Commit Graph

479 Commits

Author SHA1 Message Date
Andreas Hug a656a68127 Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware. 2018-08-01 09:28:42 -04:00
Claude Paroz b004bd62e8 Fixed #29412 -- Stopped marking slugify() result as HTML safe. 2018-07-20 10:44:30 -04:00
Claude Paroz 0adfba968e Fixed #29578 -- Made numberformat.format() honor forced l10n usage.
Thanks Sassan Haradji for the report.
2018-07-19 16:44:40 -04:00
Sergey Fedoseev 338f741c5e Fixed #29546 -- Deprecated django.utils.timezone.FixedOffset. 2018-07-09 16:33:36 -04:00
Sergey Fedoseev c9088cfc7b Fixed some assertTrue() that were intended to be assertEqual(). 2018-07-09 11:13:40 -04:00
Sergey Fedoseev bdcde79c5f Made test for memoryview handling in force_bytes() more strict. 2018-07-09 11:01:42 -04:00
Przemysław Suliga d22b90b4ea Fixed #29525 -- Allowed is_safe_url()'s allowed_hosts arg to be a string. 2018-06-29 10:17:52 -04:00
Carlton Gibson f4ef71c689 Refs #29514 -- Added test for get_default_timezone()/timezone.utc equality. 2018-06-28 11:14:26 -04:00
Tim Graham 911af0d24b Added more tests for django.utils.html.urlize(). 2018-03-06 08:30:41 -05:00
Tim Graham 97b7dd59bb Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
Thanks James Davis for suggesting the fix.
2018-03-06 08:30:40 -05:00
Tim Graham 8618271caa Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.
Thanks Florian Apolloner for assisting with the patch.
2018-03-06 08:30:40 -05:00
Tim Graham b832de869e
Added tests for utils.html.urlize() (lazy string inputs were untested). 2018-02-10 15:45:57 -05:00
Jonas Haag 8c709d79cb Fixed #17419 -- Added json_tag template filter. 2018-02-07 18:38:12 -05:00
Tim Graham d0a42a14c0 Fixed imports per isort 4.3.1.
Partially reverted 9bcf73d788.
2018-02-02 14:44:07 -05:00
Mariusz Felisiak 9bcf73d788 Fixed imports per isort 4.3.0. 2018-02-01 09:29:46 +01:00
Jon Dufresne ff05de760c Fixed #29038 -- Removed closing slash from HTML void tags. 2018-01-21 02:09:10 -05:00
Jon Dufresne 1e81a4b897 Fixed #28638 -- Made allowed_hosts a required argument of is_safe_url(). 2018-01-11 07:03:50 -05:00
Tim Graham ab7f4c3306 Refs #28965 -- Deprecated unused django.utils.http.cookie_date(). 2018-01-02 11:23:04 -05:00
Sergey Fedoseev ae6fa914aa Fixed #28926 -- Fixed loss of precision of big DurationField values on SQLite and MySQL. 2017-12-28 17:35:41 -05:00
Sergey Fedoseev 93cdd07e8f Used bytes.hex() and bytes.fromhex() to simplify. 2017-11-23 08:52:23 -05:00
Yusuke Miyazaki 278d66b94b Fixed #28501 -- Fixed "python -m django runserver" crash. 2017-11-06 09:58:15 -05:00
Yusuke Miyazaki ac21f2e391 Added RestartWithReloaderTests. 2017-11-06 09:54:31 -05:00
medmunds d1317edad0 Fixed #28739 -- Fixed get_fixed_timezone() for negative timedeltas. 2017-10-24 21:27:53 -04:00
François Freitag 41be85862d Fixed #28679 -- Fixed urlencode()'s handling of bytes.
Regression in fee42fd99e.

Thanks Claude Paroz, Jon Dufresne, and Tim Graham for the guidance.
2017-10-12 09:08:33 -04:00
François Freitag 0e212a705e Split django.utils.http tests into separate test classes. 2017-10-10 08:53:01 -04:00
Mariusz Felisiak fc6528b25a Fixed #28629 -- Made tree.Node instances hashable.
Regression in 508b5debfb which
added Node.__eq__().
2017-09-28 12:07:19 -04:00
Mads Jensen 8ddbe01760 Added a test for pbkdf2()'s default digest algorithm. 2017-09-27 10:36:26 -04:00
Tim Graham ba42456c2e Refs #27648 -- Removed support for (iLmsu) regex groups in url() patterns.
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
Tim Graham 96107e2844 Refs #26956 -- Removed the host parameter of django.utils.http.is_safe_url().
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
Mads Jensen 41a7876991 Added test for too large input to django.utils.http.base36_to_int(). 2017-09-21 10:21:02 -04:00
LBerrocal 54f7aa04a7 Fixed #28306 -- Completed test coverage for django.utils.lorem_ipsum.
Thanks Idan Melamed for the original patch.
2017-09-02 15:50:43 -04:00
Sergey Fedoseev 83440a1258 Refs #28389 -- Added release note and test for pickling of LazyObject when wrapped object doesn't have __reduce__().
Forwardport of 30f334cc58 from stable/1.11.x
2017-07-12 09:30:29 -04:00
Matthew Schinckel 493f7e9e1e Fixed #28076 -- Added support for PostgreSQL's interval format to parse_duration(). 2017-07-03 19:53:19 -04:00
Matthew Schinckel 684c0a35f6 Refs #27804 -- Used subTest() in dateparse tests. 2017-07-03 17:08:58 -04:00
Wil Tan b94d99af5b Refs #28280 -- Added more tests for utils.numberformat.format(). 2017-06-29 13:31:41 -04:00
Georg Sauthoff d0f59054d0 Fixed #28324 -- Made feedgenerators write feeds with deterministically ordered attributes. 2017-06-20 05:38:41 -04:00
Thomas Khyn f6bd00131e Fixed #28241 -- Allowed module_has_submodule()'s module_name arg to be a dotted path. 2017-06-08 14:34:20 -04:00
Jon Dufresne 21046e7773 Fixed #28249 -- Removed unnecessary dict.keys() calls.
iter(dict) is equivalent to iter(dict.keys()).
2017-05-27 19:08:46 -04:00
UmanShahzad 856072dd4a Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs. 2017-05-10 09:02:20 -04:00
Tim Graham 309c10c2cb Refs #20094 -- Removed obsolete tests/utils_tests/test_itercompat.py
The is_iterator() function was removed in 2456ffa42c.
2017-04-26 10:54:06 -04:00
petedmarsh 14671affc3 Fixed #28064 -- Removed double-quoting of key names in MultiValueDictKeyError. 2017-04-11 12:44:52 -04:00
Tim Graham 5ea48a70af Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.
This is a security fix.
2017-04-04 10:42:06 -04:00
Claude Paroz 389c3ffc04 Updated tests after French translation update 2017-04-04 13:07:47 +02:00
Tim Graham 6b4f018b2b Replaced type-specific assertions with assertEqual().
Python docs say, "it's usually not necessary to invoke these methods directly."
2017-03-17 07:51:48 -04:00
Claude Paroz 8346680e1c Refs #27795 -- Removed unneeded force_text calls
Thanks Tim Graham for the review.
2017-03-04 18:18:21 +01:00
Tim Graham 6ae1b04fb5 Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals. 2017-03-04 09:04:16 -05:00
Pavlo Kapyshin b6fbf3e8e5 Fixed #27879 -- Fixed crash if enclosures aren't provided to Atom1Feed.add_item().
Regression in 75cf9b5ac0
2017-02-24 09:46:31 -05:00
Ian Foote 508b5debfb Refs #11964 -- Made Q objects deconstructible. 2017-02-23 20:47:48 -05:00
Tim Graham 007d4e030c Completed test coverage for django.utils.encoding. 2017-02-22 20:54:55 -05:00
Chronial 03281d8fe7 Fixed #26005 -- Fixed some percent decoding cases in uri_to_iri(). 2017-02-09 09:22:00 -05:00
Tim Graham 500532c95d Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode(). 2017-02-09 09:03:47 -05:00
Claude Paroz c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Tim Graham 26619ad7b0 Removed an untested and broken branch in force_bytes() (refs #6353).
The new test crashed in the removed branch. It's unclear if the branch has
value since c6a2bd9b96 didn't include tests.
2017-02-03 19:36:53 -05:00
Tim Graham 2f1394c76d Added a test for force_text()'s DjangoUnicodeDecodeError path. 2017-02-03 19:15:50 -05:00
Claude Paroz a21ec12409 Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escape 2017-02-02 21:01:39 +01:00
Tim Graham f8d52521ab Refs #27804 -- Used subTest() in tests.utils_tests.test_html. 2017-02-02 08:17:00 -05:00
Tim Graham 2af8cd22a9 Imported specific functions in tests.utils_tests.test_html. 2017-02-02 07:23:10 -05:00
Claude Paroz ccfd1295f9 Refs #27795 -- Prevented SafeText from losing safe status on str()
This will allow to replace force_text() by str() in several places (as one of
the features of force_text is to keep the safe status).
2017-01-30 21:10:32 +01:00
Claude Paroz c182d66f69 Reintroduced lazy import from commit 52138b1fd0 2017-01-30 15:17:39 +01:00
Claude Paroz 52138b1fd0 Refs #23919 -- Removed usage of obsolete SafeBytes class
The class will be removed as part of #27753.
Thanks Tim Graham for the review.
2017-01-30 15:04:45 +01:00
Tim Graham 9e9e73735e Refs #23919 -- Removed an obsolete test for a Python 2 code path (refs #15662).
Fixed #21628 by removing the last usage of the imp module.
2017-01-27 17:39:49 -05:00
Claude Paroz fee42fd99e Refs #23919 -- Replaced usage of django.utils.http utilities with Python equivalents
Thanks Tim Graham for the review.
2017-01-26 19:49:03 +01:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Claude Paroz 2366100872 Removed unneeded force_text calls in the test suite 2017-01-24 18:45:54 +01:00
Tim Graham d170c63351 Refs #23919 -- Removed misc references to Python 2. 2017-01-21 20:02:00 -05:00
Tim Graham 7aba69145d Refs #23919 -- Removed django.test.mock Python 2 compatibility shim. 2017-01-20 08:17:20 -05:00
Claude Paroz 042b7350a0 Refs #23919 -- Removed unneeded str() calls 2017-01-20 14:13:55 +01:00
Tim Graham 4e729feaa6 Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage.
These functions do nothing on Python 3.
2017-01-20 08:01:02 -05:00
Tim Graham 109b33f64c Refs #23919 -- Simplified assertRaisesRegex()'s that accounted for Python 2. 2017-01-20 08:49:47 +01:00
Simon Charette cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Claude Paroz 2b281cc35e Refs #23919 -- Removed most of remaining six usage
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz 7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Tim Graham 60ca37d2e5 Refs #24046 -- Removed mark_for_escaping() per deprecation timeline. 2017-01-17 20:52:04 -05:00
Tim Graham eba093e8b0 Refs #25847 -- Removed support for User.is_(anonymous|authenticated) as methods.
Per deprecation timeline.
2017-01-17 20:52:03 -05:00
Jinank Jain f4c0eec713 Fixed #27699 -- Added negative timedelta support to parse_duration() 2017-01-14 11:17:54 +01:00
vinay karanam 6128c1736d Refs #27637 -- Fixed timesince, timeuntil on New Year's Eve in a leap year. 2017-01-02 08:40:44 -05:00
Anton Samarchyan 5cf4894836 Fixed #27628 -- Fixed unarchiving a file without permission data. 2016-12-28 19:14:58 -05:00
Tim Graham 51cde873d9 Fixed #27648 -- Deprecated (iLmsu) regex groups in url() patterns. 2016-12-27 15:59:13 -05:00
Mariusz Felisiak 3e5c5e6754 Fixed #27637 -- Fixed timesince, timeuntil in leap year edge case. 2016-12-27 09:29:11 -05:00
Phil Tysoe bf4516a628 Added tests for django.utils.autoreload. 2016-12-22 09:01:28 -05:00
Mariusz Felisiak 8e3a72f4fb Fixed #27583 -- Fixed MultiValueDict.getlist() crash when values for key is None.
Restored the behavior before 727d7ce6cb.
2016-12-09 15:31:52 -05:00
Tim Graham b5f0b3478d Fixed #27579 -- Added aliases for Python 3's assertion names in SimpleTestCase. 2016-12-07 17:42:31 -05:00
Anton Samarchyan d0112cf930 Fixed #26494 -- Made Archive.extract() preserve file permissions. 2016-12-06 08:28:36 -05:00
Keda87 794b7d8033 Refs #27546 -- Tested some __repr__() methods. 2016-12-01 08:09:38 -05:00
Adam Chainz 71609a5b90 Fixed #27555 -- Removed django.utils.functional.lazy_property. 2016-11-29 19:01:12 -05:00
Ramin Farajpour Cami 0a63ef3f61 Fixed #27463 -- Fixed E741 flake8 warnings. 2016-11-14 17:40:28 -05:00
Ramin Farajpour Cami 967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
za 321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
Joachim Jablon fd78fb82d6 Fixed #27138 -- Restored pre-Python 3.6 behavior of localtime() and make_naive() on Python 3.6.
Reverted test changes in a7a7ecd2b0 and
e43ea36b76 (refs #27025).
2016-11-07 19:07:18 -05:00
Tim Graham 3158695365 Completed django.utils.timezone test coverage. 2016-11-01 14:01:40 -04:00
Tim Graham 414ad25b09 Fixed #27327 -- Simplified time zone handling by requiring pytz. 2016-10-27 08:53:20 -04:00
Reto Aebersold 3ab55c1a8a Fixed #27309 -- Added CallableBool.__hash__(). 2016-10-04 07:44:19 -04:00
Tim Graham e43ea36b76 Refs #27025 -- Fixed a timezone test for Python 3.6.
Reflects behavior changes in PEP 495 (Local Time Disambiguation).
2016-09-17 15:44:06 -04:00
Tim Graham 8119b679eb Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
http://bugs.python.org/issue27364
2016-09-17 15:44:06 -04:00
Jani Tiainen 727d7ce6cb Fixed #27198 -- Made MultiValueDict.getlist() return a new list to prevent mutation. 2016-09-16 15:16:18 -04:00
Kevin Christopher Henry 4ef0e019b7 Fixed #27083 -- Added support for weak ETags. 2016-09-10 08:14:52 -04:00
Jon Dufresne f227b8d15d Refs #26956 -- Allowed is_safe_url() to validate against multiple hosts 2016-09-07 19:56:25 -07:00
Jon Dufresne ff1e7b4eb4 Fixed #25181 -- Added localdate() function to get date in a different time zone.
Thanks Konrad Świat for the original patch.
2016-08-31 17:19:33 -07:00
Olexander Yermakov b7fb608142 Fixed #27154 -- Allowed comparing CallableBool with bitwise or.
Thanks Tim for the review.
2016-08-31 08:27:37 -04:00
Mattias Loverot 9aaeec337e Fixed #26866 -- Added format_lazy function
Added format_lazy function to django.utils.text module.
Useful when dealing with relative complex lazy string concatenations
(e.g. in urls.py when translating urls in regular expressions).
2016-08-24 18:18:17 +02:00
Przemysław Suliga 5e5a17028f Fixed #26902 -- Allowed is_safe_url() to require an https URL.
Thanks Andrew Nester, Berker Peksag, and Tim Graham for reviews.
2016-08-19 18:51:33 -04:00
Tim Graham 5a41ca79dc Replaced 'raise SkipTest' with self.skipTest() in a few tests. 2016-08-16 16:42:27 -04:00
Tim Graham a7a7ecd2b0 Refs #27025 -- Fixed a couple timezone tests for Python 3.6.
Reflects behavior changes in PEP 495 (Local Time Disambiguation).
2016-08-09 18:14:15 -04:00
Tim Graham 54afa960d1 Fixed #26988 -- Improved/clarified User.is_authenticated/anonymous compatibility.
Thanks marktranchant for the report and review.
2016-08-02 11:01:08 -04:00
Dmitry Dygalo ca32979cdc
Made miscellaneous code cleanups 2016-07-21 10:08:19 -04:00
Will Hardy 8ef78b8165 Fixed #26656 -- Added duration (timedelta) support to DjangoJSONEncoder. 2016-07-14 13:34:15 -04:00
Jon Dufresne 4f336f6652 Fixed #26747 -- Used more specific assertions in the Django test suite. 2016-06-16 14:19:18 -04:00
Ville Skyttä fa654da613 Removed usage of a few deprecated unittest assertions. 2016-06-14 09:03:12 -04:00
Scott Vitale be729b6120 Fixed #10107 -- Allowed using mark_safe() as a decorator.
Thanks ArcTanSusan for the initial patch.
2016-06-07 12:24:03 -04:00
Chesco Igual ffd18732f3 Fixed #24781 -- Fixed repr() for lazy objects. 2016-06-04 19:13:00 -04:00
Tim Graham 37aec6b186 Refs #26653 -- Fixed a feedgenerator test that requires a database query on PostgreSQL. 2016-05-30 19:30:45 -04:00
Ketan Bhatt f31fbbae1a Fixed #26653 -- Made SyndicationFeed.latest_post_date() return time in UTC. 2016-05-30 18:36:15 -04:00
Tim Graham 2f0e0eee45 Fixed #24046 -- Deprecated the "escape" half of utils.safestring. 2016-05-10 12:46:47 -04:00
Marko Benko 45c7acdc50 Fixed #26281 -- Added a helpful error message for an invalid format specifier to dateformat.format(). 2016-04-20 20:13:52 -04:00
Tim Graham 92053acbb9 Fixed E128 flake8 warnings in tests/. 2016-04-08 10:12:33 -04:00
Tim Graham 1555d50ea4 Fixed typos in tests/utils_tests/test_ipv6.py test names. 2016-03-23 08:22:17 -04:00
Amine Yaiche 32c8e43ef1 Fixed #26378 -- Allowed a left byte of zero in mixed IPv4/IPv6 validation. 2016-03-23 08:18:29 -04:00
Claude Paroz 552f03869e Added safety to URL decoding in is_safe_url() on Python 2
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
2016-03-04 23:33:35 +01:00
Claude Paroz ada7a4aefb Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()
This fixes a regression introduced by c5544d2892.
Thanks John Eskew for the reporti and Tim Graham for the review.
2016-03-04 21:14:14 +01:00
Mark Striemer c5544d2892 Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
This is a security fix.
2016-03-01 11:25:28 -05:00
Nick Malakhov ee69789f45 Fixed #26269 -- Prohibited spaces in is_valid_ipv6_address(). 2016-02-25 18:52:50 -05:00
Hasan 26ad01719d Refs #26022 -- Replaced six.assertRaisesRegex with assertRaisesMessage as appropriate. 2016-01-29 13:37:33 -05:00
Hasan 253adc2b8a Refs #26022 -- Used context manager version of assertRaisesMessage in tests. 2016-01-29 13:03:39 -05:00
Hasan 3d0dcd7f5a Refs #26022 -- Used context manager version of assertRaises in tests. 2016-01-29 12:32:18 -05:00
Tim Graham 575706331b Cosmetic cleanups in tests/utils_tests/test_numberformat.py 2016-01-29 10:36:58 -05:00
Ben Kraft 13023ba867 Fixed #26122 -- Fixed copying a LazyObject
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4.
2016-01-26 06:56:21 -05:00
userimack 60586dd737 Fixed #26125 -- Fixed E731 flake warnings. 2016-01-25 14:23:43 -05:00
Tim Graham 2765adc8dc Skipped a dateformat test on Windows as needed.
Refs 1014ba026e
2016-01-05 12:46:45 -05:00
Denis Cornehl 186b6c61bf Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.
Thanks Denis Cornehl for help with the patch.
2016-01-05 09:37:11 -05:00
Iacopo Spalletti d693074d43 Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().
Thanks to bmispelon and uruz for the initial patch.
2015-12-12 14:46:48 -05:00
Josh Soref 93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
Aymeric Augustin 1014ba026e Fixed debug view crash during autumn DST change.
This only happens if USE_TZ = False and pytz is installed (perhaps not
the most logical combination, but who am I to jugde?)

Refs #23714 which essentially fixed the same problem when USE_TZ = True.

Thanks Florian and Carl for insisting until I wrote a complete patch.
2015-11-07 23:17:33 +01:00
Ben Kraft 35355a4ffe Fixed #25389 -- Fixed pickling a SimpleLazyObject wrapping a model.
Pickling a `SimpleLazyObject` wrapping a model did not work correctly; in
particular it did not add the `_django_version` attribute added in 42736ac8.
Now it will handle this and other custom `__reduce__` methods correctly.
2015-10-03 13:00:37 -04:00
Tim Graham e5c12f6701 Refs #23613 -- Removed django.utils.checksums per deprecation timeline. 2015-09-23 19:31:10 -04:00
Tim Graham 222d063301 Refs #23269 -- Removed the removetags template tag and related functions per deprecation timeline. 2015-09-23 19:31:09 -04:00
Matt Robenolt b0c56b895f Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
2015-09-16 12:21:50 -04:00
Dražen Odobašić b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
Zan Anderle f3dc173240 Fixed #24917 -- Made admindocs display model methods that take arguments. 2015-09-07 15:07:39 -04:00
Aymeric Augustin b79fc11d73 Made the autoreloader survive all exceptions.
Refs #24704.
2015-08-29 20:50:00 +02:00
Aymeric Augustin c2fcba2ac7 Ensured gen_filenames() yields native strings.
This also fixes a test failure on Python 2 when Django is installed in a
non-ASCII path. This problem cannot happen on Python 3.
2015-08-29 20:49:25 +02:00
Aymeric Augustin dfa712efb8 Refactored autoreload tests.
* Added helpers to test uncached and cached access.
* Fixed test_project_root_locale: it duplicated test_locale_paths_setting.
* Rewrote test_only_new_files: test more cases.
2015-08-29 20:49:24 +02:00
Aymeric Augustin 23620cb8e0 Accounted for error files in the autoreloader.
* When some old files contain errors, the second call to
  gen_filenames() should return them.
* When some new files contain errors, the first call to
  gen_filenames(only_new=True) should return them.
2015-08-29 20:47:38 +02:00
Flavio Curella c2e70f0265 Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField 2015-07-27 18:28:13 -04:00
Edward Henderson f8cc464452 Fixed #16501 -- Added an allow_unicode parameter to SlugField.
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00
darkryder f675afa13c Fixed #25093 -- Added utils.datastructures.OrderedSet.__len__() 2015-07-09 21:20:52 -04:00
Tim Graham aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap.
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Marten Kenbeek 290ff35e6c Fixed #25000 -- Fixed cast to string for lazy objects.
Implemented __str__() to return the string-representation of the
proxied object, not the proxy itself, if the lazy object didn't have
a string-like object in its resultclasses.
2015-06-23 09:16:17 -04:00
Moritz Sichert 98df288dda Fixed #24978 -- Escaped special characters in loaddata fixture paths 2015-06-13 19:45:05 -04:00
Moritz Sichert 296919e7a5 Fixed #24965 -- Made LiveServerTestCase.live_server_url accessible from class 2015-06-12 17:44:54 -04:00
Tomasz Kontusz c2b4967e76 Fixed ImportError message in utils.module_loading.import_string() 2015-06-06 11:45:22 -04:00
Raphael Michel 6700c90935 Fixed #19210 -- Added leap year support to django.utils.timesince() 2015-06-04 21:36:12 -04:00
Raphael Michel 5c125f63f7 Fixed #24728 -- Renamed mime_type to content_type for syndication feeds
Renamed the mime_type properties of RssFeed and Atom1Feed to
content_type and start deprecation for the old names.
2015-06-04 13:24:18 -04:00
zauddelig 262d4db8c4 Fixed #24897 -- Allowed using choices longer than 1 day with DurationField 2015-06-02 12:39:34 -04:00
Tim Graham 70be31bba7 Fixed #24836 -- Made force_text() resolve lazy objects. 2015-05-27 09:48:53 -04:00
Simon Charette be67400b47 Refs #24652 -- Used SimpleTestCase where appropriate. 2015-05-20 13:46:13 -04:00
Aymeric Augustin 06dc6759d8 Factored skip condition when pytz isn't installed. 2015-05-17 10:23:14 +02:00
Tim Graham eda12ceef1 Removed redundant list() calls. 2015-05-16 10:44:07 -04:00
Josh Smeaton 143255c8bb Fixed #22598 -- Allowed make_aware() to work with ambiguous datetime 2015-04-24 13:55:40 -04:00
Moritz Sichert 1f2abf784a Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates. 2015-03-27 19:46:20 -04:00
Tim Graham 011a54315e Made is_safe_url() reject URLs that start with control characters.
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Tim Graham 1c83fc88d6 Fixed an infinite loop possibility in strip_tags().
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Claude Paroz df193b3cef Fixed #24382 -- Allowed unicode chars inside formatted numbers
Thanks Jacob Rief for the report and Tim Graham for the review.
2015-03-09 18:55:28 +01:00
Rik a5b225084f Fixed #23838 -- added missing `__iter__` to LazyObject 2015-03-08 15:42:23 +01:00
Aymeric Augustin a8fe12417f Normalized usage of the tempfile module.
Specifically stopped using the dir argument.
2015-02-23 16:55:27 +01:00
Tim Graham 307c0f299a Refs #24324 -- Fixed Python 2 test failures when path to Django source contains non-ASCII characters. 2015-02-17 19:03:03 -05:00
Lukas Klein 93b3ef9b2e Fixed #24321 -- Improved `utils.http.same_origin` compliance with RFC6454 2015-02-12 08:58:35 +01:00
Varun Sharma 540ca563de Fixed #24181 -- Fixed multi-char THOUSAND_SEPARATOR insertion
Report and original patch by Kay Cha.
2015-02-08 20:00:57 +01:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Matthew Somerville caa3562d5b Fixed #24242 -- Improved efficiency of utils.text.compress_sequence()
The function no longer flushes zfile after each write as doing so can
lead to the gzipped streamed content being larger than the original
content; each flush adds a 5/6 byte type 0 block. Removing this means
buf.read() may return nothing, so only yield if that has some data.
Testing shows without the flush() the buffer is being flushed every 17k
or so and compresses the same as if it had been done as a whole string.
2015-02-04 13:04:00 -05:00
darkryder 9ec8aa5e5d Fixed #24149 -- Normalized tuple settings to lists. 2015-02-03 14:59:45 -05:00
Loic Bistuer 3a4c9e1b43 Cleaned up some forms tests.
Thanks Berker Peksag and Tim Graham for the reviews. Refs #24219.
2015-01-27 22:39:57 +07:00
Tim Graham d029fafea1 Removed utils.module_loading.import_by_path() per deprecation timeline; refs #21674. 2015-01-18 12:51:15 -05:00
Tim Graham df3f3bbe29 Removed utils.text.javascript_quote() per deprecation timeline; refs #21725. 2015-01-17 12:41:49 -05:00
Tim Graham 1b0365ad34 Removed django.utils.tzinfo per deprecation timeline; refs #17262. 2015-01-17 09:32:33 -05:00
Tim Graham c820892eed Removed django.utils.datastructures.SortedDict per deprecation timeline. 2015-01-17 08:40:23 -05:00
Tim Graham 37b7776a01 Removed django.utils.datastructures.MergeDict per deprecation timeline; refs #18659. 2015-01-17 08:13:36 -05:00
Tim Graham 69b5e66738 Fixed is_safe_url() to handle leading whitespace.
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Aymeric Augustin 79deb6a071 Accounted for multiple template engines in template responses. 2015-01-12 21:01:34 +01:00
Claude Paroz 51890ce889 Applied ignore_warnings to Django tests 2014-12-30 18:16:25 +01:00
Aymeric Augustin 6d52f6f8e6 Fixed #23831 -- Supported strings escaped by third-party libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Aymeric Augustin 5c5eb5fea4 Fixed an inconsistency introduced in 547b1810.
mark_safe and mark_for_escaping should have been kept similar.

On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
2014-12-27 17:44:54 +01:00
Gavin Wahl b4e76f30d1 Fixed #23346 -- Fixed lazy() to lookup methods on the real object, not resultclasses.
Co-Authored-By: Rocky Meza <rmeza@fusionbox.com>
2014-12-26 11:30:34 -05:00
Oscar Ramirez 54085b0f9b Fixed #23998 -- Added datetime.time support to migrations questioner. 2014-12-22 07:24:54 -05:00
Marc Tamlyn 57554442fe Fixed #2443 -- Added DurationField.
A field for storing periods of time - modeled in Python by timedelta. It
is stored in the native interval data type on PostgreSQL and as a bigint
of microseconds on other backends.

Also includes significant changes to the internals of time related maths
in expressions, including the removal of DateModifierNode.

Thanks to Tim and Josh in particular for reviews.
2014-12-20 18:28:29 +00:00
Michael Hall 895dc880eb Fixed #23812 -- Changed django.utils.six.moves.xrange imports to range 2014-12-13 12:45:58 -05:00
Diego Guimarães 9f427617e4 Refs #23947 -- Worked around a bug in Python that prevents deprecation warnings from appearing in tests. 2014-12-06 14:46:01 -05:00
Berker Peksag 560b4207b1 Removed redundant numbered parameters from str.format().
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Eric Rouleau 9d1a69579b Fixed #23935 -- Converted decimals to fixed point in utils.numberformat.format 2014-12-03 07:49:06 -05:00
Aymeric Augustin b8ba73cd0c Raised SuspiciousFileOperation in safe_join.
Added a test for the condition safe_join is designed to prevent.

Previously, a generic ValueError was raised. It was impossible to tell
an intentional exception raised to implement safe_join's contract from
an unintentional exception caused by incorrect inputs or unexpected
conditions. That resulted in bizarre exception catching patterns, which
this patch removes.

Since safe_join is a private API and since the change is unlikely to
create security issues for users who use it anyway -- at worst, an
uncaught SuspiciousFileOperation exception will bubble up -- it isn't
documented.
2014-11-11 19:05:14 +01:00
Thomas Chaumeny d89f56dc4d Fixed #21281 -- Made override_settings act at class level when used as a TestCase decorator. 2014-11-03 14:14:39 -05:00
Berker Peksag f7969b0920 Fixed #23620 -- Used more specific assertions in the Django test suite. 2014-11-03 11:56:37 -05:00
Unai Zalakain c548c8d0d1 Fixed #18456 -- Added path escaping to HttpRequest.get_full_path(). 2014-11-03 07:59:19 -05:00
Markus Holtermann 98da408964 Fixed #23670 -- Prevented partial import state during module autodiscovery
Thanks kostko for the report.
2014-10-31 08:01:47 -04:00
John-Scott Atlakson dbf7a3df45 Fixed #23688 -- Updated cached_property to preserve docstring of original function 2014-10-20 17:59:07 -04:00
Jon Dufresne 54e695331b Fixed #20221 -- Allowed some functions that use mark_safe() to result in SafeText.
Thanks Baptiste Mispelon for the report.
2014-10-20 17:08:29 -04:00
Thomas Chaumeny b962653060 Fixed #23664 -- Provided a consistent definition for OrderedSet.__bool__
This also defines QuerySet.__bool__ for consistency though this should not have any consequence as bool(qs) used to fallback on QuerySet.__len__ in Py3.
2014-10-16 14:16:24 +02:00
Anubhav Joshi 10b17a22be Fixed #19508 -- Implemented uri_to_iri as per RFC.
Thanks Loic Bistuer for helping in shaping the patch and Claude Paroz
for the review.
2014-10-16 02:31:17 +07:00
Florian Apolloner 3af5af1a61 Fixed remaining test failure in jslex tests. 2014-10-15 17:36:19 +02:00