Mariusz Felisiak
ad0410ec4f
Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator.
...
Thanks Seokchan Yoon for reports.
2023-07-03 08:16:55 +02:00
Jacob Rief
1fe0b167af
Fixed #34473 -- Fixed step validation for form fields with non-zero minimum value.
2023-06-16 08:38:28 +02:00
Kamil Turek
ae509f8f08
Fixed #34014 -- Fixed DecimalValidator validating 0 in positive exponent scientific notation.
...
Thanks Shiplu Mokaddim for the report.
2022-09-17 10:02:55 +02:00
Kapil Bansal
3a82b5f655
Fixed #32559 -- Added 'step_size’ to numeric form fields.
...
Co-authored-by: Jacob Rief <jacob.rief@uibk.ac.at>
2022-05-12 14:16:52 +02:00
django-bot
9c19aff7c7
Refs #33476 -- Reformatted code with Black.
2022-02-07 20:37:05 +01:00
Mariusz Felisiak
c5cd878382
Refs #33476 -- Refactored problematic code before reformatting by Black.
...
In these cases Black produces unexpected results, e.g.
def make_random_password(
self,
length=10,
allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):
or
cursor.execute("""
SELECT ...
""",
[table name],
)
2022-02-03 11:20:46 +01:00
Mariusz Felisiak
d25710a625
Refs #31670 -- Removed whitelist argument and domain_whitelist attribute in EmailValidator per deprecation timeline.
2021-09-20 21:23:01 +02:00
Mariusz Felisiak
61d92c650f
Refs #22123 -- Added more URLValidator test for invalid IPv6 literals.
2021-08-06 12:58:55 +02:00
chrishna1
033636286a
Fixed #32959 -- Moved tests URLs to validators.tests.
2021-07-28 11:39:36 +02:00
Mariusz Felisiak
e1d787f1b3
Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
...
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.
[1] https://bugs.python.org/issue36384
2021-06-02 10:58:39 +02:00
Mariusz Felisiak
e1e81aa1c4
Fixed #32713 , Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+.
...
In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines
and tabs from URLs [1, 2]. Unfortunately it created an issue in
the URLValidator. URLValidator uses urllib.urlsplit() and
urllib.urlunsplit() for creating a URL variant with Punycode which no
longer contains newlines and tabs in Python 3.9.5+. As a consequence,
the regular expression matched the URL (without unsafe characters) and
the source value (with unsafe characters) was considered valid.
[1] https://bugs.python.org/issue43882 and
[2] 76cd81d603
2021-05-06 08:45:23 +02:00
Claudio Catterina
faa6d41cda
Fixed typo in DecimalValidator tests.
...
This replaces redundant test for -Infinity with +Infinity.
2020-07-16 11:21:39 +02:00
David Smith
27c09043da
Refs #31670 -- Renamed whitelist argument and attribute of EmailValidator.
2020-06-18 21:43:20 +02:00
Yash Saini
ccb1cfb64e
Fixed #31548 -- Fixed URLValidator crash on non-strings.
2020-05-08 20:53:05 +02:00
Yash Saini
bda6ade7b7
Added URLValidator test for missing scheme.
2020-05-08 20:50:25 +02:00
ElizabethU
54ea290e5b
Fixed #30651 -- Made __eq__() methods return NotImplemented for not implemented comparisons.
...
Changed __eq__ to return NotImplemented instead of False if compared to
an object of the same type, as is recommended by the Python data model
reference. Now these models can be compared to ANY (or other objects
with __eq__ overwritten) without returning False automatically.
2019-10-01 17:58:19 +02:00
buzzi
24cae0bedc
Fixed #29860 -- Allowed BaseValidator to accept a callable limit_value.
2018-10-22 10:26:54 -04:00
Tom Forbes
8c70ba92dd
Refactored validators tests to use subtests.
2018-08-18 15:04:48 -04:00
Fabio Bonelli
f636f0bb86
Fixed #29007 -- Fixed DecimalValidator crash on NaN, SNan, Inf, and Infinity values.
2018-01-10 21:43:32 -05:00
Josh Schneier
e8c4596329
Fixed #28562 -- Fixed DecimalValidator handling of positive exponent scientific notation.
2017-09-27 09:42:04 -04:00
Josh Schneier
0dbcd0e87f
Added tests for DecimalValidator.
2017-09-11 14:18:02 -04:00
Alejandro Zamora
90d7b912b9
Fixed #28201 -- Added ProhibitNullCharactersValidator and used it on CharField form field.
2017-08-12 20:14:14 -04:00
Mads Jensen
a51c4de194
Used assertRaisesMessage() to test Django's error messages.
2017-07-29 19:07:23 -04:00
Arne de Laat
681d2599ee
Fixed #28165 -- Ignored case in FileExtensionValidator's allowed_extensions.
2017-06-07 16:53:36 -04:00
Arne de Laat
b137add6cf
Added FileExtensionValidator tests for uppercase and missing file extensions.
2017-06-07 16:53:10 -04:00
Claude Paroz
289fc1bfa5
Refs #23919 -- Removed str_prefix usage
2017-01-20 15:43:28 +01:00
Tim Graham
4e729feaa6
Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage.
...
These functions do nothing on Python 3.
2017-01-20 08:01:02 -05:00
Aymeric Augustin
a556396339
Refs #23919 -- Replaced io.open() with open().
...
io.open() is an alias for open() on Python 3.
2017-01-18 21:45:12 -05:00
Claude Paroz
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
Ramin Farajpour Cami
967be82443
Fixed E305 flake8 warnings.
2016-11-14 12:30:46 -05:00
za
321e94fa41
Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.
2016-11-10 21:30:21 -05:00
wim glenn
21dd792349
Fixed #26578 -- Prohibited non-ASCII digits in validate_ipv4_address.
2016-10-28 11:38:49 -04:00
Baptiste Mispelon
a9215b7c36
Refs #21548 -- Skipped tests that rely on pillow when it's not installed
2016-07-02 15:46:16 +02:00
Berker Peksag
12b4280444
Fixed #21548 -- Added FileExtensionValidator and validate_image_file_extension.
2016-06-30 09:08:50 -04:00
Tim Graham
c9ae09addf
Replaced use of TestCase.fail() with assertRaises().
...
Also removed try/except/fail antipattern that hides exceptions.
2016-06-28 11:21:26 -04:00
Akshesh
d58aaa24e3
Fixed #26107 -- Added option to int_list_validator() to allow negative integers.
2016-02-18 18:58:18 -05:00
Dheerendra Rathor
06627ef2ca
Fixed #25635 -- Made URLValidator allow '+' in scheme.
2015-10-31 17:50:05 -04:00
Iulia Chiriac
75ed590032
Fixed #24636 -- Added model field validation for decimal places and max digits.
2015-09-18 14:30:20 -04:00
Edward Henderson
f8cc464452
Fixed #16501 -- Added an allow_unicode parameter to SlugField.
...
Thanks Flavio Curella and Berker Peksag for the initial patch.
2015-07-17 13:48:58 -04:00
Shai Berger
17d3a6d804
Fixed catastrophic backtracking in URLValidator.
...
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.
This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Tim Graham
014247ad19
Prevented newlines from being accepted in some validators.
...
This is a security fix; disclosure to follow shortly.
Thanks to Sjoerd Job Postmus for the report and draft patch.
2015-07-08 15:23:03 -04:00
Anoop Thomas Mathew
2400329508
Fixed #24349 -- Limited domain name labels to 63 characters in EmailValidator
2015-04-17 18:08:33 -04:00
Bertrand Bordage
3e64f3d0fc
Fixed #24531 -- Improved CommaSeparatedIntegerField validation.
...
`','`, `'1,,1'`, `',1'` etc. are no longer considered as valid
comma-separated integer lists.
2015-03-25 18:49:59 -04:00
Tim Graham
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
Danilo Bargen
8b77b64f1c
Refactored URLValidator tests by moving URLs to text files.
2014-11-03 13:02:11 -05:00
Anubhav Joshi
5cdb8f8c1e
Fixed #16617 -- Added 'value' to BaseValidator params.
...
Also allowed overriding the default messages in subclasses of BaseValidator.
Thanks sperrygrove for initial patch.
2014-07-26 10:03:00 -04:00
Tim Graham
1f8bb95cc2
Corrected domain max length for EmailValidator; refs #20631 .
...
Thanks MarkusH for the report.
2014-07-04 20:50:28 -04:00
Tim Graham
7fd55c3481
Fixed #20631 -- Increased the default EmailField max_length to 254.
...
Thanks pmartin for the report.
2014-07-04 14:15:00 -04:00
Erik Romijn
424fe76349
Fixed #22579 -- Corrected validation for email to reject trailing slash
...
Thanks to Claude Paroz for the report and patch and Tomasz
Paczkowski for the review.
2014-05-16 15:13:11 +02:00
David Szotten
7fe60ae64a
Fixed #22588 -- Fix RegexValidator __eq__
...
Compare parameters instead of re.pattern instances, and add the other
parameters to the comparison. Also add a __ne__ to make assertNotEqual
work properly.
2014-05-08 19:51:15 -07:00