Commit Graph

20 Commits

Author SHA1 Message Date
Florian Apolloner 20b9ad36ff [4.0.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths.
Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports.

Backport of d4dcd5b9dd from main.
2021-12-07 06:29:34 +01:00
Angus Holder 3e73c65ffc Fixed #32195 -- Added system check for invalid view in path() and improved error messages. 2021-06-09 09:06:42 +02:00
Mariusz Felisiak 8f89454bbc Refs #32195 -- Added path() test for invalid view. 2021-06-09 08:58:41 +02:00
Mariusz Felisiak 98ae3925e5 Refs #31534 -- Removed django.conf.urls.url() per deprecation timeline. 2021-01-14 17:50:04 +01:00
Tim Park ece18207cb Fixed #31858 -- Reallowed whitespaces in URL paths outside of parameters.
Regression in 22394bd3a1.

Thanks David Smith for the review.
2020-09-02 10:24:14 +02:00
David Smith 2522559d1a Fixed #31534 -- Deprecated django.conf.urls.url(). 2020-05-05 07:34:34 +02:00
Adam Johnson 4bb33bb074 Fixed #31459 -- Fixed handling invalid indentifiers in URL path conversion.
This patch adjusted existing tests that used invalid identifiers.
2020-04-15 11:29:35 +02:00
Jack Cushman eb629f4c02 Fixed #30995 -- Allowed converter.to_url() to raise ValueError to indicate no match. 2020-01-09 14:41:41 +01:00
Jack Cushman 07f6ff09e4 Added tests for using the same name for multiple URL patterns. 2020-01-08 10:55:53 +01:00
Mariusz Felisiak 82a88d2f48
Fixed #31061 -- Ignored positional args in django.urls.resolve() when all optional named parameters are missing.
Regression in 76b993a117.

Thanks Claude Paroz for the report and Carlton Gibson for reviews.
2019-12-06 09:32:51 +01:00
Hasan Ramezani 22394bd3a1 Fixed #29667 -- Prohibited whitespaces in path() URLs. 2019-08-20 11:53:10 +02:00
Min ho Kim 4f7328ce8a Corrected multiple typos. 2019-08-12 12:53:36 +02:00
daniel a rios 76b993a117 Fixed #26431 -- Prevented django.urls.resolve() from returning missing optional parameters.
Previous behavior was inconsistent with django.urls.reverse() and
caused that translate_url() created an incorrect URL when an optional
parameter was missing.
2019-06-24 11:47:56 +02:00
daniel a rios d640c71fa3 Refs #26431 -- Added tests for resolving URL and translate_url() with provided optional parameter. 2019-06-24 11:30:26 +02:00
Min ho Kim 6e8303d49b Fixed typos in FakePayload docstring and SimplifiedURLTests test name. 2019-06-17 12:38:04 +02:00
Semen Zhydenko 255d6a26a8 Fixed spelling mistakes in comments and tests. 2019-02-11 08:55:57 -05:00
Benjamin Wohlwend 79c196cfb2 Fixed #28766 -- Added ResolverMatch.route.
Co-Authored-By: Xavier Fernandez <xavier.fernandez@polyconseil.fr>
2018-12-06 18:05:40 -05:00
Eric Brandwein b0b4aac555 Fixed #29775 -- Fixed URL converters in a nested namespaced path.
When using include() without namespaces of some urlpatterns that
have an include() with namespace, the converters of the parent
include() weren't being used to convert the arguments of reverse().
2018-10-04 11:42:27 -04:00
Xaroth Brook 39283c8edb Fixed #29415 -- Fixed detection of custom URL converters in included patterns. 2018-05-26 20:13:48 -04:00
Sjoerd Job Postmus df41b5a05d Fixed #28593 -- Added a simplified URL routing syntax per DEP 0201.
Thanks Aymeric Augustin for shepherding the DEP and patch review.
Thanks Marten Kenbeek and Tim Graham for contributing to the code.
Thanks Tom Christie, Shai Berger, and Tim Graham for the docs.
2017-09-20 18:04:42 -04:00