Tim Graham
988b61c550
[1.5.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths.
...
Thanks Rainer Koirikivi for the report and draft patch.
This is a security fix; disclosure to follow shortly.
Backport of 7fe5b656c9
from master
2013-09-10 21:05:03 -04:00
Łukasz Langa
bbe8205693
[py3] Always fed hashlib with bytes.
2013-02-27 10:03:33 +01:00
Julien Phalip
42e87c17f2
[1.5.x] Fixed #19829 -- Fixed index lookups for NumPy arrays in templates.
...
Backport of 7d5e35cdb4
2013-02-15 00:18:49 -08:00
Ramiro Morales
6f29147488
[1.5.x] Fixed #19729 -- Removed leftover refactoring helper variables.
...
Thanks chrismedrela for the report.
Refs #6262 , 44b9076
and 4d94c0c
.
826d9de00e
from master.
2013-02-14 20:45:36 -03:00
Tim Graham
034c355118
[1.5.X] Fixed #19470 - Clarified widthratio example.
...
Thanks orblivion for the suggestion.
Backport of 6534a95ac3
from master
2012-12-18 08:20:51 -05:00
Aymeric Augustin
d6bad2e9ea
[1.5.x] Fixed #19392 -- Improved error for old-style url tags with dashes.
...
Thanks dloewenherz for the report.
Backport of 4951932
from master.
2012-12-09 16:18:52 +01:00
Danilo Bargen
5509eb8626
[1.5.x] Fixed #19370 -- Made date filter properly handle midnight value
...
Backport of c10aaa70a
from master.
2012-11-27 21:25:21 +01:00
Aymeric Augustin
37c54c27bd
[1.5.x] Change exception type to reduce confusion.
...
TemplateSyntaxError is expected at compile time, not at run time.
Refs #19280 .
Backport of 7644800
.
2012-11-25 19:53:50 +01:00
Aymeric Augustin
8c2f36260e
[1.5.x] Fixed #19280 -- Raised an explicit exception for the old {% url %} syntax.
...
Backport of 6b8a7ce.
2012-11-24 22:05:41 +01:00
Riley Strong
e56c8d7e0a
[1.5.X] Fixed typo in django.template.defaulttags
...
Backport of d179794c6b
from master
2012-11-20 05:03:22 -05:00
Sean Breant
6554137eeb
[1.5.x] Fixed #19262 -- Support cookie pickling in SimpleTemplateResponse
...
Refs #15863 .
Backport of 4d817b3887
from master.
2012-11-09 21:11:36 +01:00
Claude Paroz
fa2e28ccc4
Fixed #18484 -- Removed the div around the csrf token input
2012-10-13 11:30:09 +02:00
Ramiro Morales
2100da9dcd
Ensure we ignore __pycache__ PEP 3174 dirs in a few more places.
2012-10-06 18:40:58 -03:00
Martey Dodoo
3fb2662edc
Fixes #18933 . Fixes code example in docstring.
...
Makes code example of silent keyword docstring in cycle templatetag
method the same as in the documentation.
2012-09-09 00:35:40 -04:00
Claude Paroz
ae88e73fa6
Replaced some smart_xxx by force_xxx equivalent
...
smart_str/smart_text should only be used when a potential lazy
string should be preserved in the result of the function call.
2012-08-30 15:46:16 +02:00
Claude Paroz
e2b4eddc11
Used the decorator syntax for properties in django.http
2012-08-22 20:55:24 +02:00
Marc Tamlyn
e4984812cd
Fixed bug in 212b982
-- Removed duplicate code in removetags
2012-08-18 17:09:37 +01:00
Marc Tamlyn
212b9826bd
Fixed #14516 -- Extract methods from removetags and slugify template filters
...
Patch by @jphalip updated to apply, documentation and release notes
added.
I've documented strip_tags as well as remove_tags as the difference
between the two wouldn't be immediately obvious.
2012-08-18 15:07:21 +01:00
Claude Paroz
2d2dca2d8e
[py3] Fixed slugify filter
2012-08-15 12:29:10 +02:00
Aymeric Augustin
2ae58b20ec
[py3] Fixed egg template loader.
2012-08-14 12:29:53 +02:00
Claude Paroz
dce34dc969
[py3] Made __repr__ return str with Python 3
2012-08-12 20:45:39 +02:00
Aymeric Augustin
d4a0b27838
[py3] Refactored __unicode__ to __str__.
...
* Renamed the __unicode__ methods
* Applied the python_2_unicode_compatible decorator
* Removed the StrAndUnicode mix-in that is superseded by
python_2_unicode_compatible
* Kept the __unicode__ methods in classes that specifically
test it under Python 2
2012-08-12 14:44:40 +02:00
Aymeric Augustin
2bb2eecb63
[py3] Removed redundant __str__ methods.
...
These classes already have an identical __unicode__ method, which
will be used after an upcoming refactoring.
2012-08-12 14:44:40 +02:00
Karen Tracey
759ae3c2da
Fixed #18739 -- witdthratio behavior on None args
...
Made behavior given None consistent with how non-numerics were handled.
Thanks to ja.geb@me.com for the report.
2012-08-11 19:24:18 -04:00
Alex Gaynor
4c97101b1f
remove a bunch of unnescesarry iterkeys() calls
2012-08-08 07:33:15 -07:00
Aymeric Augustin
fa4cb34817
[py3] Fixed filesystem encoding handling
...
in the app directories template loader.
2012-08-08 13:07:49 +02:00
Aymeric Augustin
c5ef65bcf3
[py3] Ported django.utils.encoding.
...
* Renamed smart_unicode to smart_text (but kept the old name under
Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
and smart_bytes under Python 2 (which is backwards compatible).
Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
want a str.
2012-08-07 12:00:22 +02:00
Aymeric Augustin
ee191715ea
[py3] Fixed access to dict keys/values/items.
2012-08-07 12:00:22 +02:00
Aymeric Augustin
bdca5ea345
[py3] Replaced unicode/str by six.text_type/bytes.
2012-07-22 09:29:54 +02:00
Aymeric Augustin
3cb2457f46
[py3] Replaced basestring by six.string_types.
2012-07-22 09:29:54 +02:00
Aymeric Augustin
1e89a208d0
Fixed #18645 -- Clarified filesizeformat implementation
...
Thanks Jérôme Renard for the patch.
2012-07-18 15:01:12 +02:00
Luke Plant
2ba4278cb3
Fixed #18484 - 'display:none' on CSRF token div is redundant and causes problems with some browsers
...
Thanks to hedleyroos for the report
2012-07-06 15:33:29 +01:00
Luke Plant
8fdc56d2a6
Fixed #18572 - Python26 string format incompatibility
...
Thanks to anonymous/AeroNotix for the report
2012-07-06 00:23:02 +01:00
Luke Plant
a92e7f37c4
Changed a lot of internal code to use 'format_html' where appropriate/possible
2012-07-03 22:20:12 +01:00
Claude Paroz
da200c5e35
Fixed #16519 -- Deprecated mimetype kwarg of HttpResponse __init__
...
This keyword was already deprecated in the code (supported for
backwards compatibility only), but never formally deprecated.
Thanks Paul McMillan for the report and yasar11732 for the initial
patch.
2012-06-30 21:27:47 +02:00
Chris Beaven
c57ba67331
Fixed #14502 again -- saner verbatim closing token
...
Previously, the closing token for the verbatim tag was specified as the
first argument of the opening token. As pointed out by Jannis, this is
a rather major departure from the core tag standard.
The new method reflects how you can give a specific closing name to
{% block %} tags.
2012-06-19 10:49:33 +12:00
Luke Plant
fd6a9d35d9
IfParser.next() method renamed to avoid confusion with iterator protocol.
2012-06-14 23:12:15 +01:00
Luke Plant
edee20ff50
Reverted part of 169b1a40
which was mistakenly applied to a non-iterator class.
...
Doing next(IfParser()) works for Python 2.7, because it calls
IfParser.next(), but in Python 3 will call IfParser.__next__() which does
not work since it is not an iterator and does not have that method.
2012-06-14 23:12:15 +01:00
Claude Paroz
4a103086d5
Fixed #18269 -- Applied unicode_literals for Python 3 compatibility.
...
Thanks Vinay Sajip for the support of his django3 branch and
Jannis Leidel for the review.
2012-06-07 18:08:47 +02:00
Aymeric Augustin
4464bbba15
Fixed #14502 -- Added a verbatim template tag.
...
Thanks SmileyChris for the patch.
2012-06-07 09:59:14 +02:00
Claude Paroz
edfa95c22f
Specified when open should use binary mode.
...
Thanks Vinaj Sajip for the help of his django3 branch.
2012-05-25 20:43:43 +02:00
Claude Paroz
169b1a404c
Replaced foo.next() by next(foo).
...
This new syntax for next() has been introduced in Python 2.6 and is
compatible with Python 3.
2012-05-10 20:15:49 +02:00
Claude Paroz
865cd35c9b
Made more extensive usage of context managers with open.
2012-05-05 14:06:36 +02:00
Aymeric Augustin
e84f79f051
Fixed #18042 -- Advanced deprecation warnings.
...
Thanks Ramiro for the patch.
2012-05-03 15:27:01 +02:00
Aymeric Augustin
ddfc7c2530
Fixed #4746 -- Allowed spaces around filter separator.
2012-04-30 21:01:06 +02:00
Claude Paroz
3904b74a3f
Fixed #18013 -- Use the new 'as' syntax for exceptions.
...
Thanks Clueless for the initial patch.
Note that unittest has been purposely left out (external package only used by Python 2.6).
2012-04-29 20:57:15 +02:00
Aymeric Augustin
3e8b40f479
Fixed #17992 -- Added a public API for localtime.
...
Thanks Bradley Ayers for the report.
2012-04-29 15:37:23 +02:00
Claude Paroz
eb351ac9cb
Fixed #18037 -- Changed behaviour of url and ssi template tags to the new syntax, as per official deprecation timeline. Thanks Ramiro Morales and Jannis Leidel for the review.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17934 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-24 19:55:52 +00:00
Aymeric Augustin
f0697570e9
Fixed #18103 -- Regression introduced in r17895.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17896 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-11 13:00:38 +00:00
Aymeric Augustin
93240b7d90
Fixed #17229 -- Allow 'True', 'False' and 'None' to resolve to the corresponding Python objects in templates.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17894 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-10 20:49:45 +00:00