Commit Graph

75 Commits

Author SHA1 Message Date
Mariusz Felisiak c5cd878382
Refs #33476 -- Refactored problematic code before reformatting by Black.
In these cases Black produces unexpected results, e.g.

def make_random_password(
    self,
    length=10,
    allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):

or

cursor.execute("""
SELECT ...
""",
    [table name],
)
2022-02-03 11:20:46 +01:00
Mariusz Felisiak d25710a625 Refs #31670 -- Removed whitelist argument and domain_whitelist attribute in EmailValidator per deprecation timeline. 2021-09-20 21:23:01 +02:00
Mariusz Felisiak 61d92c650f Refs #22123 -- Added more URLValidator test for invalid IPv6 literals. 2021-08-06 12:58:55 +02:00
chrishna1 033636286a Fixed #32959 -- Moved tests URLs to validators.tests. 2021-07-28 11:39:36 +02:00
Wu Haotian 65b880b726 Fixed #32930 -- Fixed URLValidator when port numbers < 10. 2021-07-22 11:58:28 +02:00
Wu Haotian b96cc7f85e Added more test cases with port numbers for URLValidator. 2021-07-22 11:58:28 +02:00
Mariusz Felisiak e1d787f1b3 Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.

[1] https://bugs.python.org/issue36384
2021-06-02 10:58:39 +02:00
Mariusz Felisiak e1e81aa1c4
Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.

[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
Akshat1Nar b41d38ae26 Fixed #32298 -- Fixed URLValidator hostname length validation.
URLValidator now validates the maximum length of a hostname without
the userinfo and port.
2021-01-04 09:25:40 +01:00
Claudio Catterina faa6d41cda
Fixed typo in DecimalValidator tests.
This replaces redundant test for -Infinity with +Infinity.
2020-07-16 11:21:39 +02:00
David Smith 27c09043da Refs #31670 -- Renamed whitelist argument and attribute of EmailValidator. 2020-06-18 21:43:20 +02:00
Yash Saini ccb1cfb64e Fixed #31548 -- Fixed URLValidator crash on non-strings. 2020-05-08 20:53:05 +02:00
Yash Saini bda6ade7b7 Added URLValidator test for missing scheme. 2020-05-08 20:50:25 +02:00
Dennis Schwertel 4070d6ceb0 Fixed #31267 -- Added tests cases with empty username or password for URLValidator.
Follow up to cdcf4164be.
2020-02-13 08:32:20 +01:00
ElizabethU 54ea290e5b Fixed #30651 -- Made __eq__() methods return NotImplemented for not implemented comparisons.
Changed __eq__ to return NotImplemented instead of False if compared to
an object of the same type, as is recommended by the Python data model
reference. Now these models can be compared to ANY (or other objects
with __eq__ overwritten) without returning False automatically.
2019-10-01 17:58:19 +02:00
buzzi 24cae0bedc Fixed #29860 -- Allowed BaseValidator to accept a callable limit_value. 2018-10-22 10:26:54 -04:00
Tom Forbes 8c70ba92dd Refactored validators tests to use subtests. 2018-08-18 15:04:48 -04:00
Tim Bell cdcf4164be Fixed #29528 -- Made URLValidator reject invalid characters in the username and password. 2018-07-23 10:30:01 -04:00
Fabio Bonelli f636f0bb86 Fixed #29007 -- Fixed DecimalValidator crash on NaN, SNan, Inf, and Infinity values. 2018-01-10 21:43:32 -05:00
Josh Schneier e8c4596329 Fixed #28562 -- Fixed DecimalValidator handling of positive exponent scientific notation. 2017-09-27 09:42:04 -04:00
Josh Schneier 0dbcd0e87f Added tests for DecimalValidator. 2017-09-11 14:18:02 -04:00
Alejandro Zamora 90d7b912b9 Fixed #28201 -- Added ProhibitNullCharactersValidator and used it on CharField form field. 2017-08-12 20:14:14 -04:00
Mads Jensen a51c4de194 Used assertRaisesMessage() to test Django's error messages. 2017-07-29 19:07:23 -04:00
Arne de Laat 681d2599ee Fixed #28165 -- Ignored case in FileExtensionValidator's allowed_extensions. 2017-06-07 16:53:36 -04:00
Arne de Laat b137add6cf Added FileExtensionValidator tests for uppercase and missing file extensions. 2017-06-07 16:53:10 -04:00
Claude Paroz 289fc1bfa5 Refs #23919 -- Removed str_prefix usage 2017-01-20 15:43:28 +01:00
Tim Graham 4e729feaa6 Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage.
These functions do nothing on Python 3.
2017-01-20 08:01:02 -05:00
Aymeric Augustin a556396339 Refs #23919 -- Replaced io.open() with open().
io.open() is an alias for open() on Python 3.
2017-01-18 21:45:12 -05:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Ramin Farajpour Cami 967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
za 321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
wim glenn 21dd792349 Fixed #26578 -- Prohibited non-ASCII digits in validate_ipv4_address. 2016-10-28 11:38:49 -04:00
Baptiste Mispelon a9215b7c36 Refs #21548 -- Skipped tests that rely on pillow when it's not installed 2016-07-02 15:46:16 +02:00
Berker Peksag 12b4280444 Fixed #21548 -- Added FileExtensionValidator and validate_image_file_extension. 2016-06-30 09:08:50 -04:00
Christopher Grebs a9e188ccd6 Fixed #26119 -- Fixed URLValidator crash on URLs with brackets. 2016-06-28 15:43:43 -04:00
Tim Graham c9ae09addf Replaced use of TestCase.fail() with assertRaises().
Also removed try/except/fail antipattern that hides exceptions.
2016-06-28 11:21:26 -04:00
Tim Graham b1afebf882 Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator.
Thanks Shai Berger for the review.
2016-02-18 19:06:49 -05:00
Akshesh d58aaa24e3 Fixed #26107 -- Added option to int_list_validator() to allow negative integers. 2016-02-18 18:58:18 -05:00
Raphael Michel 82976e5c3f Fixed #25637 -- Added URLValidator hostname length validation.
URLValidator now validates the maximum length of a hostname and the
maximum length of all labels inside the hostname.
2015-12-08 15:46:45 -05:00
Dheerendra Rathor 06627ef2ca Fixed #25635 -- Made URLValidator allow '+' in scheme. 2015-10-31 17:50:05 -04:00
Dheerendra Rathor 96fe90f535 Fixed #25620 -- Made URLValidator prohibit URLs with consecutive dots in the domain section. 2015-10-29 10:59:22 -04:00
Iulia Chiriac 75ed590032 Fixed #24636 -- Added model field validation for decimal places and max digits. 2015-09-18 14:30:20 -04:00
Maxime Lorant c92cd22d02 Refs #25345 -- Updated links to code.google.com. 2015-09-04 08:14:21 -04:00
Edward Henderson f8cc464452 Fixed #16501 -- Added an allow_unicode parameter to SlugField.
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00
Shai Berger 17d3a6d804 Fixed catastrophic backtracking in URLValidator.
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Tim Graham 014247ad19 Prevented newlines from being accepted in some validators.
This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.
2015-07-08 15:23:03 -04:00
Alexey Sveshnikov bc98bc56a5 Fixed #25059 -- Allowed Punycode TLDs in URLValidator 2015-07-06 15:08:43 -04:00
Anoop Thomas Mathew 2400329508 Fixed #24349 -- Limited domain name labels to 63 characters in EmailValidator 2015-04-17 18:08:33 -04:00
Bertrand Bordage 3e64f3d0fc Fixed #24531 -- Improved CommaSeparatedIntegerField validation.
`','`, `'1,,1'`, `',1'` etc. are no longer considered as valid
comma-separated integer lists.
2015-03-25 18:49:59 -04:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00