48ce167d89
Fixed missing initializations in WSGIRequest. Refs #20619
2013-06-26 14:36:25 +07:00
de66b56790
Fixed #18481 -- Wrapped request.FILES read error in UnreadablePostError
...
Thanks KyleMac for the report, André Cruz for the initial patch and
Hiroki Kiyohara for the tests.
2013-06-01 10:26:46 +02:00
d228c1192e
Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
...
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.
Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
c250f9c99b
Fixed #20038 -- Better error message for host validation.
2013-04-03 14:27:20 -06:00
ce76fbfc5a
Fixed #20019 -- Ensured HttpRequest.resolver_match always exists.
...
Obviously it isn't set until the URL is resolved.
2013-03-10 23:28:19 +01:00
d51fb74360
Added a new required ALLOWED_HOSTS setting for HTTP host header validation.
...
This is a security fix; disclosure and advisory coming shortly.
2013-02-19 11:23:29 -07:00
4a6490a4a0
Removed HttpRequest.raw_post_data.
2012-12-29 21:59:07 +01:00
27560924ec
Fixed a security issue in get_host.
...
Full disclosure and new release forthcoming.
2012-12-10 22:11:40 +01:00
095eca8dd8
Fixed #19101 -- Decoding of non-ASCII POST data on Python 3.
...
Thanks Claude Paroz.
2012-11-03 13:03:15 +01:00
b4066d7d21
Cleaned up the the http module. Moved all of the code from __init__.py to request.py, response.py and utils.py
2012-10-21 11:12:59 -07:00
Loic Bistuer
Claude Paroz
Preston Holmes
Baptiste Mispelon
Aymeric Augustin
Carl Meyer
Florian Apolloner
Alex Gaynor