Andreas Hug
a656a68127
Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.
2018-08-01 09:28:42 -04:00
Claude Paroz
b004bd62e8
Fixed #29412 -- Stopped marking slugify() result as HTML safe.
2018-07-20 10:44:30 -04:00
Claude Paroz
0adfba968e
Fixed #29578 -- Made numberformat.format() honor forced l10n usage.
...
Thanks Sassan Haradji for the report.
2018-07-19 16:44:40 -04:00
Sergey Fedoseev
338f741c5e
Fixed #29546 -- Deprecated django.utils.timezone.FixedOffset.
2018-07-09 16:33:36 -04:00
Sergey Fedoseev
c9088cfc7b
Fixed some assertTrue() that were intended to be assertEqual().
2018-07-09 11:13:40 -04:00
Sergey Fedoseev
bdcde79c5f
Made test for memoryview handling in force_bytes() more strict.
2018-07-09 11:01:42 -04:00
Przemysław Suliga
d22b90b4ea
Fixed #29525 -- Allowed is_safe_url()'s allowed_hosts arg to be a string.
2018-06-29 10:17:52 -04:00
Carlton Gibson
f4ef71c689
Refs #29514 -- Added test for get_default_timezone()/timezone.utc equality.
2018-06-28 11:14:26 -04:00
Tim Graham
911af0d24b
Added more tests for django.utils.html.urlize().
2018-03-06 08:30:41 -05:00
Tim Graham
97b7dd59bb
Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
...
Thanks James Davis for suggesting the fix.
2018-03-06 08:30:40 -05:00
Tim Graham
8618271caa
Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.
...
Thanks Florian Apolloner for assisting with the patch.
2018-03-06 08:30:40 -05:00
Tim Graham
b832de869e
Added tests for utils.html.urlize() (lazy string inputs were untested).
2018-02-10 15:45:57 -05:00
Jonas Haag
8c709d79cb
Fixed #17419 -- Added json_tag template filter.
2018-02-07 18:38:12 -05:00
Tim Graham
d0a42a14c0
Fixed imports per isort 4.3.1.
...
Partially reverted 9bcf73d788
.
2018-02-02 14:44:07 -05:00
Mariusz Felisiak
9bcf73d788
Fixed imports per isort 4.3.0.
2018-02-01 09:29:46 +01:00
Jon Dufresne
ff05de760c
Fixed #29038 -- Removed closing slash from HTML void tags.
2018-01-21 02:09:10 -05:00
Jon Dufresne
1e81a4b897
Fixed #28638 -- Made allowed_hosts a required argument of is_safe_url().
2018-01-11 07:03:50 -05:00
Tim Graham
ab7f4c3306
Refs #28965 -- Deprecated unused django.utils.http.cookie_date().
2018-01-02 11:23:04 -05:00
Sergey Fedoseev
ae6fa914aa
Fixed #28926 -- Fixed loss of precision of big DurationField values on SQLite and MySQL.
2017-12-28 17:35:41 -05:00
Sergey Fedoseev
93cdd07e8f
Used bytes.hex() and bytes.fromhex() to simplify.
2017-11-23 08:52:23 -05:00
Yusuke Miyazaki
278d66b94b
Fixed #28501 -- Fixed "python -m django runserver" crash.
2017-11-06 09:58:15 -05:00
Yusuke Miyazaki
ac21f2e391
Added RestartWithReloaderTests.
2017-11-06 09:54:31 -05:00
medmunds
d1317edad0
Fixed #28739 -- Fixed get_fixed_timezone() for negative timedeltas.
2017-10-24 21:27:53 -04:00
François Freitag
41be85862d
Fixed #28679 -- Fixed urlencode()'s handling of bytes.
...
Regression in fee42fd99e
.
Thanks Claude Paroz, Jon Dufresne, and Tim Graham for the guidance.
2017-10-12 09:08:33 -04:00
François Freitag
0e212a705e
Split django.utils.http tests into separate test classes.
2017-10-10 08:53:01 -04:00
Mariusz Felisiak
fc6528b25a
Fixed #28629 -- Made tree.Node instances hashable.
...
Regression in 508b5debfb
which
added Node.__eq__().
2017-09-28 12:07:19 -04:00
Mads Jensen
8ddbe01760
Added a test for pbkdf2()'s default digest algorithm.
2017-09-27 10:36:26 -04:00
Tim Graham
ba42456c2e
Refs #27648 -- Removed support for (iLmsu) regex groups in url() patterns.
...
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
Tim Graham
96107e2844
Refs #26956 -- Removed the host parameter of django.utils.http.is_safe_url().
...
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
Mads Jensen
41a7876991
Added test for too large input to django.utils.http.base36_to_int().
2017-09-21 10:21:02 -04:00
LBerrocal
54f7aa04a7
Fixed #28306 -- Completed test coverage for django.utils.lorem_ipsum.
...
Thanks Idan Melamed for the original patch.
2017-09-02 15:50:43 -04:00
Sergey Fedoseev
83440a1258
Refs #28389 -- Added release note and test for pickling of LazyObject when wrapped object doesn't have __reduce__().
...
Forwardport of 30f334cc58
from stable/1.11.x
2017-07-12 09:30:29 -04:00
Matthew Schinckel
493f7e9e1e
Fixed #28076 -- Added support for PostgreSQL's interval format to parse_duration().
2017-07-03 19:53:19 -04:00
Matthew Schinckel
684c0a35f6
Refs #27804 -- Used subTest() in dateparse tests.
2017-07-03 17:08:58 -04:00
Wil Tan
b94d99af5b
Refs #28280 -- Added more tests for utils.numberformat.format().
2017-06-29 13:31:41 -04:00
Georg Sauthoff
d0f59054d0
Fixed #28324 -- Made feedgenerators write feeds with deterministically ordered attributes.
2017-06-20 05:38:41 -04:00
Thomas Khyn
f6bd00131e
Fixed #28241 -- Allowed module_has_submodule()'s module_name arg to be a dotted path.
2017-06-08 14:34:20 -04:00
Jon Dufresne
21046e7773
Fixed #28249 -- Removed unnecessary dict.keys() calls.
...
iter(dict) is equivalent to iter(dict.keys()).
2017-05-27 19:08:46 -04:00
UmanShahzad
856072dd4a
Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs.
2017-05-10 09:02:20 -04:00
Tim Graham
309c10c2cb
Refs #20094 -- Removed obsolete tests/utils_tests/test_itercompat.py
...
The is_iterator() function was removed in 2456ffa42c
.
2017-04-26 10:54:06 -04:00
petedmarsh
14671affc3
Fixed #28064 -- Removed double-quoting of key names in MultiValueDictKeyError.
2017-04-11 12:44:52 -04:00
Tim Graham
5ea48a70af
Fixed #27912 , CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.
...
This is a security fix.
2017-04-04 10:42:06 -04:00
Claude Paroz
389c3ffc04
Updated tests after French translation update
2017-04-04 13:07:47 +02:00
Tim Graham
6b4f018b2b
Replaced type-specific assertions with assertEqual().
...
Python docs say, "it's usually not necessary to invoke these methods directly."
2017-03-17 07:51:48 -04:00
Claude Paroz
8346680e1c
Refs #27795 -- Removed unneeded force_text calls
...
Thanks Tim Graham for the review.
2017-03-04 18:18:21 +01:00
Tim Graham
6ae1b04fb5
Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals.
2017-03-04 09:04:16 -05:00
Pavlo Kapyshin
b6fbf3e8e5
Fixed #27879 -- Fixed crash if enclosures aren't provided to Atom1Feed.add_item().
...
Regression in 75cf9b5ac0
2017-02-24 09:46:31 -05:00
Ian Foote
508b5debfb
Refs #11964 -- Made Q objects deconstructible.
2017-02-23 20:47:48 -05:00
Tim Graham
007d4e030c
Completed test coverage for django.utils.encoding.
2017-02-22 20:54:55 -05:00
Chronial
03281d8fe7
Fixed #26005 -- Fixed some percent decoding cases in uri_to_iri().
2017-02-09 09:22:00 -05:00
Tim Graham
500532c95d
Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode().
2017-02-09 09:03:47 -05:00
Claude Paroz
c651331b34
Converted usage of ugettext* functions to their gettext* aliases
...
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Tim Graham
26619ad7b0
Removed an untested and broken branch in force_bytes() (refs #6353 ).
...
The new test crashed in the removed branch. It's unclear if the branch has
value since c6a2bd9b96
didn't include tests.
2017-02-03 19:36:53 -05:00
Tim Graham
2f1394c76d
Added a test for force_text()'s DjangoUnicodeDecodeError path.
2017-02-03 19:15:50 -05:00
Claude Paroz
a21ec12409
Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escape
2017-02-02 21:01:39 +01:00
Tim Graham
f8d52521ab
Refs #27804 -- Used subTest() in tests.utils_tests.test_html.
2017-02-02 08:17:00 -05:00
Tim Graham
2af8cd22a9
Imported specific functions in tests.utils_tests.test_html.
2017-02-02 07:23:10 -05:00
Claude Paroz
ccfd1295f9
Refs #27795 -- Prevented SafeText from losing safe status on str()
...
This will allow to replace force_text() by str() in several places (as one of
the features of force_text is to keep the safe status).
2017-01-30 21:10:32 +01:00
Claude Paroz
c182d66f69
Reintroduced lazy import from commit 52138b1fd0
2017-01-30 15:17:39 +01:00
Claude Paroz
52138b1fd0
Refs #23919 -- Removed usage of obsolete SafeBytes class
...
The class will be removed as part of #27753 .
Thanks Tim Graham for the review.
2017-01-30 15:04:45 +01:00
Tim Graham
9e9e73735e
Refs #23919 -- Removed an obsolete test for a Python 2 code path (refs #15662 ).
...
Fixed #21628 by removing the last usage of the imp module.
2017-01-27 17:39:49 -05:00
Claude Paroz
fee42fd99e
Refs #23919 -- Replaced usage of django.utils.http utilities with Python equivalents
...
Thanks Tim Graham for the review.
2017-01-26 19:49:03 +01:00
chillaranand
d6eaf7c018
Refs #23919 -- Replaced super(ClassName, self) with super().
2017-01-25 12:23:46 -05:00
Claude Paroz
2366100872
Removed unneeded force_text calls in the test suite
2017-01-24 18:45:54 +01:00
Tim Graham
d170c63351
Refs #23919 -- Removed misc references to Python 2.
2017-01-21 20:02:00 -05:00
Tim Graham
7aba69145d
Refs #23919 -- Removed django.test.mock Python 2 compatibility shim.
2017-01-20 08:17:20 -05:00
Claude Paroz
042b7350a0
Refs #23919 -- Removed unneeded str() calls
2017-01-20 14:13:55 +01:00
Tim Graham
4e729feaa6
Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage.
...
These functions do nothing on Python 3.
2017-01-20 08:01:02 -05:00
Tim Graham
109b33f64c
Refs #23919 -- Simplified assertRaisesRegex()'s that accounted for Python 2.
2017-01-20 08:49:47 +01:00
Simon Charette
cecc079168
Refs #23919 -- Stopped inheriting from object to define new style classes.
2017-01-19 08:39:46 +01:00
Claude Paroz
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz
7b2f2e74ad
Refs #23919 -- Removed six.<various>_types usage
...
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
Tim Graham
60ca37d2e5
Refs #24046 -- Removed mark_for_escaping() per deprecation timeline.
2017-01-17 20:52:04 -05:00
Tim Graham
eba093e8b0
Refs #25847 -- Removed support for User.is_(anonymous|authenticated) as methods.
...
Per deprecation timeline.
2017-01-17 20:52:03 -05:00
Jinank Jain
f4c0eec713
Fixed #27699 -- Added negative timedelta support to parse_duration()
2017-01-14 11:17:54 +01:00
vinay karanam
6128c1736d
Refs #27637 -- Fixed timesince, timeuntil on New Year's Eve in a leap year.
2017-01-02 08:40:44 -05:00
Anton Samarchyan
5cf4894836
Fixed #27628 -- Fixed unarchiving a file without permission data.
2016-12-28 19:14:58 -05:00
Tim Graham
51cde873d9
Fixed #27648 -- Deprecated (iLmsu) regex groups in url() patterns.
2016-12-27 15:59:13 -05:00
Mariusz Felisiak
3e5c5e6754
Fixed #27637 -- Fixed timesince, timeuntil in leap year edge case.
2016-12-27 09:29:11 -05:00
Phil Tysoe
bf4516a628
Added tests for django.utils.autoreload.
2016-12-22 09:01:28 -05:00
Mariusz Felisiak
8e3a72f4fb
Fixed #27583 -- Fixed MultiValueDict.getlist() crash when values for key is None.
...
Restored the behavior before 727d7ce6cb
.
2016-12-09 15:31:52 -05:00
Tim Graham
b5f0b3478d
Fixed #27579 -- Added aliases for Python 3's assertion names in SimpleTestCase.
2016-12-07 17:42:31 -05:00
Anton Samarchyan
d0112cf930
Fixed #26494 -- Made Archive.extract() preserve file permissions.
2016-12-06 08:28:36 -05:00
Keda87
794b7d8033
Refs #27546 -- Tested some __repr__() methods.
2016-12-01 08:09:38 -05:00
Adam Chainz
71609a5b90
Fixed #27555 -- Removed django.utils.functional.lazy_property.
2016-11-29 19:01:12 -05:00
Ramin Farajpour Cami
0a63ef3f61
Fixed #27463 -- Fixed E741 flake8 warnings.
2016-11-14 17:40:28 -05:00
Ramin Farajpour Cami
967be82443
Fixed E305 flake8 warnings.
2016-11-14 12:30:46 -05:00
za
321e94fa41
Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.
2016-11-10 21:30:21 -05:00
Joachim Jablon
fd78fb82d6
Fixed #27138 -- Restored pre-Python 3.6 behavior of localtime() and make_naive() on Python 3.6.
...
Reverted test changes in a7a7ecd2b0
and
e43ea36b76
(refs #27025 ).
2016-11-07 19:07:18 -05:00
Tim Graham
3158695365
Completed django.utils.timezone test coverage.
2016-11-01 14:01:40 -04:00
Tim Graham
414ad25b09
Fixed #27327 -- Simplified time zone handling by requiring pytz.
2016-10-27 08:53:20 -04:00
Reto Aebersold
3ab55c1a8a
Fixed #27309 -- Added CallableBool.__hash__().
2016-10-04 07:44:19 -04:00
Tim Graham
e43ea36b76
Refs #27025 -- Fixed a timezone test for Python 3.6.
...
Reflects behavior changes in PEP 495 (Local Time Disambiguation).
2016-09-17 15:44:06 -04:00
Tim Graham
8119b679eb
Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
...
http://bugs.python.org/issue27364
2016-09-17 15:44:06 -04:00
Jani Tiainen
727d7ce6cb
Fixed #27198 -- Made MultiValueDict.getlist() return a new list to prevent mutation.
2016-09-16 15:16:18 -04:00
Kevin Christopher Henry
4ef0e019b7
Fixed #27083 -- Added support for weak ETags.
2016-09-10 08:14:52 -04:00
Jon Dufresne
f227b8d15d
Refs #26956 -- Allowed is_safe_url() to validate against multiple hosts
2016-09-07 19:56:25 -07:00
Jon Dufresne
ff1e7b4eb4
Fixed #25181 -- Added localdate() function to get date in a different time zone.
...
Thanks Konrad Świat for the original patch.
2016-08-31 17:19:33 -07:00
Olexander Yermakov
b7fb608142
Fixed #27154 -- Allowed comparing CallableBool with bitwise or.
...
Thanks Tim for the review.
2016-08-31 08:27:37 -04:00
Mattias Loverot
9aaeec337e
Fixed #26866 -- Added format_lazy function
...
Added format_lazy function to django.utils.text module.
Useful when dealing with relative complex lazy string concatenations
(e.g. in urls.py when translating urls in regular expressions).
2016-08-24 18:18:17 +02:00
Przemysław Suliga
5e5a17028f
Fixed #26902 -- Allowed is_safe_url() to require an https URL.
...
Thanks Andrew Nester, Berker Peksag, and Tim Graham for reviews.
2016-08-19 18:51:33 -04:00
Tim Graham
5a41ca79dc
Replaced 'raise SkipTest' with self.skipTest() in a few tests.
2016-08-16 16:42:27 -04:00
Tim Graham
a7a7ecd2b0
Refs #27025 -- Fixed a couple timezone tests for Python 3.6.
...
Reflects behavior changes in PEP 495 (Local Time Disambiguation).
2016-08-09 18:14:15 -04:00
Tim Graham
54afa960d1
Fixed #26988 -- Improved/clarified User.is_authenticated/anonymous compatibility.
...
Thanks marktranchant for the report and review.
2016-08-02 11:01:08 -04:00
Dmitry Dygalo
ca32979cdc
Made miscellaneous code cleanups
2016-07-21 10:08:19 -04:00
Will Hardy
8ef78b8165
Fixed #26656 -- Added duration (timedelta) support to DjangoJSONEncoder.
2016-07-14 13:34:15 -04:00
Jon Dufresne
4f336f6652
Fixed #26747 -- Used more specific assertions in the Django test suite.
2016-06-16 14:19:18 -04:00
Ville Skyttä
fa654da613
Removed usage of a few deprecated unittest assertions.
2016-06-14 09:03:12 -04:00
Scott Vitale
be729b6120
Fixed #10107 -- Allowed using mark_safe() as a decorator.
...
Thanks ArcTanSusan for the initial patch.
2016-06-07 12:24:03 -04:00
Chesco Igual
ffd18732f3
Fixed #24781 -- Fixed repr() for lazy objects.
2016-06-04 19:13:00 -04:00
Tim Graham
37aec6b186
Refs #26653 -- Fixed a feedgenerator test that requires a database query on PostgreSQL.
2016-05-30 19:30:45 -04:00
Ketan Bhatt
f31fbbae1a
Fixed #26653 -- Made SyndicationFeed.latest_post_date() return time in UTC.
2016-05-30 18:36:15 -04:00
Tim Graham
2f0e0eee45
Fixed #24046 -- Deprecated the "escape" half of utils.safestring.
2016-05-10 12:46:47 -04:00
Marko Benko
45c7acdc50
Fixed #26281 -- Added a helpful error message for an invalid format specifier to dateformat.format().
2016-04-20 20:13:52 -04:00
Tim Graham
92053acbb9
Fixed E128 flake8 warnings in tests/.
2016-04-08 10:12:33 -04:00
Tim Graham
1555d50ea4
Fixed typos in tests/utils_tests/test_ipv6.py test names.
2016-03-23 08:22:17 -04:00
Amine Yaiche
32c8e43ef1
Fixed #26378 -- Allowed a left byte of zero in mixed IPv4/IPv6 validation.
2016-03-23 08:18:29 -04:00
Claude Paroz
552f03869e
Added safety to URL decoding in is_safe_url() on Python 2
...
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218
and ada7a4aef
.
2016-03-04 23:33:35 +01:00
Claude Paroz
ada7a4aefb
Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()
...
This fixes a regression introduced by c5544d2892
.
Thanks John Eskew for the reporti and Tim Graham for the review.
2016-03-04 21:14:14 +01:00
Mark Striemer
c5544d2892
Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
...
This is a security fix.
2016-03-01 11:25:28 -05:00
Nick Malakhov
ee69789f45
Fixed #26269 -- Prohibited spaces in is_valid_ipv6_address().
2016-02-25 18:52:50 -05:00
Hasan
26ad01719d
Refs #26022 -- Replaced six.assertRaisesRegex with assertRaisesMessage as appropriate.
2016-01-29 13:37:33 -05:00
Hasan
253adc2b8a
Refs #26022 -- Used context manager version of assertRaisesMessage in tests.
2016-01-29 13:03:39 -05:00
Hasan
3d0dcd7f5a
Refs #26022 -- Used context manager version of assertRaises in tests.
2016-01-29 12:32:18 -05:00
Tim Graham
575706331b
Cosmetic cleanups in tests/utils_tests/test_numberformat.py
2016-01-29 10:36:58 -05:00
Ben Kraft
13023ba867
Fixed #26122 -- Fixed copying a LazyObject
...
Shallow copying of `django.utils.functional.LazyObject` or its subclasses has
been broken in a couple of different ways in the past, most recently due to
35355a4
.
2016-01-26 06:56:21 -05:00
userimack
60586dd737
Fixed #26125 -- Fixed E731 flake warnings.
2016-01-25 14:23:43 -05:00
Tim Graham
2765adc8dc
Skipped a dateformat test on Windows as needed.
...
Refs 1014ba026e
2016-01-05 12:46:45 -05:00
Denis Cornehl
186b6c61bf
Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.
...
Thanks Denis Cornehl for help with the patch.
2016-01-05 09:37:11 -05:00
Iacopo Spalletti
d693074d43
Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().
...
Thanks to bmispelon and uruz for the initial patch.
2015-12-12 14:46:48 -05:00
Josh Soref
93452a70e8
Fixed many spelling mistakes in code, comments, and docs.
2015-12-03 12:48:24 -05:00
Aymeric Augustin
1014ba026e
Fixed debug view crash during autumn DST change.
...
This only happens if USE_TZ = False and pytz is installed (perhaps not
the most logical combination, but who am I to jugde?)
Refs #23714 which essentially fixed the same problem when USE_TZ = True.
Thanks Florian and Carl for insisting until I wrote a complete patch.
2015-11-07 23:17:33 +01:00
Ben Kraft
35355a4ffe
Fixed #25389 -- Fixed pickling a SimpleLazyObject wrapping a model.
...
Pickling a `SimpleLazyObject` wrapping a model did not work correctly; in
particular it did not add the `_django_version` attribute added in 42736ac8
.
Now it will handle this and other custom `__reduce__` methods correctly.
2015-10-03 13:00:37 -04:00
Tim Graham
e5c12f6701
Refs #23613 -- Removed django.utils.checksums per deprecation timeline.
2015-09-23 19:31:10 -04:00
Tim Graham
222d063301
Refs #23269 -- Removed the removetags template tag and related functions per deprecation timeline.
2015-09-23 19:31:09 -04:00
Matt Robenolt
b0c56b895f
Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
...
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
2015-09-16 12:21:50 -04:00
Dražen Odobašić
b1e33ceced
Fixed #23395 -- Limited line lengths to 119 characters.
2015-09-12 11:40:50 -04:00
Zan Anderle
f3dc173240
Fixed #24917 -- Made admindocs display model methods that take arguments.
2015-09-07 15:07:39 -04:00
Aymeric Augustin
b79fc11d73
Made the autoreloader survive all exceptions.
...
Refs #24704 .
2015-08-29 20:50:00 +02:00
Aymeric Augustin
c2fcba2ac7
Ensured gen_filenames() yields native strings.
...
This also fixes a test failure on Python 2 when Django is installed in a
non-ASCII path. This problem cannot happen on Python 3.
2015-08-29 20:49:25 +02:00
Aymeric Augustin
dfa712efb8
Refactored autoreload tests.
...
* Added helpers to test uncached and cached access.
* Fixed test_project_root_locale: it duplicated test_locale_paths_setting.
* Rewrote test_only_new_files: test more cases.
2015-08-29 20:49:24 +02:00
Aymeric Augustin
23620cb8e0
Accounted for error files in the autoreloader.
...
* When some old files contain errors, the second call to
gen_filenames() should return them.
* When some new files contain errors, the first call to
gen_filenames(only_new=True) should return them.
2015-08-29 20:47:38 +02:00
Flavio Curella
c2e70f0265
Fixed #21127 -- Started deprecation toward requiring on_delete for ForeignKey/OneToOneField
2015-07-27 18:28:13 -04:00
Edward Henderson
f8cc464452
Fixed #16501 -- Added an allow_unicode parameter to SlugField.
...
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00
darkryder
f675afa13c
Fixed #25093 -- Added utils.datastructures.OrderedSet.__len__()
2015-07-09 21:20:52 -04:00
Tim Graham
aaacaeb096
Renamed RemovedInDjangoXYWarnings for new roadmap.
...
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Marten Kenbeek
290ff35e6c
Fixed #25000 -- Fixed cast to string for lazy objects.
...
Implemented __str__() to return the string-representation of the
proxied object, not the proxy itself, if the lazy object didn't have
a string-like object in its resultclasses.
2015-06-23 09:16:17 -04:00
Moritz Sichert
98df288dda
Fixed #24978 -- Escaped special characters in loaddata fixture paths
2015-06-13 19:45:05 -04:00
Moritz Sichert
296919e7a5
Fixed #24965 -- Made LiveServerTestCase.live_server_url accessible from class
2015-06-12 17:44:54 -04:00
Tomasz Kontusz
c2b4967e76
Fixed ImportError message in utils.module_loading.import_string()
2015-06-06 11:45:22 -04:00
Raphael Michel
6700c90935
Fixed #19210 -- Added leap year support to django.utils.timesince()
2015-06-04 21:36:12 -04:00
Raphael Michel
5c125f63f7
Fixed #24728 -- Renamed mime_type to content_type for syndication feeds
...
Renamed the mime_type properties of RssFeed and Atom1Feed to
content_type and start deprecation for the old names.
2015-06-04 13:24:18 -04:00
zauddelig
262d4db8c4
Fixed #24897 -- Allowed using choices longer than 1 day with DurationField
2015-06-02 12:39:34 -04:00
Tim Graham
70be31bba7
Fixed #24836 -- Made force_text() resolve lazy objects.
2015-05-27 09:48:53 -04:00
Simon Charette
be67400b47
Refs #24652 -- Used SimpleTestCase where appropriate.
2015-05-20 13:46:13 -04:00
Aymeric Augustin
06dc6759d8
Factored skip condition when pytz isn't installed.
2015-05-17 10:23:14 +02:00
Tim Graham
eda12ceef1
Removed redundant list() calls.
2015-05-16 10:44:07 -04:00
Josh Smeaton
143255c8bb
Fixed #22598 -- Allowed make_aware() to work with ambiguous datetime
2015-04-24 13:55:40 -04:00
Moritz Sichert
1f2abf784a
Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates.
2015-03-27 19:46:20 -04:00
Tim Graham
011a54315e
Made is_safe_url() reject URLs that start with control characters.
...
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Tim Graham
1c83fc88d6
Fixed an infinite loop possibility in strip_tags().
...
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Claude Paroz
df193b3cef
Fixed #24382 -- Allowed unicode chars inside formatted numbers
...
Thanks Jacob Rief for the report and Tim Graham for the review.
2015-03-09 18:55:28 +01:00
Rik
a5b225084f
Fixed #23838 -- added missing `__iter__` to LazyObject
2015-03-08 15:42:23 +01:00
Aymeric Augustin
a8fe12417f
Normalized usage of the tempfile module.
...
Specifically stopped using the dir argument.
2015-02-23 16:55:27 +01:00
Tim Graham
307c0f299a
Refs #24324 -- Fixed Python 2 test failures when path to Django source contains non-ASCII characters.
2015-02-17 19:03:03 -05:00
Lukas Klein
93b3ef9b2e
Fixed #24321 -- Improved `utils.http.same_origin` compliance with RFC6454
2015-02-12 08:58:35 +01:00
Varun Sharma
540ca563de
Fixed #24181 -- Fixed multi-char THOUSAND_SEPARATOR insertion
...
Report and original patch by Kay Cha.
2015-02-08 20:00:57 +01:00
Tim Graham
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
Matthew Somerville
caa3562d5b
Fixed #24242 -- Improved efficiency of utils.text.compress_sequence()
...
The function no longer flushes zfile after each write as doing so can
lead to the gzipped streamed content being larger than the original
content; each flush adds a 5/6 byte type 0 block. Removing this means
buf.read() may return nothing, so only yield if that has some data.
Testing shows without the flush() the buffer is being flushed every 17k
or so and compresses the same as if it had been done as a whole string.
2015-02-04 13:04:00 -05:00
darkryder
9ec8aa5e5d
Fixed #24149 -- Normalized tuple settings to lists.
2015-02-03 14:59:45 -05:00
Loic Bistuer
3a4c9e1b43
Cleaned up some forms tests.
...
Thanks Berker Peksag and Tim Graham for the reviews. Refs #24219 .
2015-01-27 22:39:57 +07:00
Tim Graham
d029fafea1
Removed utils.module_loading.import_by_path() per deprecation timeline; refs #21674 .
2015-01-18 12:51:15 -05:00
Tim Graham
df3f3bbe29
Removed utils.text.javascript_quote() per deprecation timeline; refs #21725 .
2015-01-17 12:41:49 -05:00
Tim Graham
1b0365ad34
Removed django.utils.tzinfo per deprecation timeline; refs #17262 .
2015-01-17 09:32:33 -05:00
Tim Graham
c820892eed
Removed django.utils.datastructures.SortedDict per deprecation timeline.
2015-01-17 08:40:23 -05:00
Tim Graham
37b7776a01
Removed django.utils.datastructures.MergeDict per deprecation timeline; refs #18659 .
2015-01-17 08:13:36 -05:00
Tim Graham
69b5e66738
Fixed is_safe_url() to handle leading whitespace.
...
This is a security fix. Disclosure following shortly.
2015-01-13 13:03:06 -05:00
Aymeric Augustin
79deb6a071
Accounted for multiple template engines in template responses.
2015-01-12 21:01:34 +01:00
Claude Paroz
51890ce889
Applied ignore_warnings to Django tests
2014-12-30 18:16:25 +01:00
Aymeric Augustin
6d52f6f8e6
Fixed #23831 -- Supported strings escaped by third-party libs in Django.
...
Refs #7261 -- Made strings escaped by Django usable in third-party libs.
The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.
Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.
Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.
Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.
Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:
if isinstance(text, SafeData):
return text
else:
return escape(text)
render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.
This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.
Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Aymeric Augustin
5c5eb5fea4
Fixed an inconsistency introduced in 547b1810
.
...
mark_safe and mark_for_escaping should have been kept similar.
On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
2014-12-27 17:44:54 +01:00
Gavin Wahl
b4e76f30d1
Fixed #23346 -- Fixed lazy() to lookup methods on the real object, not resultclasses.
...
Co-Authored-By: Rocky Meza <rmeza@fusionbox.com>
2014-12-26 11:30:34 -05:00
Oscar Ramirez
54085b0f9b
Fixed #23998 -- Added datetime.time support to migrations questioner.
2014-12-22 07:24:54 -05:00
Marc Tamlyn
57554442fe
Fixed #2443 -- Added DurationField.
...
A field for storing periods of time - modeled in Python by timedelta. It
is stored in the native interval data type on PostgreSQL and as a bigint
of microseconds on other backends.
Also includes significant changes to the internals of time related maths
in expressions, including the removal of DateModifierNode.
Thanks to Tim and Josh in particular for reviews.
2014-12-20 18:28:29 +00:00
Michael Hall
895dc880eb
Fixed #23812 -- Changed django.utils.six.moves.xrange imports to range
2014-12-13 12:45:58 -05:00
Diego Guimarães
9f427617e4
Refs #23947 -- Worked around a bug in Python that prevents deprecation warnings from appearing in tests.
2014-12-06 14:46:01 -05:00
Berker Peksag
560b4207b1
Removed redundant numbered parameters from str.format().
...
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Eric Rouleau
9d1a69579b
Fixed #23935 -- Converted decimals to fixed point in utils.numberformat.format
2014-12-03 07:49:06 -05:00
Aymeric Augustin
b8ba73cd0c
Raised SuspiciousFileOperation in safe_join.
...
Added a test for the condition safe_join is designed to prevent.
Previously, a generic ValueError was raised. It was impossible to tell
an intentional exception raised to implement safe_join's contract from
an unintentional exception caused by incorrect inputs or unexpected
conditions. That resulted in bizarre exception catching patterns, which
this patch removes.
Since safe_join is a private API and since the change is unlikely to
create security issues for users who use it anyway -- at worst, an
uncaught SuspiciousFileOperation exception will bubble up -- it isn't
documented.
2014-11-11 19:05:14 +01:00
Thomas Chaumeny
d89f56dc4d
Fixed #21281 -- Made override_settings act at class level when used as a TestCase decorator.
2014-11-03 14:14:39 -05:00
Berker Peksag
f7969b0920
Fixed #23620 -- Used more specific assertions in the Django test suite.
2014-11-03 11:56:37 -05:00
Unai Zalakain
c548c8d0d1
Fixed #18456 -- Added path escaping to HttpRequest.get_full_path().
2014-11-03 07:59:19 -05:00
Markus Holtermann
98da408964
Fixed #23670 -- Prevented partial import state during module autodiscovery
...
Thanks kostko for the report.
2014-10-31 08:01:47 -04:00
John-Scott Atlakson
dbf7a3df45
Fixed #23688 -- Updated cached_property to preserve docstring of original function
2014-10-20 17:59:07 -04:00
Jon Dufresne
54e695331b
Fixed #20221 -- Allowed some functions that use mark_safe() to result in SafeText.
...
Thanks Baptiste Mispelon for the report.
2014-10-20 17:08:29 -04:00
Thomas Chaumeny
b962653060
Fixed #23664 -- Provided a consistent definition for OrderedSet.__bool__
...
This also defines QuerySet.__bool__ for consistency though this should not have any consequence as bool(qs) used to fallback on QuerySet.__len__ in Py3.
2014-10-16 14:16:24 +02:00
Anubhav Joshi
10b17a22be
Fixed #19508 -- Implemented uri_to_iri as per RFC.
...
Thanks Loic Bistuer for helping in shaping the patch and Claude Paroz
for the review.
2014-10-16 02:31:17 +07:00
Florian Apolloner
3af5af1a61
Fixed remaining test failure in jslex tests.
2014-10-15 17:36:19 +02:00