Commit Graph

236 Commits

Author SHA1 Message Date
Attila Tovt 0a2d3b7387 Fixed #25682 -- Removed bare except clauses. 2015-11-17 14:39:15 -05:00
Claude Paroz ea2f48ce8b Refs #17133 -- Optimized script_url handling in get_script_name
10ace52a added some regex processing for each request with SCRIPT_URL set.
In a speed critical section, conditionally apply of the regex will save some
resources.
2015-10-27 14:29:18 +01:00
Claude Paroz 10ace52a41 Fixed #17133 -- Properly handled successive slashes in incoming requests
Thanks gjanee@ucop.edu for the report and Tim Graham for the review.
2015-10-23 22:18:18 +02:00
Tim Graham 37ea3cb03e Fixed "URLconf" spelling in code comments. 2015-10-22 14:46:42 -04:00
Sylvain Fankhauser f5d5867a4a Fixed #24877 -- Added middleware handling of response.render() errors. 2015-07-03 12:06:40 -04:00
Tim Graham aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap.
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Marten Kenbeek 738c0de300 Fixed #14200 -- Added a fallback if HttpRequest.urlconf is None.
Made BaseHandler fall back to settings.ROOT_URLCONF if
HttpRequest.urlconf is set to None, rather than raising
ImproperlyConfigured.
2015-06-20 18:52:33 -04:00
ana-balica 2f615b10e6 Fixed #24829 -- Allowed use of TemplateResponse in view error handlers. 2015-06-17 17:11:50 -04:00
Claude Paroz 70779d9c1c Fixed #24733 -- Passed the triggering exception to 40x error handlers
Thanks Tim Graham for the review.
2015-05-11 22:02:14 +02:00
Claude Paroz 69125ce904 Extended variable name in handlers/base.py
Refs #24733.
2015-05-05 10:58:27 +02:00
Claude Paroz a0c2eb46dd Fixed #23960 -- Removed http.fix_location_header
Thanks Carl Meyer for the report and Tim Graham for the review.
2015-03-18 18:22:50 +01:00
Bas Peschier 336512fae7 Fixed #23173 -- Fixed incorrect stripping of SCRIPT_URL 2015-03-08 15:48:27 +01:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Jon Dufresne 24b2bc635e Fixed #24137 -- Switched to HTTP reason phrases from Python stdlib. 2015-01-28 06:59:40 -05:00
Tim Graham 75f107b884 Removed request.REQUEST per deprecation timeline; refs #18659. 2015-01-17 08:05:18 -05:00
Collin Anderson 3d2cae0896 Fixed #24072 -- Added FileResponse for streaming binary files. 2015-01-05 10:51:52 -05:00
Berker Peksag 093e6c68b9 Fixed #14664 -- Logged a warning if MiddlewareNotUsed is raised in DEBUG mode. 2014-11-27 07:55:07 -05:00
Claude Paroz b38637d581 Fixed #23887 -- Returned Bad Request for multipart parsing fails
Thanks Antti Häyrynen and Tim Graham for the report, and Aymeric
Augustin for the review.
2014-11-22 14:23:37 +01:00
Anubhav Joshi 10b17a22be Fixed #19508 -- Implemented uri_to_iri as per RFC.
Thanks Loic Bistuer for helping in shaping the patch and Claude Paroz
for the review.
2014-10-16 02:31:17 +07:00
Claude Paroz 59d487e7fc Fixed #23638 -- Prevented crash while parsing invalid cookie content
Thanks Philip Gatt for the report and Tim Graham for the review.
2014-10-13 17:37:58 +02:00
Tim Graham 1101467ce0 Limited lines to 119 characters in django/
refs #23395.
2014-09-05 09:22:16 -04:00
Joshua "jag" Ginsberg eb2af16c59 Fixed #21483 -- Added WSGI environ to kwargs sent to request_started signal. 2014-08-29 10:12:03 -04:00
Anubhav Joshi dbbcfca476 Fixed #21668 -- Return detailed error page when SuspiciousOperation is raised and DEBUG=True
Thanks GDorn and gox21 for report.

Thanks Tim Graham for idea and review.
2014-06-24 08:55:36 -04:00
Anubhav Joshi 7f76251fb7 Refactored common code in handlers/base.py and urlresolvers.py 2014-06-23 15:27:25 -04:00
Florian Apolloner e2efc8965e Fixed #22680 -- I/O operation on closed file.
This patch is two-fold; first it ensure that Django does close everything in
request.FILES at the end of the request and secondly the storage system should
no longer close any files during save, it's up to the caller to handle that --
or let Django close the files at the end of the request.
2014-06-11 08:57:30 +02:00
Aymeric Augustin 47a9347b98 Fixed #6992 -- Improved error when middleware omits HttpResponse.
Thanks guettli for the report.
2014-06-07 19:48:45 +02:00
Unai Zalakain 11284a63d4 Fixed #18314 -- Corrected request.build_absolute_uri() handling of paths starting with //
``HttpRequest.build_absolute_uri()`` now correctly handles paths starting with ``//``.
``WSGIRequest`` now doesn't remove all the leading slashes either,
because ``http://test/server`` and http://test//server`` aren't the same thing
(RFC2396).

Thanks to SmileyChris for the initial patch.
2014-06-07 08:59:02 -04:00
Aymeric Augustin 3800f63721 Dropped fix_IE_for_vary/attach.
This is a security fix. Disclosure following shortly.
2014-05-14 10:19:48 +02:00
Claude Paroz 210d0489c5 Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
2014-03-08 09:57:40 +01:00
Rodolfo Carvalho 0d91225892 Fixed many typos in comments and docstrings.
Thanks Piotr Kasprzyk for help with the patch.
2014-03-03 07:38:09 -05:00
Aaron France 1150053b99 Fixed #21912 -- Improved error message if a view returns None.
Thanks brycenesbitt for the report.
2014-02-15 11:18:16 -05:00
Curtis f43e895b15 Replace _parse_content_type with cgi.parse_header 2014-02-09 10:01:16 +11:00
Berker Peksag 5d263dee30 Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string().
Thanks Aymeric Augustin for the suggestion and review.
2014-02-08 11:12:19 -05:00
Curtis d7a4b156d9 Use cached_property for request.GET and request.COOKIES 2013-12-24 21:57:57 +11:00
Claude Paroz e6dd70b4db Fixed #21383 -- Added request details in SuspiciousOperation messages 2013-11-09 12:11:58 +01:00
coagulant 3bc0d46a84 Fixed all E261 warnings 2013-11-02 18:20:39 -04:00
Tim Graham 36ded01527 Fixed #21302 -- Fixed unused imports and import *. 2013-11-02 15:24:56 -04:00
Alasdair Nicol b289fcf1bf Fixed #21288 -- Fixed E126 pep8 warnings 2013-10-21 08:31:30 -04:00
Alasdair Nicol bab9123daa Fixed #21268 -- Fixed E303 pep8 warnings 2013-10-18 01:46:24 +01:00
Bouke Haarsma 2fb5a51fa3 Fixed #18659 -- Deprecated request.REQUEST and MergeDict
Thanks Aymeric Augustin for the suggestion.
2013-10-17 09:42:28 -04:00
Unai Zalakain c7634cd7fe Fixed #7603 -- Added a 'scheme' property to the HttpRequest object
`HttpRequest.scheme` is `https` if `settings.SECURE_PROXY_SSL_HEADER` is
appropriately set and falls back to `HttpRequest._get_scheme()` (a hook
for subclasses to implement) otherwise.

`WSGIRequest._get_scheme()` makes use of the `wsgi.url_scheme` WSGI
environ variable to determine the request scheme.

`HttpRequest.is_secure()` simply checks if `HttpRequest.scheme` is
`https`.

This provides a way to check the current scheme in templates, for example.
It also allows us to deal with other schemes.

Thanks nslater for the suggestion.
2013-10-15 09:04:12 -04:00
Aymeric Augustin 8aaca651cf Fixed #20557 -- Properly decoded non-ASCII cookies on Python 3.
Thanks mitsuhiko for the report.

Non-ASCII values are supported. Non-ASCII keys still aren't, because the
current parser mangles them. That's another bug.
2013-09-07 10:25:43 -05:00
Aymeric Augustin ae7f9afaf6 Minor cleanup in the WSGI handler. 2013-09-07 10:25:16 -05:00
Aymeric Augustin 4e88d106dc Refactored the unmangling of the WSGI environ. 2013-09-07 10:03:50 -05:00
Aymeric Augustin 636860fbfb Moved two WSGI-specific functions to the WSGI handler.
They were defined in base when the mod_python handler used them. See bfcecbff.
2013-09-07 10:03:49 -05:00
Alex Gaynor 3e0eb2d788 Fixed a number of lint warnings, particularly around unused variables. 2013-08-04 09:17:10 -07:00
Loic Bistuer 48ce167d89 Fixed missing initializations in WSGIRequest. Refs #20619 2013-06-26 14:36:25 +07:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Aymeric Augustin 6633eeb886 Changed API to disable ATOMIC_REQUESTS per view.
A decorator is easier to apply to CBVs. Backwards compatibility isn't an
issue here, except for people running on a recent clone of master.

Fixed a few minor problems in the transactions docs while I was there.
2013-05-19 19:53:16 +02:00
Aymeric Augustin cb86f707a0 Fixed #12747 -- Made reason phrases customizable. 2013-05-19 13:14:54 +02:00