Commit Graph

847 Commits

Author SHA1 Message Date
Claude Paroz 7fa0fa45c5 Refs #30997 -- Removed HttpRequest.is_ajax() usage. 2020-01-27 08:52:40 +01:00
Pavel Lysak 13e4abf83e Fixed #30752 -- Allowed using ExceptionReporter subclasses in error reports. 2020-01-16 15:25:49 +01:00
Flavio Curella d08d4f464a Fixed #30765 -- Made cache_page decorator take precedence over max-age Cache-Control directive. 2020-01-16 13:39:16 +01:00
Daniel Hahler 4fe486520f Fixed <span> nesting in technical 500 template. 2020-01-14 10:08:27 +01:00
Carlton Gibson 1f4b9f4f1f Removed unused ExceptionReporterFilter class.
Unused since 8f8c54f70b.
2020-01-11 20:18:38 +01:00
Carlton Gibson e2d9d66a22 Fixed #23004 -- Added request.META filtering to SafeExceptionReporterFilter.
Co-authored-by: Ryan Castner <castner.rr@gmail.com>
2020-01-10 11:35:41 +01:00
Carlton Gibson 581ba5a948 Refs #23004 -- Allowed exception reporter filters to customize settings filtering.
Thanks to Tim Graham for the original implementation idea.

Co-authored-by: Daniel Maxson <dmaxson@ccpgames.com>
2020-01-10 11:21:23 +01:00
Mike Yusko 0707ff6d36 Renamed set_language()'s next variable to avoid clash with builtin. 2020-01-09 07:54:18 +01:00
Adam Johnson 2ea3fb3e63 Removed "Don't do that" from docs and error messages.
It's slightly aggressive and doesn't explain itself.
2020-01-06 13:50:43 +01:00
Mike Hansen 35d36d9462 Refs #30585 -- Updated project templates and tests to use (block)translate tags. 2019-12-18 13:15:38 +01:00
Jon Dufresne e703b93a65 Fixed #31080 -- Removed redundant type="text/javascript" attribute from <script> tags. 2019-12-11 09:49:54 +01:00
Baptiste Mispelon d8e2333528 Fixed #31077 -- Made debug decorators raise TypeError if they're not called.
Django will raise an error if you forget to call the decorator.
2019-12-10 13:34:28 +01:00
Hasan Ramezani 4b78546ef1 Fixed #30405 -- Fixed source code mismatch crash in ExceptionReporter. 2019-11-12 11:31:12 +01:00
Hasan Ramezani e8de188c06 Refs #30405 -- Added ExceptionReporter._get_source(). 2019-11-12 09:44:23 +01:00
Felipe Lee c2c27867ef Refs #20456 -- Moved initialization of HEAD method based on GET to the View.setup() for generic views.
This will ease unit testing of views since setup will essentially do
everything needed to set the view instance up (other than instantiating
it). Credit for idea goes to Vincent Prouillet.
2019-10-30 14:43:52 +01:00
Hasan Ramezani e3d0b4d550 Fixed #30899 -- Lazily compiled import time regular expressions. 2019-10-29 09:22:26 +01:00
Carlton Gibson 4f61810751 Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme(). 2019-09-02 15:32:23 +02:00
Ngalim Siregar 503f60ff57 Fixed #29008 -- Fixed crash of 404 debug page when URL path converter raises Http404. 2019-08-09 22:48:08 +02:00
Jerrod Martin c7bef16a74 Fixed #30411 -- Improved formatting of text tracebacks in technical 500 templates.
Co-Authored-By: Daniel Hahler <git@thequod.de>
2019-07-29 11:09:54 +02:00
Jon Dufresne 42b9a23267 Fixed #30400 -- Improved typography of user facing strings.
Thanks Claude Paroz for assistance with translations.
2019-06-28 16:46:18 +02:00
Alexandre Varas c498f088c5 Fixed #30521 -- Fixed invalid HTML in default error pages. 2019-06-07 07:51:45 +02:00
Tobias Bengfort 7619a33665 Refs #28593 -- Changed url() to path() in comments following URL routing changes. 2019-05-13 18:30:51 +02:00
Ran Benita 19fc6376ce
Fixed #30304 -- Added support for the HttpOnly, SameSite, and Secure flags on language cookies. 2019-04-08 11:26:06 +02:00
Nick Pope 6b4e57d79f Refs #30324 -- Forced utf-8 encoding when loading templates for the technical 404 debug and congrats page. 2019-04-05 16:35:01 +02:00
Nick Pope efb257a017 Fixed #30324 -- Forced utf-8 encoding when loading the template for the technical 500 debug page.
Regression in 50b8493.
Related to ea542a9.
2019-04-05 16:35:01 +02:00
Majid Vaghari 9012033138
Fixed bidirectionality on the congrats page. 2019-04-05 14:20:01 +02:00
Claude Paroz a8e2a9bac6 Refs #15902 -- Deprecated storing user's language in the session. 2019-02-14 10:23:02 -05:00
Aymeric Augustin 3bb6a4390c Refs #27753 -- Favored force/smart_str() over force/smart_text(). 2019-02-06 14:12:06 -05:00
Vinay Karanam 3634560fa9 Fixed #29393 -- Prevented infinite loop in ExceptionReporter.get_traceback_frames(). 2019-02-02 16:39:36 -05:00
Claude Paroz 16454ac35f Fixed #29825 -- Fixed JS ngettext if the string is a non-plural msgid in the catalog. 2019-01-28 21:04:36 +01:00
Jon Dufresne 7785e03ba8 Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
Tim Graham 8045dff98c Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline. 2019-01-17 10:50:25 -05:00
Carlton Gibson 876dc306cd
Refs #30102 -- Added comment on use of Template without placeholders in page_not_found() view. 2019-01-16 16:19:56 +01:00
Tom Hacohen 1ecc0a395b Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page.
Co-Authored-By: Tim Graham <timograham@gmail.com>
2019-01-03 21:21:55 -05:00
François Freitag e671337e8b Fixed #29750 -- Added View.setup() hook for class-based views. 2018-12-21 19:01:11 -05:00
Zach Garwood 19e863a844 Fixed #29995 -- Used higher contrast colors in debug page. 2018-12-21 18:00:13 -05:00
Tim Graham 226a26cf34 Removed an overridden CSS rule in debug page. 2018-12-21 18:00:03 -05:00
Hasan Ramezani 4f8f1b2f24 Fixed #29903 -- Added error message for invalid WeekArchiveView week_format. 2018-10-29 14:22:42 -04:00
Jon Dufresne 82f286cf6f Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
Claude Paroz 50b8493581 Refs #29654 -- Replaced three dots with ellipsis character in output strings. 2018-08-22 09:13:58 -04:00
Timothy Allen f52b026168 Refs #28457 -- Tweaked colors/layout of the congrats page for readability. 2018-06-27 10:47:59 -04:00
Tim Graham 7cdeb23ae7 Fixed #29511 -- Added charset to JavaScriptCatalog's Content-Type header. 2018-06-22 09:15:29 +02:00
Tim Graham 238ed313c5 Removed views.i18n.null_javascript_catalog().
Unused since de40cfbe74.
2018-06-21 11:06:14 -04:00
Claude Paroz a177f854c3
Fixed #16470 -- Allowed FileResponse to auto-set some Content headers.
Thanks Simon Charette, Jon Dufresne, and Tim Graham for the reviews.
2018-05-15 18:12:11 +02:00
Samir Shah 10b44e4525 Fixed #26688 -- Fixed HTTP request logging inconsistencies.
* Added logging of 500 responses for instantiated responses.
* Added logging of all 4xx and 5xx responses.
2018-05-04 20:55:03 -04:00
Tom 11b8c30b9e Ref #23919 -- Replaced some os.path usage with pathlib.Path. 2018-04-19 21:30:00 -04:00
Jon Dufresne ff05de760c Fixed #29038 -- Removed closing slash from HTML void tags. 2018-01-21 02:09:10 -05:00
Jon Dufresne 3c34452ab5 Refs #23668 -- Removed passing default argument of current TZ to make_aware()/naive. 2018-01-18 11:21:12 -05:00
Vincent Poulailleau fcd431c6c3 Improved generic detail view error message for when pk or slug is missing. 2018-01-17 10:58:05 -05:00
Himanshu Chauhan 1b753b2d60 Fixed #28885 -- Fixed hidden content at the bottom of the "The install worked successfully!" page for some languages. 2018-01-12 19:09:54 -05:00
Дилян Палаузов d7b2aa24f7 Fixed #28982 -- Simplified code with and/or. 2018-01-03 20:12:23 -05:00
Дилян Палаузов d79cf1e9e2 Fixed #28985 -- Removed unneeded None checks before hasattr(). 2018-01-03 11:37:06 -05:00
Claude Paroz b3cd9fb18b Refs #15902 -- Made set_language() view always set the current language in a cookie.
The plan is to later deprecate/remove storing the language in the session.
2018-01-03 11:25:40 -05:00
Tim Graham a862af3839
Fixed #28893 -- Removed unnecessary dict.items() calls. 2017-12-06 17:17:59 -05:00
Дилян Палаузов d2afa5eb23 Fixed #28860 -- Removed unnecessary len() calls. 2017-12-04 10:35:23 -05:00
Дилян Палаузов 23bf4ad87f Fixed #28795 -- Removed 'not in' checks and used dict.setdefault(). 2017-11-14 10:52:52 -05:00
Bjorn Kristinsson ac6a4eb9f9 Fixed #28719 -- Added a helpful exception if MultipleObjectTemplateResponseMixin doesn't generate any template names. 2017-11-07 18:46:52 -05:00
Дилян Палаузов 6c0042430e Fixed #28776 -- Fixed a/an/and typos in docs and comments. 2017-11-06 22:41:03 -05:00
Tim Baxter 73241132f2 Refs #28457 -- Removed unused .next-step CSS in django/views/templates/default_urlconf.html. 2017-10-28 07:59:59 -04:00
Tim Baxter f6b5cecc71 Refs #28457 -- Updated the colors of the 'Congrats' page for WCAG AA compliance. 2017-10-28 07:57:27 -04:00
Scot Hacker 6642a646f0 Fixed #28735 -- Fixed typo in django/views/templates/default_urlconf.html. 2017-10-24 11:17:47 -04:00
Stefan Sinca 347551c2a1 Fixed #28508 -- Set the foreground color to black in CSRF and 404 error templates. 2017-09-21 10:23:23 -04:00
Sjoerd Job Postmus df41b5a05d Fixed #28593 -- Added a simplified URL routing syntax per DEP 0201.
Thanks Aymeric Augustin for shepherding the DEP and patch review.
Thanks Marten Kenbeek and Tim Graham for contributing to the code.
Thanks Tom Christie, Shai Berger, and Tim Graham for the docs.
2017-09-20 18:04:42 -04:00
Tim Graham 6e4c6281db Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."
This reverts commit 550cb3a365
because try/except performs better.
2017-09-07 08:16:21 -04:00
Tim Graham 46e2b9e059 Fixed CVE-2017-12794 -- Fixed XSS possibility in traceback section of technical 500 debug page.
This is a security fix.
2017-09-05 10:58:38 -04:00
Sebastian Sassi 5848305218 Fixed #28082 -- Made BaseDateListView pass context from get_dated_items() to subclasses.
Thanks leon-matthews for the report and fix.
2017-09-04 10:55:18 -04:00
Sergey Fedoseev f2b93b509c Removed unneeded iter() calls.
A few of these were unnecessarily added in 2b281cc35e.
2017-08-23 16:48:29 -04:00
Allen, Timothy 9229e005aa Django -> django when styled as a logo with font. This was pointed out at DjangoCon US. 2017-08-21 08:00:54 +02:00
Martin von Gagern 71d39571f4 Fixed #28485 -- Made ExceptionReporter.get_traceback_frames() include frames without source code. 2017-08-12 20:32:39 -04:00
Timothy Allen 5fe9b7b40a Fixed #28457 -- Updated the design of the 'Congrats' page for new Django projects.
Developed by Timothy Allen and Chad Whitman of The Wharton School with
shepherding from Aymeric Augustin and Collin Anderson.
2017-08-07 10:33:55 -04:00
Tim Graham 293608a2e0 Refs #7697 -- Removed unnecessary force_escape of technical 500 debug view "unicode hint".
The test passes before and after the removal. unicode_hint will never
be SafeText, so normal autoescaping is sufficient.
2017-08-02 15:16:22 -04:00
Tim Graham 8df7681d0e Removed unneeded escape filter in templates where autoescaping is enabled. 2017-08-01 10:52:29 -04:00
Bruno Alla 604341c85f Fixed #28331 -- Added ContextMixin.extra_context to allowing passing context in as_view(). 2017-07-06 10:34:54 -04:00
Mads Jensen 550cb3a365 Fixed #27818 -- Replaced try/except/pass with contextlib.suppress(). 2017-06-28 14:07:55 -04:00
Flávio Juvenal 0af14b2eaa Refs #16870 -- Doc'd that CSRF protection requires the Referer header. 2017-06-22 11:50:00 -04:00
Josh Schneier 37c9b81ebc Fixed #28104 -- Prevented condition decorator from setting ETag/Last-Modified headers for non-safe requests. 2017-06-06 15:37:14 -04:00
Claude Paroz 23142eea85 Fixed #18394 -- Added error for invalid JavaScriptCatalog packages
Thanks Tim Graham for the review.
2017-06-06 18:02:22 +02:00
partizan ff099f9db8 Fixed #28271 -- Added charset to technical_500_response() AJAX response. 2017-06-05 14:43:40 -04:00
Jon Dufresne 2c69824e5a Refs #23968 -- Removed unnecessary lists, generators, and tuple calls. 2017-06-01 19:08:59 -04:00
Adit Biswas c2eea61dff Fixed #28209 -- Made date-based generic views return a 404 rather than crash when given an out of range date. 2017-05-30 13:20:35 -04:00
Tom 7afb476469 Fixed #28226 -- Replaced use of str.join() with concatenation. 2017-05-27 13:59:05 -04:00
Claude Paroz 2cbb095bec Fixed #28221 -- Fixed plural fallback translations in JavaScriptCatalog view
Thanks Waldemar Kornewald for the report and initial patch.
2017-05-25 22:47:21 +02:00
Claude Paroz eb66057c1e Refs #28221 -- Honor plural number in JavaScriptCatalog 2017-05-20 13:23:54 +02:00
Claude Paroz d842ada305 Refs #27795 -- Stopped converting integer format settings to str in JS/JSON i18n views
Thanks Tim Graham for the review.
2017-05-08 19:32:03 +02:00
Claude Paroz 301de774c2 Refs #27795 -- Replaced many force_text() with str()
Thanks Tim Graham for the review.
2017-04-27 09:10:02 +02:00
Tim Graham 56970c5b61 Fixed #28122 -- Fixed crash when overriding views.static.directory_index()'s template. 2017-04-25 11:01:21 -04:00
Tim Graham 8c6a3062dd Fixed #28079 -- Restored "No POST data" (rather than an empty table) in HTML debug page.
Regression in 7b6dccc82f
2017-04-15 09:21:35 -04:00
Abhishek Gautam 941b869135 Fixed #28008 -- Replaced getElementsByClassName() JavaScript in debug view template. 2017-04-14 08:12:14 -04:00
Claude Paroz ea542a9c72 Fixed #28007 -- Moved debug templates to the filesystem
Thanks Tim Graham for the review.
2017-04-12 11:36:47 -04:00
Tim Graham a1f948b468 Fixed CVE-2017-7234 -- Fixed open redirect vulnerability in views.static.serve().
This is a security fix.
2017-04-04 10:42:06 -04:00
Ionuț Ciocîrlan 78619bcb0a Fixed #27987 -- Added default colors in debug view CSS. 2017-03-28 08:55:16 -04:00
Tim Graham b536dcf656 Fixed #27948 -- Removed incorrect unquote() in static serving views. 2017-03-17 07:55:00 -04:00
Claude Paroz 8346680e1c Refs #27795 -- Removed unneeded force_text calls
Thanks Tim Graham for the review.
2017-03-04 18:18:21 +01:00
Anton Samarchyan 711123e1cd Refs #27656 -- Updated django.views docstring verbs according to PEP 257. 2017-03-03 17:05:42 -05:00
Grzegorz Tężycki fede65260a Fixed #26911 -- Removed NoReverseMatch silencing in RedirectView. 2017-03-01 15:56:39 -05:00
Asif Saifuddin Auvi 5f3a689f71 Imported django.http classes instead of django.http. 2017-02-27 14:47:11 -05:00
Tim Graham 21f13ff5b3 Refs #23919 -- Removed an used block in ExceptionReporter.get_traceback_data().
The test from refs #20368 only runs this block on Python 2.
2017-02-09 09:03:28 -05:00
Claude Paroz c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Tim Graham 597bfcbf8b Removed unused ExceptionReporter.format_exception() method.
Unused since its introduction in e7e4b8b0f7.
2017-02-01 19:55:31 -05:00
Tim Graham 0205e04ce7 Removed ExceptionReporter support for string exceptions.
Reverted refs #6423 since raising string exceptions is prohibited
since Python 2.5.
2017-02-01 19:47:39 -05:00