4f61810751
Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme().
2019-09-02 15:32:23 +02:00
a44d80f88e
Adjusted subprocess.run() calls to use arg list, rather than string.
...
The Python docs recommend passing a sequence to subprocess.run() when
possible. Doing so allows for automatic escaping and quoting of
arguments.
https://docs.python.org/3/library/subprocess.html#frequently-used-arguments
> args is required for all calls and should be a string, or a sequence
> of program arguments. Providing a sequence of arguments is generally
> preferred, as it allows the module to take care of any required
> escaping and quoting of arguments (e.g. to permit spaces in file
> names).
Also removed `shell=True` where unnecessary.
2019-08-28 10:19:30 +02:00
1e6b9e29e6
Refs #27795 -- Removed an unnecessary force_bytes() call in uri_to_iri().
...
The value returned from urllib.parse.quote() is always a string, so can
safely call .encode().
2019-08-28 09:20:46 +02:00
9386586f31
Replaced subprocess commands by run() wherever possible.
2019-08-23 10:53:36 +02:00
6805c0f99f
Fixed #30701 -- Updated patch_vary_headers() to handle an asterisk according to RFC 7231.
2019-08-16 15:25:42 +02:00
88c0b907e7
Refs #30461 -- Added django.utils._os.to_path().
2019-08-13 17:17:39 +02:00
73ac9e3f04
Fixed #30677 -- Improved error message for urlencode() and Client when None is passed as data.
2019-08-11 20:15:23 +02:00
e8d0d2a5ef
Removed unneeded ValueError catching in django.utils.text._replace_entity().
...
The html.entities.name2codepoint dict contains only valid Unicode
codepoints. Either the key exists and chr() will succeed or the key does
not exist.
2019-08-01 14:30:20 +02:00
76ed1c49f8
Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri().
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
4b78420d25
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
7f65974f82
Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML.
...
Thanks to Guido Vranken for initial report.
2019-08-01 09:24:54 +02:00
f618e033ac
Fixed #30160 -- Added support for LZMA and XZ templates to startapp/startproject management commands.
2019-07-31 10:02:13 +02:00
69a30f620e
Refs #30160 -- Simplified archive extension map and added other aliases.
2019-07-31 09:46:17 +02:00
0509148c24
Refs #30160 -- Made destination path a required argument of extract().
2019-07-30 11:27:56 +02:00
fc75694257
Fixed #30647 -- Fixed crash of autoreloader when extra directory cannot be resolved.
2019-07-24 14:08:37 +02:00
fed5e19369
Removed unused BaseReloader.watch_file().
...
Unused since its introduction in c8720e7696
2019-07-24 13:32:02 +02:00
2ff517ccb6
Fixed #30506 -- Fixed crash of autoreloader when path contains null characters.
2019-07-23 10:03:23 +02:00
f226bdbf4e
Refs #30608 -- Added django.utils.encoding.punycode().
2019-07-03 10:48:02 +02:00
fbb83fefd4
Fixed typos in comments and docs.
2019-07-02 09:36:17 +02:00
29240a9952
Removed unnecessary import in django/utils/autoreload.py.
2019-07-01 14:50:00 +02:00
a289e79679
Fixed #30594 -- Added 'private' Cache-Control directive to never_cache() decorator.
2019-06-26 09:25:24 +02:00
8454f6dea4
Fixed #30588 -- Fixed crash of autoreloader when __main__ module doesn't have __file__ attribute.
2019-06-26 06:44:10 +02:00
e286711879
Simplified handling of non-existent paths in autoreloader with Path.resolve(strict=True).
2019-06-24 09:48:59 +02:00
a415ce70be
Fixed #30451 -- Added ASGI handler and coroutine-safety.
...
This adds an ASGI handler, asgi.py file for the default project layout,
a few async utilities and adds async-safety to many parts of Django.
2019-06-20 12:29:43 +02:00
9e38ed0536
Fixed #27486 -- Fixed Python 3.7 DeprecationWarning in intword and filesizeformat filters.
...
intword and filesizeformat passed floats to ngettext() which is
deprecated in Python 3.7. The rationale for this warning is documented
in BPO-28692: https://bugs.python.org/issue28692 .
For filesizeformat, the filesize value is expected to be an int -- it
fills %d string formatting placeholders. It was likely coerced to a
float to ensure floating point division on Python 2. Python 3 always
does floating point division, so coerce to an int instead of a float to
fix the warning.
For intword, the number may contain a decimal component. In English, a
decimal component makes the noun plural. A helper function,
round_away_from_one(), was added to convert the float to an integer that
is appropriate for ngettext().
2019-06-11 20:34:59 +02:00
480492fe70
Fixed #30523 -- Fixed updating file modification times on seen files in auto-reloader when using StatReloader.
...
Previously we updated the file mtimes if the file has not been seen
before - i.e on the first iteration of the loop.
If the mtime has been changed we triggered the notify_file_changed()
method which in all cases except the translations will result in the
process being terminated. To be strictly correct we need to update the
mtime for either branch of the conditional.
Regression in 6754bffa2b
2019-05-29 09:41:24 +02:00
0344565179
Fixed #30516 -- Fixed crash of autoreloader when re-raising exceptions with custom signature.
...
Regression in c8720e7696
2019-05-29 08:08:50 +02:00
b2790f74d4
Fixed #30479 -- Fixed detecting changes in manage.py by autoreloader when using StatReloader.
...
Regression in c8720e7696
2019-05-28 08:31:33 +02:00
df46b329e0
Refs #30485 -- Avoided unnecessary instance checks in urlencode.
...
Given doseq defaults to False it should avoid an unnecessary instance
check in most cases.
2019-05-27 22:00:14 +02:00
0670b1b403
Fixed #30485 -- Adjusted django.utils.http.urlencode for doseq=False case.
2019-05-24 17:15:34 +02:00
a2c31e12da
Fixed #30498 -- Fixed proxy class caching in lazy().
...
lazy() should prepare the proxy class only once (the first time it's
used) not on every call.
Regression in b4e76f30d1
2019-05-22 20:41:52 +02:00
1d0bab0bfd
Fixed #27635 -- Used secrets module in django.utils.crypto.
2019-05-20 11:21:22 +02:00
068005a349
Refs #27635 -- Removed fallback when SystemRandom() isn't available that doesn't work.
...
Fallback was untested and likely never triggered.
2019-05-20 11:21:22 +02:00
43f54e136e
Refs #27685 -- Logged unexpected Watchman autoreloader errors.
2019-05-15 06:57:26 +02:00
b915b9f10f
Refs #27753 -- Deprecated django.utils.text.unescape_entities().
...
The function was undocumented and only required for compatibility with
Python 2.
Code should use Python's html.unescape() that was added in Python 3.4.
2019-05-08 08:00:59 +02:00
29601bca9b
Ignored pywatchman.SocketTimeout in Watchman autoreloader.
...
Bumped minimum supported pywatchman version to 1.2.0.
These exceptions don't require checking a server status.
2019-05-03 13:56:49 +02:00
6754bffa2b
Fixed #30323 -- Fixed detecting changes by autoreloader when using StatReloader.
2019-04-29 11:41:00 +02:00
0636d4d2aa
Refs #30323 -- Prevented crash of autoreloader when get_resolver().urlconf_module raising an exception.
2019-04-29 11:41:00 +02:00
b5259ab780
Refs #30323 -- Simplified utils.autoreload.ensure_echo_on().
2019-04-29 11:41:00 +02:00
ed3c59097a
Fixed #30361 -- Increased the default timeout of watchman client to 5 seconds and made it customizable.
...
Made the default timeout of watchman client customizable via
DJANGO_WATCHMAN_TIMEOUT environment variable.
2019-04-26 12:55:49 +02:00
8d76443aba
Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape().
2019-04-25 15:09:07 +02:00
e6d57c4d65
Fixed #30363 -- Do not use exponential notation for small decimal numbers.
...
In 9cc6a60040b0f64f8ea066dd215176d4bd16621d a security patch was
introduced to prevent allocating large segments of memory when a
very large or very small decimal number was to be formatted.
As a side-effect, there was a change in formatting of small decimal
numbers even when the `decimal_pos` argument was provided, which meant
that reasonable small decimal numbers (above 1e-199) would be formatted
as `0.00`, while smaller decimal numbers (under 1e-200) would be
formatted as `1e-200`.
2019-04-13 14:30:33 +02:00
881362986a
Fixed "byte string" typo in various docs and comments.
2019-03-28 10:00:12 +01:00
99cfb28e99
Fixed #30215 -- Fixed autoreloader crash for modules without __spec__.
...
Regression in c8720e7696
2019-02-27 10:35:30 -05:00
65ef5f467b
Refs #27685 -- Removed "watchman unavailable" message.
2019-02-25 21:43:29 -05:00
e04209e181
Refs #30179 -- Moved topological sort functions to django.utils.
2019-02-25 15:44:49 -05:00
99fc5dc13c
Fixed #30141 -- Fixed parse_duration() for some negative durations.
2019-02-23 18:54:09 -05:00
a8e2a9bac6
Refs #15902 -- Deprecated storing user's language in the session.
2019-02-14 10:23:02 -05:00
402c0caa85
Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format().
...
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.
2019-02-11 11:08:45 +01:00
1835563ab8
Removed unneeded list() calls in sorted() argument.
2019-02-09 19:08:22 -05:00
6eb4996672
Fixed #30165 -- Deprecated ugettext(), ugettext_lazy(), ugettext_noop(), ungettext(), and ungettext_lazy().
2019-02-08 10:05:53 -05:00
77d25dbd0f
Refs #27753 -- Favored SafeString over SafeText.
2019-02-06 14:12:06 -05:00
d55e882927
Refs #27753 -- Deprecated django.utils.encoding.force_text() and smart_text().
2019-02-06 14:12:06 -05:00
3bb6a4390c
Refs #27753 -- Favored force/smart_str() over force/smart_text().
2019-02-06 14:12:06 -05:00
24b82cd201
Fixed #30159 -- Removed unneeded use of OrderedDict.
...
Dicts preserve order since Python 3.6.
2019-02-06 13:48:39 -05:00
f09b0f6483
Refs #27753 -- Removed django.utils.safestring.SafeBytes.
2019-02-05 13:00:15 -05:00
3004d7057f
Refs #27753 -- Removed django.utils.functional.curry().
2019-02-05 13:00:15 -05:00
9a750cbd5c
Refs #27753 -- Removed django.utils.decorators.ContextDecorator alias.
2019-02-05 13:00:11 -05:00
41384812ef
Refs #27753 -- Removed django.utils.six.
2019-02-05 12:58:55 -05:00
efe28d3f56
Refs #27753 -- Removed django.utils._os.abspathu(), upath(), and npath().
2019-02-05 12:57:11 -05:00
d1f4b3c68a
Refs #27753 -- Removed django.utils.decorators.available_attrs().
2019-02-05 12:52:07 -05:00
c679f357a8
Refs #27753 -- Removed django.utils.lru_cache.
2019-02-05 12:52:07 -05:00
83c2bc52c2
Refs #27753 -- Deprecated django.utils.http urllib aliases.
2019-02-04 18:53:11 -05:00
290d8471bb
Fixed #30147 -- Simplified directory creation with os.makedirs(..., exist_ok=True).
2019-01-31 12:53:36 -05:00
7e6b214ed3
Fixed #30116 -- Dropped support for Python 3.5.
2019-01-30 10:19:48 -05:00
1e92407f83
Fixed #25624 -- Fixed autoreload crash with jinja2.ModuleLoader.
2019-01-28 14:17:50 -05:00
7785e03ba8
Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
...
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
d8a2f4ec09
Removed redundant period in Watchman unavailable message.
2019-01-19 18:25:01 -05:00
f5060a1385
Advanced deprecation warnings for Django 3.0.
2019-01-17 11:15:27 -05:00
958a7b4ca6
Refs #28965 -- Removed utils.http.cookie_date() per deprecation timeline.
2019-01-17 10:52:19 -05:00
4fc35a9c3e
Fixed #20147 -- Added HttpRequest.headers.
2019-01-16 13:38:47 -05:00
c8720e7696
Fixed #27685 -- Added watchman support to the autoreloader.
...
Removed support for pyinotify (refs #9722 ).
2019-01-13 20:33:47 -05:00
0004daa536
Used 4 space hanging indent for dictionaries.
...
Thanks Mariusz Felisiak for auditing.
2019-01-02 18:18:19 -05:00
6fe9c45b72
Fixed #30024 -- Made urlencode() and Client raise TypeError when None is passed as data.
2018-12-27 11:19:55 -05:00
ae180fa4b7
Fixed #29986 -- Added .format() support to ngettext_lazy strings.
2018-12-06 15:12:34 -05:00
fc71bb11b1
Improved readability of translation's to_locale().
2018-11-23 14:53:19 -05:00
0607699902
Fixed #29478 -- Added support for mangled names to cached_property.
...
Co-Authored-By: Sergey Fedoseev <fedoseev.sergey@gmail.com>
2018-11-19 13:40:49 -05:00
803840abf7
Refs #29926 -- Removed usage of gettext.translation()'s deprecated codeset parameter.
...
https://bugs.python.org/issue33710
2018-11-06 20:22:47 -05:00
dc5e75d419
Fixed #29838 -- Fixed crash when combining Q objects with __in lookups and lists.
...
Regression in fc6528b25a
2018-10-17 11:34:49 -04:00
217f82d713
Refs #29838 -- Fixed make_hashable() for values that have lists or dicts nested in tuples.
...
And for non-hashable values that are iterable, e.g. sets.
2018-10-17 11:17:50 -04:00
834c4ec8e4
Moved make_hashable() to django.utils and added tests.
2018-10-17 11:17:23 -04:00
f07091a30f
Fixed typo in django/utils/datastructures.py.
2018-10-14 11:20:22 -04:00
1e3cd51163
Simplified django.utils.html.urlize().
2018-10-12 12:15:26 -04:00
910548634a
Refs #29826 -- Removed unused characters from urlize configuration.
...
The HTML characters are unused because urlize is meant to be applied to
plain text and these characters aren't properly detected (refs #29826 ).
Angle brackets and quotes are present in word_split_re and therefore
won't be used in WRAPPING_PUNCTUATION.
2018-10-12 08:13:52 +02:00
c82893cb8c
Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.
...
django.utils.http.urlsafe_base64_encode() now returns a string, not a
bytestring. Since URLs are represented as strings,
urlsafe_base64_encode() should return a string. All uses immediately
decoded the bytestring to a string anyway.
As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-10-10 14:38:22 -04:00
277017aea4
Simplified utils.text.StreamingBuffer.
2018-10-04 08:28:03 -04:00
8ef8bc0f64
Refs #28909 -- Simplifed code using unpacking generalizations.
2018-09-28 09:57:12 -04:00
82f286cf6f
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
bb81c22d90
Refs #27795 -- Removed force_bytes() usage in utils/_os.py.
2018-09-25 11:27:36 -04:00
8c3e0eb1c1
Normalized spelling of "lowercase" and "lowercased".
2018-09-25 10:30:18 -04:00
a0d63b02c3
Fixed #29772 -- Made LazyObject proxy __lt__() and __gt__().
2018-09-19 13:51:01 -04:00
ee184e13cb
Refs #27795 -- Removed force_bytes() usage in django/utils/cache.py.
2018-08-28 08:03:23 -04:00
201017df30
Fixed #29654 -- Made text truncation an ellipsis character instead of three dots.
...
Thanks Sudhanshu Mishra for the initial patch and Tim Graham for the review.
2018-08-21 17:46:45 +02:00
9fee229874
Fixed #29643 -- Fixed crash when combining Q objects with __in lookups and lists.
...
Regression in fc6528b25a
2018-08-08 08:51:20 +02:00
f1bf069ec1
Refs #29244 -- Fixed django.utils.inspect.method_has_no_args() for bound methods.
2018-08-07 17:37:35 -04:00
756b859576
Renamed django.utils.inspect.func_has_no_args() to method_has_no_args().
2018-08-07 17:37:35 -04:00
2092206bee
Refs #29600 -- Updated django.utils.datetime_safe now that Python 2 is unsupported.
2018-08-02 10:20:24 -04:00
a656a68127
Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.
2018-08-01 09:28:42 -04:00
2ac7cd52b4
Refs #29600 -- Removed datetime_safe usage in feedgenerator.
...
The only effect would be if items in Atom feeds had a published date
year of < 1000 (ensuring those years are padded with leading zeros).
2018-07-26 16:49:15 -04:00
b004bd62e8
Fixed #29412 -- Stopped marking slugify() result as HTML safe.
2018-07-20 10:44:30 -04:00
Carlton Gibson
Jon Dufresne
Claude Paroz
Adnan Umer
swatantra
Florian Apolloner
Nick Pope
Tom Forbes
Mariusz Felisiak
Min ho Kim
PatOnTheBack
nsasaki128
Andrew Godwin
Simon Charette
Johan Lübcke
Ran Benita
Daniel Hahler
Jacob Green
Sjoerd Job Postmus
shiningfm
Matthias Kestenholz
Seunghun Lee
Sergey Fedoseev
Tim Graham
Aymeric Augustin
Santiago Basulto
Patrick Arminio
Jaap Roes
Thomas Grainger
aspalding
Taoufik
Javier Buzzi
Josh Schneier
Andreas Hug