Commit Graph

57 Commits

Author SHA1 Message Date
Mariusz Felisiak e1e81aa1c4
Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
Claudio Catterina faa6d41cda
Fixed typo in DecimalValidator tests.
This replaces redundant test for -Infinity with +Infinity.
2020-07-16 11:21:39 +02:00
David Smith 27c09043da Refs #31670 -- Renamed whitelist argument and attribute of EmailValidator. 2020-06-18 21:43:20 +02:00
Yash Saini ccb1cfb64e Fixed #31548 -- Fixed URLValidator crash on non-strings. 2020-05-08 20:53:05 +02:00
Yash Saini bda6ade7b7 Added URLValidator test for missing scheme. 2020-05-08 20:50:25 +02:00
ElizabethU 54ea290e5b Fixed #30651 -- Made __eq__() methods return NotImplemented for not implemented comparisons.
Changed __eq__ to return NotImplemented instead of False if compared to
an object of the same type, as is recommended by the Python data model
reference. Now these models can be compared to ANY (or other objects
with __eq__ overwritten) without returning False automatically.
2019-10-01 17:58:19 +02:00
buzzi 24cae0bedc Fixed #29860 -- Allowed BaseValidator to accept a callable limit_value. 2018-10-22 10:26:54 -04:00
Tom Forbes 8c70ba92dd Refactored validators tests to use subtests. 2018-08-18 15:04:48 -04:00
Fabio Bonelli f636f0bb86 Fixed #29007 -- Fixed DecimalValidator crash on NaN, SNan, Inf, and Infinity values. 2018-01-10 21:43:32 -05:00
Josh Schneier e8c4596329 Fixed #28562 -- Fixed DecimalValidator handling of positive exponent scientific notation. 2017-09-27 09:42:04 -04:00
Josh Schneier 0dbcd0e87f Added tests for DecimalValidator. 2017-09-11 14:18:02 -04:00
Alejandro Zamora 90d7b912b9 Fixed #28201 -- Added ProhibitNullCharactersValidator and used it on CharField form field. 2017-08-12 20:14:14 -04:00
Mads Jensen a51c4de194 Used assertRaisesMessage() to test Django's error messages. 2017-07-29 19:07:23 -04:00
Arne de Laat 681d2599ee Fixed #28165 -- Ignored case in FileExtensionValidator's allowed_extensions. 2017-06-07 16:53:36 -04:00
Arne de Laat b137add6cf Added FileExtensionValidator tests for uppercase and missing file extensions. 2017-06-07 16:53:10 -04:00
Claude Paroz 289fc1bfa5 Refs #23919 -- Removed str_prefix usage 2017-01-20 15:43:28 +01:00
Tim Graham 4e729feaa6 Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage.
These functions do nothing on Python 3.
2017-01-20 08:01:02 -05:00
Aymeric Augustin a556396339 Refs #23919 -- Replaced io.open() with open().
io.open() is an alias for open() on Python 3.
2017-01-18 21:45:12 -05:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Ramin Farajpour Cami 967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
za 321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
wim glenn 21dd792349 Fixed #26578 -- Prohibited non-ASCII digits in validate_ipv4_address. 2016-10-28 11:38:49 -04:00
Baptiste Mispelon a9215b7c36 Refs #21548 -- Skipped tests that rely on pillow when it's not installed 2016-07-02 15:46:16 +02:00
Berker Peksag 12b4280444 Fixed #21548 -- Added FileExtensionValidator and validate_image_file_extension. 2016-06-30 09:08:50 -04:00
Tim Graham c9ae09addf Replaced use of TestCase.fail() with assertRaises().
Also removed try/except/fail antipattern that hides exceptions.
2016-06-28 11:21:26 -04:00
Akshesh d58aaa24e3 Fixed #26107 -- Added option to int_list_validator() to allow negative integers. 2016-02-18 18:58:18 -05:00
Dheerendra Rathor 06627ef2ca Fixed #25635 -- Made URLValidator allow '+' in scheme. 2015-10-31 17:50:05 -04:00
Iulia Chiriac 75ed590032 Fixed #24636 -- Added model field validation for decimal places and max digits. 2015-09-18 14:30:20 -04:00
Edward Henderson f8cc464452 Fixed #16501 -- Added an allow_unicode parameter to SlugField.
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00
Shai Berger 17d3a6d804 Fixed catastrophic backtracking in URLValidator.
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Tim Graham 014247ad19 Prevented newlines from being accepted in some validators.
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
2015-07-08 15:23:03 -04:00
Anoop Thomas Mathew 2400329508 Fixed #24349 -- Limited domain name labels to 63 characters in EmailValidator 2015-04-17 18:08:33 -04:00
Bertrand Bordage 3e64f3d0fc Fixed #24531 -- Improved CommaSeparatedIntegerField validation.
`','`, `'1,,1'`, `',1'` etc. are no longer considered as valid
comma-separated integer lists.
2015-03-25 18:49:59 -04:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Danilo Bargen 8b77b64f1c Refactored URLValidator tests by moving URLs to text files. 2014-11-03 13:02:11 -05:00
Anubhav Joshi 5cdb8f8c1e Fixed #16617 -- Added 'value' to BaseValidator params.
Also allowed overriding the default messages in subclasses of BaseValidator.

Thanks sperrygrove for initial patch.
2014-07-26 10:03:00 -04:00
Tim Graham 1f8bb95cc2 Corrected domain max length for EmailValidator; refs #20631.
Thanks MarkusH for the report.
2014-07-04 20:50:28 -04:00
Tim Graham 7fd55c3481 Fixed #20631 -- Increased the default EmailField max_length to 254.
Thanks pmartin for the report.
2014-07-04 14:15:00 -04:00
Erik Romijn 424fe76349 Fixed #22579 -- Corrected validation for email to reject trailing slash
Thanks to Claude Paroz for the report and patch and Tomasz
Paczkowski for the review.
2014-05-16 15:13:11 +02:00
David Szotten 7fe60ae64a Fixed #22588 -- Fix RegexValidator __eq__
Compare parameters instead of re.pattern instances, and add the other
parameters to the comparison. Also add a __ne__ to make assertNotEqual
work properly.
2014-05-08 19:51:15 -07:00
Alex Gaynor 2bcb8bfc8d Fix many many typos in comments throughout the codebase 2014-04-26 10:18:45 -07:00
Dejan Noveski 4d0c5f6142 Fixed #22255 -- Added support for specifying re flags in RegexValidator 2014-03-21 11:12:36 +01:00
Erik Romijn 98f13762d7 Fixed #22123 -- EmailValidator now also accepts IPv6 literals in addresses 2014-02-22 17:45:33 +01:00
Si Feng b102c27ff4 Fixed #20784 -- Added inverse_match parameter to RegexValidator. 2014-02-10 05:38:43 -05:00
Andrew Godwin a68f325791 Fixed #21638: Validators are now comparable, stops infinite user mig'ns 2014-01-19 18:56:16 +00:00
Claude Paroz 6d66ba5948 Fixed #21242 -- Allowed more IANA schemes in URLValidator
Thanks Sascha Peilicke for the report and initial patch, and
Tim Graham for the review.
2013-12-28 21:25:32 +01:00
Jason Myers c3791463a5 Fixing E302 Errors
Signed-off-by: Jason Myers <jason@jasonamyers.com>
2013-11-02 23:48:47 -05:00
Tim Graham 4cfbde71a3 Fixed #12027 -- Fixed EmailValidator to reject a trailing dot.
Thanks Klas H for the report and claudep for the patch.
2013-10-23 12:22:14 -04:00
Alasdair Nicol c3aa2948c6 Fixed #21298 -- Fixed E301 pep8 warnings 2013-10-23 13:45:03 +01:00
Tim Graham 8e2029f8dd Removed import * in tests.
Thanks to flake8 path/to/file.py | awk -F ' ' '{ print $5 }' | sort | uniq
2013-10-22 08:32:01 -04:00