Tim Graham
1c83fc88d6
Fixed an infinite loop possibility in strip_tags().
...
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Claude Paroz
df193b3cef
Fixed #24382 -- Allowed unicode chars inside formatted numbers
...
Thanks Jacob Rief for the report and Tim Graham for the review.
2015-03-09 18:55:28 +01:00
Rik
a5b225084f
Fixed #23838 -- added missing `__iter__` to LazyObject
2015-03-08 15:42:23 +01:00
Aymeric Augustin
a8fe12417f
Normalized usage of the tempfile module.
...
Specifically stopped using the dir argument.
2015-02-23 16:55:27 +01:00
Tim Graham
307c0f299a
Refs #24324 -- Fixed Python 2 test failures when path to Django source contains non-ASCII characters.
2015-02-17 19:03:03 -05:00
Lukas Klein
93b3ef9b2e
Fixed #24321 -- Improved `utils.http.same_origin` compliance with RFC6454
2015-02-12 08:58:35 +01:00
Varun Sharma
540ca563de
Fixed #24181 -- Fixed multi-char THOUSAND_SEPARATOR insertion
...
Report and original patch by Kay Cha.
2015-02-08 20:00:57 +01:00
Tim Graham
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
Matthew Somerville
caa3562d5b
Fixed #24242 -- Improved efficiency of utils.text.compress_sequence()
...
The function no longer flushes zfile after each write as doing so can
lead to the gzipped streamed content being larger than the original
content; each flush adds a 5/6 byte type 0 block. Removing this means
buf.read() may return nothing, so only yield if that has some data.
Testing shows without the flush() the buffer is being flushed every 17k
or so and compresses the same as if it had been done as a whole string.
2015-02-04 13:04:00 -05:00
darkryder
9ec8aa5e5d
Fixed #24149 -- Normalized tuple settings to lists.
2015-02-03 14:59:45 -05:00
Loic Bistuer
3a4c9e1b43
Cleaned up some forms tests.
...
Thanks Berker Peksag and Tim Graham for the reviews. Refs #24219 .
2015-01-27 22:39:57 +07:00
Tim Graham
d029fafea1
Removed utils.module_loading.import_by_path() per deprecation timeline; refs #21674 .
2015-01-18 12:51:15 -05:00
Tim Graham
df3f3bbe29
Removed utils.text.javascript_quote() per deprecation timeline; refs #21725 .
2015-01-17 12:41:49 -05:00
Tim Graham
1b0365ad34
Removed django.utils.tzinfo per deprecation timeline; refs #17262 .
2015-01-17 09:32:33 -05:00
Tim Graham
c820892eed
Removed django.utils.datastructures.SortedDict per deprecation timeline.
2015-01-17 08:40:23 -05:00
Tim Graham
37b7776a01
Removed django.utils.datastructures.MergeDict per deprecation timeline; refs #18659 .
2015-01-17 08:13:36 -05:00
Tim Graham
69b5e66738
Fixed is_safe_url() to handle leading whitespace.
...
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Aymeric Augustin
79deb6a071
Accounted for multiple template engines in template responses.
2015-01-12 21:01:34 +01:00
Claude Paroz
51890ce889
Applied ignore_warnings to Django tests
2014-12-30 18:16:25 +01:00
Aymeric Augustin
6d52f6f8e6
Fixed #23831 -- Supported strings escaped by third-party libs in Django.
...
Refs #7261 -- Made strings escaped by Django usable in third-party libs.
The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.
Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.
Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.
Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.
Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:
if isinstance(text, SafeData):
return text
else:
return escape(text)
render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.
This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.
Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Aymeric Augustin
5c5eb5fea4
Fixed an inconsistency introduced in 547b1810
.
...
mark_safe and mark_for_escaping should have been kept similar.
On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
2014-12-27 17:44:54 +01:00
Gavin Wahl
b4e76f30d1
Fixed #23346 -- Fixed lazy() to lookup methods on the real object, not resultclasses.
...
Co-Authored-By: Rocky Meza <rmeza@fusionbox.com>
2014-12-26 11:30:34 -05:00
Oscar Ramirez
54085b0f9b
Fixed #23998 -- Added datetime.time support to migrations questioner.
2014-12-22 07:24:54 -05:00
Marc Tamlyn
57554442fe
Fixed #2443 -- Added DurationField.
...
A field for storing periods of time - modeled in Python by timedelta. It
is stored in the native interval data type on PostgreSQL and as a bigint
of microseconds on other backends.
Also includes significant changes to the internals of time related maths
in expressions, including the removal of DateModifierNode.
Thanks to Tim and Josh in particular for reviews.
2014-12-20 18:28:29 +00:00
Michael Hall
895dc880eb
Fixed #23812 -- Changed django.utils.six.moves.xrange imports to range
2014-12-13 12:45:58 -05:00
Diego Guimarães
9f427617e4
Refs #23947 -- Worked around a bug in Python that prevents deprecation warnings from appearing in tests.
2014-12-06 14:46:01 -05:00
Berker Peksag
560b4207b1
Removed redundant numbered parameters from str.format().
...
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Eric Rouleau
9d1a69579b
Fixed #23935 -- Converted decimals to fixed point in utils.numberformat.format
2014-12-03 07:49:06 -05:00
Aymeric Augustin
b8ba73cd0c
Raised SuspiciousFileOperation in safe_join.
...
Added a test for the condition safe_join is designed to prevent.
Previously, a generic ValueError was raised. It was impossible to tell
an intentional exception raised to implement safe_join's contract from
an unintentional exception caused by incorrect inputs or unexpected
conditions. That resulted in bizarre exception catching patterns, which
this patch removes.
Since safe_join is a private API and since the change is unlikely to
create security issues for users who use it anyway -- at worst, an
uncaught SuspiciousFileOperation exception will bubble up -- it isn't
documented.
2014-11-11 19:05:14 +01:00
Thomas Chaumeny
d89f56dc4d
Fixed #21281 -- Made override_settings act at class level when used as a TestCase decorator.
2014-11-03 14:14:39 -05:00
Berker Peksag
f7969b0920
Fixed #23620 -- Used more specific assertions in the Django test suite.
2014-11-03 11:56:37 -05:00
Unai Zalakain
c548c8d0d1
Fixed #18456 -- Added path escaping to HttpRequest.get_full_path().
2014-11-03 07:59:19 -05:00
Markus Holtermann
98da408964
Fixed #23670 -- Prevented partial import state during module autodiscovery
...
Thanks kostko for the report.
2014-10-31 08:01:47 -04:00
John-Scott Atlakson
dbf7a3df45
Fixed #23688 -- Updated cached_property to preserve docstring of original function
2014-10-20 17:59:07 -04:00
Jon Dufresne
54e695331b
Fixed #20221 -- Allowed some functions that use mark_safe() to result in SafeText.
...
Thanks Baptiste Mispelon for the report.
2014-10-20 17:08:29 -04:00
Thomas Chaumeny
b962653060
Fixed #23664 -- Provided a consistent definition for OrderedSet.__bool__
...
This also defines QuerySet.__bool__ for consistency though this should not have any consequence as bool(qs) used to fallback on QuerySet.__len__ in Py3.
2014-10-16 14:16:24 +02:00
Anubhav Joshi
10b17a22be
Fixed #19508 -- Implemented uri_to_iri as per RFC.
...
Thanks Loic Bistuer for helping in shaping the patch and Claude Paroz
for the review.
2014-10-16 02:31:17 +07:00
Florian Apolloner
3af5af1a61
Fixed remaining test failure in jslex tests.
2014-10-15 17:36:19 +02:00
Florian Apolloner
2ccbaba1f2
Added unicode_literals to the jslexer.
...
This ensure that ''.join(c) in jslex.py always returns text.
2014-10-15 15:09:35 +02:00
Jaap Roes
115c307184
Fixed #23613 -- Deprecated django.utils.checksums
2014-10-10 09:22:20 -04:00
Thomas Chaumeny
b2aad7b836
Replaced set([foo, ...]) by {foo, ...} literals. Refs PR 3282.
...
Thanks Collin Anderson for the review.
2014-09-29 00:01:38 +07:00
Loic Bistuer
3c6ac0bab8
Consolidated some text utils into the utils_tests test package.
2014-09-23 19:45:59 +07:00
Claude Paroz
b9d9287f59
Fixed urlize after smart_urlquote rewrite
...
Refs #22267 .
2014-09-09 21:59:35 +02:00
Claude Paroz
4b8a1d2c0d
Fixed #22267 -- Fixed unquote/quote in smart_urlquote
...
Thanks Md. Enzam Hossain for the report and initial patch, and
Tim Graham for the review.
2014-09-09 21:58:07 +02:00
Thomas Chaumeny
032c091659
Fixed #23388 -- Made django.utils.timezone.override usable as a decorator
2014-08-31 09:03:53 +02:00
Ian Foote
03d89168a2
Fixed #23333 -- Made urlsafe_base64_decode() return proper type on Python 3.
2014-08-22 20:07:12 -04:00
Tim Graham
e122facbd8
Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter.
...
Also the unused, undocumented django.utils.html.strip_entities() function.
2014-08-15 08:20:02 -04:00
Tim Graham
c2ab501bab
Fixed test failure on Windows.
...
os.close(fd) is needed to avoid "The process cannot access the file
because it is being used by another process"
2014-07-30 14:31:59 -04:00
Tim Graham
57d2b3f2a7
Fixed bad usage of rstrip() that caused test failure.
...
If the temporary file name contained a p or y as its last
characters, it would be stripped. refs #23083 .
2014-07-25 15:16:47 -04:00
Tim Graham
b8cb5ba708
Fixed #23083 -- Fixed runserver reloading when deleting a file.
...
Thanks Collin Anderson for the report and hirokiky for the fix.
2014-07-25 13:23:52 -04:00
Claude Paroz
4e424084e6
Fixed #22991 -- Prevented *.pyc files in autoreload monitoring
...
This fixes a regression introduced in 6d302f639
.
Thanks lorinkoz at gmail.com for the report, Collin Anderson
for the initial patch and Simon Charette for the review.
2014-07-15 09:57:54 +02:00
Tim Graham
38e001ab6c
Fixed #22789 -- Deprecated django.contrib.webdesign.
...
Moved the {% lorem %} tag to built-in tags.
2014-07-14 08:45:19 -04:00
Tim Graham
fddd95254e
Fixed flake8 errors.
2014-07-07 19:12:39 -04:00
Tim Graham
89b9e6e5d6
Fixed #22909 -- Removed camelCasing in some tests.
...
Thanks brylie.
2014-07-07 19:08:42 -04:00
Claude Paroz
6d302f6396
Fixed pyinotify performance regression in 15f82c7011
...
Refs #9722 . Thanks Tim Graham for the review.
2014-07-06 21:41:02 +02:00
Curtis
71461b14ab
Fixed #22691 -- Added aliasing to cached_property.
2014-07-01 06:32:53 -04:00
Richard Eames
7beaeeed2b
Fixed #22814 -- Allowed ISO-8601 [+-]hh timezone format in parse_datetime
2014-06-12 10:58:50 -06:00
Alexandr Shurigin
083d285b82
Fixed #22681 -- Made TarArchive recognize leading directories properly.
2014-06-03 12:00:33 -04:00
Tim Graham
5abc811a40
Revert "Fixed #20477 : Allowed settings.FORMAT_MODULE_PATH to be a list of modules."
...
This reverts commit 950b6de16a
.
2014-05-19 08:22:46 -04:00
Martin Brochhaus
950b6de16a
Fixed #20477 : Allowed settings.FORMAT_MODULE_PATH to be a list of modules.
...
Previously the FORMAT_MODULE_PATH setting only accepted one string (dotted
module path).
This is useful when using several reusable third party apps that define new
formats. We can now use them all and we can even override some of the formats
by providing a project-wide format module.
2014-05-19 07:59:13 -04:00
Alex Gaynor
b6b873d2ad
Fixed several flake8 errors, including one where a test wouldn't be run
2014-05-17 09:54:34 -07:00
Aymeric Augustin
1109ebd7b3
Optimized make_aware/naive by removing redundant checks. Refs #22625 .
...
Also added tests with pytz and removed misplaced tests.
2014-05-16 23:12:59 +02:00
Aymeric Augustin
fa89acf1d0
Fixed #22625 -- Normalized make_aware/naive errors.
...
Also added tests for is/make_aware/naive.
Thanks Tom Michaelis for the report.
2014-05-16 22:52:10 +02:00
Moayad Mardini
393ddc10a7
Fixed #22531 -- Added tree.Node.__repr__ and tests for the class.
...
While Node class has a useful `__str__`, its `__repr__` is not that
useful. Added a `__repr__` that makes use of the current `__str__`.
This is especially useful since the more popular `Q` class inherits
`tree.Node`. Also created new tests that cover most of `Node` class
functionality.
2014-05-16 09:30:25 -04:00
Claude Paroz
e520a73eee
Harmonized some PEP 0263 coding preambles
2014-05-15 19:58:41 +02:00
Erik Romijn
255449c1ee
Added additional checks in is_safe_url to account for flexible parsing.
...
This is a security fix. Disclosure following shortly.
2014-05-14 10:19:48 +02:00
Aymeric Augustin
3800f63721
Dropped fix_IE_for_vary/attach.
...
This is a security fix. Disclosure following shortly.
2014-05-14 10:19:48 +02:00
chriscauley
66ec9ee441
Fixed #22378 -- Updated \d to [0-9]+ in urlpatterns of docs and tests.
...
Thanks tomwys for the suggestion.
2014-04-16 20:36:29 -04:00
Tim Graham
69a4f383f6
Fixed #22338 -- Fixed a test dependent on dictionary key iteration order.
2014-03-30 14:25:06 -04:00
Tim Graham
c19bbefca2
Fixed a deprecation warning on Python 3.
2014-03-27 06:59:54 -04:00
Aymeric Augustin
232181d1c5
Advanced deprecation warnings for 1.8.
2014-03-22 21:12:58 +01:00
Claude Paroz
6a0291bdaf
Tweaked strip_tags tests to pass on Python 3.3
2014-03-22 14:43:11 +01:00
Claude Paroz
6ca6c36f82
Improved strip_tags and clarified documentation
...
The fact that strip_tags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/
2014-03-22 10:59:18 +01:00
Tim Graham
8b81dee60c
Removed fix_ampersands template filter per deprecation timeline.
...
Also removed related utility functions:
* django.utils.html.fix_ampersands
* django.utils.html.clean_html
2014-03-21 08:50:43 -04:00
Baptiste Mispelon
61917aa08b
Fixed #21840 -- Moved dunder methods from SimpleLazyObject to LazyObject.
...
This commit also added tests for LazyObject and refactored
the testsuite of SimpleLazyObject so that it can share
test cases with LazyObject.
2014-03-13 10:03:01 +01:00
Claude Paroz
210d0489c5
Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings
...
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
2014-03-08 09:57:40 +01:00
Claude Paroz
ac699cdc17
Really hidden warnings in javascript_quote tests
...
Refs #21725 .
2014-03-05 09:00:55 +01:00
Erik Romijn
775975f15d
Fixed #22130 -- Deprecated fix_ampersands, removed utils.clean_html()
2014-03-01 14:07:57 +01:00
Baptiste Mispelon
926e18d7d1
Deprecated django.utils.text.javascript_quote.
...
Refs #21725 .
2014-02-22 13:50:12 +01:00
Baptiste Mispelon
847171b0d0
Fixed test failures when running in a narrow Python build.
2014-02-22 13:50:12 +01:00
MattBlack85
1c1dffca75
Fixed #21725 -- Fixed JavaScript quoting encoding.
...
Thanks to nedbatchelder for the report.
2014-02-15 19:39:21 +01:00
Berker Peksag
5d263dee30
Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string().
...
Thanks Aymeric Augustin for the suggestion and review.
2014-02-08 11:12:19 -05:00
Vajrasky Kok
c43c469a2e
Fixed #21731 -- Made javascript_quote escapes '</'.
2014-02-06 04:02:09 -05:00
Alex Gaynor
55d19d370f
Removed import which is now unused
2014-02-05 13:26:56 -08:00
Baptiste Mispelon
a878bf9b09
Revert "Fixed #20296 -- Allowed SafeData and EscapeData to be lazy"
...
This reverts commit 2ee447fb5f
.
That commit introduced a regression (#21882 ) and didn't really
do what it was supposed to: while it did delay the evaluation
of lazy objects passed to mark_safe(), they weren't actually
marked as such so they could end up being escaped twice.
Refs #21882 .
2014-02-05 21:22:40 +01:00
Carl Meyer
ca95f8e435
Moved sys.path-extending decorator to django.test.utils and used throughout test suite.
...
Thanks Aymeric for the suggestion.
2014-01-25 22:50:40 -07:00
Aymeric Augustin
9cc3371a0f
Fixed #21756 -- Skipped two timezone-related tests on Windows.
...
Windows cannot use a time zone other than the default time zone.
Thanks manfre for the report.
2014-01-12 09:41:57 +01:00
Aymeric Augustin
e32095616c
Imported override_settings from its new location.
2013-12-23 21:37:56 +01:00
Aymeric Augustin
da16bb30ff
Dropped AppCache._empty, _with_app and _without_app.
...
It's now easier to achieve the same effect with modify_settings or
override_settings.
2013-12-23 21:37:56 +01:00
Aymeric Augustin
2fef9e5375
Moved apps back in the toplevel django namespace.
...
Reverted 4a56a93cc4
.
2013-12-22 11:39:55 +01:00
Aymeric Augustin
2239081ff1
Expurged INSTALLED_APPS from code and tests.
...
Except the app cache code and a few specific tests, of course.
2013-12-22 11:39:18 +01:00
Aymeric Augustin
65cd74be8e
Stopped iterating on INSTALLED_APPS.
...
Used the app cache's get_app_configs() method instead.
2013-12-22 11:39:18 +01:00
Loic Bistuer
6685713869
Fixed E127 pep8 warnings.
2013-12-14 11:59:15 -05:00
Baptiste Mispelon
2c837233f5
Fixed #21574 -- Handle bytes consistently in utils.text.normalize_newlines.
...
All input is now coerced to text before being normalized.
This changes nothing under Python 2 but it allows bytes
to be passed to the function without a TypeError under Python3
(bytes are assumed to be utf-8 encoded text).
Thanks to trac user vajrasky for the report.
2013-12-12 16:09:12 +01:00
Vajrasky Kok
a1a26690b9
Fixed #21572 -- Added unit test for django.utils.text.normalize_newlines.
2013-12-07 16:28:22 +08:00
Vajrasky Kok
7169722d5c
Fixed #21505 -- Added unit test for django.utils.text.get_valid_filename.
2013-11-24 11:10:34 +01:00
Bouke Haarsma
2397daab4a
Fixed #9523 -- Restart runserver after compiling apps translations
...
Django also uses locales provided by apps, which also might change. Also when
i18n is disabled, there is no need for watching translation files.
2013-11-11 11:43:09 +01:00
Alex Gaynor
c347f78cc1
Fixed all E226 violations
2013-11-03 10:08:55 -08:00
Jason Myers
c3791463a5
Fixing E302 Errors
...
Signed-off-by: Jason Myers <jason@jasonamyers.com>
2013-11-02 23:48:47 -05:00
Tim Graham
36ded01527
Fixed #21302 -- Fixed unused imports and import *.
2013-11-02 15:24:56 -04:00