p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
15,949 Commits 28 Branches 411 Tags 641 MiB
Commit Graph

47 Commits

Author SHA1 Message Date
Tim Graham 5510f07071 [1.6.x] Made is_safe_url() reject URLs that start with control characters. 
This is a security fix; disclosure to follow shortly.
 2015-03-18 08:47:43 -04:00
Tim Graham b6b3cb9899 [1.6.x] Fixed an infinite loop possibility in strip_tags(). 
This is a security fix; disclosure to follow shortly.
 2015-03-18 08:47:16 -04:00
Carl Meyer 64735731e0 [1.6.x] Fix an encoding preamble so the tests pass on 2.7.9. 
It seems there was a change in the parsing of encoding preambles in Python
2.7.9, compared to previous 2.7.x Pythons. This is a backport of the only piece
of e520a73eee that's needed to prevent an import
failure under 2.7.9.
 2015-02-06 20:15:06 -07:00
Tim Graham 72e0b03366 [1.6.x] Fixed is_safe_url() to handle leading whitespace. 
This is a security fix. Disclosure following shortly.
 2015-01-13 13:10:11 -05:00
Erik Romijn 6011075245 [1.6.x] Added additional checks in is_safe_url to account for flexible parsing. 
This is a security fix. Disclosure following shortly.
 2014-05-14 10:15:06 +02:00
Aymeric Augustin 1abcf3a808 [1.6.x] Dropped fix_IE_for_vary/attach. 
This is a security fix. Disclosure following shortly.
 2014-05-14 10:15:06 +02:00
Tim Graham 059bc7eb60 [1.6.x] Fixed #22338 -- Fixed a test dependent on dictionary key iteration order. 
Backport of 69a4f383f6 from master
 2014-03-30 14:27:11 -04:00
Claude Paroz c9b2feffee [1.6.x] Tweaked strip_tags tests to pass on Python 3.3 
Backport of 6a0291bda from master.
 2014-03-22 15:05:28 +01:00
Claude Paroz f05f5c231a [1.6.x] Removed a strip_tags test for older Python versions 
Django's custom HTMLParser for older Python versions cannot
parse convoluted syntax.
 2014-03-22 14:21:35 +01:00
Claude Paroz d1503afd66 [1.6.x] Improved strip_tags and clarified documentation 
The fact that strip_tags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/
Backport of 6ca6c36f8 from master.
 2014-03-22 11:07:27 +01:00
Baptiste Mispelon 8864d24789 [1.6.x] Revert "Fixed #20296 -- Allowed SafeData and EscapeData to be lazy" 
This reverts commit 2ee447fb5f.

That commit introduced a regression (#21882) and didn't really
do what it was supposed to: while it did delay the evaluation
of lazy objects passed to mark_safe(), they weren't actually
marked as such so they could end up being escaped twice.

Refs #21882.

Backport of a878bf9b09 from master.
 2014-02-05 21:32:17 +01:00
Aymeric Augustin f0c7649b16 Fixed #21198 -- Prevented invalid use of @python_2_unicode_compatible. 
Thanks jpic for the report and chmodas for working on a patch.

Reverts 2ea80b94. Refs #19362.

Conflicts:
	tests/utils_tests/test_encoding.py
 2013-10-13 18:25:21 +02:00
Baptiste Mispelon 15bdc85117 [1.6.x] Fix #21185: Added tests for unescape_entities. 
Also fixed a py3 incompatibility.
Thanks to brutasse for the report.

Backport of 3754f4ad41 from master.
 2013-09-27 18:06:28 +02:00
Tim Graham dbad65ded7 [1.6.x] Fixed bad backport in last commit; refs #21118 2013-09-18 09:52:29 -04:00
Tim Graham 14e139ecdf [1.6.x] Fixed #21118 -- Isolated a test that uses the database. 
Thanks rmboggs for the report.

Backport of 4f40b97d97 from master
 2013-09-18 09:43:10 -04:00
Tim Graham 275497c570 [1.6.x] Fixed #15625 -- Made message in MultiValueDictKeyError less verbose. 
Thanks margieroginski for the suggestion.

Backport of 893198509e from master
 2013-09-18 06:49:59 -04:00
Aymeric Augustin b085e7c303 [1.6.x] Further hardening. Refs #18766. 
Backport of c687bf0 from master.
 2013-09-08 20:43:33 +02:00
Aymeric Augustin 0035a0ce2e [1.6.x] Hardened the test introduced in ded11aa6. Refs #18766. 
Inputs acceptable to time.mktime are platform-dependent.

Backport of 1a1e1478 from master.
 2013-09-08 19:41:34 +02:00
Aymeric Augustin 7c31e195db [1.6.x] Fixed #18766 -- Pointed to pytz when LocalTimezone fails. 
Thanks void for the report.

Backport of ded11aa6 from master.
 2013-09-08 09:17:03 +02:00
Aymeric Augustin 115318051c [1.6.x] Replaced "not PY3" by "PY2", new in six 1.4.0. 
Conflicts:
	django/db/backends/oracle/base.py
	django/db/backends/sqlite3/base.py
	django/db/models/base.py

Backport of 365c3e8b from master.
 2013-09-03 07:34:45 -05:00
Florian Apolloner 081a27c358 [1.6.x] Simplified smart_urlquote and added some basic tests. 
Backport of b70c371fc1 from master.
 2013-07-28 10:07:01 +02:00
Baptiste Mispelon 2ee447fb5f Fixed #20296 -- Allowed SafeData and EscapeData to be lazy 2013-05-25 16:06:44 +02:00
Claude Paroz b664cb818d Fixed #19237 (again) - Made strip_tags consistent between Python versions 2013-05-23 14:01:27 +02:00
Claude Paroz dc51ec8bc2 Fixed #19237 -- Used HTML parser to strip tags 
The regex method used until now for the strip_tags utility is fast,
but subject to flaws and security issues. Consensus and good
practice lead use to use a slower but safer method.
 2013-05-22 17:34:02 +02:00
Florian Apolloner b1ac241ddc Fixed test failures from 09f8652765. 2013-05-21 13:03:25 +02:00
Marc Tamlyn 09f8652765 Use assertIsInstance in tests. 
Gives much nicer errors when it fails.
 2013-05-21 10:42:15 +01:00
Daniel Lindsley e24d486fbc Fixed #20212 - __reduce__ should only be defined for Py3+. 2013-05-21 00:49:21 -07:00
Emil Stenström 7d77e9786a Fixed #20246 -- Added non-breaking spaces between values an units 2013-05-18 23:01:48 +02:00
Carl Meyer 9012833af8 Fixed #17365, #17366, #18727 -- Switched to discovery test runner. 
Thanks to Preston Timmons for the bulk of the work on the patch, especially
updating Django's own test suite to comply with the requirements of the new
runner. Thanks also to Jannis Leidel and Mahdi Yusuf for earlier work on the
patch and the discovery runner.

Refs #11077, #17032, and #18670.
 2013-05-10 23:08:45 -04:00
Claude Paroz 4769db6b5f Fixed #20321 -- Added missing key name in MergeDict KeyError message 
Thanks mark.harviston et gmail.com for the report.
 2013-04-26 08:59:34 +02:00
Alex Gaynor 714161c864 Fix != operations on lazy objects. 2013-04-19 10:58:29 -07:00
Anton Baklanov 59d127e45f Fixed #20276 -- Implemented __bool__ for MergeDict 
MergeDict evaluates now to False if all contained dicts are empty.
Thanks til for the report and the initial patch.
 2013-04-19 10:08:16 +02:00
Preston Timmons 612ef3e5c9 Modified utils_tests for unittest2 discovery. 2013-04-12 15:31:58 -06:00
Claude Paroz edc782b7b5 Relaxed time frame check in test_strip_tags 2013-04-01 22:53:04 +02:00
Claude Paroz 2817a29d90 Imported unittest from django.utils in util_tests 
Without this, the 'new' assertion methods are not present with
Python 2.6.
 2013-04-01 19:59:57 +02:00
Claude Paroz a01361b5ae Added more tests for strip_tags utility 
Refs #19237.
 2013-04-01 16:48:47 +02:00
Joe Friedl 2d0db67813 Fixed #20167 -- Preserve the traceback of `ImportError`s in `import_by_path`. 
Thanks @carljm for the review.
 2013-03-31 23:00:06 -04:00
Claude Paroz 164528acc8 Fixed #20108 -- Fixed filepath_to_uri decoding error 
This was a regression due to unicode_literals usage. Thanks Ivan
Virabyan for the report and the initial patch.
 2013-03-22 17:55:12 +01:00
Marc Tamlyn 829dc3c5a6 Fixed #20094 - Be more careful when checking for Iterator 
Python 2.6 has some different behaviour when checking
isinstance(foo, collections.Iterator).
 2013-03-22 17:31:29 +01:00
Aymeric Augustin 9dc5702932 Fixed #19456 -- Avoid infinite recursion when tracing LazyObject.__init__. 
Thanks blaze33 for the patch.
 2013-03-18 11:22:43 +01:00
Aymeric Augustin 0efafa4c54 Fixed #18447 -- Made LazyObject unwrap on dict access. 
Thanks Roman Gladkov and Zbigniew Siciarz.
 2013-03-18 11:10:19 +01:00
Ramiro Morales c31a9793c6 Merge pull request #882 from loic/testfix 
Fixed minor warnings in tests.
 2013-03-06 16:22:06 -08:00
Preston Holmes 876fc39128 PEP8 cleanup of functional.py 2013-03-06 16:14:46 -08:00
Preston Holmes 0ea5bf88dd Fixed #19543 -- implemented SimpleLazyObject.__repr__ 
Thanks to Florian Hahn for the patch
 2013-03-06 16:13:12 -08:00
Loic Bistuer 9ba0e4e4ee Fixed minor warnings in tests. 2013-03-06 01:13:36 +07:00
Anssi Kääriäinen 21189cb80b Made dateformat tests reactivate original language 2013-02-27 23:48:17 +02:00
Florian Apolloner 33836cf88d Renamed some tests and removed references to modeltests/regressiontests. 2013-02-26 14:36:57 +01:00