Commit Graph

66 Commits

Author SHA1 Message Date
Tim Graham a1f948b468 Fixed CVE-2017-7234 -- Fixed open redirect vulnerability in views.static.serve().
This is a security fix.
2017-04-04 10:42:06 -04:00
Tim Graham b536dcf656 Fixed #27948 -- Removed incorrect unquote() in static serving views. 2017-03-17 07:55:00 -04:00
Claude Paroz c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Claude Paroz 2b281cc35e Refs #23919 -- Removed most of remaining six usage
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Tim Graham 1e32e1cc95 Fixed #26973 -- Fixed views.static.serve() crash with show_indexes enabled. 2016-08-10 11:27:03 -04:00
Tim Graham a3830f6d66 Refs #25236 -- Removed ifequal/ifnotequal usage. 2015-08-08 07:33:15 -04:00
Aymeric Augustin 556a74879f Fixed a few uses of Template that relied on a default engine.
Refs #24389.
2015-02-22 23:13:55 +01:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Collin Anderson 3d2cae0896 Fixed #24072 -- Added FileResponse for streaming binary files. 2015-01-05 10:51:52 -05:00
Tim Graham a9fd740d22 Fixed #23276 -- Deprecated passing views as strings to url(). 2014-08-12 13:15:40 -04:00
Aymeric Augustin cb2c3ce154 Merge pull request #1821 from Bouke/tickets/14170
#14170 -- Reset i18n cache when settings changed
2013-11-04 13:50:21 -08:00
Bouke Haarsma d0669843d0 Fixed #14170 -- Reset i18n cache when settings change 2013-11-03 09:36:09 +01:00
Ray Ashman Jr e2ae8b048e Correct flake8 E302 violations 2013-11-02 19:53:29 -04:00
Alex Gaynor b35ff0d920 Fixed all the E203 violations 2013-10-26 18:27:42 -07:00
Aymeric Augustin 6a6428a36f Took advantage of django.utils.six.moves.urllib.*. 2013-09-05 14:39:23 -05:00
Aymeric Augustin 8b9b8d3bda Removed compatibility code for streaming responses.
This code provided a deprecation path for old-style streaming responses.

Refs #6527, #7581.
2013-06-29 18:49:36 +02:00
Aymeric Augustin 57c6617c92 Minor optimization in the static serve view. 2013-01-24 11:01:32 +01:00
Aymeric Augustin 4b27813198 Fixed #7581 -- Added streaming responses.
Thanks mrmachine and everyone else involved on this long-standing ticket.
2012-10-20 20:05:11 +02:00
Claude Paroz 3cbe686af6 Fixed #18675 -- Fixed was_modified_since with floating-point mtime
Thanks Simon Charette for the patch.
2012-09-26 21:12:56 +02:00
Claude Paroz 7cfe8e8fce Fixed #11340 -- Prevented HttpResponseNotModified to have content/content-type
The HTTP 1.1 spec tells that the 304 response MUST NOT contain a
message body.
Thanks aparajita for the report.
2012-08-22 20:55:24 +02:00
Aymeric Augustin 0d914d08a0 [py3] Updated urllib/urllib2/urlparse imports.
Lots of functions were moved. Use explicit imports in all cases
to keey it easy to identify where the functions come from.
2012-07-22 09:29:55 +02:00
Claude Paroz deed192dda Removed usage of mimetype kwarg of HttpResponse
Refs #16519.
2012-06-30 21:19:07 +02:00
Claude Paroz 4a103086d5 Fixed #18269 -- Applied unicode_literals for Python 3 compatibility.
Thanks Vinay Sajip for the support of his django3 branch and
Jannis Leidel for the review.
2012-06-07 18:08:47 +02:00
Claude Paroz 9383a2761c Removed with_statement imports, useless in Python >= 2.6. Refs #17965. Thanks jonash for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17828 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-30 08:02:08 +00:00
Jannis Leidel b403e43c51 Updated core base translation files with new strings. Refs #17822.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17655 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-05 02:23:17 +00:00
Jannis Leidel 170e5d5f74 Fixed #17458 -- Marked Http404 error messages for translation. Thanks, Claude Paroz.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17447 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-04 21:01:11 +00:00
Alex Gaynor 20fbfbadcd Explicitly close a file in the static serve view. Thanks to Benjamin Peterson for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16282 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-27 04:06:23 +00:00
Luke Plant 26cda43012 Switched to HTML5 doctype in all Django supplied templates.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16050 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-20 17:40:53 +00:00
Andrew Godwin 4d3ab063b1 Fixed #15613: Don't send content-length headers for non-regular files. Thanks to jaylett.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16014 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-04 12:39:21 +00:00
Jannis Leidel 6b95aa6fb5 Fixed #15531 -- Partially reverted [15701] due to compatibility issues with middlewares that modify content of responses. Thanks for the report, schinckel. Refs #15281.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15703 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-02 10:40:48 +00:00
Jannis Leidel be4a2e3f3e Fixed #15281 -- Made the static view use an iterator when serving a file, effectively making this less of a memory hog. Also use the appropriate attributes of the stat object instead of indexes. Thanks for the initial patch, FunkyBob and aaugustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15701 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-01 22:49:10 +00:00
Luke Plant dbe6ced0d6 Fixed #717 - If-Modified-Since handling should compare dates according to RFC 2616
Thanks to Maniac for the report, julienb for the initial patch, and
especially to aaugustin for the final patch and tests.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15696 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-01 14:28:06 +00:00
Jannis Leidel a26034ffbf Fixes #15270 -- Moved back the serve view to django.views.static due to dependency conflicts with the contrib app staticfiles (reverts parts of r14293). Added a helper function that generates URL patterns for serving static and media files during development. Thanks to Carl for reviewing the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15530 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-14 01:42:26 +00:00
Jannis Leidel 33d8fcde8a Fixed #14693, #14709 -- Backwards incompatible change to rectify the confusion around the STATICFILES_URL and STATICFILES_ROOT settings.
* Two new global settings that will be used by -- **but are not limited to** -- the staticfiles app: STATIC_ROOT and STATIC_URL.

  * Moving the 'django.contrib.staticfiles.templatetags.staticfiles' template tag to the core ('django.templatetags.static') and renaming it to 'get_static_prefix'.

  * Moving the context processor 'django.contrib.staticfiles.context_processors.staticfiles' to the core ('django.core.context_processors.static') and renaming it to 'static'.

  * Paths in media definitions will use STATIC_URL as the prefix if the value is not None, and falls back to the previously used MEDIA_URL.

Thanks again to the community for constructive criticism and Carl and Russ for sanity-inducing discussions on IRC.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14592 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-17 15:36:26 +00:00
Jannis Leidel 8e96584f63 Fixed #14524, #14582, #14617, #14665 and #14667 -- Tweaked staticfiles app.
* Updated StaticFilesHandler and AdminMediaHandler
  to make use of the 404 handler if needed.

* Updated runserver management command to serve static files
  only in DEBUG mode (or if specified the --insecure option)
  and if the staticfiles app is in INSTALLED_APPS. Also added
  an option to disable serving completely (--nostatic).

* Added check in debug mode if STATICFILES_* settings are
  different to MEDIA_* settings.

* Removed a faulty PendingDeprecationWarning in AdminMediaHandler
  that is triggered every time runserver is used.

* Fixed an issue with the modification time checks when
  running collectstatic.

* Extended and refined documentation.

Thanks to everyone for input, especially to Carl Meyer, Ted Kaemming and
Adam Vandenberg for patches.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14533 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-11 21:43:49 +00:00
Jannis Leidel cfc19f84de Fixed #12323 and #11582 -- Extended the ability to handle static files. Thanks to all for helping with the original app, the patch, documentation and general support.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14293 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-20 01:33:24 +00:00
Jannis Leidel 94096e83e9 Fixed #12544 and #13600 -- Fixed static files serving view to catch invalid date from If-Modified-Since header. Thanks akaihola and SmileyChris for patches.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13870 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-26 20:44:56 +00:00
Jannis Leidel a686096c26 Fixed #7535 -- Correctly set Content-Encoding header in static files serving view. Thanks for the report and patch, Kevin Hunter.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13868 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-26 15:10:41 +00:00
Adrian Holovaty 5ceed0a053 Changed a whole bunch of places to raise exception instances instead of old-style raising exception classes plus a comma. Good for the future Python 3 conversion
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12180 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 18:36:20 +00:00
Jannis Leidel 8a109a7bc8 Fixed #11757 - Set mimetype when responding with HttpResponseNotModified in django.server.static.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12141 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-09 20:04:33 +00:00
Malcolm Tredinnick d32c290846 Revised r9566 slightly to be backwards compatible with versions 1.0 - 1.0.2.
Also documented the change. We prefer to load directory_index.html for static
directory listings, but if you have the (older style) "directory_index"
template and no .html version, we'll load that. This should stop a bunch of
mysterious breakages when people upgrade to Django 1.0.3 or Django 1.1. Also
keeps the docs in sync with released code.

Fixed #9993.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@9725 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-09 12:41:07 +00:00
James Bennett dfef20a780 Fixed #9754: static-serving view now uses correct template name for directory indexes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9566 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-12-04 19:33:28 +00:00
Adrian Holovaty 6bdb7b9529 Fixed #8172 -- Improved a whole bunch of contrib templates (admin, databrowse, admindocs, etc.) to remove unnecessary 'escape' filters, given autoescaping. Also removed unnecessary {% if %} tags and shortened some {% if %}/{% else %} tags to use {% firstof %}. Thanks for the patch, benspaulding
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8984 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-08 05:19:28 +00:00
Malcolm Tredinnick b279b75c87 Fixed #5596 -- Changed the static view for the development server so that Django doesn't crash if somebody tries to serve a 200MB file. Patch from eibaan.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6939 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-17 11:46:48 +00:00
Adrian Holovaty 7628381eb8 Edited docstring from [6505] -- single spaces separate sentences, not double spaces.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6768 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-30 05:14:09 +00:00
Malcolm Tredinnick b6002d4af6 Fixed #1291 -- Fixed a potential infinite loop for some URL constructions in
the development server. Thanks, Graham Carlyle.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6731 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-29 15:47:47 +00:00
Gary Wilson Jr 8c442f21dc Fixed #5816 -- Fixed a regression from [6333] that generates incorrect cookie "expires" dates when using a locale other than English. Introduced `http_date` and `cookie_date` utility functions. Thanks for the report Michael Lemaire. Thanks for the patch Karen Tracey and `SmileyChris`.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6634 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-31 03:59:40 +00:00
Gary Wilson Jr a3d015fad0 Added module docstring and corrected order of imports to adhere to PEP 8.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6505 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-14 04:10:02 +00:00
Gary Wilson Jr d79f684f9d Fixed typo in comment.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6455 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-06 02:19:15 +00:00