Hasan Ramezani
e3d0b4d550
Fixed #30899 -- Lazily compiled import time regular expressions.
2019-10-29 09:22:26 +01:00
Carlton Gibson
54d0f5e62f
Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
...
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
Chris Jerdonek
cce47ff65a
Fixed #30565 -- Closed HttpResponse when wsgi.file_wrapper closes file-like object.
2019-06-20 11:48:49 +02:00
Mariusz Felisiak
415e899dc4
Refs #30451 -- Added HttpRequest._set_content_type_params() hook.
2019-06-15 10:29:02 -07:00
ShingenPizza
de4832c49b
Fixed #30196 -- Made FileResponse set Content-Disposition inline if filename is available.
2019-05-17 12:07:27 +02:00
Troon
a3a4f5c144
Fixed #30310 -- Added support for looking up HttpHeaders.headers using underscores.
2019-05-09 16:26:52 +02:00
Jon Dufresne
b915b9f10f
Refs #27753 -- Deprecated django.utils.text.unescape_entities().
...
The function was undocumented and only required for compatibility with
Python 2.
Code should use Python's html.unescape() that was added in Python 3.4.
2019-05-08 08:00:59 +02:00
Jon Dufresne
8b3f1c35dd
Removed unnecessary assignments in various code.
2019-04-24 13:09:29 +02:00
sage
9aa56cb0d5
Fixed #30294 -- Allowed HttpResponse to accept memoryview content.
2019-03-29 09:43:49 -04:00
Tim Graham
8ec7ded370
Refs #30227 -- Added helpful message for non-ASCII Content-Type in mulitpart request.
2019-03-02 09:19:05 -05:00
Tim Graham
2ed2acf872
Fixed #30227 -- Fixed crash on request without boundary in Content-Type.
2019-03-02 09:19:05 -05:00
Nick Pope
5013d38380
Optimized iterator exhaustion using collections.deque().
2019-02-14 18:21:57 -05:00
Aymeric Augustin
3bb6a4390c
Refs #27753 -- Favored force/smart_str() over force/smart_text().
2019-02-06 14:12:06 -05:00
Jon Dufresne
7785e03ba8
Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
...
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
Tim Graham
7c66aaa2b6
Refs #28137 -- Removed HttpRequest.xreadlines() per deprecation timeline.
2019-01-17 10:52:16 -05:00
Tim Graham
8045dff98c
Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline.
2019-01-17 10:50:25 -05:00
Santiago Basulto
4fc35a9c3e
Fixed #20147 -- Added HttpRequest.headers.
2019-01-16 13:38:47 -05:00
Jon Dufresne
8c3e0eb1c1
Normalized spelling of "lowercase" and "lowercased".
2018-09-25 10:30:18 -04:00
Jon Dufresne
ad9a28ee38
Refs #29784 -- Normalized Python docs links to omit the version.
2018-09-25 10:19:42 +02:00
Tim Graham
d8e2be459f
Fixed #29627 -- Fixed QueryDict.urlencode() crash with non-string values.
...
Regression in 7d96f0c49a
.
2018-08-02 21:56:26 -04:00
François Freitag
93e721a0b8
Fixed django/http/request.py docstring typo.
2018-07-16 10:48:20 +02:00
Sergey Fedoseev
bcdd9149d4
Simplified HttpRequest.__iter__().
2018-07-10 09:13:36 -04:00
Josh Schneier
98e8c0293b
Removed unused HttpRequest._post_parse_error attribute.
...
Unused since 8f8c54f70b
.
2018-06-07 18:51:33 -04:00
Claude Paroz
a177f854c3
Fixed #16470 -- Allowed FileResponse to auto-set some Content headers.
...
Thanks Simon Charette, Jon Dufresne, and Tim Graham for the reviews.
2018-05-15 18:12:11 +02:00
Alex Gaynor
9a56b4b13e
Fixed #27863 -- Added support for the SameSite cookie flag.
...
Thanks Alex Gaynor for contributing to the patch.
2018-04-13 20:58:31 -04:00
Tim Graham
7d96f0c49a
Refs #27795 -- Replaced force_bytes() usage in django.http.
2018-02-07 14:28:15 -05:00
George-Cristian Bîrzan
5bf62825b5
Fixed #28828 -- Improved performance of HttpRequest.build_absolute_uri().
2018-01-10 14:05:10 -05:00
Alvin Lindstam
47a99d7012
Fixed #28989 -- Fixed HttpResponse.delete_cookie() for cookies that use __Secure/Host prefixes.
2018-01-08 12:32:47 -05:00
Дилян Палаузов
d7b2aa24f7
Fixed #28982 -- Simplified code with and/or.
2018-01-03 20:12:23 -05:00
Alexey
0afffae4ec
Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC 7231.
2018-01-02 11:22:59 -05:00
Дилян Палаузов
4c599ece57
Fixed #28930 -- Simplified code with any() and all().
2017-12-26 17:11:15 -05:00
Дилян Палаузов
23bf4ad87f
Fixed #28795 -- Removed 'not in' checks and used dict.setdefault().
2017-11-14 10:52:52 -05:00
Jonas Haag
a2851f204c
Fixed #28720 -- Added HttpRequest.get_full_path_info().
2017-11-07 15:58:05 -05:00
Дилян Палаузов
6c0042430e
Fixed #28776 -- Fixed a/an/and typos in docs and comments.
2017-11-06 22:41:03 -05:00
Tim Graham
cfff2af02b
Fixed #27857 -- Dropped support for Python 3.4.
2017-09-25 17:11:03 -04:00
Mariusz Felisiak
3f9d85d95c
Removed unused eof argument to BoundaryIter._find_boundary().
...
Unused since its introduction in d725cc9734
.
2017-09-22 10:47:14 -04:00
Tim Graham
6e4c6281db
Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."
...
This reverts commit 550cb3a365
because try/except performs better.
2017-09-07 08:16:21 -04:00
Sergey Fedoseev
f2b93b509c
Removed unneeded iter() calls.
...
A few of these were unnecessarily added in 2b281cc35e
.
2017-08-23 16:48:29 -04:00
Mads Jensen
550cb3a365
Fixed #27818 -- Replaced try/except/pass with contextlib.suppress().
2017-06-28 14:07:55 -04:00
Tom
7afb476469
Fixed #28226 -- Replaced use of str.join() with concatenation.
2017-05-27 13:59:05 -04:00
Claude Paroz
301de774c2
Refs #27795 -- Replaced many force_text() with str()
...
Thanks Tim Graham for the review.
2017-04-27 09:10:02 +02:00
Josh Schneier
a1b2c1d76e
Fixed #28137 -- Deprecated HttpRequest.xreadlines().
2017-04-26 19:39:22 -04:00
Anton Samarchyan
3eb679a869
Refs #27656 -- Updated django.forms/http docstring verbs according to PEP 257.
2017-02-20 19:57:33 -05:00
Tim Graham
75f0070a54
Fixed #27308 -- Fixed BytesWarnings in the test suite.
2017-02-17 16:04:45 -05:00
Vytis Banaitis
d1bab24e01
Refs #23919 , #27778 -- Removed obsolete mentions of unicode.
2017-01-26 08:19:27 -05:00
Tim Graham
90db4bb0d7
Corrected http.multipartparser.exhaust() docstring.
...
MultiPartParserError was removed in
ebf34c3cdc
.
2017-01-25 13:00:00 -05:00
chillaranand
d6eaf7c018
Refs #23919 -- Replaced super(ClassName, self) with super().
2017-01-25 12:23:46 -05:00
Mads Jensen
ebf34c3cdc
Removed unused variables that are overwritten.
2017-01-25 09:14:05 -05:00
Claude Paroz
6e55e1d88a
Refs #23919 -- Replaced six.reraise by raise
2017-01-22 20:08:04 +01:00
Claude Paroz
042b7350a0
Refs #23919 -- Removed unneeded str() calls
2017-01-20 14:13:55 +01:00
Claude Paroz
dc8834cad4
Refs #23919 -- Removed unneeded force_str calls
2017-01-20 08:44:31 +01:00
Tim Graham
fedda6d9bd
Refs #23919 -- Removed Python 2 version check in django.http.cookie.
2017-01-19 20:06:03 -05:00
Simon Charette
cecc079168
Refs #23919 -- Stopped inheriting from object to define new style classes.
2017-01-19 08:39:46 +01:00
Claude Paroz
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz
7b2f2e74ad
Refs #23919 -- Removed six.<various>_types usage
...
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
roboslone
544b2ef29f
Fixed #27640 -- Fixed HttpResponse's __repr__() without a 'Content-Type' header.
2016-12-27 14:42:58 -05:00
Jerome Leclanche
a849ec1880
Fixed #27606 -- Fixed HttpResponseRedirect.__repr__() crash when DisallowedRedirect is raised.
2016-12-19 10:01:03 -05:00
Vinay Karanam
4a246a02bd
Refs #17235 -- Made MultiPartParser leave request.POST immutable.
2016-12-07 08:28:46 -05:00
Anton Samarchyan
05d2c5a66d
Fixed #27181 -- Allowed contrib.sites to match domains with trailing ".".
2016-11-29 18:17:10 -05:00
PREMANAND
371adc472a
Fixed #27156 -- Made changing HttpRequest.encoding clear GET.
2016-11-17 12:46:42 -05:00
Ramin Farajpour Cami
967be82443
Fixed E305 flake8 warnings.
2016-11-14 12:30:46 -05:00
Tim Graham
7fe2d8d940
Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True.
...
This is a security fix.
2016-11-01 09:30:57 -04:00
Claude Paroz
2ced2f785d
Replaced smart_* by force_* calls whenever possible
...
The smart_* version should only be used when a lazy string should keep
its lazy status.
2016-09-03 13:46:41 +02:00
Ryan Allen
190d2ff4a7
Fixed #27153 -- Added validation for HttpResponse status.
2016-08-30 21:59:43 -04:00
Tim Graham
ff0a5aff4f
Fixed #27046 -- Supported IPv6-formatted IPv4 addresses in host validation.
...
Thanks LaMont Jones for the report and patch.
2016-08-11 13:54:39 -04:00
Tim Graham
5c63b3e5a7
Fixed #27005 -- Fixed crash if request.META[''CONTENT_LENGTH']=''.
2016-08-03 13:12:40 -04:00
Ville Skyttä
96f97691ad
Fixed broken links in docs and comments.
2016-06-15 21:20:23 -04:00
wim glenn
5ebebd1159
Fixed #26707 -- Added QueryDict.fromkeys()
2016-06-06 08:54:25 -04:00
Jon Dufresne
a8f957797d
Fixed comment typo in multiparser.py
2016-06-05 16:36:59 -04:00
Asif Saifuddin Auvi
dc88516e5b
Made style improvements to multipartparser.py
2016-06-04 11:06:25 -04:00
Andre Cruz
929684d6ee
Fixed #21231 -- Enforced a max size for GET/POST values read into memory.
...
Thanks Tom Christie for review.
2016-05-12 10:17:52 -04:00
Tim Graham
086510fde0
Removed HTTP prefixed CONTENT_TYPE/LENGTH headers in MultiPartParser.
...
The docs say that these headers always appear without the HTTP_ prefix.
This may have been an oversight when they were added in
d725cc9734
, the only commit that uses
these names.
2016-05-06 10:30:03 -04:00
Tim Graham
ead21a1949
Refs #22897 -- Removed unneeded empty string QueryDict argument.
2016-05-03 12:04:08 -04:00
Tim Graham
bb0b4b705b
Fixed #26052 -- Moved conditional_content_removal() processing to the test client.
2016-04-25 07:56:07 -04:00
Tim Graham
df8d8d4292
Fixed E128 flake8 warnings in django/.
2016-04-08 09:51:06 -04:00
Collin Anderson
93a135d111
Fixed #26158 -- Rewrote http.parse_cookie() to better match browsers.
2016-03-15 12:24:06 -04:00
Tim Graham
59df07738c
Simplified _cookie_allows_colon_in_names condition.
2016-03-14 18:58:49 -04:00
Tim Graham
2f81f466a8
Removed a workaround for a cookie encoding bug [1] in Python < 2.7.2.
...
[1] http://bugs.python.org/issue9824
2016-03-14 18:58:49 -04:00
John-Mark Bell
4b129ac81f
Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an empty string.
2016-03-07 13:19:39 -05:00
Curtis Maloney
6f1318734f
Fixed #26014 -- Added WSGIRequest content_type and content_params attributes.
...
Parsed the CONTENT_TYPE header once and recorded it on the request.
2016-02-10 18:19:23 -05:00
userimack
60586dd737
Fixed #26125 -- Fixed E731 flake warnings.
2016-01-25 14:23:43 -05:00
Johannes Hoppe
5233b70070
Fixed #25725 -- Made HttpReponse immediately close objects.
2015-12-14 12:46:48 -05:00
Raphael Merx
0a19f8d4fc
Fixed #25644 -- Fixed reset cookie expiry date bug.
...
Setting a cookie with the same name as a previously deleted cookie
would set its expiry date to 'Thu, 01-Jan-1970 00:00:00 GMT'.
2015-11-18 07:47:40 -05:00
Jon Dufresne
05248a1009
Fixed #25576 -- Added IOBase methods required by TextIOWrapper to HttpResponse.
2015-10-21 10:42:29 -04:00
Matt Robenolt
b0c56b895f
Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
...
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
2015-09-16 12:21:50 -04:00
Vlastimil Zíma
cf29b6b561
Fixed #25099 -- Fixed crash in AdminEmailHandler on DisallowedHost.
2015-09-04 09:24:21 -04:00
Maxime Lorant
5153a3bfdc
Fixed #25331 -- Removed trailing blank lines in docstrings.
2015-08-31 17:37:21 -04:00
Sambhav Satija
d0bd533043
Fixed #25254 -- Added JsonResponse json_dumps_params parameter.
2015-08-12 10:39:07 -04:00
Matt Robenolt
4dcfbd7923
Fixed #25211 -- Added HttpRequest.get_port() and USE_X_FORWARDED_PORT setting.
2015-08-04 09:50:57 -04:00
Keryn Knight
c96f11257b
Refs #24121 -- Added meaningful repr() to HttpResponse and subclasses.
2015-07-15 09:01:25 -04:00
Vlastimil Zíma
8f8c54f70b
Fixed #25099 -- Cleaned up HttpRequest representations in error reporting.
2015-07-13 19:22:39 -04:00
Tim Graham
7da3923ba0
Sorted imports in __init__.py files.
2015-06-27 11:53:33 -04:00
Tim Graham
3f2de80318
Refs #23763 -- Fixed Python 3.5 PendingDeprecationWarning in LazyStream.
...
Fixed "PendingDeprecationWarning: generator 'LazyStream.read.<locals>.parts'
raised StopIteration" per PEP 0479.
2015-06-17 06:55:16 -04:00
Piotr Jakimiak
4157c502a5
Removed unnecessary arguments in .get method calls
2015-05-13 20:51:18 +02:00
Bas Peschier
9128762f16
Fixed #19910 -- Added slash to i18n redirect if APPEND_SLASH is set.
...
This introduces a force_append_slash argument for request.get_full_path()
which is used by RedirectFallbackMiddleware and CommonMiddleware when
handling redirects for settings.APPEND_SLASH.
2015-03-26 09:26:55 -04:00
Claude Paroz
a0c2eb46dd
Fixed #23960 -- Removed http.fix_location_header
...
Thanks Carl Meyer for the report and Tim Graham for the review.
2015-03-18 18:22:50 +01:00
Jon Dufresne
d861f95c44
Fixed #24139 -- Changed HttpResponse.reason_phrase to evaluate based on status_code.
2015-03-12 20:18:06 -04:00
Rik
ccff08c194
Fixed #24463 -- Removed mod_python functionality from HttpRequest._get_scheme()
2015-03-11 14:35:25 -04:00