamed get_template_from_string to from_string.
The shorter name is just as explicit and, well, shorter.
2014-12-28 14:47:31 +01:00
Aymeric Augustin b3eda6ec3e Simplified handling of a default value. 2014-12-28 14:47:30 +01:00
Aymeric Augustin 6d52f6f8e6 Fixed #23831 -- Supported strings escaped by third-party libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Jon Dufresne 4468c08d70 Fixed #23968 -- Replaced list comprehension with generators and dict comprehension 2014-12-08 07:58:23 -05:00
Berker Peksag 560b4207b1 Removed redundant numbered parameters from str.format().
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Baptiste Mispelon c335c0fee9 Fixed #23914 -- Improved {% now %} to allow storing its result in the context.
Thanks to Tim for the review.
2014-11-25 22:11:35 +01:00
Aymeric Augustin 6294bd3903 Encapsulated TEMPLATE_DEBUG in Engine. 2014-11-23 11:54:17 +01:00
Aymeric Augustin 47a131b944 Encapsulated TEMPLATE_STRING_IF_INVALID in Engine. 2014-11-23 11:53:53 +01:00
Aymeric Augustin 37505b6397 Encapsulated TEMPLATE_CONTEXT_PROCESSORS in Engine.
Since RequestContext doesn't know its Engine until it's passed to
Template.render() -- and cannot without breaking a widely used public
API -- an elaborate hack is required to apply context processors.
2014-11-23 11:53:18 +01:00
Aymeric Augustin 98ac69af53 Encapsulated ALLOWED_INCLUDE_ROOTS in Engine. 2014-11-23 11:52:54 +01:00
Aymeric Augustin 246cfdeae3 Moved make_origin into the Engine class. 2014-11-23 11:52:45 +01:00
Aymeric Augustin 240ea67ce0 Move compile_string into the Engine class. 2014-11-23 11:52:25 +01:00
Aymeric Augustin 5b1bb40216 Added to each Context a reference to the Engine.
It's only available during the rendering.
2014-11-23 11:52:22 +01:00
Aymeric Augustin a2dd08666c Removed dependency of template loaders on Django settings. 2014-11-23 11:52:14 +01:00
Aymeric Augustin 29a977ab14 Moved template loaders management in Engine.
Passed the engine instance to loaders. This is a prerequisite for
looking up configuration on the engine instance instead of global
settings.

This is backwards incompatible for custom template loaders that override
__init__. However the documentation doesn't talk about __init__ and the
way to pass arguments to custom template loaders isn't specified. I'm
considering it a private API.
2014-11-23 11:52:12 +01:00
Aymeric Augustin 544a716da8 Removed unused API get_template_loaders.
It was introduced in a recent refactoring so this isn't an issue.

Then renamed _get_template_loaders to get_template_loaders.
2014-11-23 11:51:31 +01:00
Aymeric Augustin 572cdb4391 Introduced a template engine class.
Moved Django templates loading infrastructure there.
2014-11-23 09:29:53 +01:00
Aymeric Augustin 17012b6936 Deprecated dirs argument to override TEMPLATE_DIRS.
Cancels 2f0566fa. Refs #4278.
2014-11-23 09:29:33 +01:00
Aymeric Augustin 7331788300 Avoided rewrapping Contexts in render_to_response.
This change preserves backwards-compatibility for a very common misuse
of render_to_response which even occurred in the official documentation.

It fixes that misuse wherever it happened in the code base and docs.

Context.__init__ is documented as accepting a dict and nothing else.
Since Context is dict-like, Context(Context({})) could work to some
extent. However, things get complicated with RequestContext and that
gets in the way of refactoring the template engine. This is the real
rationale for this change.
2014-11-22 17:58:38 +01:00
Aymeric Augustin f88ad710fa Simplified caching of template context processors. 2014-11-19 21:35:39 +01:00
Aymeric Augustin a97e72aaab Simplified caching of templatetags modules. 2014-11-19 21:35:39 +01:00
Aymeric Augustin fab26cf5e0 Removed support for function-based template loaders.
They were deprecated in Django 1.2 but not all the supporting code was
removed in Django 1.4. Since the remaining code was unlikely to be
functional (pun intended) e.g. it would crash unless the loader
function had an is_usable attribute, this commit completes the removal
immediately instead of starting another deprecation path.
2014-11-16 22:18:33 +01:00
Aymeric Augustin e87bee6f50 Used get_template_loaders in the cached loader.
This ensures that enabling the cached loader doesn't change behavior.

(Before this commit, it did when the list contained unusable loaders.)
2014-11-16 21:41:44 +01:00
Aymeric Augustin 9eeb788cfb Refactored getting the list of template loaders.
This provides the opportunity to move utility functions specific to the
Django Template Language outside of django.template.loader.
2014-11-16 21:41:44 +01:00
Aymeric Augustin 1851dcf377 Deprecated function-based loaders. 2014-11-16 21:41:42 +01:00
Aymeric Augustin 0bf99193f8 Removed obsolete comment.
It didn't account for class-based template loaders.
2014-11-16 21:40:54 +01:00
Aymeric Augustin d58597a7b8 Refactored listing template subdirectories in apps.
This change has the nice side effect of removing code that ran at import
time and depended on the app registry at module level -- a notorious
cause of AppRegistryNotReady exceptions.
2014-11-16 21:28:43 +01:00
Aymeric Augustin cd7146debe Removed skip_template argument of locmem.Loader.load_template_source.
It didn't do anything, wasn't documented and wasn't used anywhere.
2014-11-16 21:28:37 +01:00
Aymeric Augustin c211c59b4a Removed the "test:" prefix from locmem template identifiers.
Since it isn't branded as a test utility any more and could be used for
other purposes than test code, that prefix no longer makes sense.

It wasn't used anywhere either.
2014-11-16 21:28:31 +01:00
Aymeric Augustin 2577ae6a08 Moved all template loaders under django.template.loaders.
Reformatted the code of base.Loader according to modern standards.

Turned the test template loader into a regular locmem.Loader -- but
didn't document it.

Added a normal deprecation path for BaseLoader which is a public API.

Added an accelerated deprecation path for TestTemplateLoader which is
a private API.
2014-11-16 21:28:26 +01:00
Grzegorz Slusarek b4bb5cd0a3 Fixed #23585 - Corrected internal comment.
Removed misleading comment and provide correct one, explaining
idea behind hardcoded CSRF template context processor.
2014-11-15 14:07:31 +01:00
Tim Graham 42b5e4feea Fixed #23730 -- Moved support for SimpleCookie HIGHEST_PROTOCOL pickling to http.cookie.
This fix is necessary for Python 3.5 compatibility (refs #23763).

Thanks Berker Peksag for review.
2014-11-12 19:04:45 +01:00
Aymeric Augustin 3bc7a14ea5 Normalized opening a file and decoding its content.
`io.open` is required on Python 2.7. Just `open` would work on Python 3.
2014-11-11 22:54:27 +01:00
Aymeric Augustin b8ba73cd0c Raised SuspiciousFileOperation in safe_join.
Added a test for the condition safe_join is designed to prevent.

Previously, a generic ValueError was raised. It was impossible to tell
an intentional exception raised to implement safe_join's contract from
an unintentional exception caused by incorrect inputs or unexpected
conditions. That resulted in bizarre exception catching patterns, which
this patch removes.

Since safe_join is a private API and since the change is unlikely to
create security issues for users who use it anyway -- at worst, an
uncaught SuspiciousFileOperation exception will bubble up -- it isn't
documented.
2014-11-11 19:05:14 +01:00
Luke Plant b748a8bc67 Fixed #23789 -- TemplateResponse handles context differently from render 2014-11-10 14:47:45 +00:00
David Hoffman 03467368db Fixed #23558 -- documented slugify limitations 2014-10-30 09:02:04 -04:00
Martin Matusiak ae5dbe5aa8 Fixed comment typo in django/template/__init__.py 2014-10-04 08:00:00 -04:00
Tim Graham 12809e1609 Fixed #23489 -- Added numpy 1.9+ support in template lookups 2014-09-29 19:51:39 -04:00
Tim Graham 1101467ce0 Limited lines to 119 characters in django/
refs #23395.
2014-09-05 09:22:16 -04:00
Claude Paroz cfee67ae10 Added exception name in debug error message
This can help when some exception has no error message.
2014-08-26 21:10:54 +02:00
Unai Zalakain 5f2542f12a Fixed #10190 -- Made HttpResponse charset customizable.
Thanks to Simon Charette, Aymeric Augustin, and Tim Graham
for reviews and contributions.
2014-08-19 17:34:38 -04:00
Jaap Roes b3660d28f3 Fixed #23260: Added generator support to defaultfilters.unordered_list. 2014-08-14 10:43:44 -04:00
Jaap Roes e92b057e06 Fixed #23261 -- Deprecated old style list support for unordered_list filter. 2014-08-11 07:04:33 -04:00
Anubhav Joshi 0dd05c9e66 Fixed #16383 -- Raised the AttributeError raised in property of an object when used in a template.
Thanks maraujop for the report and Hiroki and Tim Graham for review.
2014-07-31 09:13:55 -04:00
qingfeng 08451f17d0 Fixed #23060 -- Prevented UnicodeDecodeError in debug templatetag 2014-07-26 18:03:19 +02:00
Anubhav Joshi b1abfb3c59 Fixed #21707 -- Added helpful error message when using {{ block.super }} in base template.
Thanks mitar for the suggestion.
2014-07-24 14:22:19 -04:00
Tim Graham 38e001ab6c Fixed #22789 -- Deprecated django.contrib.webdesign.
Moved the {% lorem %} tag to built-in tags.
2014-07-14 08:45:19 -04:00
Tim Graham 20ec9daf7c Fixed #22933 -- Deprecated django.template.resolve_variable(). 2014-07-01 17:29:41 -04:00
Moayad Mardini 868ff4e37c Fixed #22798 -- `pluralize()` now adds plural_suffix for any `1 < d < 2`
Thanks Odd_Bloke for the report.
2014-06-10 16:04:43 -04:00
Susan Tan 484f3edf1e Fixed #18400 -- Modified length template filter to return 0 for unknown variables.
Thanks Florian for the bug report, luyikei for the initial code patch, and
Bouke for the code review feedback.
2014-06-05 15:41:56 -04:00
e0ne 2aaa045c61 Fixed #13408 -- Deprecated silent unpacking exception passing in for template tag.
Thanks peterbe for the suggestion.
2014-04-08 13:55:17 -04:00
Alex Gaynor 778ce245dd Corrected many style guide violations that the newest version of flake8 catches 2014-03-30 12:11:05 -07:00
Claude Paroz bc315266c8 Fixed #22294 -- Prevented converting length filter output to string
Thanks Steve Pike for the report.
2014-03-22 16:39:46 +01:00
Tim Graham 1ea44a3abd Switched {% cycle %} and {% firstof %} tags to auto-escape their variables per deprecation timeline.
refs #17906.
2014-03-21 13:17:10 -04:00
Tim Graham 8b81dee60c Removed fix_ampersands template filter per deprecation timeline.
Also removed related utility functions:
* django.utils.html.fix_ampersands
* django.utils.html.clean_html
2014-03-21 08:50:43 -04:00
Claude Paroz 210d0489c5 Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
2014-03-08 09:57:40 +01:00
Rodolfo Carvalho 0d91225892 Fixed many typos in comments and docstrings.
Thanks Piotr Kasprzyk for help with the patch.
2014-03-03 07:38:09 -05:00
Tim Graham 72b080c2c8 Removed Django 1.5 upgrade hints for {% url %} tag.
Refs #19280 and Refs #19392.
2014-02-28 07:18:45 -05:00
Patrick Robertson 6d18ab01d9 Removed incorrect statement from docstring
The docstring of FilterExpression said that it shouldn't be
instantiated from anywhere but the get_filters_from_token
helper function.

However, that helper function was deleted in commit
3ede006fc9 and FilterExpression
is instantiated from inside the compile_filter help function.
2014-02-23 12:33:29 +01:00
Baptiste Mispelon 7e1376c2b0 Fixed #21741 -- Fixed render_to_string to stop pushing empty dictionaries to its Context
Thanks to kezabelle for the report and original patch
and to numerodix for his improved patch.
2014-02-22 23:33:48 +01:00
Marek Wywiał 8274fa60f8 Made the new template.Context.flatten() method a public API.
That method was introduced in 9db4271bd1.

Refs #21765.
2014-02-16 15:18:45 +01:00
Baptiste Mispelon 9db4271bd1 Fixed bad comparison logic introduced in d97bf2e9c8.
Refs #21765.

Thanks to kezabelle for the quick report and to onjin
for providing the patch.
2014-02-15 22:58:03 +01:00
Marek Wywiał d97bf2e9c8 Fixed #21765 -- Added support for comparing Context instances 2014-02-15 17:14:28 +01:00
Jeremy f94f466cd3 Fixed #19496 -- Added truncatechars_html filter.
Thanks esevece for the suggestion and  Nick Sandford and Martin Warne
for the inital work on the patch.
2014-02-13 10:27:27 -05:00
Aymeric Augustin 07ae47f7f8 Fixed #21959 -- Handled Inf/NaN in widthratio tag.
Thanks rmoe for the report and the patch.
2014-02-08 21:01:55 +01:00
Berker Peksag 5d263dee30 Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string().
Thanks Aymeric Augustin for the suggestion and review.
2014-02-08 11:12:19 -05:00
Mitar b041850853 Allowed more easily subclassing of BlockNode tags. 2014-02-08 07:22:11 -05:00
Baptiste Mispelon 34263c67b4 Moved the loader tags registration with the other builtins. 2014-01-19 20:11:32 +01:00
Florian Apolloner f00243f36d Don't try to load app directory templates from apps with a path (eg eggs) 2013-12-27 11:42:24 +01:00
Florian Apolloner 6aa1a31660 Properly app_template_dirs when INSTALLED_APPS change. 2013-12-27 11:17:25 +01:00
Aymeric Augustin 1716b7ce5a Renamed AppCache to Apps.
Also renamed app_cache to apps and "app cache" to "app registry".

Deprecated AppCache.app_cache_ready() in favor of Apps.ready().
2013-12-24 12:25:17 +01:00
Aymeric Augustin 2fef9e5375 Moved apps back in the toplevel django namespace.
Reverted 4a56a93cc4.
2013-12-22 11:39:55 +01:00
Aymeric Augustin 65cd74be8e Stopped iterating on INSTALLED_APPS.
Used the app cache's get_app_configs() method instead.
2013-12-22 11:39:18 +01:00
Alex Gaynor 1b9cbef198 Small flake8 fixes -- number of blank lines between top level definitions 2013-12-19 20:43:34 -08:00
Alex Hill 832ab0dbaa Fixed #21639 -- Implemented RenderContext.__getitem__
It's now consistent with RenderContext.get.
2013-12-20 01:02:50 +01:00
Loic Bistuer 6685713869 Fixed E127 pep8 warnings. 2013-12-14 11:59:15 -05:00
Aymeric Augustin 072e25eee7 Moved imports to the top of the defaultfilters module. 2013-12-10 21:32:58 +01:00
Christopher Medrela 7477a4ffde Fixed E125 pep8 warnings 2013-11-28 08:50:11 -05:00
Pablo Martín 3ac823fc5b Fixed #21460 -- Reenabled proper template precedence in find_template
Refs #20806. Thanks Unai Zalakain for the review.
2013-11-22 11:09:51 +01:00
Tim Graham 98de90d3d8 Fixed spelling of compatibility. 2013-11-09 10:17:17 -05:00
Unai Zalakain 72f63bd24d Fixed #17529 -- get_template_from_string default arguments break
``get_template_from_string`` default arguments were breaking
``assertTemplateUsed``. The solution has been to return only the names of the
templates with a ``name`` attribute distinct of ``None``. The default ``name``
kwarg of ``Template`` has been changed to ``None``, more pythonic than ``'<Unknown
Template>'``.
2013-11-08 17:10:37 +01:00
Alex Gaynor c347f78cc1 Fixed all E226 violations 2013-11-03 10:08:55 -08:00
Alex Gaynor fe995e6cbd Fixed the remaining E302 violations int eh django package 2013-11-02 17:37:15 -07:00
Alex Gaynor 7548aa8ffd More attacking E302 violators 2013-11-02 13:12:09 -07:00
Alex Gaynor ee48f4af99 Merge pull request #1848 from rayashmanjr/master
Correct flake8 violation E261
2013-11-02 12:34:34 -07:00
Ray Ashman Jr dcfc8fa972 Correct flake8 violation E261 2013-11-02 15:27:47 -04:00
Tim Graham 36ded01527 Fixed #21302 -- Fixed unused imports and import *. 2013-11-02 15:24:56 -04:00
Alex Gaynor 9bf5610890 Start attacking E231 violations 2013-10-24 10:30:03 -07:00
Alasdair Nicol c3aa2948c6 Fixed #21298 -- Fixed E301 pep8 warnings 2013-10-23 13:45:03 +01:00
Tim Graham 1597503a01 Fixed E221 pep8 warnings. 2013-10-22 09:51:39 -04:00
Tim Graham 499cd912ca Fixed E227 pep8 warnings 2013-10-21 08:52:21 -04:00
Alasdair Nicol a800036981 Fixed #21287 -- Fixed E123 pep8 warnings 2013-10-18 10:07:39 +01:00
Alasdair Nicol dfb4cb9970 Fixed #21285 -- Fixed E121,E122 pep8 warnings 2013-10-17 20:20:11 -04:00
Larry O'Neill 83b9bfea44 Fixed #21266 -- Fixed E201,E202 pep8 warnings. 2013-10-14 18:12:00 -04:00
Tim Graham b67ab75e82 Fixed assorted flake8 errors. 2013-10-11 07:25:14 -04:00
Tim Graham cec11a3336 Used "is" for comparisons with None. 2013-10-10 09:35:56 -04:00
Baptiste Mispelon 20472aa827 Fixed #21189: Cleaned up usage of bare except clauses.
Thanks to berkerpeksag for the report and to claudep
for the review.
2013-10-05 11:50:03 +02:00
Aymeric Augustin a5b062576b Removed a few trailing backslashes.
We have always been at war with trailing backslashes.
2013-09-22 14:04:10 +02:00
Tim Graham 7fec5a2240 Fixed #7557 -- Added type checking to Variable initialization.
Thanks tobias for the suggestion and boblefrag and saz for work on the
patch.
2013-09-19 09:27:19 -04:00
Berker Peksag 2f0566fa61 Fixed #4278 -- Added a dirs parameter to a few functions to override TEMPLATE_DIRS.
* django.template.loader.get_template()
* django.template.loader.select_template()
* django.shortcuts.render()
* django.shortcuts.render_to_response()

Thanks amcnabb for the suggestion.
2013-09-18 07:37:08 -04:00
Tim Graham 7fe5b656c9 Prevented arbitrary file inclusion with {% ssi %} tag and relative paths.
Thanks Rainer Koirikivi for the report and draft patch.

This is a security fix; disclosure to follow shortly.
2013-09-10 21:02:48 -04:00
Gregor MacGregor b2b763448f Fixed #20841 -- Added messages to NotImplementedErrors
Thanks joseph at vertstudios.com for the suggestion.
2013-09-10 11:09:59 -04:00
Curtis Maloney 7c6f2ddcd9 Simplify FilterExpression.args_check 2013-09-09 09:03:50 -04:00
Baptiste Mispelon 28a571348b Fix #20745: Don't silence TypeError raised inside templates.
Thanks to robin for the report and claudep for the review.
2013-09-08 22:05:35 +02:00
Alex Gaynor 2530735d2d Fixed a number of flake8 errors -- particularly around unused imports and local variables 2013-09-06 21:56:40 -07:00
Preston Timmons 8625c7aab3 Fixed #16096 -- Added origin attribute to template instances.
Thanks jdunck for the suggestion.
2013-09-06 09:14:52 -04:00
Aymeric Augustin 365c3e8b73 Replaced "not PY3" by "PY2", new in six 1.4.0. 2013-09-02 12:11:02 +02:00
Simon Charette 11cd7388f7 Fixed #20989 -- Removed useless explicit list comprehensions. 2013-08-30 10:57:51 -04:00
Curtis Maloney e2f06226ea Improved {% include %} implementation
Merged BaseIncludeNode, ConstantIncludeNode and Include node.

This avoids raising TemplateDoesNotExist at parsing time, allows recursion
when passing a literal template name, and should make TEMPLATE_DEBUG behavior
consistant.

Thanks loic84 for help with the tests.

Fixed #3544, fixed #12064, fixed #16147
2013-08-30 10:36:36 +03:00
Tim Graham c7d0ff0cad Fixed #20989 -- Removed explicit list comprehension inside dict() and tuple()
Thanks jeroen.pulles at redslider.net for the suggestion and
helper script.
2013-08-29 12:11:03 -04:00
Curtis Maloney 8d473b2c54 Fixed #7116 -- Optimize RequestContext construction 2013-08-29 10:25:56 +03:00
Curtis Maloney 5cdacbda03 Fixed #17356 -- Allowed {% include %} to render compiled templates
Reviewed by Loic Bistuer and Tim Graham.
2013-08-29 10:22:24 +03:00
Tim Graham 12023887ea Fixed #14765 -- Removed unncessary usage of NodeList in ForNode.
Thanks traff and FunkyBob for work on the patch.
2013-08-28 09:48:47 -04:00
Ramiro Morales b785a80d19 Added further fixes, tests for #19949/f33db5a09a.
Thanks Susan Tan. Refs #19949.
2013-08-26 08:47:24 -03:00
SusanTan f33db5a09a Fixed 19949 -- Cached template loader now caches TemplateDoesNotExist
Thanks @timgraham and @jdunck for the code reviews and Kronuz for bug
report and initial patch.
2013-08-24 09:19:55 -04:00
Tim Graham 0073f1d94f Fixed #20949 -- Typo #2 in docstring 2013-08-21 10:50:08 -04:00
Tim Graham d3ed15b79d Fixed docstring typo, thanks minddust. 2013-08-21 09:01:52 -04:00
Jonathan Slenders ff410565bf Fixed #20709 -- Allowed {% widthratio %} to accept an "as" parameter.
Thanks clay.evil@ for the suggestion.
2013-08-14 12:40:19 -04:00
Tim Graham 71b5617c24 Fixed #17778 -- Prevented class attributes on context from resolving as template variables.
Thanks KyleMac for the report, regebro for the patch, and Aymeric for the test.
2013-08-12 12:41:39 -04:00
Gavin Wahl 5154c9f92c Fixed #20806 -- Cached loader caches find_template
The cached template loader should cache find_template in addition to
load_template.
2013-07-30 14:25:30 -04:00
Claude Paroz 5c1143910e Removed most of absolute_import imports
Should be unneeded with Python 2.7 and up.
Added some unicode_literals along the way.
2013-07-29 20:28:13 +02:00
Claude Paroz fdd7a355bf Deprecated django.utils.importlib
This was a shim for pre-Python 2.7 support.
2013-07-29 17:10:22 +02:00
Curtis Maloney a3e7d73ed7 Allowed Context.push to behave as a context mananger.
Thanks Loic Bistuer for the review.
2013-07-17 13:32:32 -04:00
Aymeric Augustin acd7b34aaf Advanced deprecation warnings for Django 1.7. 2013-06-29 18:49:37 +02:00
Ramiro Morales 8eadbc5a03 Removed 'mimetype' arguments from a few places, as per deprecation TL.
This includes HttpResponse and co. __init__() methods,
django.shortcuts.render_to_response() and the index(), sitemap() sitemap
app views.
2013-06-28 21:48:16 -03:00
Baptiste Mispelon ec371ace00 Fixed #20650 -- Fixed {% filter %} incorrectly accepting 'escape' as argument
Thanks to grzesiof for the report and to loic84 and Alex Gaynor
for the review.
2013-06-25 20:28:35 +02:00
Aymeric Augustin ffcf24c9ce Removed several unused imports. 2013-06-19 17:18:40 +02:00
Emil Stenström 7d77e9786a Fixed #20246 -- Added non-breaking spaces between values an units 2013-05-18 23:01:48 +02:00
Aymeric Augustin 9c487b5974 Replaced an antiquated pattern.
Thanks Lennart Regebro for pointing it out.
2013-05-17 18:08:58 +02:00
Claude Paroz 2bcbca3451 Updated some 'Dive Into Python' links 2013-04-01 14:04:41 +02:00
Aymeric Augustin 68905695b8 Fixed #19510 -- Race condition in template loading.
Thanks Kronuz and regebro.
2013-03-17 23:56:07 +01:00
Łukasz Langa 40b9f4fb8b [py3] Always fed hashlib with bytes. 2013-02-27 10:02:07 +01:00
Carl Meyer 87e8dfaa47 Switching to autoescape is not a change in syntax. 2013-02-25 00:43:03 -07:00
Carl Meyer 3ded2aef71 Remove leading underscore from a function that's all growed up now.
This function is now the de facto standard function for rendering values in a
template, and is imported by two other built-in template modules. It shouldn't
have a leading underscore.
2013-02-25 00:33:29 -07:00
Christopher Medrela 636c45fc58 Fixed #19890 -- ifchanged templatetag rendered its content twice
The content of ifchanged template tag was rendered twice: first time, to
compare it with the previous value and the second time, to return the
rendered output.
2013-02-24 16:49:28 +01:00
Diederik van der Boor 8503120c10 Fixed #15849 -- Made IfChanged node thread safe.
Previously, the ifchanged node stored state on `self._last_seen`,
thereby giving undesired results when the node is reused by another
thread at the same time (e.g. globally caching a Template object).

Thanks to akaihola for the report and Diederik van der Boor and
Bas Peschier for the patch.
2013-02-24 16:06:55 +01:00
Lennart Regebro 687d2e967d Fixed #19827 -- Kept stacktrace in defaulttags exception reraising
Thanks Kronuz for the report and the initial patch.
2013-02-23 17:43:17 +01:00
Aymeric Augustin 5278776a88 Merge pull request #751 from bmispelon/ticket-6271 2013-02-23 07:47:58 -08:00
Vladimir A Filonov f49e9a517f Fixed #17906 - Autoescaping {% cycle %} and {% firstof %} templatetags.
This commit adds "future" version of these two tags with auto-escaping
enabled.
2013-02-23 16:16:39 +01:00
Baptiste Mispelon 069280a689 Used token.split_contents() for tokenisation in template tags accepting variables.
Fixed #6271, #18260.
2013-02-23 15:15:30 +01:00
Claude Paroz e5a8df06be Fixed #19846 -- Optimized a dict of lists in BlockContext class
Thanks Curtis Maloney for the report and the patch.
2013-02-22 23:55:11 +01:00
Baptiste Mispelon f13bfbec70 Fixed #19882 -- Smarter tokenizing of {% for %} tag arguments. 2013-02-22 19:19:33 +01:00
Julien Phalip 7d5e35cdb4 Fixed #19829 -- Fixed index lookups for NumPy arrays in templates. 2013-02-14 23:29:15 -08:00
Michael van Tellingen 138de533ff Fixed #19819 - Improved template filter errors handling.
Wrap the Parser.compile_filter method call with a try/except and call the
newly added Parser.compile_filter_error(). Overwrite this method in the
DebugParser to throw the correct error.

Since this error was otherwise catched by the compile_function try/except
block the debugger highlighted the wrong line.
2013-02-14 10:22:59 +01:00
Ramiro Morales 826d9de00e Fixed #19729 -- Removed leftover refactoring helper variables.
Thanks chrismedrela for the report.

Refs #6262, 44b9076 and 4d94c0c.
2013-02-04 20:31:50 -03:00
Claude Paroz 7c5b244826 Fixed #17061 -- Factored out importing object from a dotted path
Thanks Carl Meyer for the report.
2013-02-04 16:38:25 +01:00
Aymeric Augustin a7b7d6320c Merge pull request #595 from bmispelon/patch-1
Fixed a typo in WidthRatioNode.
2012-12-29 13:39:52 -08:00
Aymeric Augustin 5d5e1f5afa Removed support is_safe and needs_autoescape as function attributes. 2012-12-29 21:59:07 +01:00
Tim Graham 6534a95ac3 Fixed #19470 - Clarified widthratio example.
Thanks orblivion for the suggestion.
2012-12-18 08:20:01 -05:00
Baptiste Mispelon ac8eb82abb Fixed typo in WidthRatioNode's error. 2012-12-17 10:35:36 +01:00
Aymeric Augustin 49519328b4 Fixed #19392 -- Improved error for old-style url tags with dashes.
Thanks dloewenherz for the report.
2012-12-09 16:17:56 +01:00
Danilo Bargen c10aaa70a4 Fixed #19370 -- Made date filter properly handle midnight value 2012-11-27 21:24:16 +01:00
Aymeric Augustin 7644800070 Change exception type to reduce confusion.
TemplateSyntaxError is expected at compile time, not at run time.

Refs #19280.
2012-11-25 19:51:42 +01:00
Aymeric Augustin d266919584 Fixed #19280 -- Raised an explicit exception for the old {% url %} syntax. 2012-11-24 22:10:51 +01:00
Riley Strong d179794c6b Fix typo in comment 2012-11-19 19:31:21 -06:00
Sean Breant 4d817b3887 Fixed #19262 -- Support cookie pickling in SimpleTemplateResponse
Refs #15863.
2012-11-09 21:07:53 +01:00
Claude Paroz fa2e28ccc4 Fixed #18484 -- Removed the div around the csrf token input 2012-10-13 11:30:09 +02:00
Ramiro Morales 2100da9dcd Ensure we ignore __pycache__ PEP 3174 dirs in a few more places. 2012-10-06 18:40:58 -03:00
Martey Dodoo 3fb2662edc Fixes #18933. Fixes code example in docstring.
Makes code example of silent keyword docstring in cycle templatetag
method the same as in the documentation.
2012-09-09 00:35:40 -04:00
Claude Paroz ae88e73fa6 Replaced some smart_xxx by force_xxx equivalent
smart_str/smart_text should only be used when a potential lazy
string should be preserved in the result of the function call.
2012-08-30 15:46:16 +02:00
Claude Paroz e2b4eddc11 Used the decorator syntax for properties in django.http 2012-08-22 20:55:24 +02:00
Marc Tamlyn e4984812cd Fixed bug in 212b982 -- Removed duplicate code in removetags 2012-08-18 17:09:37 +01:00
Marc Tamlyn 212b9826bd Fixed #14516 -- Extract methods from removetags and slugify template filters
Patch by @jphalip updated to apply, documentation and release notes
added.

I've documented strip_tags as well as remove_tags as the difference
between the two wouldn't be immediately obvious.
2012-08-18 15:07:21 +01:00