Commit Graph

1264 Commits

Author SHA1 Message Date
Claude Paroz 11c60b5298 Reused the DjangoTranslation class for the javascript_catalog view
Thanks Tim Graham and Cristiano Coelho for the reviews.
Refs #26328, #26319.
2016-03-08 21:39:59 +01:00
Claude Paroz 552f03869e Added safety to URL decoding in is_safe_url() on Python 2
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
2016-03-04 23:33:35 +01:00
Claude Paroz ada7a4aefb Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()
This fixes a regression introduced by c5544d2892.
Thanks John Eskew for the reporti and Tim Graham for the review.
2016-03-04 21:14:14 +01:00
Mark Striemer c5544d2892 Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
This is a security fix.
2016-03-01 11:25:28 -05:00
Nick Malakhov ee69789f45 Fixed #26269 -- Prohibited spaces in is_valid_ipv6_address(). 2016-02-25 18:52:50 -05:00
Alexey Kotlyarov b59f963ad2 Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable. 2016-02-15 11:44:29 -05:00
Jon Dufresne dec334cb66 Fixed #26193 -- Made urlize() trim multiple trailing punctuation. 2016-02-15 09:10:15 -05:00
Marcin Markiewicz f7a9872b91 Fixed #26173 -- Prevented localize_input() from formatting booleans as numbers. 2016-02-09 13:07:33 -05:00
Ben Kraft 13023ba867 Fixed #26122 -- Fixed copying a LazyObject
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4.
2016-01-26 06:56:21 -05:00
userimack 60586dd737 Fixed #26125 -- Fixed E731 flake warnings. 2016-01-25 14:23:43 -05:00
Claude Paroz 104eddbdf6 Fixed #26093 -- Allowed escape sequences extraction by gettext on Python 3
Thanks Sylvain Fankhauser for the report and Tim Graham for the review.
2016-01-23 14:00:55 +01:00
Tim Graham 5b94b17fef Fixed #25999 -- Removed promotion of RemovedInNextVersionWarning to loud by default. 2016-01-14 09:05:43 -05:00
Tim Graham d45cfefbad Refs #25769 -- Updated docs to reflect get_version() uses PEP 0440. 2016-01-13 07:06:34 -05:00
Flavio Curella 0bc5cd6280 Fixed #25684 -- Made runserver use logging for request/response output.
Thanks andreif for the contributing to the patch.
2016-01-11 07:35:17 -05:00
Claude Paroz 632a9f21bc Fixed #26046 -- Fixed a crash with translations and Django-unknown language code
Thanks Jens Lundstrom for the report and Tim Graham for the review.
2016-01-06 20:30:56 +01:00
Benjamin Bach 8ad18103a1 Replaced dict.setdefault() usage to avoid unnecessary object instantiations. 2016-01-05 13:06:23 -05:00
Denis Cornehl 186b6c61bf Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.
Thanks Denis Cornehl for help with the patch.
2016-01-05 09:37:11 -05:00
Claude Paroz cd3c042b04 Fixed #25915 -- Allowed language not in Django's default LANGUAGES
This fixes a regression introduced by a5f6cbce07.
Thanks Gavin Wahl for the report and Tim Graham for the review.
2015-12-18 17:50:16 +01:00
Claude Paroz ed20dd2e85 Fixed #25875 -- Prevented UnicodeDecodeError for Q object repr
Thanks Ben Kraft for the report, and Simon Charette for the review.
2015-12-13 15:07:17 +01:00
Iacopo Spalletti d693074d43 Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().
Thanks to bmispelon and uruz for the initial patch.
2015-12-12 14:46:48 -05:00
Raphaël Hertzog 9f4e031bd3 Fixed #25761 -- Added __cause__.__traceback__ to reraised exceptions.
When Django reraises an exception, it sets the __cause__ attribute even
in Python 2, mimicking Python's 3 behavior for "raise Foo from Bar".
However, Python 3 also ensures that all exceptions have a __traceback__
attribute and thus the "traceback2" Python 2 module (backport of Python
3's "traceback" module) relies on the fact that whenever you have a
__cause__ attribute, the recorded exception also has a __traceback__
attribute.

This is breaking testtools which is using traceback2 (see
https://github.com/testing-cabal/testtools/issues/162).

This commit fixes this inconsistency by ensuring that Django sets
the __traceback__ attribute on any exception stored in a __cause__
attribute of a reraised exception.
2015-12-03 16:31:50 -05:00
Gagaro 34d88944f4 Fixed #25812 -- Restored the ability to use custom formats with the date template filter. 2015-11-28 08:38:45 -05:00
Florian Apolloner 316bc3fc94 Fixed a settings leak possibility in the date template filter.
This is a security fix.
2015-11-24 11:20:29 -05:00
Tim Graham 4921d4e59f Fixed #25769 -- Updated get_version() release candidate naming for PEP 0440. 2015-11-19 10:00:09 -05:00
Tim Graham c7adfe941b Removed redundant termcolors.
Replaced MIGRATE_SUCCESS and MIGRATE_FAILURE with
SUCCESS and ERROR.
2015-11-18 10:26:39 -05:00
Attila Tovt 0a2d3b7387 Fixed #25682 -- Removed bare except clauses. 2015-11-17 14:39:15 -05:00
Jaap Roes 9a2aca6030 Fixed #25743 -- Optimized utils.localize() and localize_input()
Bail early if the input is a string since that's the most common case.
2015-11-12 13:24:53 -05:00
Marti Raudsepp d3e3703a15 Fixed #25720 -- Made gettext() return bytestring on Python 2 if input is bytestring.
This is consistent with the behavior of Django 1.7.x and earlier.
2015-11-11 08:56:10 -05:00
Tim Graham 4c593eaa5f Updated six to 1.10.0. 2015-11-10 22:05:48 -05:00
Dwight Gunning 1f29164ced Fixed #6727 -- Made patch_cache_control() patch an empty Cache-Control header. 2015-11-09 14:26:29 -05:00
Aymeric Augustin 1014ba026e Fixed debug view crash during autumn DST change.
This only happens if USE_TZ = False and pytz is installed (perhaps not
the most logical combination, but who am I to jugde?)

Refs #23714 which essentially fixed the same problem when USE_TZ = True.

Thanks Florian and Carl for insisting until I wrote a complete patch.
2015-11-07 23:17:33 +01:00
Neal Todd c3a974c81e Amended comment to remove reference to the no longer used NullHandler 2015-11-07 16:35:46 +01:00
Ville Skyttä 3ee18400ae Fixed #25668 -- Misc spelling errors 2015-11-03 11:58:13 +02:00
Tim Graham 0b5d32faca Fixed #25611 -- Standardized descriptor signatures. 2015-10-26 11:31:16 -04:00
Claude Paroz 8b5acda821 Fixed #25571 -- Fixed boolean evaluation of ungettext_lazy 2015-10-22 15:17:45 +02:00
Tim Graham 04ecc26223 Removed SimpleLazyObject workaround for a Python 3 bug.
The workaround added in fe8484efda
seems unnecessary as the Python bug is fixed in Python 3.4.
2015-10-05 09:46:59 -04:00
Tim Graham ea8e7fd989 Removed obsolete (since Python 2.3) __safe_for_unpickling__ attribute. 2015-10-05 08:07:27 -04:00
Ben Kraft 35355a4ffe Fixed #25389 -- Fixed pickling a SimpleLazyObject wrapping a model.
Pickling a `SimpleLazyObject` wrapping a model did not work correctly; in
particular it did not add the `_django_version` attribute added in 42736ac8.
Now it will handle this and other custom `__reduce__` methods correctly.
2015-10-03 13:00:37 -04:00
Tim Graham 8d1a001ef6 Fixed #25466 -- Added backwards compatibility aliases for LoaderOrigin and StringOrigin.
Thanks Simon Charette for the DeprecationInstanceCheck class.
2015-09-29 18:31:11 -04:00
Tim Graham 48e7787db5 Removed RemovedInDjango110Warning. 2015-09-23 19:31:11 -04:00
Tim Graham e5c12f6701 Refs #23613 -- Removed django.utils.checksums per deprecation timeline. 2015-09-23 19:31:10 -04:00
Tim Graham 222d063301 Refs #23269 -- Removed the removetags template tag and related functions per deprecation timeline. 2015-09-23 19:31:09 -04:00
Tim Graham 6b37719616 Refs #24526 -- Made the django logger handle INFO messages.
Without an explicit 'level', only messages at WARNING or higher
are handled. This makes the config consistent with the docs
which say, "The django catch-all logger sends all messages at
the INFO level or higher to the console."
2015-09-23 11:33:49 -04:00
Matt Deacalion Stevens f06ce6053c Fixed #25439 -- Added `SUCCESS` style to termcolor palettes 2015-09-23 09:01:02 +02:00
Unai Zalakain a4b80e2421 Refs #13110 -- Fixed mistakes in the new multiple enclosure feed tests 2015-09-19 15:54:33 +02:00
fabrizio ettore messina 186eb21dc1 Fixed #25269 -- Allowed method_decorator() to accept a list/tuple of decorators. 2015-09-18 19:04:29 -04:00
Unai Zalakain aac2a2d2ae Fixed #13110 -- Added support for multiple enclosures in Atom feeds.
The ``item_enclosures`` hook returns a list of ``Enclosure`` objects which is
then used by the feed builder. If the feed is a RSS feed, an exception is
raised as RSS feeds don't allow multiple enclosures per feed item.

The ``item_enclosures`` hook defaults to an empty list or, if the
``item_enclosure_url`` hook is defined, to a list with a single ``Enclosure``
built from the ``item_enclosure_url``, ``item_enclosure_length``, and
``item_enclosure_mime_type`` hooks.
2015-09-18 18:31:58 -04:00
Matt Robenolt b0c56b895f Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
2015-09-16 12:21:50 -04:00
Zan Anderle f3dc173240 Fixed #24917 -- Made admindocs display model methods that take arguments. 2015-09-07 15:07:39 -04:00
Alexandre Pocquet e7b7f94678 Fixed #25297 -- Allowed makemessages to work with {% trans %} tags that use template filters. 2015-09-04 15:09:09 -04:00