Commit Graph

84 Commits

Author SHA1 Message Date
Carlton Gibson 54d0f5e62f Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
Mariusz Felisiak 415e899dc4 Refs #30451 -- Added HttpRequest._set_content_type_params() hook. 2019-06-15 10:29:02 -07:00
Troon a3a4f5c144 Fixed #30310 -- Added support for looking up HttpHeaders.headers using underscores. 2019-05-09 16:26:52 +02:00
Aymeric Augustin 3bb6a4390c Refs #27753 -- Favored force/smart_str() over force/smart_text(). 2019-02-06 14:12:06 -05:00
Jon Dufresne 7785e03ba8 Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
Tim Graham 7c66aaa2b6 Refs #28137 -- Removed HttpRequest.xreadlines() per deprecation timeline. 2019-01-17 10:52:16 -05:00
Santiago Basulto 4fc35a9c3e Fixed #20147 -- Added HttpRequest.headers. 2019-01-16 13:38:47 -05:00
Jon Dufresne 8c3e0eb1c1 Normalized spelling of "lowercase" and "lowercased". 2018-09-25 10:30:18 -04:00
Tim Graham d8e2be459f
Fixed #29627 -- Fixed QueryDict.urlencode() crash with non-string values.
Regression in 7d96f0c49a.
2018-08-02 21:56:26 -04:00
François Freitag 93e721a0b8 Fixed django/http/request.py docstring typo. 2018-07-16 10:48:20 +02:00
Sergey Fedoseev bcdd9149d4 Simplified HttpRequest.__iter__(). 2018-07-10 09:13:36 -04:00
Josh Schneier 98e8c0293b Removed unused HttpRequest._post_parse_error attribute.
Unused since 8f8c54f70b.
2018-06-07 18:51:33 -04:00
Tim Graham 7d96f0c49a Refs #27795 -- Replaced force_bytes() usage in django.http. 2018-02-07 14:28:15 -05:00
George-Cristian Bîrzan 5bf62825b5 Fixed #28828 -- Improved performance of HttpRequest.build_absolute_uri(). 2018-01-10 14:05:10 -05:00
Дилян Палаузов d7b2aa24f7 Fixed #28982 -- Simplified code with and/or. 2018-01-03 20:12:23 -05:00
Дилян Палаузов 4c599ece57 Fixed #28930 -- Simplified code with any() and all(). 2017-12-26 17:11:15 -05:00
Jonas Haag a2851f204c Fixed #28720 -- Added HttpRequest.get_full_path_info(). 2017-11-07 15:58:05 -05:00
Sergey Fedoseev f2b93b509c Removed unneeded iter() calls.
A few of these were unnecessarily added in 2b281cc35e.
2017-08-23 16:48:29 -04:00
Josh Schneier a1b2c1d76e Fixed #28137 -- Deprecated HttpRequest.xreadlines(). 2017-04-26 19:39:22 -04:00
Anton Samarchyan 3eb679a869 Refs #27656 -- Updated django.forms/http docstring verbs according to PEP 257. 2017-02-20 19:57:33 -05:00
Vytis Banaitis d1bab24e01 Refs #23919, #27778 -- Removed obsolete mentions of unicode. 2017-01-26 08:19:27 -05:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Claude Paroz 6e55e1d88a Refs #23919 -- Replaced six.reraise by raise 2017-01-22 20:08:04 +01:00
Claude Paroz 042b7350a0 Refs #23919 -- Removed unneeded str() calls 2017-01-20 14:13:55 +01:00
Claude Paroz dc8834cad4 Refs #23919 -- Removed unneeded force_str calls 2017-01-20 08:44:31 +01:00
Simon Charette cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Claude Paroz 2b281cc35e Refs #23919 -- Removed most of remaining six usage
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz 7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Anton Samarchyan 05d2c5a66d Fixed #27181 -- Allowed contrib.sites to match domains with trailing ".". 2016-11-29 18:17:10 -05:00
PREMANAND 371adc472a Fixed #27156 -- Made changing HttpRequest.encoding clear GET. 2016-11-17 12:46:42 -05:00
Tim Graham 7fe2d8d940 Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True.
This is a security fix.
2016-11-01 09:30:57 -04:00
Claude Paroz 2ced2f785d Replaced smart_* by force_* calls whenever possible
The smart_* version should only be used when a lazy string should keep
its lazy status.
2016-09-03 13:46:41 +02:00
Tim Graham ff0a5aff4f Fixed #27046 -- Supported IPv6-formatted IPv4 addresses in host validation.
Thanks LaMont Jones for the report and patch.
2016-08-11 13:54:39 -04:00
Tim Graham 5c63b3e5a7 Fixed #27005 -- Fixed crash if request.META[''CONTENT_LENGTH']=''. 2016-08-03 13:12:40 -04:00
wim glenn 5ebebd1159 Fixed #26707 -- Added QueryDict.fromkeys() 2016-06-06 08:54:25 -04:00
Andre Cruz 929684d6ee Fixed #21231 -- Enforced a max size for GET/POST values read into memory.
Thanks Tom Christie for review.
2016-05-12 10:17:52 -04:00
Tim Graham ead21a1949 Refs #22897 -- Removed unneeded empty string QueryDict argument. 2016-05-03 12:04:08 -04:00
Curtis Maloney 6f1318734f Fixed #26014 -- Added WSGIRequest content_type and content_params attributes.
Parsed the CONTENT_TYPE header once and recorded it on the request.
2016-02-10 18:19:23 -05:00
userimack 60586dd737 Fixed #26125 -- Fixed E731 flake warnings. 2016-01-25 14:23:43 -05:00
Matt Robenolt b0c56b895f Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
2015-09-16 12:21:50 -04:00
Vlastimil Zíma cf29b6b561 Fixed #25099 -- Fixed crash in AdminEmailHandler on DisallowedHost. 2015-09-04 09:24:21 -04:00
Maxime Lorant 5153a3bfdc Fixed #25331 -- Removed trailing blank lines in docstrings. 2015-08-31 17:37:21 -04:00
Matt Robenolt 4dcfbd7923 Fixed #25211 -- Added HttpRequest.get_port() and USE_X_FORWARDED_PORT setting. 2015-08-04 09:50:57 -04:00
Vlastimil Zíma 8f8c54f70b Fixed #25099 -- Cleaned up HttpRequest representations in error reporting. 2015-07-13 19:22:39 -04:00
Piotr Jakimiak 4157c502a5 Removed unnecessary arguments in .get method calls 2015-05-13 20:51:18 +02:00
Bas Peschier 9128762f16 Fixed #19910 -- Added slash to i18n redirect if APPEND_SLASH is set.
This introduces a force_append_slash argument for request.get_full_path()
which is used by RedirectFallbackMiddleware and CommonMiddleware when
handling redirects for settings.APPEND_SLASH.
2015-03-26 09:26:55 -04:00
Rik ccff08c194 Fixed #24463 -- Removed mod_python functionality from HttpRequest._get_scheme() 2015-03-11 14:35:25 -04:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00