Carl Meyer
d51fb74360
Added a new required ALLOWED_HOSTS setting for HTTP host header validation.
...
This is a security fix; disclosure and advisory coming shortly.
2013-02-19 11:23:29 -07:00
Hiroki Kiyohara
e94f405d94
Fixed #18558 -- Added url property to HttpResponseRedirect*
...
Thanks coolRR for the report.
2013-02-13 10:29:32 +01:00
Matt Robenolt
222a956ecc
Kill mx.TextTools with fire
2013-01-15 10:15:40 -08:00
Claude Paroz
f08e739bc2
Fixed #19585 -- Fixed loading cookie value as a dict
...
This regression was introduced by the 'unicode_literals' patch.
2013-01-11 21:09:33 +01:00
Aymeric Augustin
acc5396e6d
Fixed #19519 -- Fired request_finished in the WSGI iterable's close().
2012-12-31 12:47:34 +01:00
Aymeric Augustin
ef017a5f00
Advanced pending deprecation warnings.
...
Also added stacklevel argument, fixed #18127 .
2012-12-29 21:59:07 +01:00
Aymeric Augustin
4a6490a4a0
Removed HttpRequest.raw_post_data.
2012-12-29 21:59:07 +01:00
Florian Apolloner
27560924ec
Fixed a security issue in get_host.
...
Full disclosure and new release forthcoming.
2012-12-10 22:11:40 +01:00
Claude Paroz
2a67374b51
Fixed #19036 -- Fixed base64 uploads decoding
...
Thanks anthony at adsorbtion.org for the report, and johannesl for
bringing the patch up-to-date.
2012-11-17 17:25:21 +01:00
Aymeric Augustin
fc10418fba
Fixed #18963 -- Used a subclass-friendly pattern
...
for Python 2 object model compatibility methods.
2012-11-03 22:07:35 +01:00
Aymeric Augustin
095eca8dd8
Fixed #19101 -- Decoding of non-ASCII POST data on Python 3.
...
Thanks Claude Paroz.
2012-11-03 13:03:15 +01:00
Aymeric Augustin
da56e1bac6
Fixed #18796 -- Refactored conversion to bytes in HttpResponse
...
Thanks mrmachine for the review.
2012-10-25 08:49:51 +02:00
Aymeric Augustin
82b3e6ffcb
Fixed #13222 -- Made HttpResponse iterable once
...
response.content can be accessed many times as desired, and always
returns the same result.
iter(response) works only once and consumes the iterator.
2012-10-24 17:19:56 +02:00
Aymeric Augustin
495a8b8107
Fixed #6527 -- Provided repeatable content access
...
in HttpResponses instantiated with iterators.
2012-10-24 17:08:37 +02:00
Aymeric Augustin
ea57112d53
Reverted 6a64822bf4
.
...
This commit caused every test that does two or more assertContains to
fail, because of #6527 . It also made HttpResponse non-pickleable.
Refs #13222 .
2012-10-23 00:11:17 +02:00
Aymeric Augustin
6a64822bf4
Fixed #13222 -- Repeated iteration of HttpResponse
...
Thanks teepark for the report and grahamd for his insights.
2012-10-22 22:52:36 +02:00
Alex Gaynor
b4066d7d21
Cleaned up the the http module. Moved all of the code from __init__.py to request.py, response.py and utils.py
2012-10-21 11:12:59 -07:00
Aymeric Augustin
4b27813198
Fixed #7581 -- Added streaming responses.
...
Thanks mrmachine and everyone else involved on this long-standing ticket.
2012-10-20 20:05:11 +02:00
Claude Paroz
dfd4a71751
Fixed #5611 -- Restricted accepted content types in parsing POST data
...
Thanks paulegan for the report and Preston Holmes for the review.
2012-10-20 14:56:16 +02:00
Preston Holmes
9305c0e12d
Fixed a security issue related to password resets
...
Full disclosure and new release are forthcoming
2012-10-17 14:36:41 -07:00
Aymeric Augustin
9b07b5edeb
Fixed #18916 -- Allowed non-ASCII headers.
...
Thanks Malcolm Tredinnick for the review.
2012-09-07 19:08:57 -04:00
Alex Gaynor
335a9f9cf1
Removed many uses of bare "except:", which were either going to a) silence real issues, or b) were impossible to hit.
2012-09-07 15:08:07 -04:00
Claude Paroz
ae88e73fa6
Replaced some smart_xxx by force_xxx equivalent
...
smart_str/smart_text should only be used when a potential lazy
string should be preserved in the result of the function call.
2012-08-30 15:46:16 +02:00
Claude Paroz
ebc773ada3
Replaced many smart_bytes by force_bytes
...
In all those occurrences, we didn't care about preserving the
lazy status of the strings, but we really wanted to obtain a
real bytestring.
2012-08-29 11:20:32 +02:00
Claude Paroz
44c09de555
Fixed #18678 -- HttpResponse init arguments allowed for subclasses
...
Thanks hp1337@gmail.com for the report.
2012-08-23 10:59:22 +02:00
Claude Paroz
7cfe8e8fce
Fixed #11340 -- Prevented HttpResponseNotModified to have content/content-type
...
The HTTP 1.1 spec tells that the 304 response MUST NOT contain a
message body.
Thanks aparajita for the report.
2012-08-22 20:55:24 +02:00
Claude Paroz
e2b4eddc11
Used the decorator syntax for properties in django.http
2012-08-22 20:55:24 +02:00
Aymeric Augustin
5f2d9cdbb1
[py3] Fixed another regression from 2892cb0ec4
.
2012-08-19 18:24:50 +02:00
Aymeric Augustin
2892cb0ec4
[py3] Fixed regression introduced in 536b030363
.
...
Refs #18764 .
Reverted 536b030363
and switched to a more explicit way of avoiding
calling bytes(<int>).
This definitely deserves a refactoring. Specifically, _get_content
should just return b''.join(self). Unfortunately that's impossible
with the current tests.
2012-08-19 17:56:46 +02:00
Aymeric Augustin
536b030363
[py3] Supported integers in HttpResponse
...
Fixed #18764 .
2012-08-19 16:38:21 +02:00
Claude Paroz
4d393e1bd9
[py3] Fixed HTTP header serialization
2012-08-15 13:39:39 +02:00
Claude Paroz
0120985095
[py3] Fixed file_uploads tests
2012-08-14 23:35:12 +02:00
Claude Paroz
c35501a128
[py3] Fixed HttpResponse when initialized with bytes
2012-08-14 16:15:50 +02:00
Aymeric Augustin
e04230e2e4
[py3] Ported django.http according to PEP 3333.
...
Perfomed some style cleanup while I was in the area.
2012-08-14 10:32:16 +02:00
Claude Paroz
363dbd920e
[py3] Fixed contrib.formtools tests
2012-08-13 21:26:12 +02:00
Claude Paroz
a025b75f6c
[py3] Fixed iterlists usage in QueryDict
2012-08-13 21:25:27 +02:00
Claude Paroz
09c589810d
[py3] Used smart_str to prevent regressions in http handling
2012-08-11 15:29:29 +02:00
Claude Paroz
f10a1b0641
[py3] Fixed Python 3 compatibility of http handling
...
* Using str() when Python 2 expects bytes and Python 3 Unicode
* Fixed reraise-ing syntax
* Fixed slicing of byte strings
2012-08-11 14:47:44 +02:00
Aymeric Augustin
5c09c59bc7
[py3] Renamed `next` to `__next__` in iterators.
...
See PEP 3114. `next` is retained as an alias for Python 2.
2012-08-09 14:36:05 +02:00
Claude Paroz
db729266d6
[py3] Fixed 'iterable but non string' detection
...
In Python 3, the str type has an __iter__ attribute. Therefore, the
presence of an __iter__ attribute is not sufficient to distinguish
'standard' iterables (list, tuple) from strings.
2012-08-08 18:02:25 +02:00
Aymeric Augustin
bf4da7a442
[py3] Made a small fix in django.http.
...
This is necessary for the 'utils' tests to pass.
2012-08-07 12:00:24 +02:00
Aymeric Augustin
c5ef65bcf3
[py3] Ported django.utils.encoding.
...
* Renamed smart_unicode to smart_text (but kept the old name under
Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
and smart_bytes under Python 2 (which is backwards compatible).
Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
want a str.
2012-08-07 12:00:22 +02:00
Claude Paroz
9908201d7f
Replaced some byte strings by str() calls
...
This is a useful trick when Python 2 awaits byte strings and
Python 3 Unicode (regular) strings.
2012-08-03 15:18:13 +02:00
Florian Apolloner
4129201c3e
Fixed a security issue in http redirects. Disclosure and new release forthcoming.
2012-07-30 22:01:50 +02:00
Aymeric Augustin
ca07fda2ef
[py3] Switched to Python 3-compatible imports.
...
xrange/range will be dealt with in a separate commit due to the huge
number of changes.
2012-07-22 09:29:56 +02:00
Aymeric Augustin
0d914d08a0
[py3] Updated urllib/urllib2/urlparse imports.
...
Lots of functions were moved. Use explicit imports in all cases
to keey it easy to identify where the functions come from.
2012-07-22 09:29:55 +02:00
Aymeric Augustin
bdca5ea345
[py3] Replaced unicode/str by six.text_type/bytes.
2012-07-22 09:29:54 +02:00
Aymeric Augustin
d796c94b03
[py3] Used six.reraise wherever necessary.
2012-07-22 09:29:52 +02:00
Claude Paroz
23f94f0741
Fixed #18561 -- Made HttpResponse.tell() support non-ascii chars
2012-07-17 22:00:54 +02:00
Alex Gaynor
8f002867b2
Cleaned up the QueryDict implementation.
...
- Use super().
- Don't poke at internals.
- Don't override methods for no reason.
2012-07-14 14:07:11 -07:00