320dd27412
Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
...
Thanks MProgrammer (https://hackerone.com/mprogrammer ) for the report.
2024-09-03 09:22:32 -03:00
2c1f27d0d0
Dropped safeguards against very old versions of gettext.
...
gettext 0.19 was released in 2014.
2024-08-30 13:39:04 +02:00
57307bbc7d
Fixed #35666 -- Documented stacklevel usage and testing, and adjusted test suite accordingly.
...
Over the years we've had multiple instances of hit and misses when
emitting warnings: either setting the wrong stacklevel or not setting
it at all.
This work adds assertions for the existing warnings that were declaring
the correct stacklevel, but were lacking tests for it.
2024-08-28 11:44:05 -03:00
2b71b2c8dc
Refs #34609 -- Fixed deprecation warning stack level in format_html().
...
Co-authored-by: Simon Charette <charette.s@gmail.com>
2024-08-27 15:14:50 -03:00
231c0d8593
Fixed #35668 -- Added mapping support to format_html_join.
2024-08-20 08:20:34 +02:00
d84200e4eb
Fixed #35648 -- Raised NotImplementedError in SafeString.__add__ for non-string RHS.
...
This change ensures SafeString addition operations handle non-string RHS
properly, allowing them to implement __radd__ for better compatibility.
2024-08-12 14:25:05 -03:00
b5c048f5ec
Refs #35648 -- Added test for addition between SafeString and str in utils_tests.
2024-08-12 14:25:05 -03:00
5f1757142f
Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget.
...
Thanks Seokchan Yoon for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-06 08:50:08 +02:00
ecf1f8fb90
Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
...
Thanks to MProgrammer for the report.
2024-08-06 08:50:08 +02:00
d666457453
Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
...
Thank you to Elias Myllymäki for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-07-09 09:21:19 -03:00
62300b81cf
Fixed #12978 -- Added support for RSS feed stylesheets.
2024-06-18 17:25:43 +02:00
f6ad8c7676
Refs CVE-2024-27351 -- Forwardported release notes and tests.
...
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2024-03-04 08:22:00 +01:00
6ee37ada32
Fixed #30686 -- Used Python HTMLParser in utils.text.Truncator.
2024-02-07 09:46:25 +01:00
70f39e46f8
Refs #30686 -- Fixed text truncation for negative or zero lengths.
2024-02-07 05:18:35 +01:00
48a4693951
Refs #30686 -- Improved test coverage of Truncator.
2024-02-06 16:35:08 +01:00
305757aec1
Applied Black's 2024 stable style.
...
https://github.com/psf/black/releases/tag/24.1.0
2024-01-26 12:45:07 +01:00
ecd3071dac
Fixed #35097 -- Tested parse_datetime() with bare date.
...
Regression test for behavior change in
f35ab74752
2024-01-09 14:08:03 -03:00
0c5456ef37
Used enterClassContext() where appropriate.
2024-01-04 05:55:29 +01:00
d88ec42bd0
Used addCleanup() in tests where appropriate.
2023-12-31 10:01:31 +01:00
baf705f34a
Refs #34986 -- Fixed some test assertions for PyPy.
...
These failures were due to minor inconsistencies or implementation
differences between CPython and PyPy.
2023-11-28 06:19:38 +01:00
6089230d3e
Refs #34986 -- Fixed mocking in utils_tests.test_http.HttpDateProcessingTests.test_parsing_rfc850.
...
Mocking in the `datetime` module can be tricky. In CPython the datetime
C module is used, but PyPy uses a pure Python implementation. This
caused issues with the prior approach to mocking `datetime.datetime`.
See https://docs.python.org/3/library/unittest.mock-examples.html#partial-mocking
2023-11-28 06:19:38 +01:00
5e28cd3f2c
Fixed #34983 -- Deprecated django.utils.itercompat.is_iterable().
2023-11-24 12:06:29 +01:00
74afcee234
Refs #34899 -- Extracted Field.flatchoices to flatten_choices helper function.
...
Co-authored-by: Natalia Bidart <124304+nessita@users.noreply.github.com>
2023-10-23 13:44:23 -03:00
07fa79ef2b
Refs #31262 -- Added __eq__() and __getitem__() to BaseChoiceIterator.
...
This makes it easier to work with lazy iterators used for callables,
etc. when extracting items or comparing to lists, e.g. during testing.
Also added `BaseChoiceIterator.__iter__()` to make it clear that
subclasses must implement this and added `__all__` to the module.
Co-authored-by: Adam Johnson <me@adamj.eu>
Co-authored-by: Natalia Bidart <124304+nessita@users.noreply.github.com>
2023-10-23 13:44:16 -03:00
17b51094d7
Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text.
...
Thanks Wenchao Li of Alibaba Group for the report.
2023-10-04 09:22:26 -03:00
3f41d6d629
Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding.uri_to_iri().
...
Thanks MProgrammer (https://hackerone.com/mprogrammer ) for the report.
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
2023-09-04 11:58:37 +02:00
500e01073a
Fixed #31262 -- Added support for mappings on model fields and ChoiceField's choices.
2023-08-30 22:57:40 -03:00
f6ed2c36dd
Fixed #34787 -- Fixed autoreloader crash when run from installed script on Windows.
2023-08-28 12:57:14 +02:00
48a1929ca0
Removed unnecessary trailing commas in tests.
2023-08-22 12:42:57 +02:00
4c85d94bc0
Fixed utils_tests.test_lazyobject.SimpleLazyObjectPickleTestCase.
...
SimpleLazyObjectPickleTestCase executes database queries so it must
inherit from django.test.TestCase.
2023-08-20 16:09:07 +02:00
4afaeb14c2
Refs #30116 -- Simplified tests related with dictionary order.
...
Dicts preserve order since Python 3.6.
2023-07-12 11:06:59 +02:00
e042024b28
Allowed custom formatting of lazy() objects.
...
This allows for formatting of lazy objects which have a custom formatter
defined by overriding the default implementation from `object`.
2023-06-12 06:09:20 +02:00
fd97b0471b
Allowed multiplication of lazy() objects with int return type.
2023-06-12 05:59:40 +02:00
ae94077e7d
Made proxy class in lazy() prepare eagerly.
...
Previously, the proxy class was prepared lazily:
lazy_identity = lazy(identity, int)
lazy_identity(10) # prepared here
lazy_identity(10)
This has a slight advantage that if the lazy doesn't end up getting
used, the preparation work is skipped, however that's not very likely.
Besides this laziness, it is also inconsistent in that the methods which
are wrapped directly (__str__ etc.) are prepared already when __proxy__
is defined, and there is a weird half-initialized state.
This change it so that everything is prepared already on the first line
of the example above.
2023-06-12 05:45:44 +02:00
e0e0204477
Added more tests for django.utils.functional.lazy().
2023-06-12 05:29:30 +02:00
a57d5d9bbc
Made bytes and str return types no longer mutually exclusive in lazy().
...
They are no longer special cased.
2023-06-08 09:15:40 +02:00
f5817c24f4
Refs #34445 -- Fixed string-casting of non-string lazy objects when value may be bytes.
...
If the result type is bytes, then calling bytes() on it does nothing.
If the result type is not bytes, we should not cast to bytes, just
because the return value may be bytes.
2023-06-08 06:38:11 +02:00
094b0bea2c
Fixed #34609 -- Deprecated calling format_html() without arguments.
2023-06-06 14:14:57 +02:00
fc9c90d9c4
Refs #34118 -- Fixed FunctionalTests.test_cached_property_reuse_different_names() on Python 3.12+.
...
Python 3.12+ no longer wraps exceptions in __set_name__, see
55c99d97e1
2023-05-23 12:56:33 +02:00
198a19b692
Refs #34483 -- Fixed timesince()/timeuntil() with timezone-aware dates on different days and interval less than 1 day.
...
Follow up to 813015d67e8d67e16493
2023-04-14 17:41:03 +02:00
813015d67e
Fixed #34483 -- Fixed timesince()/timeuntil() with timezone-aware dates and interval less than 1 day.
...
Regression in 8d67e16493
2023-04-13 13:16:33 -03:00
066aabcb77
Fixed #34445 -- Fixed string-casting of non-string lazy objects.
...
This removes __text_cast() as it's the same as __cast().
_delegate_bytes and __delegate_text are mutually exclusive so the
`if self._delegate_bytes` branch in __cast() is unreachable.
Co-Authored-By: David Sanders <shang.xiao.sanders@gmail.com>
2023-03-30 11:42:10 +02:00
f9f0092346
Completed test coverage for django.utils.datastructures.
2023-02-15 07:45:00 +01:00
097e3a70c1
Refs #33476 -- Applied Black's 2023 stable style.
...
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.
https://github.com/psf/black/releases/tag/23.1.0
2023-02-01 11:04:38 +01:00
1282b5e420
Fixed #32528 -- Replaced django.utils.topological_sort with graphlib.TopologicalSort().
...
graphlib.TopologicalSort() is available since Python 3.9.
2023-01-19 06:31:40 +01:00
3bbe22dafc
Fixed #34233 -- Dropped support for Python 3.8 and 3.9.
2023-01-18 09:46:01 +01:00
5c10041f46
Refs #30127 -- Removed name argument for django.utils.functional.cached_property().
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
2fad163257
Refs #32365 -- Removed is_dst argument for various methods and functions.
...
Per deprecation timeline.
2023-01-17 11:49:15 +01:00
e6f82438d4
Refs #32365 -- Removed support for pytz timezones per deprecation timeline.
2023-01-17 11:49:15 +01:00
4aa0689080
Refs #32738 -- Removed django.utils.datetime_safe module per deprecation timeline.
2023-01-17 11:49:15 +01:00
Sarah Boyce
Claude Paroz
Simon Charette
Adam Johnson
nabil-rady
Matthias Kestenholz
Mariusz Felisiak
Baptiste Mispelon
Shai Berger
David Smith
Tim Graham
Nick Pope
Natalia
sarahboyce
konsti
Ran Benita
Ran Benita
devilsautumn
Marcelo Galigniana