Commit Graph

291 Commits

Author SHA1 Message Date
Anton Samarchyan 05d2c5a66d Fixed #27181 -- Allowed contrib.sites to match domains with trailing ".". 2016-11-29 18:17:10 -05:00
PREMANAND 371adc472a Fixed #27156 -- Made changing HttpRequest.encoding clear GET. 2016-11-17 12:46:42 -05:00
Ramin Farajpour Cami 967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
Tim Graham 7fe2d8d940 Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True.
This is a security fix.
2016-11-01 09:30:57 -04:00
Claude Paroz 2ced2f785d Replaced smart_* by force_* calls whenever possible
The smart_* version should only be used when a lazy string should keep
its lazy status.
2016-09-03 13:46:41 +02:00
Ryan Allen 190d2ff4a7 Fixed #27153 -- Added validation for HttpResponse status. 2016-08-30 21:59:43 -04:00
Tim Graham ff0a5aff4f Fixed #27046 -- Supported IPv6-formatted IPv4 addresses in host validation.
Thanks LaMont Jones for the report and patch.
2016-08-11 13:54:39 -04:00
Tim Graham 5c63b3e5a7 Fixed #27005 -- Fixed crash if request.META[''CONTENT_LENGTH']=''. 2016-08-03 13:12:40 -04:00
Ville Skyttä 96f97691ad Fixed broken links in docs and comments. 2016-06-15 21:20:23 -04:00
wim glenn 5ebebd1159 Fixed #26707 -- Added QueryDict.fromkeys() 2016-06-06 08:54:25 -04:00
Jon Dufresne a8f957797d Fixed comment typo in multiparser.py 2016-06-05 16:36:59 -04:00
Asif Saifuddin Auvi dc88516e5b Made style improvements to multipartparser.py 2016-06-04 11:06:25 -04:00
Andre Cruz 929684d6ee Fixed #21231 -- Enforced a max size for GET/POST values read into memory.
Thanks Tom Christie for review.
2016-05-12 10:17:52 -04:00
Tim Graham 086510fde0 Removed HTTP prefixed CONTENT_TYPE/LENGTH headers in MultiPartParser.
The docs say that these headers always appear without the HTTP_ prefix.
This may have been an oversight when they were added in
d725cc9734, the only commit that uses
these names.
2016-05-06 10:30:03 -04:00
Tim Graham ead21a1949 Refs #22897 -- Removed unneeded empty string QueryDict argument. 2016-05-03 12:04:08 -04:00
Tim Graham bb0b4b705b Fixed #26052 -- Moved conditional_content_removal() processing to the test client. 2016-04-25 07:56:07 -04:00
Tim Graham df8d8d4292 Fixed E128 flake8 warnings in django/. 2016-04-08 09:51:06 -04:00
Collin Anderson 93a135d111 Fixed #26158 -- Rewrote http.parse_cookie() to better match browsers. 2016-03-15 12:24:06 -04:00
Tim Graham 59df07738c Simplified _cookie_allows_colon_in_names condition. 2016-03-14 18:58:49 -04:00
Tim Graham 2f81f466a8 Removed a workaround for a cookie encoding bug [1] in Python < 2.7.2.
[1] http://bugs.python.org/issue9824
2016-03-14 18:58:49 -04:00
John-Mark Bell 4b129ac81f Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an empty string. 2016-03-07 13:19:39 -05:00
Curtis Maloney 6f1318734f Fixed #26014 -- Added WSGIRequest content_type and content_params attributes.
Parsed the CONTENT_TYPE header once and recorded it on the request.
2016-02-10 18:19:23 -05:00
userimack 60586dd737 Fixed #26125 -- Fixed E731 flake warnings. 2016-01-25 14:23:43 -05:00
Johannes Hoppe 5233b70070 Fixed #25725 -- Made HttpReponse immediately close objects. 2015-12-14 12:46:48 -05:00
Raphael Merx 0a19f8d4fc Fixed #25644 -- Fixed reset cookie expiry date bug.
Setting a cookie with the same name as a previously deleted cookie
would set its expiry date to 'Thu, 01-Jan-1970 00:00:00 GMT'.
2015-11-18 07:47:40 -05:00
Jon Dufresne 05248a1009 Fixed #25576 -- Added IOBase methods required by TextIOWrapper to HttpResponse. 2015-10-21 10:42:29 -04:00
Matt Robenolt b0c56b895f Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
2015-09-16 12:21:50 -04:00
Vlastimil Zíma cf29b6b561 Fixed #25099 -- Fixed crash in AdminEmailHandler on DisallowedHost. 2015-09-04 09:24:21 -04:00
Maxime Lorant 5153a3bfdc Fixed #25331 -- Removed trailing blank lines in docstrings. 2015-08-31 17:37:21 -04:00
Sambhav Satija d0bd533043 Fixed #25254 -- Added JsonResponse json_dumps_params parameter. 2015-08-12 10:39:07 -04:00
Matt Robenolt 4dcfbd7923 Fixed #25211 -- Added HttpRequest.get_port() and USE_X_FORWARDED_PORT setting. 2015-08-04 09:50:57 -04:00
Keryn Knight c96f11257b Refs #24121 -- Added meaningful repr() to HttpResponse and subclasses. 2015-07-15 09:01:25 -04:00
Vlastimil Zíma 8f8c54f70b Fixed #25099 -- Cleaned up HttpRequest representations in error reporting. 2015-07-13 19:22:39 -04:00
Tim Graham 7da3923ba0 Sorted imports in __init__.py files. 2015-06-27 11:53:33 -04:00
Tim Graham 3f2de80318 Refs #23763 -- Fixed Python 3.5 PendingDeprecationWarning in LazyStream.
Fixed "PendingDeprecationWarning: generator 'LazyStream.read.<locals>.parts'
raised StopIteration" per PEP 0479.
2015-06-17 06:55:16 -04:00
Piotr Jakimiak 4157c502a5 Removed unnecessary arguments in .get method calls 2015-05-13 20:51:18 +02:00
Bas Peschier 9128762f16 Fixed #19910 -- Added slash to i18n redirect if APPEND_SLASH is set.
This introduces a force_append_slash argument for request.get_full_path()
which is used by RedirectFallbackMiddleware and CommonMiddleware when
handling redirects for settings.APPEND_SLASH.
2015-03-26 09:26:55 -04:00
Claude Paroz a0c2eb46dd Fixed #23960 -- Removed http.fix_location_header
Thanks Carl Meyer for the report and Tim Graham for the review.
2015-03-18 18:22:50 +01:00
Jon Dufresne d861f95c44 Fixed #24139 -- Changed HttpResponse.reason_phrase to evaluate based on status_code. 2015-03-12 20:18:06 -04:00
Rik ccff08c194 Fixed #24463 -- Removed mod_python functionality from HttpRequest._get_scheme() 2015-03-11 14:35:25 -04:00
Claude Paroz efb1f99f94 Fixed #20889 -- Prevented BadHeaderError when Python inserts newline
Workaround for http://bugs.python.org/issue20747.
In some corner cases, Python 2 inserts a newline in a header value
despite `maxlinelen` passed in Header constructor.
Thanks Tim Graham for the review.
2015-02-19 20:18:31 +01:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Matthew Somerville 250aa7c39b Fixed #24240 -- Allowed GZipping a Unicode StreamingHttpResponse
make_bytes() assumed that if the Content-Encoding header is set, then
everything had already been dealt with bytes-wise, but in a streaming
situation this was not necessarily the case.

make_bytes() is only called when necessary when working with a
StreamingHttpResponse iterable, but by that point the middleware has
added the Content-Encoding header and thus make_bytes() tried to call
bytes(value) (and dies). If it had been a normal HttpResponse,
make_bytes() would have been called when the content was set, well
before the middleware set the Content-Encoding header.

This commit removes the special casing when Content-Encoding is set,
allowing unicode strings to be encoded during the iteration before they
are e.g. gzipped. This behaviour was added a long time ago for #4969 and
it doesn't appear to be necessary any more, as everything is correctly
made into bytes at the appropriate places.

Two new tests, to show that supplying non-ASCII characters to a
StreamingHttpResponse works fine normally, and when passed through the
GZip middleware (the latter dies without the change to make_bytes()).
Removes the test with a nonsense Content-Encoding and Unicode input - if
this were to happen, it can still be encoded as bytes fine.
2015-02-03 18:18:12 +01:00
Jon Dufresne 24b2bc635e Fixed #24137 -- Switched to HTTP reason phrases from Python stdlib. 2015-01-28 06:59:40 -05:00
Raul Cumplido ac650d02cb Fixed #24209 -- Prevented crash when parsing malformed RFC 2231 headers
Thanks Tom Christie for the report and review.
2015-01-27 20:12:22 +01:00
Collin Anderson a9aec1154e Closed files in FileResponse; refs #24072 2015-01-05 14:54:55 -05:00
Collin Anderson 3d2cae0896 Fixed #24072 -- Added FileResponse for streaming binary files. 2015-01-05 10:51:52 -05:00
Sergey Parkhomenko 059c9ab24c Fixed #23977 -- Added setdefault() method to HttpResponse 2014-12-11 13:56:56 -05:00
Jon Dufresne 4468c08d70 Fixed #23968 -- Replaced list comprehension with generators and dict comprehension 2014-12-08 07:58:23 -05:00
Matt Robenolt 80facd7a0f Removed unused variable django.http.request.absolute_http_url_re 2014-11-24 07:01:55 -05:00