innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
26,897 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

336 Commits

Author SHA1 Message Date
Carlton Gibson 77706a3e47 [2.2.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.

Backport of 54d0f5e62f from master
 2019-07-01 07:50:48 +02:00
Santiago Basulto 4fc35a9c3e Fixed #20147 -- Added HttpRequest.headers. 2019-01-16 13:38:47 -05:00
Jon Dufresne 8c3e0eb1c1 Normalized spelling of "lowercase" and "lowercased". 2018-09-25 10:30:18 -04:00
Jon Dufresne ad9a28ee38 Refs #29784 -- Normalized Python docs links to omit the version. 2018-09-25 10:19:42 +02:00
Tim Graham d8e2be459f
Fixed #29627 -- Fixed QueryDict.urlencode() crash with non-string values. 
Regression in 7d96f0c49a.
 2018-08-02 21:56:26 -04:00
François Freitag 93e721a0b8 Fixed django/http/request.py docstring typo. 2018-07-16 10:48:20 +02:00
Sergey Fedoseev bcdd9149d4 Simplified HttpRequest.__iter__(). 2018-07-10 09:13:36 -04:00
Josh Schneier 98e8c0293b Removed unused HttpRequest._post_parse_error attribute. 
Unused since 8f8c54f70b.
 2018-06-07 18:51:33 -04:00
Claude Paroz a177f854c3
Fixed #16470 -- Allowed FileResponse to auto-set some Content headers. 
Thanks Simon Charette, Jon Dufresne, and Tim Graham for the reviews.
 2018-05-15 18:12:11 +02:00
Alex Gaynor 9a56b4b13e Fixed #27863 -- Added support for the SameSite cookie flag. 
Thanks Alex Gaynor for contributing to the patch.
 2018-04-13 20:58:31 -04:00
Tim Graham 7d96f0c49a Refs #27795 -- Replaced force_bytes() usage in django.http. 2018-02-07 14:28:15 -05:00
George-Cristian Bîrzan 5bf62825b5 Fixed #28828 -- Improved performance of HttpRequest.build_absolute_uri(). 2018-01-10 14:05:10 -05:00
Alvin Lindstam 47a99d7012 Fixed #28989 -- Fixed HttpResponse.delete_cookie() for cookies that use __Secure/Host prefixes. 2018-01-08 12:32:47 -05:00
Дилян Палаузов d7b2aa24f7 Fixed #28982 -- Simplified code with and/or. 2018-01-03 20:12:23 -05:00
Alexey 0afffae4ec Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC 7231. 2018-01-02 11:22:59 -05:00
Дилян Палаузов 4c599ece57 Fixed #28930 -- Simplified code with any() and all(). 2017-12-26 17:11:15 -05:00
Дилян Палаузов 23bf4ad87f Fixed #28795 -- Removed 'not in' checks and used dict.setdefault(). 2017-11-14 10:52:52 -05:00
Jonas Haag a2851f204c Fixed #28720 -- Added HttpRequest.get_full_path_info(). 2017-11-07 15:58:05 -05:00
Дилян Палаузов 6c0042430e Fixed #28776 -- Fixed a/an/and typos in docs and comments. 2017-11-06 22:41:03 -05:00
Tim Graham cfff2af02b Fixed #27857 -- Dropped support for Python 3.4. 2017-09-25 17:11:03 -04:00
Mariusz Felisiak 3f9d85d95c Removed unused eof argument to BoundaryIter._find_boundary(). 
Unused since its introduction in d725cc9734.
 2017-09-22 10:47:14 -04:00
Tim Graham 6e4c6281db Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()." 
This reverts commit 550cb3a365
because try/except performs better.
 2017-09-07 08:16:21 -04:00
Sergey Fedoseev f2b93b509c Removed unneeded iter() calls. 
A few of these were unnecessarily added in 2b281cc35e.
 2017-08-23 16:48:29 -04:00
Mads Jensen 550cb3a365 Fixed #27818 -- Replaced try/except/pass with contextlib.suppress(). 2017-06-28 14:07:55 -04:00
Tom 7afb476469 Fixed #28226 -- Replaced use of str.join() with concatenation. 2017-05-27 13:59:05 -04:00
Claude Paroz 301de774c2 Refs #27795 -- Replaced many force_text() with str() 
Thanks Tim Graham for the review.
 2017-04-27 09:10:02 +02:00
Josh Schneier a1b2c1d76e Fixed #28137 -- Deprecated HttpRequest.xreadlines(). 2017-04-26 19:39:22 -04:00
Anton Samarchyan 3eb679a869 Refs #27656 -- Updated django.forms/http docstring verbs according to PEP 257. 2017-02-20 19:57:33 -05:00
Tim Graham 75f0070a54 Fixed #27308 -- Fixed BytesWarnings in the test suite. 2017-02-17 16:04:45 -05:00
Vytis Banaitis d1bab24e01 Refs #23919, #27778 -- Removed obsolete mentions of unicode. 2017-01-26 08:19:27 -05:00
Tim Graham 90db4bb0d7 Corrected http.multipartparser.exhaust() docstring. 
MultiPartParserError was removed in
ebf34c3cdc.
 2017-01-25 13:00:00 -05:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Mads Jensen ebf34c3cdc Removed unused variables that are overwritten. 2017-01-25 09:14:05 -05:00
Claude Paroz 6e55e1d88a Refs #23919 -- Replaced six.reraise by raise 2017-01-22 20:08:04 +01:00
Claude Paroz 042b7350a0 Refs #23919 -- Removed unneeded str() calls 2017-01-20 14:13:55 +01:00
Claude Paroz dc8834cad4 Refs #23919 -- Removed unneeded force_str calls 2017-01-20 08:44:31 +01:00
Tim Graham fedda6d9bd Refs #23919 -- Removed Python 2 version check in django.http.cookie. 2017-01-19 20:06:03 -05:00
Simon Charette cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Claude Paroz 2b281cc35e Refs #23919 -- Removed most of remaining six usage 
Thanks Tim Graham for the review.
 2017-01-18 21:33:28 +01:00
Claude Paroz 7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage 
Thanks Tim Graham and Simon Charette for the reviews.
 2017-01-18 20:18:46 +01:00
Claude Paroz c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage 
Thanks Tim Graham for the review.
 2017-01-18 16:21:28 +01:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
roboslone 544b2ef29f Fixed #27640 -- Fixed HttpResponse's __repr__() without a 'Content-Type' header. 2016-12-27 14:42:58 -05:00
Jerome Leclanche a849ec1880 Fixed #27606 -- Fixed HttpResponseRedirect.__repr__() crash when DisallowedRedirect is raised. 2016-12-19 10:01:03 -05:00
Vinay Karanam 4a246a02bd Refs #17235 -- Made MultiPartParser leave request.POST immutable. 2016-12-07 08:28:46 -05:00
Anton Samarchyan 05d2c5a66d Fixed #27181 -- Allowed contrib.sites to match domains with trailing ".". 2016-11-29 18:17:10 -05:00
PREMANAND 371adc472a Fixed #27156 -- Made changing HttpRequest.encoding clear GET. 2016-11-17 12:46:42 -05:00
Ramin Farajpour Cami 967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
Tim Graham 7fe2d8d940 Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True. 
This is a security fix.
 2016-11-01 09:30:57 -04:00
Claude Paroz 2ced2f785d Replaced smart_* by force_* calls whenever possible 
The smart_* version should only be used when a lazy string should keep
its lazy status.
 2016-09-03 13:46:41 +02:00