innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
29,499 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

376 Commits

Author SHA1 Message Date
Mariusz Felisiak d4d800ca1a Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. 
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
 2021-04-06 08:15:17 +02:00
Mariusz Felisiak ec0ff40631 Fixed #32355 -- Dropped support for Python 3.6 and 3.7 2021-02-10 10:20:54 +01:00
Illia Volochii 3c004075b1 Fixed #32389 -- Fixed ResponseHeaders crash when data is not mapping. 2021-01-28 10:10:08 +01:00
Mariusz Felisiak d08977a0f0 Refs #30997 -- Removed HttpRequest.is_ajax() per deprecation timeline. 2021-01-14 17:50:04 +01:00
ᴙɘɘᴙgYmɘᴙɘj 2c5d6dc447
Fixed grammar in HttpResponse docstring. 2020-12-08 12:18:42 +01:00
Mariusz Felisiak 1fd9b44a6b Refs #32074 -- Fixed handling memoryview content by HttpResponse on Python 3.10+. 
An iterator was added to memoryview in Python 3.10,
see https://bugs.python.org/issue41732

Refs #30294
 2020-11-10 09:56:15 +01:00
Tom Carrick dcb69043d0 Fixed #32002 -- Added headers parameter to HttpResponse and subclasses. 2020-10-07 09:19:57 +02:00
aryan 11c4a4412b Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads. 
This patch allows upload handlers to handle interrupted uploads.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2020-09-30 10:30:43 +02:00
Tom Carrick bcc2befd0e Fixed #31789 -- Added a new headers interface to HttpResponse. 2020-09-14 08:41:59 +02:00
Tim Graham 83dea65ed6
Refs #21231 -- Corrected parse_qsl() fallback. 
An oversight in fd209f62f1.
 2020-09-07 06:25:56 +02:00
Hasan Ramezani d2d08c8cf6 Fixed #31982 -- Made HttpResponse.set_cookie() cast max_age argument to an integer. 2020-09-05 10:07:23 +02:00
Nick Pope fd209f62f1 Refs #21231 -- Backport urllib.parse.parse_qsl() from Python 3.8. 2020-09-03 14:24:42 +02:00
Mariusz Felisiak 240cbb63bf
Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie(). 
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.

This affects sessions and messages cookies.
 2020-07-16 08:16:58 +02:00
Michael Brown 36db4dd937 Fixed #28132 -- Made MultiPartParser ignore filenames with trailing slash. 2020-06-11 08:46:59 +02:00
Mariusz Felisiak 7fc317ae73
Refs #30997 -- Improved HttpRequest.is_ajax() warning message with stacklevel=2. 2020-06-03 08:47:19 +02:00
Mariusz Felisiak 0668164b4a
Fixed E128, E741 flake8 warnings. 2020-05-12 08:52:23 +02:00
Jon Dufresne d6aff369ad Refs #30116 -- Simplified regex match group access with Match.__getitem__(). 
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
 2020-05-11 12:01:28 +02:00
007 e65fea9292 Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers. 2020-02-28 14:43:16 +01:00
Florian Apolloner 41a3b3d186 Fixed #31240 -- Properly closed FileResponse when wsgi.file_wrapper is used. 
Thanks to Oskar Persson for the report.
 2020-02-11 20:39:12 +01:00
Florian Apolloner 549445519c Reverted "Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like object." 
This reverts commit cce47ff65a.
 2020-02-11 20:39:12 +01:00
Claude Paroz e348ab0d43 Fixed #30997 -- Deprecated HttpRequest.is_ajax(). 2020-01-27 08:54:32 +01:00
Claude Paroz d66d72f956 Refs #30997 -- Added HttpRequest.accepts(). 2020-01-24 14:24:59 +01:00
Jon Dufresne e42b68debf Fixed #31114 -- Fixed HttpRequest.build_absolute_uri() crash with reverse_lazy() locations. 2019-12-27 09:19:56 +01:00
Osaetin Daniel b33bfc3839 Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'. 
Thanks Florian Apolloner and Carlton Gibson for reviews.
 2019-12-12 10:52:31 +01:00
Gordon Pendleton adb9661789 Fixed #31010 -- Allowed subdomains of localhost in the Host header by default when DEBUG=True. 2019-12-05 09:44:45 +01:00
Hasan Ramezani e3d0b4d550 Fixed #30899 -- Lazily compiled import time regular expressions. 2019-10-29 09:22:26 +01:00
Carlton Gibson 54d0f5e62f Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
 2019-07-01 07:48:04 +02:00
Chris Jerdonek cce47ff65a Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like object. 2019-06-20 11:48:49 +02:00
Mariusz Felisiak 415e899dc4 Refs #30451 -- Added HttpRequest._set_content_type_params() hook. 2019-06-15 10:29:02 -07:00
ShingenPizza de4832c49b Fixed #30196 -- Made FileResponse set Content-Disposition inline if filename is available. 2019-05-17 12:07:27 +02:00
Troon a3a4f5c144 Fixed #30310 -- Added support for looking up HttpHeaders.headers using underscores. 2019-05-09 16:26:52 +02:00
Jon Dufresne b915b9f10f Refs #27753 -- Deprecated django.utils.text.unescape_entities(). 
The function was undocumented and only required for compatibility with
Python 2.

Code should use Python's html.unescape() that was added in Python 3.4.
 2019-05-08 08:00:59 +02:00
Jon Dufresne 8b3f1c35dd Removed unnecessary assignments in various code. 2019-04-24 13:09:29 +02:00
sage 9aa56cb0d5 Fixed #30294 -- Allowed HttpResponse to accept memoryview content. 2019-03-29 09:43:49 -04:00
Tim Graham 8ec7ded370 Refs #30227 -- Added helpful message for non-ASCII Content-Type in mulitpart request. 2019-03-02 09:19:05 -05:00
Tim Graham 2ed2acf872 Fixed #30227 -- Fixed crash on request without boundary in Content-Type. 2019-03-02 09:19:05 -05:00
Nick Pope 5013d38380 Optimized iterator exhaustion using collections.deque(). 2019-02-14 18:21:57 -05:00
Aymeric Augustin 3bb6a4390c Refs #27753 -- Favored force/smart_str() over force/smart_text(). 2019-02-06 14:12:06 -05:00
Jon Dufresne 7785e03ba8 Fixed #30137 -- Replaced OSError aliases with the canonical OSError. 
Used more specific errors (e.g. FileExistsError) as appropriate.
 2019-01-28 11:15:06 -05:00
Tim Graham 7c66aaa2b6 Refs #28137 -- Removed HttpRequest.xreadlines() per deprecation timeline. 2019-01-17 10:52:16 -05:00
Tim Graham 8045dff98c Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline. 2019-01-17 10:50:25 -05:00
Santiago Basulto 4fc35a9c3e Fixed #20147 -- Added HttpRequest.headers. 2019-01-16 13:38:47 -05:00
Jon Dufresne 8c3e0eb1c1 Normalized spelling of "lowercase" and "lowercased". 2018-09-25 10:30:18 -04:00
Jon Dufresne ad9a28ee38 Refs #29784 -- Normalized Python docs links to omit the version. 2018-09-25 10:19:42 +02:00
Tim Graham d8e2be459f
Fixed #29627 -- Fixed QueryDict.urlencode() crash with non-string values. 
Regression in 7d96f0c49a.
 2018-08-02 21:56:26 -04:00
François Freitag 93e721a0b8 Fixed django/http/request.py docstring typo. 2018-07-16 10:48:20 +02:00
Sergey Fedoseev bcdd9149d4 Simplified HttpRequest.__iter__(). 2018-07-10 09:13:36 -04:00
Josh Schneier 98e8c0293b Removed unused HttpRequest._post_parse_error attribute. 
Unused since 8f8c54f70b.
 2018-06-07 18:51:33 -04:00
Claude Paroz a177f854c3
Fixed #16470 -- Allowed FileResponse to auto-set some Content headers. 
Thanks Simon Charette, Jon Dufresne, and Tim Graham for the reviews.
 2018-05-15 18:12:11 +02:00
Alex Gaynor 9a56b4b13e Fixed #27863 -- Added support for the SameSite cookie flag. 
Thanks Alex Gaynor for contributing to the patch.
 2018-04-13 20:58:31 -04:00