Commit Graph

472 Commits

Author SHA1 Message Date
ekinertac 68cee15a8f Fixed #35789 -- Improved the error message raised when the tag must be first in the template. 2024-10-10 12:21:02 +02:00
Fabian Braun d2c97981fb Fixed #35735 -- Enabled template access to methods and properties of classes with __class_get_item__. 2024-09-17 09:52:44 +02:00
Lily Foote d50f61be7f
Improved TokenType.COMMENT test by using correct block syntax in template tests. 2024-09-16 10:30:30 -03:00
Sarah Boyce 320dd27412 Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
2024-09-03 09:22:32 -03:00
Mariusz Felisiak 7fb15ad5bc Fixed #35661 -- Fixed test_too_many_digits_to_rander() test crash on PyPy.
Thanks Michał Górny for the report.
2024-08-08 09:53:04 +02:00
Sarah Boyce c19465ad87 Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat.
Thanks Elias Myllymäki for the report.

Co-authored-by: Shai Berger <shai@platonix.com>
2024-08-06 08:50:08 +02:00
nessita 1b277b45cc
Added dedicated test for invalid inputs in floatformat template filter tests.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-07-25 16:15:53 -03:00
nessita 5dc17177c3
Refs #10941 -- Renamed test file test_query_string.py to test_querystring.py.
This follows previous renames made in 27043bde5b.
2024-07-16 22:14:52 -03:00
Sarah Boyce 27043bde5b
Refs #10941 -- Renamed query_string template tag to querystring. 2024-07-15 13:28:55 -03:00
Sarah Boyce c6d1f98d26 Improved test coverage of urlize. 2024-07-10 09:32:02 +02:00
George Y. Kussumoto 2a32b23382 Fixed #35417 -- Updated BaseContext.new() with values to create a context that can be flattened. 2024-06-13 14:22:40 +02:00
Tim Richardson e64d42e753 Fixed #35395 -- slice filter crashes on an empty dict with Python 3.12.
Keep consistent behaviour of slice() filter between python 3.12 and prior
versions in the case of a dict passed to the filter (catch the new to python
3.12 KeyError exception).
2024-04-24 10:53:38 +02:00
David Smith 6ee37ada32 Fixed #30686 -- Used Python HTMLParser in utils.text.Truncator. 2024-02-07 09:46:25 +01:00
David Smith 70f39e46f8 Refs #30686 -- Fixed text truncation for negative or zero lengths. 2024-02-07 05:18:35 +01:00
David Smith 48a4693951 Refs #30686 -- Improved test coverage of Truncator. 2024-02-06 16:35:08 +01:00
Alexander Lazarević 22785f0d6b Refs #35141 -- Corrected value of CACHE_MIDDLEWARE_SECONDS in CacheMiddlewareTest tests. 2024-01-29 19:18:43 +01:00
Mariusz Felisiak 305757aec1
Applied Black's 2024 stable style.
https://github.com/psf/black/releases/tag/24.1.0
2024-01-26 12:45:07 +01:00
Mariusz Felisiak d88ec42bd0
Used addCleanup() in tests where appropriate. 2023-12-31 10:01:31 +01:00
Tom Carrick e67d3580ed Fixed #10941 -- Added {% query_string %} template tag. 2023-10-26 09:57:21 +02:00
Carlton Gibson 35bbb2c9c0 Fixed #34883 -- Allowed template tags to set extra data on templates.
By setting a value in the `parser.extra_data` mapping, template tags
pass additional data out of the parsing context.

Any extra data set is exposed on the template via the matching
`.extra_data` attribute.

Library authors should use a key to namespace extra data. The 'django'
namespace is reserved for internal use.
2023-10-02 16:16:43 +02:00
Mariusz Felisiak 6ad0dbc8d9
Refs #15667 -- Added resetting default renderer when FORM_RENDERER is changed. 2023-09-29 08:54:13 +02:00
Dan Jacob fe835c2355 Fixed #34878 -- Fixed autoreloader crash when FORM_RENDERER is set to TemplatesSetting.
Regression in 439242c594.
2023-09-29 06:01:04 +02:00
Mariusz Felisiak 14ef92fa9e Refs #33864 -- Removed length_is template filter per deprecation timeline. 2023-09-18 22:12:40 +02:00
konsti 48a1929ca0
Removed unnecessary trailing commas in tests. 2023-08-22 12:42:57 +02:00
priyank.panchal 439242c594 Fixed #34692 -- Made autoreloader reset cached template loader for default renderer. 2023-08-09 09:09:52 +02:00
Mariusz Felisiak 4afaeb14c2
Refs #30116 -- Simplified tests related with dictionary order.
Dicts preserve order since Python 3.6.
2023-07-12 11:06:59 +02:00
Arthur Moreira 061a8a1bd8 Fixed #34577 -- Added escapeseq template filter. 2023-05-22 09:58:03 +02:00
rajeeshp a2da81fe08 Fixed #34578 -- Made "join" template filter respect autoescape for joiner. 2023-05-19 13:16:42 +02:00
David Sanders 7d0e566208
Fixed #34518 -- Fixed crash of random() template filter with an empty list. 2023-04-26 14:17:57 +02:00
David Sanders 5dba5fda55
Fixed #34427 -- Improved error message when context processor does not return a dict. 2023-03-29 08:54:04 +02:00
Liyang Zhang f9f9215d3e
Fixed some typos in comments, docstrings, and tests. 2023-03-20 08:07:23 +01:00
Panagiotis H.M. Issaris dcd9746983
Fixed #34363 -- Fixed floatformat crash on zero with trailing zeros.
Regression in 08c5a78726.
Follow up to 4b066bde69.
2023-02-22 20:46:16 +01:00
David Smith 097e3a70c1 Refs #33476 -- Applied Black's 2023 stable style.
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.

https://github.com/psf/black/releases/tag/23.1.0
2023-02-01 11:04:38 +01:00
David Wobrock 4b066bde69 Fixed #34272 -- Fixed floatformat crash on zero with trailing zeros to zero decimal places.
Regression in 08c5a78726.

Thanks Andrii Lahuta for the report.
2023-01-19 10:15:40 +01:00
GianpaoloBranca 8d67e16493
Fixed #33879 -- Improved timesince handling of long intervals. 2023-01-04 11:14:06 +01:00
LightDiscord e20c9eb60a Fixed #27654 -- Propagated alters_data attribute to callables overridden in subclasses.
Thanks Shai Berger and Adam Johnson for reviews and the implementation
idea.
2022-11-04 11:08:58 +01:00
Vlastimil Zíma 08c5a78726
Fixed #34098 -- Fixed loss of precision for Decimal values in floatformat filter.
Regression in 12f7928f5a.
2022-10-24 12:59:34 +02:00
Nick Pope 4d4bf55e0e Fixed #33864 -- Deprecated length_is template filter. 2022-07-23 12:36:21 +02:00
cheng d4c5d2b52c Fixed #33631 -- Marked {% blocktranslate asvar %} result as HTML safe. 2022-07-14 11:09:19 +02:00
Claude Paroz 292f372768 Fixed #33748 -- Fixed date template filter crash with lazy format.
Regression in 659d2421c7.
2022-05-31 06:09:39 +02:00
Aymeric Augustin aff649a3bd Normalized imports of functools.wraps.
@wraps is 10 times more common than @functools.wraps. Standardize to
the most common version.
2022-05-25 10:58:28 +02:00
cheng 0dd2920909 Fixed #33653 -- Fixed template crash when calling methods for built-in types without required arguments.
Regression in 09341856ed.
2022-05-20 07:53:05 +02:00
Manel Clos 62739b6e26 Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes.
Regression in 68357b2ca9.
2022-04-11 07:37:30 +02:00
Mariusz Felisiak 7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot 9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Hrushikesh Vaidya 832adb31f2 Fixed #33473 -- Fixed detecting changes by autoreloader in .py files inside template directories. 2022-02-03 11:22:45 +01:00
Mariusz Felisiak c5cd878382
Refs #33476 -- Refactored problematic code before reformatting by Black.
In these cases Black produces unexpected results, e.g.

def make_random_password(
    self,
    length=10,
    allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):

or

cursor.execute("""
SELECT ...
""",
    [table name],
)
2022-02-03 11:20:46 +01:00
Markus Holtermann 394517f078 Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.
Thanks Keryn Knight for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
2022-02-01 07:40:51 +01:00
Florian Apolloner 761f449e0d Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter.
Thanks to Dennis Brinkrolf for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:03:56 +01:00
Baptiste Mispelon e6e664a711 Fixed #33302 -- Made element_id optional argument for json_script template filter.
Added versionchanged note in documentation
2021-11-22 11:52:19 +01:00