Przemysław Suliga
5e5a17028f
Fixed #26902 -- Allowed is_safe_url() to require an https URL.
...
Thanks Andrew Nester, Berker Peksag, and Tim Graham for reviews.
2016-08-19 18:51:33 -04:00
Claude Paroz
5fb22b4d4c
Fixed #27034 -- Made makemessages independent of USE_I18N
...
Thanks Tim Graham for the review.
2016-08-11 21:16:19 +02:00
Ville Skyttä
a2fb2b3a1f
Fixed #27020 -- Used a context manager to close files.
2016-08-04 19:45:14 -04:00
Tim Graham
54afa960d1
Fixed #26988 -- Improved/clarified User.is_authenticated/anonymous compatibility.
...
Thanks marktranchant for the report and review.
2016-08-02 11:01:08 -04:00
Will Hardy
8ef78b8165
Fixed #26656 -- Added duration (timedelta) support to DjangoJSONEncoder.
2016-07-14 13:34:15 -04:00
jasisz
b5a1c3a6f5
Fixed #25920 -- Added support for non-uniform NUMBER_GROUPING.
2016-06-22 17:28:49 -04:00
Carl Meyer
7d1b69dbe7
Refs #26601 -- Improved backwards-compatibility of DEP 5 middleware exception handling.
2016-06-17 10:00:39 -07:00
Vytis Banaitis
57eb17b8c7
Fixed #26746 -- Fixed handling of zero priority in Accept-Language header parsing.
2016-06-13 07:58:25 -04:00
Vytis Banaitis
f1b38842af
Fixed #26744 -- Fixed a typo in regex for Accept-Language header parsing.
2016-06-11 21:32:56 -04:00
Thejaswi Puthraya
c8d2120b06
Fixed #26705 -- Fixed plural versions of languages not supported by Django.
2016-06-08 16:17:17 -04:00
Scott Vitale
be729b6120
Fixed #10107 -- Allowed using mark_safe() as a decorator.
...
Thanks ArcTanSusan for the initial patch.
2016-06-07 12:24:03 -04:00
Chesco Igual
ffd18732f3
Fixed #24781 -- Fixed repr() for lazy objects.
2016-06-04 19:13:00 -04:00
Ketan Bhatt
f31fbbae1a
Fixed #26653 -- Made SyndicationFeed.latest_post_date() return time in UTC.
2016-05-30 18:36:15 -04:00
Tim Graham
6f520bf7d8
Added RemovedInDjango21Warning
2016-05-28 21:12:39 -04:00
Florian Apolloner
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Andre Cruz
929684d6ee
Fixed #21231 -- Enforced a max size for GET/POST values read into memory.
...
Thanks Tom Christie for review.
2016-05-12 10:17:52 -04:00
Tim Graham
2f0e0eee45
Fixed #24046 -- Deprecated the "escape" half of utils.safestring.
2016-05-10 12:46:47 -04:00
Claude Paroz
c3e1086949
Stopped truncating AdminEmailHandler message subjects
...
Refs #26572 , #17281 . The RFC doesn't limit total length, just the line length
which is already taken care of by Python itself.
Thanks Tim Graham for the review.
2016-05-10 18:17:43 +02:00
Vasiliy Faronov
31e0314979
Fixed #26580 -- Updated references to obsolete RFC 2822.
...
Didn't rename django.utils.feedgenerator.rfc2822_date()
as some external code may rely on it.
2016-05-10 11:24:51 -04:00
Vasiliy Faronov
ac77c55bc5
Fixed #26567 -- Updated references to obsolete RFC2616.
...
Didn't touch comments where it wasn't obvious that the code adhered to
the newer standard.
2016-05-03 11:14:40 -04:00
Marko Benko
45c7acdc50
Fixed #26281 -- Added a helpful error message for an invalid format specifier to dateformat.format().
2016-04-20 20:13:52 -04:00
Jeremy Lainé
c1aec0feda
Fixed #25847 -- Made User.is_(anonymous|authenticated) properties.
2016-04-09 14:54:18 -04:00
Tim Graham
df8d8d4292
Fixed E128 flake8 warnings in django/.
2016-04-08 09:51:06 -04:00
Tim Graham
3913a56558
Removed unused django.utils.http.PROTOCOL_TO_PORT.
...
Unused since b0c56b895f
.
2016-04-06 12:29:20 -04:00
Tim Graham
2cd2d18851
Fixed W503 flake8 warnings.
2016-04-04 17:14:26 -04:00
Tim Graham
2c125bded1
Refs #18239 -- Removed an obsolete workaround for bugs in HTMLParser.
2016-03-26 12:48:29 -04:00
Amine Yaiche
32c8e43ef1
Fixed #26378 -- Allowed a left byte of zero in mixed IPv4/IPv6 validation.
2016-03-23 08:18:29 -04:00
Claude Paroz
11c60b5298
Reused the DjangoTranslation class for the javascript_catalog view
...
Thanks Tim Graham and Cristiano Coelho for the reviews.
Refs #26328 , #26319 .
2016-03-08 21:39:59 +01:00
Claude Paroz
552f03869e
Added safety to URL decoding in is_safe_url() on Python 2
...
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218
and ada7a4aef
.
2016-03-04 23:33:35 +01:00
Claude Paroz
ada7a4aefb
Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()
...
This fixes a regression introduced by c5544d2892
.
Thanks John Eskew for the reporti and Tim Graham for the review.
2016-03-04 21:14:14 +01:00
Mark Striemer
c5544d2892
Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
Nick Malakhov
ee69789f45
Fixed #26269 -- Prohibited spaces in is_valid_ipv6_address().
2016-02-25 18:52:50 -05:00
Alexey Kotlyarov
b59f963ad2
Fixed #26212 -- Made forms.FileField and translation.lazy_number() picklable.
2016-02-15 11:44:29 -05:00
Jon Dufresne
dec334cb66
Fixed #26193 -- Made urlize() trim multiple trailing punctuation.
2016-02-15 09:10:15 -05:00
Marcin Markiewicz
f7a9872b91
Fixed #26173 -- Prevented localize_input() from formatting booleans as numbers.
2016-02-09 13:07:33 -05:00
Ben Kraft
13023ba867
Fixed #26122 -- Fixed copying a LazyObject
...
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4
.
2016-01-26 06:56:21 -05:00
userimack
60586dd737
Fixed #26125 -- Fixed E731 flake warnings.
2016-01-25 14:23:43 -05:00
Claude Paroz
104eddbdf6
Fixed #26093 -- Allowed escape sequences extraction by gettext on Python 3
...
Thanks Sylvain Fankhauser for the report and Tim Graham for the review.
2016-01-23 14:00:55 +01:00
Tim Graham
5b94b17fef
Fixed #25999 -- Removed promotion of RemovedInNextVersionWarning to loud by default.
2016-01-14 09:05:43 -05:00
Tim Graham
d45cfefbad
Refs #25769 -- Updated docs to reflect get_version() uses PEP 0440.
2016-01-13 07:06:34 -05:00
Flavio Curella
0bc5cd6280
Fixed #25684 -- Made runserver use logging for request/response output.
...
Thanks andreif for the contributing to the patch.
2016-01-11 07:35:17 -05:00
Claude Paroz
632a9f21bc
Fixed #26046 -- Fixed a crash with translations and Django-unknown language code
...
Thanks Jens Lundstrom for the report and Tim Graham for the review.
2016-01-06 20:30:56 +01:00
Benjamin Bach
8ad18103a1
Replaced dict.setdefault() usage to avoid unnecessary object instantiations.
2016-01-05 13:06:23 -05:00
Denis Cornehl
186b6c61bf
Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.
...
Thanks Denis Cornehl for help with the patch.
2016-01-05 09:37:11 -05:00
Claude Paroz
cd3c042b04
Fixed #25915 -- Allowed language not in Django's default LANGUAGES
...
This fixes a regression introduced by a5f6cbce07
.
Thanks Gavin Wahl for the report and Tim Graham for the review.
2015-12-18 17:50:16 +01:00
Claude Paroz
ed20dd2e85
Fixed #25875 -- Prevented UnicodeDecodeError for Q object repr
...
Thanks Ben Kraft for the report, and Simon Charette for the review.
2015-12-13 15:07:17 +01:00
Iacopo Spalletti
d693074d43
Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().
...
Thanks to bmispelon and uruz for the initial patch.
2015-12-12 14:46:48 -05:00
Raphaël Hertzog
9f4e031bd3
Fixed #25761 -- Added __cause__.__traceback__ to reraised exceptions.
...
When Django reraises an exception, it sets the __cause__ attribute even
in Python 2, mimicking Python's 3 behavior for "raise Foo from Bar".
However, Python 3 also ensures that all exceptions have a __traceback__
attribute and thus the "traceback2" Python 2 module (backport of Python
3's "traceback" module) relies on the fact that whenever you have a
__cause__ attribute, the recorded exception also has a __traceback__
attribute.
This is breaking testtools which is using traceback2 (see
https://github.com/testing-cabal/testtools/issues/162 ).
This commit fixes this inconsistency by ensuring that Django sets
the __traceback__ attribute on any exception stored in a __cause__
attribute of a reraised exception.
2015-12-03 16:31:50 -05:00
Gagaro
34d88944f4
Fixed #25812 -- Restored the ability to use custom formats with the date template filter.
2015-11-28 08:38:45 -05:00
Florian Apolloner
316bc3fc94
Fixed a settings leak possibility in the date template filter.
...
This is a security fix.
2015-11-24 11:20:29 -05:00