Commit Graph

390 Commits

Author SHA1 Message Date
Tim Graham 988b61c550 [1.5.x] Prevented arbitrary file inclusion with {% ssi %} tag and relative paths.
Thanks Rainer Koirikivi for the report and draft patch.

This is a security fix; disclosure to follow shortly.

Backport of 7fe5b656c9 from master
2013-09-10 21:05:03 -04:00
Łukasz Langa bbe8205693 [py3] Always fed hashlib with bytes. 2013-02-27 10:03:33 +01:00
Julien Phalip 42e87c17f2 [1.5.x] Fixed #19829 -- Fixed index lookups for NumPy arrays in templates.
Backport of 7d5e35cdb4
2013-02-15 00:18:49 -08:00
Ramiro Morales 6f29147488 [1.5.x] Fixed #19729 -- Removed leftover refactoring helper variables.
Thanks chrismedrela for the report.

Refs #6262, 44b9076 and 4d94c0c.

826d9de00e from master.
2013-02-14 20:45:36 -03:00
Tim Graham 034c355118 [1.5.X] Fixed #19470 - Clarified widthratio example.
Thanks orblivion for the suggestion.

Backport of 6534a95ac3 from master
2012-12-18 08:20:51 -05:00
Aymeric Augustin d6bad2e9ea [1.5.x] Fixed #19392 -- Improved error for old-style url tags with dashes.
Thanks dloewenherz for the report.

Backport of 4951932 from master.
2012-12-09 16:18:52 +01:00
Danilo Bargen 5509eb8626 [1.5.x] Fixed #19370 -- Made date filter properly handle midnight value
Backport of c10aaa70a from master.
2012-11-27 21:25:21 +01:00
Aymeric Augustin 37c54c27bd [1.5.x] Change exception type to reduce confusion.
TemplateSyntaxError is expected at compile time, not at run time.

Refs #19280.

Backport of 7644800.
2012-11-25 19:53:50 +01:00
Aymeric Augustin 8c2f36260e [1.5.x] Fixed #19280 -- Raised an explicit exception for the old {% url %} syntax.
Backport of 6b8a7ce.
2012-11-24 22:05:41 +01:00
Riley Strong e56c8d7e0a [1.5.X] Fixed typo in django.template.defaulttags
Backport of d179794c6b from master
2012-11-20 05:03:22 -05:00
Sean Breant 6554137eeb [1.5.x] Fixed #19262 -- Support cookie pickling in SimpleTemplateResponse
Refs #15863.
Backport of 4d817b3887 from master.
2012-11-09 21:11:36 +01:00
Claude Paroz fa2e28ccc4 Fixed #18484 -- Removed the div around the csrf token input 2012-10-13 11:30:09 +02:00
Ramiro Morales 2100da9dcd Ensure we ignore __pycache__ PEP 3174 dirs in a few more places. 2012-10-06 18:40:58 -03:00
Martey Dodoo 3fb2662edc Fixes #18933. Fixes code example in docstring.
Makes code example of silent keyword docstring in cycle templatetag
method the same as in the documentation.
2012-09-09 00:35:40 -04:00
Claude Paroz ae88e73fa6 Replaced some smart_xxx by force_xxx equivalent
smart_str/smart_text should only be used when a potential lazy
string should be preserved in the result of the function call.
2012-08-30 15:46:16 +02:00
Claude Paroz e2b4eddc11 Used the decorator syntax for properties in django.http 2012-08-22 20:55:24 +02:00
Marc Tamlyn e4984812cd Fixed bug in 212b982 -- Removed duplicate code in removetags 2012-08-18 17:09:37 +01:00
Marc Tamlyn 212b9826bd Fixed #14516 -- Extract methods from removetags and slugify template filters
Patch by @jphalip updated to apply, documentation and release notes
added.

I've documented strip_tags as well as remove_tags as the difference
between the two wouldn't be immediately obvious.
2012-08-18 15:07:21 +01:00
Claude Paroz 2d2dca2d8e [py3] Fixed slugify filter 2012-08-15 12:29:10 +02:00
Aymeric Augustin 2ae58b20ec [py3] Fixed egg template loader. 2012-08-14 12:29:53 +02:00
Claude Paroz dce34dc969 [py3] Made __repr__ return str with Python 3 2012-08-12 20:45:39 +02:00
Aymeric Augustin d4a0b27838 [py3] Refactored __unicode__ to __str__.
* Renamed the __unicode__ methods
* Applied the python_2_unicode_compatible decorator
* Removed the StrAndUnicode mix-in that is superseded by
  python_2_unicode_compatible
* Kept the __unicode__ methods in classes that specifically
  test it under Python 2
2012-08-12 14:44:40 +02:00
Aymeric Augustin 2bb2eecb63 [py3] Removed redundant __str__ methods.
These classes already have an identical __unicode__ method, which
will be used after an upcoming refactoring.
2012-08-12 14:44:40 +02:00
Karen Tracey 759ae3c2da Fixed #18739 -- witdthratio behavior on None args
Made behavior given None consistent with how non-numerics were handled.
Thanks to ja.geb@me.com for the report.
2012-08-11 19:24:18 -04:00
Alex Gaynor 4c97101b1f remove a bunch of unnescesarry iterkeys() calls 2012-08-08 07:33:15 -07:00
Aymeric Augustin fa4cb34817 [py3] Fixed filesystem encoding handling
in the app directories template loader.
2012-08-08 13:07:49 +02:00
Aymeric Augustin c5ef65bcf3 [py3] Ported django.utils.encoding.
* Renamed smart_unicode to smart_text (but kept the old name under
  Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
  and smart_bytes under Python 2 (which is backwards compatible).
  Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
  want a str.
2012-08-07 12:00:22 +02:00
Aymeric Augustin ee191715ea [py3] Fixed access to dict keys/values/items. 2012-08-07 12:00:22 +02:00
Aymeric Augustin bdca5ea345 [py3] Replaced unicode/str by six.text_type/bytes. 2012-07-22 09:29:54 +02:00
Aymeric Augustin 3cb2457f46 [py3] Replaced basestring by six.string_types. 2012-07-22 09:29:54 +02:00
Aymeric Augustin 1e89a208d0 Fixed #18645 -- Clarified filesizeformat implementation
Thanks Jérôme Renard for the patch.
2012-07-18 15:01:12 +02:00
Luke Plant 2ba4278cb3 Fixed #18484 - 'display:none' on CSRF token div is redundant and causes problems with some browsers
Thanks to hedleyroos for the report
2012-07-06 15:33:29 +01:00
Luke Plant 8fdc56d2a6 Fixed #18572 - Python26 string format incompatibility
Thanks to anonymous/AeroNotix for the report
2012-07-06 00:23:02 +01:00
Luke Plant a92e7f37c4 Changed a lot of internal code to use 'format_html' where appropriate/possible 2012-07-03 22:20:12 +01:00
Claude Paroz da200c5e35 Fixed #16519 -- Deprecated mimetype kwarg of HttpResponse __init__
This keyword was already deprecated in the code (supported for
backwards compatibility only), but never formally deprecated.
Thanks Paul McMillan for the report and yasar11732 for the initial
patch.
2012-06-30 21:27:47 +02:00
Chris Beaven c57ba67331 Fixed #14502 again -- saner verbatim closing token
Previously, the closing token for the verbatim tag was specified as the
first argument of the opening token. As pointed out by Jannis, this is
a rather major departure from the core tag standard.

The new method reflects how you can give a specific closing name to
{% block %} tags.
2012-06-19 10:49:33 +12:00
Luke Plant fd6a9d35d9 IfParser.next() method renamed to avoid confusion with iterator protocol. 2012-06-14 23:12:15 +01:00
Luke Plant edee20ff50 Reverted part of 169b1a40 which was mistakenly applied to a non-iterator class.
Doing next(IfParser()) works for Python 2.7, because it calls
IfParser.next(), but in Python 3 will call IfParser.__next__() which does
not work since it is not an iterator and does not have that method.
2012-06-14 23:12:15 +01:00
Claude Paroz 4a103086d5 Fixed #18269 -- Applied unicode_literals for Python 3 compatibility.
Thanks Vinay Sajip for the support of his django3 branch and
Jannis Leidel for the review.
2012-06-07 18:08:47 +02:00
Aymeric Augustin 4464bbba15 Fixed #14502 -- Added a verbatim template tag.
Thanks SmileyChris for the patch.
2012-06-07 09:59:14 +02:00
Claude Paroz edfa95c22f Specified when open should use binary mode.
Thanks Vinaj Sajip for the help of his django3 branch.
2012-05-25 20:43:43 +02:00
Claude Paroz 169b1a404c Replaced foo.next() by next(foo).
This new syntax for next() has been introduced in Python 2.6 and is
compatible with Python 3.
2012-05-10 20:15:49 +02:00
Claude Paroz 865cd35c9b Made more extensive usage of context managers with open. 2012-05-05 14:06:36 +02:00
Aymeric Augustin e84f79f051 Fixed #18042 -- Advanced deprecation warnings.
Thanks Ramiro for the patch.
2012-05-03 15:27:01 +02:00
Aymeric Augustin ddfc7c2530 Fixed #4746 -- Allowed spaces around filter separator. 2012-04-30 21:01:06 +02:00
Claude Paroz 3904b74a3f Fixed #18013 -- Use the new 'as' syntax for exceptions.
Thanks Clueless for the initial patch.
Note that unittest has been purposely left out (external package only used by Python 2.6).
2012-04-29 20:57:15 +02:00
Aymeric Augustin 3e8b40f479 Fixed #17992 -- Added a public API for localtime.
Thanks Bradley Ayers for the report.
2012-04-29 15:37:23 +02:00
Claude Paroz eb351ac9cb Fixed #18037 -- Changed behaviour of url and ssi template tags to the new syntax, as per official deprecation timeline. Thanks Ramiro Morales and Jannis Leidel for the review.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17934 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-24 19:55:52 +00:00
Aymeric Augustin f0697570e9 Fixed #18103 -- Regression introduced in r17895.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17896 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-11 13:00:38 +00:00
Aymeric Augustin 93240b7d90 Fixed #17229 -- Allow 'True', 'False' and 'None' to resolve to the corresponding Python objects in templates.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17894 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-10 20:49:45 +00:00