Commit Graph

330 Commits

Author SHA1 Message Date
Tim Graham 2092206bee
Refs #29600 -- Updated django.utils.datetime_safe now that Python 2 is unsupported. 2018-08-02 10:20:24 -04:00
Andreas Hug a656a68127 Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware. 2018-08-01 09:28:42 -04:00
Claude Paroz b004bd62e8 Fixed #29412 -- Stopped marking slugify() result as HTML safe. 2018-07-20 10:44:30 -04:00
Claude Paroz 0adfba968e Fixed #29578 -- Made numberformat.format() honor forced l10n usage.
Thanks Sassan Haradji for the report.
2018-07-19 16:44:40 -04:00
Sergey Fedoseev 338f741c5e Fixed #29546 -- Deprecated django.utils.timezone.FixedOffset. 2018-07-09 16:33:36 -04:00
Sergey Fedoseev c9088cfc7b Fixed some assertTrue() that were intended to be assertEqual(). 2018-07-09 11:13:40 -04:00
Sergey Fedoseev bdcde79c5f Made test for memoryview handling in force_bytes() more strict. 2018-07-09 11:01:42 -04:00
Przemysław Suliga d22b90b4ea Fixed #29525 -- Allowed is_safe_url()'s allowed_hosts arg to be a string. 2018-06-29 10:17:52 -04:00
Carlton Gibson f4ef71c689 Refs #29514 -- Added test for get_default_timezone()/timezone.utc equality. 2018-06-28 11:14:26 -04:00
Tim Graham 911af0d24b Added more tests for django.utils.html.urlize(). 2018-03-06 08:30:41 -05:00
Tim Graham 97b7dd59bb Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
Thanks James Davis for suggesting the fix.
2018-03-06 08:30:40 -05:00
Tim Graham 8618271caa Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.
Thanks Florian Apolloner for assisting with the patch.
2018-03-06 08:30:40 -05:00
Tim Graham b832de869e
Added tests for utils.html.urlize() (lazy string inputs were untested). 2018-02-10 15:45:57 -05:00
Jonas Haag 8c709d79cb Fixed #17419 -- Added json_tag template filter. 2018-02-07 18:38:12 -05:00
Tim Graham d0a42a14c0 Fixed imports per isort 4.3.1.
Partially reverted 9bcf73d788.
2018-02-02 14:44:07 -05:00
Mariusz Felisiak 9bcf73d788 Fixed imports per isort 4.3.0. 2018-02-01 09:29:46 +01:00
Jon Dufresne ff05de760c Fixed #29038 -- Removed closing slash from HTML void tags. 2018-01-21 02:09:10 -05:00
Jon Dufresne 1e81a4b897 Fixed #28638 -- Made allowed_hosts a required argument of is_safe_url(). 2018-01-11 07:03:50 -05:00
Tim Graham ab7f4c3306 Refs #28965 -- Deprecated unused django.utils.http.cookie_date(). 2018-01-02 11:23:04 -05:00
Sergey Fedoseev ae6fa914aa Fixed #28926 -- Fixed loss of precision of big DurationField values on SQLite and MySQL. 2017-12-28 17:35:41 -05:00
Sergey Fedoseev 93cdd07e8f Used bytes.hex() and bytes.fromhex() to simplify. 2017-11-23 08:52:23 -05:00
Yusuke Miyazaki 278d66b94b Fixed #28501 -- Fixed "python -m django runserver" crash. 2017-11-06 09:58:15 -05:00
Yusuke Miyazaki ac21f2e391 Added RestartWithReloaderTests. 2017-11-06 09:54:31 -05:00
medmunds d1317edad0 Fixed #28739 -- Fixed get_fixed_timezone() for negative timedeltas. 2017-10-24 21:27:53 -04:00
François Freitag 41be85862d Fixed #28679 -- Fixed urlencode()'s handling of bytes.
Regression in fee42fd99e.

Thanks Claude Paroz, Jon Dufresne, and Tim Graham for the guidance.
2017-10-12 09:08:33 -04:00
François Freitag 0e212a705e Split django.utils.http tests into separate test classes. 2017-10-10 08:53:01 -04:00
Mariusz Felisiak fc6528b25a Fixed #28629 -- Made tree.Node instances hashable.
Regression in 508b5debfb which
added Node.__eq__().
2017-09-28 12:07:19 -04:00
Mads Jensen 8ddbe01760 Added a test for pbkdf2()'s default digest algorithm. 2017-09-27 10:36:26 -04:00
Tim Graham ba42456c2e Refs #27648 -- Removed support for (iLmsu) regex groups in url() patterns.
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
Tim Graham 96107e2844 Refs #26956 -- Removed the host parameter of django.utils.http.is_safe_url().
Per deprecation timeline.
2017-09-22 12:51:18 -04:00
Mads Jensen 41a7876991 Added test for too large input to django.utils.http.base36_to_int(). 2017-09-21 10:21:02 -04:00
LBerrocal 54f7aa04a7 Fixed #28306 -- Completed test coverage for django.utils.lorem_ipsum.
Thanks Idan Melamed for the original patch.
2017-09-02 15:50:43 -04:00
Sergey Fedoseev 83440a1258 Refs #28389 -- Added release note and test for pickling of LazyObject when wrapped object doesn't have __reduce__().
Forwardport of 30f334cc58 from stable/1.11.x
2017-07-12 09:30:29 -04:00
Matthew Schinckel 493f7e9e1e Fixed #28076 -- Added support for PostgreSQL's interval format to parse_duration(). 2017-07-03 19:53:19 -04:00
Matthew Schinckel 684c0a35f6 Refs #27804 -- Used subTest() in dateparse tests. 2017-07-03 17:08:58 -04:00
Wil Tan b94d99af5b Refs #28280 -- Added more tests for utils.numberformat.format(). 2017-06-29 13:31:41 -04:00
Georg Sauthoff d0f59054d0 Fixed #28324 -- Made feedgenerators write feeds with deterministically ordered attributes. 2017-06-20 05:38:41 -04:00
Thomas Khyn f6bd00131e Fixed #28241 -- Allowed module_has_submodule()'s module_name arg to be a dotted path. 2017-06-08 14:34:20 -04:00
Jon Dufresne 21046e7773 Fixed #28249 -- Removed unnecessary dict.keys() calls.
iter(dict) is equivalent to iter(dict.keys()).
2017-05-27 19:08:46 -04:00
UmanShahzad 856072dd4a Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs. 2017-05-10 09:02:20 -04:00
Tim Graham 309c10c2cb Refs #20094 -- Removed obsolete tests/utils_tests/test_itercompat.py
The is_iterator() function was removed in 2456ffa42c.
2017-04-26 10:54:06 -04:00
petedmarsh 14671affc3 Fixed #28064 -- Removed double-quoting of key names in MultiValueDictKeyError. 2017-04-11 12:44:52 -04:00
Tim Graham 5ea48a70af Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.
This is a security fix.
2017-04-04 10:42:06 -04:00
Claude Paroz 389c3ffc04 Updated tests after French translation update 2017-04-04 13:07:47 +02:00
Tim Graham 6b4f018b2b Replaced type-specific assertions with assertEqual().
Python docs say, "it's usually not necessary to invoke these methods directly."
2017-03-17 07:51:48 -04:00
Claude Paroz 8346680e1c Refs #27795 -- Removed unneeded force_text calls
Thanks Tim Graham for the review.
2017-03-04 18:18:21 +01:00
Tim Graham 6ae1b04fb5 Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals. 2017-03-04 09:04:16 -05:00
Pavlo Kapyshin b6fbf3e8e5 Fixed #27879 -- Fixed crash if enclosures aren't provided to Atom1Feed.add_item().
Regression in 75cf9b5ac0
2017-02-24 09:46:31 -05:00
Ian Foote 508b5debfb Refs #11964 -- Made Q objects deconstructible. 2017-02-23 20:47:48 -05:00
Tim Graham 007d4e030c Completed test coverage for django.utils.encoding. 2017-02-22 20:54:55 -05:00