innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
19,927 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

12074 Commits

Author SHA1 Message Date
Tim Graham 36bf6ec9eb [1.8.x] Moved contrib.flatpages tests out of contrib. 
Backport of d3a725054f from master
 2015-02-11 11:47:58 -05:00
Tim Graham a0553d1a7c [1.8.x] Prevented some test commands from needlessly running system checks. 
This is a performance optimization and also fixes test errors with the
upcoming merge of contrib tests into tests/. The tests failed on MySQL
because the models with GeometryField were being checked but the
non-GIS MySQL backend didn't know how to handle them.

Backport of 197dd4b8f1 from master
 2015-02-11 10:17:53 -05:00
Daniel Pyrathon fdcc9c47d5 [1.8.x] Fixed #24146 -- Allowed model._meta.get_field() to be used after apps.models_ready 
Backport of 19188826b4 from master
 2015-02-10 19:55:42 -05:00
Aymeric Augustin c6a49d4f17 [1.8.x] Fixed a crash of the debug page. 
During the autumn DST change, the template engine would fail to convert
the naive representation of now when USE_TZ = True. Passing now in UTC
eliminates the issue.

Thanks mbertheau and tricoder42.

Refs #23714.

Backport of c7a6996df7 from master
 2015-02-10 19:07:07 -05:00
Loic Bistuer 00f76b018f [1.8.x] Fixed isort import that's inconsistent between platforms. 
Backport of c8e24bbc9b from master
 2015-02-10 18:53:23 -05:00
Josh Smeaton 3518d51697 [1.8.x] Fixed #24200 -- Made introspection bypass statement cache 
Backport of 1fbe8a2de3 from master
 2015-02-10 23:42:16 +02:00
Aymeric Augustin 9b7b37382c [1.8.x] Split DTL context creation into its own function. 
This reduces the length of rope RequestContext gives users to hang
themselves with.

Thanks Alex Hill for the report and Tim Graham for the review.

Backport of f2c104a from master.
 2015-02-10 14:35:05 +01:00
Tim Graham a8b70d251d [1.8.x] Sorted imports with isort; refs #23860. 
Backport of 0ed7d15563 from master
 2015-02-09 14:24:06 -05:00
Tim Graham 9744529c12 [1.8.x] Fixed #24302 -- Added DurationField.formfield() 
Backport of 2d7c27d387 from master
 2015-02-09 10:21:15 -05:00
jMyles ac576e9f45 [1.8.x] Fixed #24287 -- Added friendly error if a model is in a models.py outside an installed app. 2015-02-09 09:38:03 -05:00
Tim Graham 6e50fc9246 [1.8.x] Removed unnecessary parentheses in model check messages. 
Backport of e144e0e237 from master
 2015-02-09 08:57:02 -05:00
Aron Podrigal eb9fbc0b1d [1.8.x] Fixed #24249 -- Improved field shadowing validation in model multi-inheritance. 
Backport of 4d73303ee9 from master
 2015-02-09 08:43:40 -05:00
Aymeric Augustin 8cb2cfdda5 [1.8.x] Called parent in SimpleTestCase.setUpClass/tearDownClass. 
Backport of 146dd7be8d from master
 2015-02-08 21:31:28 -05:00
Claude Paroz cd260d03bd [1.8.x] Replaced hardcoded URLs in admin_* tests 
Refs #15779. This will allow easier admin URL changes, when needed.
Thanks Simon Charette for the review.

Backport of 32e6a7d3a5 from master
 2015-02-08 15:12:07 -05:00
Alex Gaynor d54638727a [1.8.x] Simplified the lazy CSRF token implementation in csrf context processor. 
This significantly improves performance on PyPy. The previous
implementation would generate a new class on every single request,
which is relatively slow.

Backport of 8099d33b65 from master
 2015-02-08 15:03:29 -05:00
Alex Gaynor ee86bf24d2 [1.8.x] Optimized allow_lazy() by not generating a new lazy wrapper on each invocation. 
This dramatically improves performance on PyPy. The following benchmark:

python -mtimeit -s "from django.utils.functional import allow_lazy; from django.utils.translation import ugettext_lazy; f = allow_lazy(lambda s: s, str)" "f(ugettext_lazy('abc'))"

goes from 390us per loop to 165us.

Backport of 82e0cd1571 from master
 2015-02-08 14:57:19 -05:00
Varun Sharma b44a56c308 [1.8.x] Fixed #24181 -- Fixed multi-char THOUSAND_SEPARATOR insertion 
Report and original patch by Kay Cha.
Backport of 540ca563de from master.
 2015-02-08 20:09:04 +01:00
Markus Holtermann edbf6de753 [1.8.x] Revert "Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth" 
This reverts commit 737d24923a.

Backport of 2832a9b028 from master
 2015-02-07 20:35:20 +01:00
Markus Holtermann b2b5ea88b7 [1.8.x] Revert "Refs #24075 -- Silenced needless call_command output while running tests" 
This reverts commit 51dc617b21.

Backport of bd3d796ecd from master
 2015-02-07 19:52:50 +01:00
Collin Anderson fc8e1e0c10 [1.8.x] Fixed E265 comment style 
Backport of db77915c9f from master
 2015-02-06 09:35:08 -05:00
Tim Graham 232a1d297c [1.8.x] Removed django-2to3.py 
Aymeric says, "It was fun to write, but I don't think it's very useful."

Backport of 607af78bb8 from master
 2015-02-06 08:56:01 -05:00
Tim Graham 289660f52d [1.8.x] Removed bin/unique-messages.py 
This script is no longer used according to Claude, our translations manager.

Backport of eb45a29565 from master
 2015-02-06 08:55:10 -05:00
Tim Graham 6adc23d6b6 [1.8.x] Removed gather_profile_stats.py 
This script uses the unmaintained hotshot module (gone on Python 3)
and doesn't seem to be Django specific in any way.

Backport of 388d986b8a from master
 2015-02-06 08:55:02 -05:00
Tim Graham fc1e9107d7 [1.8.x] Added UUIDField.deconstruct() 
Backport of 0f54cf28c0 from master
 2015-02-05 19:15:37 -05:00
Aymeric Augustin aed1b1f6e5 [1.8.x] Fixed #24265 -- Preserved template backend loading exceptions. 
If importing or initializing a template backend fails, attempting to
access this template backend again must raise the same exception.

Backport of 44ad6915 from master
 2015-02-05 20:09:22 +01:00
Aymeric Augustin 67787db22a [1.8.x] Caught all exceptions raised by Engine.get_default(). 
In addition to ImproperlyConfigured, Engine.get_default() may also raise
ImportError or other exceptions. It's better to catch all exceptions in
places where the default engine isn't strictly required.

Backport of 27f9ff45 from master
 2015-02-05 20:09:10 +01:00
Aymeric Augustin 5fbec369aa [1.8.x] Fixed #24273 -- Allowed copying RequestContext more than once. 
Thanks Collin Anderson for the report.

Backport of 31d3a355 from master
 2015-02-05 14:07:18 +01:00
Matthew Somerville 2a55301f9f [1.8.x] Fixed #24242 -- Improved efficiency of utils.text.compress_sequence() 
The function no longer flushes zfile after each write as doing so can
lead to the gzipped streamed content being larger than the original
content; each flush adds a 5/6 byte type 0 block. Removing this means
buf.read() may return nothing, so only yield if that has some data.
Testing shows without the flush() the buffer is being flushed every 17k
or so and compresses the same as if it had been done as a whole string.

Backport of caa3562d5b from master
 2015-02-04 15:17:22 -05:00
mlavin d585ade0df [1.8.x] Fixed #24197 -- Added clearing of staticfiles caches on settings changes during tests 
Cleared caching in staticfiles_storage and get_finder when
relevant settings are changed.

Backport of 2730dad0d7 from master
 2015-02-04 10:54:33 -05:00
Riccardo Magliocchetti 4957b8a406 [1.8.x] Fixed #14497 -- Improved admin widget for "read only" FileFields 
Based on patch by Adam J Forster, Paul Collins, and Julien.

Backport of 2be621e44c from master
 2015-02-04 09:05:41 -05:00
Aron Podrigal fc49e73648 [1.8.x] Fixed #15321 -- Honored ancestors unique checks. 
Thanks to Tim for the review.

Backport of 79f27f2b61 from master
 2015-02-03 18:58:48 -05:00
Simon Charette cbcf92e95f [1.8.x] Fixed #24266 -- Changed get_parent_list to return a list ordered by MRO. 
Thanks to Aron Podrigal for the initial patch and Tim for the review.

Backport of 65e005f8cd from master
 2015-02-03 16:41:51 -05:00
Tim Graham 92d5bedc56 [1.8.x] Reverted "Fixed #24146 -- Fixed a missing fields regression in admin checks." 
This reverts commit e8171daf0c.

A new solution is forthcoming.

Backport of 0e489c19f1 from master
 2015-02-03 15:24:24 -05:00
Claude Paroz ea3e40c278 [1.8.x] Fixed #24252 -- Forced lazy __str__ to utf-8 on Python 2 
Thanks Stanislas Guerra for the report and Tomas Ehrlich for
the review.
Backport of cd0ceaa102 from master.
 2015-02-03 18:26:08 +01:00
Matthew Somerville d88c24f436 [1.8.x] Fixed #24240 -- Allowed GZipping a Unicode StreamingHttpResponse 
make_bytes() assumed that if the Content-Encoding header is set, then
everything had already been dealt with bytes-wise, but in a streaming
situation this was not necessarily the case.

make_bytes() is only called when necessary when working with a
StreamingHttpResponse iterable, but by that point the middleware has
added the Content-Encoding header and thus make_bytes() tried to call
bytes(value) (and dies). If it had been a normal HttpResponse,
make_bytes() would have been called when the content was set, well
before the middleware set the Content-Encoding header.

This commit removes the special casing when Content-Encoding is set,
allowing unicode strings to be encoded during the iteration before they
are e.g. gzipped. This behaviour was added a long time ago for #4969 and
it doesn't appear to be necessary any more, as everything is correctly
made into bytes at the appropriate places.

Two new tests, to show that supplying non-ASCII characters to a
StreamingHttpResponse works fine normally, and when passed through the
GZip middleware (the latter dies without the change to make_bytes()).
Removes the test with a nonsense Content-Encoding and Unicode input - if
this were to happen, it can still be encoded as bytes fine.

Backport of 250aa7c39b from master.
 2015-02-03 18:19:06 +01:00
Anssi Kääriäinen 43b0131fb5 [1.8.x] Fixed #23617 -- Added get_pk_value_on_save() 
The method is mainly intended for use with UUIDField. For UUIDField we
want to call the field's default even when primary key value is
explicitly set to None to match the behavior of AutoField.

Thanks to Marc Tamlyn and Tim Graham for review.

Backport of 8adc59038c from master
 2015-02-03 09:25:55 -05:00
Tim Graham 9ffe013caa [1.8.x] Fixed #24263 -- Prevented extra queries on BaseDateDetailView with a custom queryset. 
Thanks jekka-ua for the report and patch.

Backport of 118b11221f from master
 2015-02-03 09:13:10 -05:00
Tim Graham c65c8f5696 [1.8.x] Skipped tests from refs #24168 on Python 3.2. 2015-02-03 08:21:06 -05:00
Aymeric Augustin f87457a460 [1.8.x] Fixed #24168 -- Allowed selecting a template engine in a few APIs. 
Specifically in rendering shortcuts, template responses, and class-based
views that return template responses.

Also added a test for render_to_response(status=...) which was missing
from fdbfc980.

Thanks Tim and Carl for the review.

Backport of 2133f31 from master.

Conflicts:
	docs/topics/http/shortcuts.txt
	tests/generic_views/test_base.py
 2015-02-03 08:32:14 +01:00
Tim Graham 3af1e7860e [1.8.x] Removed contrib.auth.forms.mask_password() 
This function is unused since dce820ff70
after being introduced in 718a5ba1a1

Backport of a53541852d from master
 2015-02-02 11:13:48 -05:00
Tim Graham 3cd8f51f21 [1.8.x] Removed query.alias_diff() 
This function is unused since 6fe2b001db

Backport of f79ce63fdb from master
 2015-02-01 21:38:34 -05:00
Tim Graham c9df163d0c [1.8.x] Removed UpdateCacheMiddleware._session_accessed() 
This method is unused since f567d04b24

Backport of 0e60912492 from master
 2015-02-01 20:35:57 -05:00
Tim Graham 7580876fbd [1.8.x] Removed Query.raise_field_error() 
This method was inadvertently reintroduced in
f59fd15c49

Backport of 99ca7c2bd3 from master
 2015-02-01 20:26:43 -05:00
Tim Graham 26e07a996d [1.8.x] Removed InlineAdminForm.field_count() 
This method is unused since 337d102b86

Backport of 327a00f48b from master
 2015-02-01 20:13:58 -05:00
Tim Graham c9e538b174 [1.8.x] Removed threading fallback imports. 
Django imports threading in many other places without fallback.

Backport of 18f3e79b13 from master
 2015-02-01 18:45:01 -05:00
Tim Graham 0fc2f94699 [1.8.x] Removed PostgreSQL DatabaseWrapper._set_isolation_level(). 
This method is unused since 8717b0668c.

Backport of 64a899dc81 from master
 2015-01-31 11:06:03 -05:00
Claude Paroz c77dd64402 [1.8.x] Fixed #14483 -- Allowed using subqueries with GIS lookups 
Backport of a0b5f15ea5 from master.
 2015-01-30 20:29:05 +01:00
Tim Graham 7060ef7158 [1.8.x] Reverted "Fixed #6785 -- Made QuerySet.get() fetch a limited number of rows." 
This reverts commit da79ccca1d.

This optimized the unsuccessful case at the expense of the successful one.

Backport of 293fd5da5b from master
 2015-01-30 12:52:39 -05:00
Tim Graham df68751134 [1.8.x] Fixed #24164 -- Fixed Oracle GIS limited aggregation test failure. 
Backport of 29c0073335 from master
 2015-01-30 06:34:36 -05:00
Simon Charette a301061f88 [1.8.x] Fixed #23940 -- Allowed model fields to be named `exact`. 
An explicit `__exact` lookup in the related managers filters
was interpreted as a reference to a foreign `exact` field.

Thanks to Trac alias zhiyajun11 for the report, Josh for the investigation,
Loïc for the test name and Tim for the review.

Backport of eb4cdfbdd6 from master
 2015-01-29 14:42:28 -05:00
Matt 7b92acea70 [1.8.x] Fixed #24223 -- Prevented a session test from leaking. 
Backport of 55c76f4e3b from master
 2015-01-29 14:37:33 -05:00
Tim Graham d0c343372f [1.8.x] Removed ForeignObjectRel.get_lookup_constraint() [unused]. 
Backport of f609731118 from master
 2015-01-29 14:12:35 -05:00
Reza Mohammadi 590ee3ed16 [1.8.x] Fixed Persian locale FIRST_DAY_OF_WEEK & DECIMAL/THOUSAND_SEPARATORs. 
Reference: http://lh.2xlibre.net/locale/fa_IR/

Backport of f1ff9407c9 from master
 2015-01-29 13:02:49 -05:00
Emin Mastizada 6002393a97 [1.8.x] Updated Azerbaijani language name. 
Backport of 0f3ea8c0bc from master
 2015-01-28 06:48:48 -05:00
Josh Smeaton f858b51ee3 [1.8.x] Refs #14030 -- Renamed CombinableMixin to Combinable 
Removed unused method and updated docstrings.

Backport of 14d0bd67d4 from master
 2015-01-28 11:04:12 +11:00
Josh Smeaton 6c68e40e6e [1.8.x] Refs #14030 -- Added repr methods to all expressions 
Backport of 7171bf755b from master
 2015-01-28 11:03:39 +11:00
Raul Cumplido 7cc1b4710e [1.8.x] Fixed #24209 -- Prevented crash when parsing malformed RFC 2231 headers 
Thanks Tom Christie for the report and review.
Backport of ac650d02cb from master.
 2015-01-27 20:16:53 +01:00
Josh Smeaton e56810e839 [1.8.x] Fixed #24154 -- Backends can now check support for expressions 
Backport of 8196e4bdf4 from master
 2015-01-27 14:47:38 +11:00
Tomáš Ehrlich 5dff3513cc [1.8.x] Fixed #24220 - Allowed lazy objects for success_url 
Backport of 511be35779 from master
 2015-01-26 12:42:08 -05:00
Tomáš Ehrlich 2d990fb7fa [1.8.x] Fixed #24221 - Used precompiled regexp for percent-placeholder matching. 
Backport of ea0ea7859a from master
 2015-01-26 10:49:55 -05:00
Tim Graham 1ee18a6046 [1.8.x] Moved imports in GIS tests to avoid failure if dependencies aren't installed. 
Backport of 1e219ac62f from master
 2015-01-23 16:20:08 -05:00
Ng Zhi An 56015c01c4 [1.8.x] Fixed #24170 -- Implemented decompress for BaseRangeField widgets 
Backport of 4669b6a807 from master
 2015-01-23 15:07:03 -05:00
Tim Graham 2ed1980e0f [1.8.x] Clarified docstring in dispatch/dispatcher.py 
Backport of 851f5bd413 from master
 2015-01-23 13:00:24 -05:00
Tim Graham 1806e059f6 [1.8.x] Isolated a flatpages test; refs #11505. 
Backport of 4135d83702 from master
 2015-01-22 15:50:26 -05:00
Andriy Sokolovskiy 11a5e45b96 [1.8.x] Fixed #24104 -- Fixed check to look on field.many_to_many instead of class instance 
Backport of 38c17871bb from master
 2015-01-22 18:53:47 +01:00
Loic Bistuer 0580133971 [1.8.x] Fixed small inconsistency when handling aggregate's default_alias. 
Refs #14030.

Backport of d450af8a26 from master
 2015-01-22 08:02:07 +07:00
Adam Taylor 45aaced91e [1.8.x] Fixed typos in code comments. 
Backport of 039465a6a7 from master
 2015-01-20 12:18:29 -05:00
Tim Graham cb90d489da [1.8.x] Fixed a query failure on Python 3.5; refs #23763. 
The failure was introduced in Django by
c7fd9b242d and the change in
Python 3.5 is https://hg.python.org/cpython/rev/a3c345ba3563.

Backport of be1357e709 from master
 2015-01-20 08:15:39 -05:00
Marc Tamlyn c80b2144d2 [1.8.x] Fixes #24169 -- More arrayfield specific lookups. 
varchar()[] cannot compare itself to text[]

Thanks to joelburton for the patch.

Backport of 0ae94d0d31 from master
 2015-01-20 10:26:32 +00:00
Josh Smeaton 504cd5d3be [1.8.x] Fixed #24183 -- Fixed wrong comparisons in Substr 
Backport of 61c102d010 from master
 2015-01-20 12:11:27 +11:00
Tim Graham 06fa019c1b [1.8.x] Fixed #24153 -- Fixed cookie test compatibility with Python 3.4.3+ 
Backport of b19b81b396 from master
 2015-01-19 15:39:36 -05:00
Markus Holtermann e55cb91bd4 [1.8.x] Fixed #24163 -- Removed unique constraint after index on MySQL 
Thanks Łukasz Harasimowicz for the report.

Backport of 5792e6a88c from master
 2015-01-19 16:55:25 +01:00
Claude Paroz 6eddaa42c3 [1.8.x] Fixed header of contrib.postgres translation catalog 
Backport of eb6e12ca6f from master.
 2015-01-19 10:19:42 +01:00
Josh Smeaton 0c910823c1 [1.8.x] Fixed #24174 -- Fixed extra order by descending 
Backport of 69c6a6868f from master
 2015-01-19 13:18:09 +11:00
Tim Graham 559e15a23a [1.8.x] Removed an obsolete comment in django/apps/config.py 
Backport of bd98926f0e from master
 2015-01-18 16:31:21 -05:00
Claude Paroz 8c8a1a0846 [1.8.x] Added contrib.postgres translation catalog 2015-01-18 21:01:42 +01:00
Claude Paroz 6b1b7263f4 [1.8.x] Fixed PostGIS crosses lookup and added crosses test 
Backport of aff0e54d5 from master.
 2015-01-17 15:46:50 +01:00
Claude Paroz 666c12e529 [1.8.x] Updated en translation catalogs 2015-01-17 11:18:45 +01:00
Claude Paroz dec5157a72 [1.8.x] Complemented test about non-supported aggregation exception 
Backport of d69ecf922d from master.
 2015-01-17 10:04:38 +01:00
David Robles eb6a07e069 [1.8.x] Fixed typo in 'Django Template Language' 
Backport of d60b96d988 from master
 2015-01-17 03:06:26 +01:00
Tim Graham c72448b597 Bumped version to 1.8 alpha 1. 2015-01-16 17:06:32 -05:00
Marc Tamlyn 39d95fb6ad Fixed #24092 -- Widened base field support for ArrayField. 
Several issues resolved here, following from a report that a base_field
of GenericIpAddressField was failing.

We were using get_prep_value instead of get_db_prep_value in ArrayField
which was bypassing any extra modifications to the value being made in
the base field's get_db_prep_value. Changing this broke datetime
support, so the postgres backend has gained the relevant operation
methods to send dates/times/datetimes directly to the db backend instead
of casting them to strings. Similarly, a new database feature has been
added allowing the uuid to be passed directly to the backend, as we do
with timedeltas.

On the other side, psycopg2 expects an Inet() instance for IP address
fields, so we add a value_to_db_ipaddress method to wrap the strings on
postgres. We also have to manually add a database adapter to psycopg2,
as we do not wish to use the built in adapter which would turn
everything into Inet() instances.

Thanks to smclenithan for the report.
 2015-01-16 16:15:16 -05:00
Collin Anderson e8171daf0c Fixed #24146 -- Fixed a missing fields regression in admin checks. 
This allows using get_field() early in the app loading process.

Thanks to PirosB3 and Tim Graham.
 2015-01-16 14:47:09 -05:00
Claude Paroz b4ac232907 Fixed #24099 -- Removed contenttype.name deprecated field 
This finsishes the work started on #16803.
Thanks Simon Charette, Tim Graham and Collin Anderson for the
reviews.
 2015-01-16 20:21:34 +01:00
Sander Smits 374c2419e5 Tested that geo aggregates support slicing 
Refs #15101. Patch slightly reworked by Claude Paroz.
 2015-01-16 20:10:25 +01:00
Claude Paroz a79e6b6717 Fixed #24152 -- Deprecated GeoQuerySet aggregate methods 
Thanks Josh Smeaton and Tim Graham for the reviews.
 2015-01-16 19:53:02 +01:00
Claude Paroz a34fba5e59 Simplified a bit GeoAggregate classes 
Thanks Josh Smeaton for the review. Refs #24152.
 2015-01-16 10:40:45 +01:00
Tim Graham 28db4af80a Fixed #24135 -- Made RenameModel rename many-to-many tables. 
Thanks Simon and Markus for reviews.
 2015-01-15 20:34:33 -05:00
Yang Liu 3f9ec12d9c Fixed #23712 -- Fixed KeyError with BaseForm._html_output() 2015-01-15 20:19:53 -05:00
Markus Holtermann 51dc617b21 Refs #24075 -- Silenced needless call_command output while running tests 
Thanks Tim Graham for the report
 2015-01-15 21:07:39 +01:00
Simon Charette 47bdad4e6b Replaced inner functions by class methods. 
refs #24031

Thanks to Tim Graham and Michał Modzelewski for the review.
 2015-01-15 13:03:34 -05:00
Claude Paroz 67bcae1e58 Moved check_aggregate_support to BaseSpatialOperations 2015-01-14 22:03:41 +01:00
Collin Anderson 2d5da57f48 Fixed incorrect error message in Options.get_fields() 2015-01-14 14:51:05 -05:00
Tim Graham 28308078f3 Fixed #22603 -- Reorganized classes in django.db.backends. 2015-01-14 14:16:20 -05:00
Markus Holtermann 737d24923a Fixed #24075 -- Prevented running post_migrate signals when unapplying initial migrations of contenttypes and auth 
Thanks Florian Apolloner for the report and Claude Paroz and Tim Graham for the review and help on the patch.
 2015-01-14 19:59:39 +01:00
Markus Holtermann 88786afbff Fixed #24147 -- Prevented managers leaking model during migrations 
Thanks Tim Graham for the review.
 2015-01-14 16:09:33 +01:00
Claude Paroz dc90bf2ac8 Removed unused import 2015-01-14 09:31:24 +01:00
Tim Graham baf2542c4f Fixed DoS possibility in ModelMultipleChoiceField. 
This is a security fix. Disclosure following shortly.

Thanks Keryn Knight for the report and initial patch.
 2015-01-13 13:03:06 -05:00
Tim Graham 69b5e66738 Fixed is_safe_url() to handle leading whitespace. 
This is a security fix. Disclosure following shortly.
 2015-01-13 13:03:06 -05:00
Carl Meyer 316b8d4974 Stripped headers containing underscores to prevent spoofing in WSGI environ. 
This is a security fix. Disclosure following shortly.

Thanks to Jedediah Smith for the report.
 2015-01-13 13:03:05 -05:00