Refs #30747 -- Removed django.utils.http.is_safe_url() per deprecation timeline.

2021-01-07 08:15:39 +01:00 · 2021-01-07 08:15:39 +01:00 · 9e456f3166
parent 157ab32f34
commit 9e456f3166
3 changed files with 6 additions and 24 deletions
--- a/django/utils/http.py
+++ b/django/utils/http.py
@ -3,7 +3,6 @@ import calendar
 import datetime
 import re
 import unicodedata
-import warnings
 from binascii import Error as BinasciiError
 from email.utils import formatdate
 from urllib.parse import (
@ -12,7 +11,6 @@ from urllib.parse import (
 )

 from django.utils.datastructures import MultiValueDict
-from django.utils.deprecation import RemovedInDjango40Warning
 from django.utils.regex_helper import _lazy_re_compile

 # based on RFC 7232, Appendix C
@ -267,15 +265,6 @@ def url_has_allowed_host_and_scheme(url, allowed_hosts, require_https=False):
    )


-def is_safe_url(url, allowed_hosts, require_https=False):
-    warnings.warn(
-        'django.utils.http.is_safe_url() is deprecated in favor of '
-        'url_has_allowed_host_and_scheme().',
-        RemovedInDjango40Warning, stacklevel=2,
-    )
-    return url_has_allowed_host_and_scheme(url, allowed_hosts, require_https)
-
-
 # Copied from urllib.parse.urlparse() but uses fixed urlsplit() function.
 def _urlparse(url, scheme='', allow_fragments=True):
    """Parse a URL into 6 components:
--- a/docs/releases/4.0.txt
+++ b/docs/releases/4.0.txt
@ -262,6 +262,8 @@ to remove usage of these features.

 * ``django.utils.text.unescape_entities()`` is removed.

+* ``django.utils.http.is_safe_url()`` is removed.
+
 See :ref:`deprecated-features-3.1` for details on these changes, including how
 to remove usage of these features.

--- a/tests/utils_tests/test_http.py
+++ b/tests/utils_tests/test_http.py
@ -5,12 +5,11 @@ from unittest import mock

 from django.test import SimpleTestCase
 from django.utils.datastructures import MultiValueDict
-from django.utils.deprecation import RemovedInDjango40Warning
 from django.utils.http import (
    base36_to_int, escape_leading_slashes, http_date, int_to_base36,
-    is_safe_url, is_same_domain, parse_etags, parse_http_date, parse_qsl,
-    quote_etag, url_has_allowed_host_and_scheme, urlencode,
-    urlsafe_base64_decode, urlsafe_base64_encode,
+    is_same_domain, parse_etags, parse_http_date, parse_qsl, quote_etag,
+    url_has_allowed_host_and_scheme, urlencode, urlsafe_base64_decode,
+    urlsafe_base64_encode,
 )


@ -130,7 +129,7 @@ class Base36IntTests(SimpleTestCase):
            self.assertEqual(base36_to_int(b36), n)


-class IsSafeURLTests(SimpleTestCase):
+class URLHasAllowedHostAndSchemeTests(unittest.TestCase):
    def test_bad_urls(self):
        bad_urls = (
            'http://example.com',
@ -234,14 +233,6 @@ class IsSafeURLTests(SimpleTestCase):
                    False,
                )

-    def test_is_safe_url_deprecated(self):
-        msg = (
-            'django.utils.http.is_safe_url() is deprecated in favor of '
-            'url_has_allowed_host_and_scheme().'
-        )
-        with self.assertWarnsMessage(RemovedInDjango40Warning, msg):
-            is_safe_url('https://example.com', allowed_hosts={'example.com'})
-

 class URLSafeBase64Tests(unittest.TestCase):
    def test_roundtrip(self):