Commit Graph

547 Commits

Author SHA1 Message Date
Aymeric Augustin f50a09f2cd Removed private API get_template_from_string.
It wasn't documented and it wasn't used anywhere.
2014-12-28 16:23:01 +01:00
Aymeric Augustin 5523e4cdbb Removed private API find_template.
It wasn't documented and it wasn't used anywhere, except in a few tests
that don't test it specifically and can be rewritten with get_template.
2014-12-28 16:23:01 +01:00
Aymeric Augustin 4ea43ac915 Supported multiple template engines in get_template and select_template.
This commit changes the return type of these two functions. Instead of
returning a django.template.Template they return a backend-specific
Template class that must implement render(self, context).
2014-12-28 16:23:01 +01:00
Aymeric Augustin 6854998c8f Looked up the default template engine in the list of all engines. 2014-12-28 16:23:01 +01:00
Aymeric Augustin b34b8a12b7 Passed a reference to the current engine when instantiating Template. 2014-12-28 16:23:00 +01:00
Aymeric Augustin 24dffaf0cb Removed some uses of global APIs from django.template.loader. 2014-12-28 16:23:00 +01:00
Aymeric Augustin 1eca0e95cf Added Django template backend. 2014-12-28 16:08:35 +01:00
Aymeric Augustin 44de7218a5 Added jinja2 template backend. 2014-12-28 16:08:34 +01:00
Aymeric Augustin 86c75996f0 Added dummy template backend. 2014-12-28 16:08:34 +01:00
Aymeric Augustin 1acfd624d6 Added initial support for loading template engines. 2014-12-28 16:08:31 +01:00
Aymeric Augustin b19693e6d8 Imported BaseEngine from the DEP.
i18n is left aside for now.
2014-12-28 15:57:11 +01:00
Aymeric Augustin 7eefdbf7ab Cleaned up the django.template namespace.
Since this package is going to hold both the implementation of the Django
Template Language and the infrastructure for Multiple Template Engines,
it should be untied from the DTL as much as possible within our
backwards-compatibility policy.

Only public APIs (i.e. APIs mentioned in the documentation) were left.
2014-12-28 14:47:31 +01:00
Aymeric Augustin bfa21ddf76 Renamed get_template_from_string to from_string.
The shorter name is just as explicit and, well, shorter.
2014-12-28 14:47:31 +01:00
Aymeric Augustin b3eda6ec3e Simplified handling of a default value. 2014-12-28 14:47:30 +01:00
Aymeric Augustin 6d52f6f8e6 Fixed #23831 -- Supported strings escaped by third-party libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Jon Dufresne 4468c08d70 Fixed #23968 -- Replaced list comprehension with generators and dict comprehension 2014-12-08 07:58:23 -05:00
Berker Peksag 560b4207b1 Removed redundant numbered parameters from str.format().
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Baptiste Mispelon c335c0fee9 Fixed #23914 -- Improved {% now %} to allow storing its result in the context.
Thanks to Tim for the review.
2014-11-25 22:11:35 +01:00
Aymeric Augustin 6294bd3903 Encapsulated TEMPLATE_DEBUG in Engine. 2014-11-23 11:54:17 +01:00
Aymeric Augustin 47a131b944 Encapsulated TEMPLATE_STRING_IF_INVALID in Engine. 2014-11-23 11:53:53 +01:00
Aymeric Augustin 37505b6397 Encapsulated TEMPLATE_CONTEXT_PROCESSORS in Engine.
Since RequestContext doesn't know its Engine until it's passed to
Template.render() -- and cannot without breaking a widely used public
API -- an elaborate hack is required to apply context processors.
2014-11-23 11:53:18 +01:00
Aymeric Augustin 98ac69af53 Encapsulated ALLOWED_INCLUDE_ROOTS in Engine. 2014-11-23 11:52:54 +01:00
Aymeric Augustin 246cfdeae3 Moved make_origin into the Engine class. 2014-11-23 11:52:45 +01:00
Aymeric Augustin 240ea67ce0 Move compile_string into the Engine class. 2014-11-23 11:52:25 +01:00
Aymeric Augustin 5b1bb40216 Added to each Context a reference to the Engine.
It's only available during the rendering.
2014-11-23 11:52:22 +01:00
Aymeric Augustin a2dd08666c Removed dependency of template loaders on Django settings. 2014-11-23 11:52:14 +01:00
Aymeric Augustin 29a977ab14 Moved template loaders management in Engine.
Passed the engine instance to loaders. This is a prerequisite for
looking up configuration on the engine instance instead of global
settings.

This is backwards incompatible for custom template loaders that override
__init__. However the documentation doesn't talk about __init__ and the
way to pass arguments to custom template loaders isn't specified. I'm
considering it a private API.
2014-11-23 11:52:12 +01:00
Aymeric Augustin 544a716da8 Removed unused API get_template_loaders.
It was introduced in a recent refactoring so this isn't an issue.

Then renamed _get_template_loaders to get_template_loaders.
2014-11-23 11:51:31 +01:00
Aymeric Augustin 572cdb4391 Introduced a template engine class.
Moved Django templates loading infrastructure there.
2014-11-23 09:29:53 +01:00
Aymeric Augustin 17012b6936 Deprecated dirs argument to override TEMPLATE_DIRS.
Cancels 2f0566fa. Refs #4278.
2014-11-23 09:29:33 +01:00
Aymeric Augustin 7331788300 Avoided rewrapping Contexts in render_to_response.
This change preserves backwards-compatibility for a very common misuse
of render_to_response which even occurred in the official documentation.

It fixes that misuse wherever it happened in the code base and docs.

Context.__init__ is documented as accepting a dict and nothing else.
Since Context is dict-like, Context(Context({})) could work to some
extent. However, things get complicated with RequestContext and that
gets in the way of refactoring the template engine. This is the real
rationale for this change.
2014-11-22 17:58:38 +01:00
Aymeric Augustin f88ad710fa Simplified caching of template context processors. 2014-11-19 21:35:39 +01:00
Aymeric Augustin a97e72aaab Simplified caching of templatetags modules. 2014-11-19 21:35:39 +01:00
Aymeric Augustin fab26cf5e0 Removed support for function-based template loaders.
They were deprecated in Django 1.2 but not all the supporting code was
removed in Django 1.4. Since the remaining code was unlikely to be
functional (pun intended) e.g. it would crash unless the loader
function had an is_usable attribute, this commit completes the removal
immediately instead of starting another deprecation path.
2014-11-16 22:18:33 +01:00
Aymeric Augustin e87bee6f50 Used get_template_loaders in the cached loader.
This ensures that enabling the cached loader doesn't change behavior.

(Before this commit, it did when the list contained unusable loaders.)
2014-11-16 21:41:44 +01:00
Aymeric Augustin 9eeb788cfb Refactored getting the list of template loaders.
This provides the opportunity to move utility functions specific to the
Django Template Language outside of django.template.loader.
2014-11-16 21:41:44 +01:00
Aymeric Augustin 1851dcf377 Deprecated function-based loaders. 2014-11-16 21:41:42 +01:00
Aymeric Augustin 0bf99193f8 Removed obsolete comment.
It didn't account for class-based template loaders.
2014-11-16 21:40:54 +01:00
Aymeric Augustin d58597a7b8 Refactored listing template subdirectories in apps.
This change has the nice side effect of removing code that ran at import
time and depended on the app registry at module level -- a notorious
cause of AppRegistryNotReady exceptions.
2014-11-16 21:28:43 +01:00
Aymeric Augustin cd7146debe Removed skip_template argument of locmem.Loader.load_template_source.
It didn't do anything, wasn't documented and wasn't used anywhere.
2014-11-16 21:28:37 +01:00
Aymeric Augustin c211c59b4a Removed the "test:" prefix from locmem template identifiers.
Since it isn't branded as a test utility any more and could be used for
other purposes than test code, that prefix no longer makes sense.

It wasn't used anywhere either.
2014-11-16 21:28:31 +01:00
Aymeric Augustin 2577ae6a08 Moved all template loaders under django.template.loaders.
Reformatted the code of base.Loader according to modern standards.

Turned the test template loader into a regular locmem.Loader -- but
didn't document it.

Added a normal deprecation path for BaseLoader which is a public API.

Added an accelerated deprecation path for TestTemplateLoader which is
a private API.
2014-11-16 21:28:26 +01:00
Grzegorz Slusarek b4bb5cd0a3 Fixed #23585 - Corrected internal comment.
Removed misleading comment and provide correct one, explaining
idea behind hardcoded CSRF template context processor.
2014-11-15 14:07:31 +01:00
Tim Graham 42b5e4feea Fixed #23730 -- Moved support for SimpleCookie HIGHEST_PROTOCOL pickling to http.cookie.
This fix is necessary for Python 3.5 compatibility (refs #23763).

Thanks Berker Peksag for review.
2014-11-12 19:04:45 +01:00
Aymeric Augustin 3bc7a14ea5 Normalized opening a file and decoding its content.
`io.open` is required on Python 2.7. Just `open` would work on Python 3.
2014-11-11 22:54:27 +01:00
Aymeric Augustin b8ba73cd0c Raised SuspiciousFileOperation in safe_join.
Added a test for the condition safe_join is designed to prevent.

Previously, a generic ValueError was raised. It was impossible to tell
an intentional exception raised to implement safe_join's contract from
an unintentional exception caused by incorrect inputs or unexpected
conditions. That resulted in bizarre exception catching patterns, which
this patch removes.

Since safe_join is a private API and since the change is unlikely to
create security issues for users who use it anyway -- at worst, an
uncaught SuspiciousFileOperation exception will bubble up -- it isn't
documented.
2014-11-11 19:05:14 +01:00
Luke Plant b748a8bc67 Fixed #23789 -- TemplateResponse handles context differently from render 2014-11-10 14:47:45 +00:00
David Hoffman 03467368db Fixed #23558 -- documented slugify limitations 2014-10-30 09:02:04 -04:00
Martin Matusiak ae5dbe5aa8 Fixed comment typo in django/template/__init__.py 2014-10-04 08:00:00 -04:00
Tim Graham 12809e1609 Fixed #23489 -- Added numpy 1.9+ support in template lookups 2014-09-29 19:51:39 -04:00