Commit Graph

42 Commits

Author SHA1 Message Date
Berker Peksag 9a30acad8a Fixed #21587 -- Added a warning for changing default of RedirectView.permanent. 2014-11-25 09:22:18 -05:00
Berker Peksag f7969b0920 Fixed #23620 -- Used more specific assertions in the Django test suite. 2014-11-03 11:56:37 -05:00
Jon Dufresne c1ef234e31 Fixed #23522 -- Changed reverse() to return a Unicode string; not bytes 2014-10-07 13:06:39 -04:00
Florian Apolloner 28e765810d Prevented reverse() from generating URLs pointing to other hosts.
This is a security fix. Disclosure following shortly.
2014-08-20 14:39:40 -04:00
Claude Paroz e167e96cfe Fixed #22223 -- Prevented over-escaping URLs in reverse()
And follow more closely the class of characters defined in the
RFC 3986.
Thanks Erik van Zijst for the report and the initial patch, and
Tim Graham for the review.
2014-07-09 09:54:34 +02:00
Anubhav Joshi 7f76251fb7 Refactored common code in handlers/base.py and urlresolvers.py 2014-06-23 15:27:25 -04:00
Tim Graham b341f33697 Added database migration for contrib.auth.
refs #22170.
2014-06-16 16:21:37 -04:00
Tim Graham 4445d36d47 Fixed #22384 -- Deprecated reversing URLs by dotted path. 2014-06-03 07:30:14 -04:00
Alex Gaynor d240b29c08 Fixed a typo that Tim Graham noticed 2014-05-28 17:46:06 -07:00
Alex Gaynor 1dcc603eff Fixed several typos in Django 2014-05-28 17:39:14 -07:00
Kevin Christopher Henry 91afc00513 Fixed #21157 -- Fixed problems with ResolverMatch
- Fixed bug in get_callable() that caused resolve() to put a string
  in ResolverMatch.func.
- Made ResolverMatch.url_name match the actual url name (or None).
- Updated tests that used the string value in ResolverMatch.func, and
  added regression tests for this bug.
- Corrected test urls whose dummy view paths caused failures (behavior
  that was previously masked by this bug).
2014-04-23 20:12:34 -04:00
Tim Graham 8b93b31487 Fixed a remote code execution vulnerabilty in URL reversing.
Thanks Benjamin Bach for the report and initial patch.

This is a security fix; disclosure to follow shortly.
2014-04-21 18:11:26 -04:00
Anubhav Joshi cd914e31c9 Fixed #21977 -- Deprecated SimpleTestCase.urls 2014-04-06 17:33:43 -04:00
Athena 5d568bcfa6 Fixed #7571 -- Fixed parameter matching in include()'d urlpattern
Fixed URL resolving in the case where an outer regex includes an inner
regex and both regexes use positional parameters instead of named
groups, causing the outer regex's parameters to override the inner
regex's.

Modified the regex url resolver so that it will concatenates and then
normalizes, instead of normalizing and then concatenating.
2014-03-05 00:35:03 +01:00
Baptiste Mispelon 173aa51997 Fixed #21435 -- Improved error message when urlconf is empty.
The new error message now hints that the most likely issue
is a circular import.

Thanks to trac user elena for the report and to
bpeschier for the original patch.
2014-02-22 15:36:49 +01:00
Claude Paroz 203f55b5d5 Replaced 'test' by 'sqlall' management command in reverse_lazy test 2014-02-18 13:21:25 +01:00
Claude Paroz 45edb9d235 Fixed #22057 -- Ensured reverse_lazy can be used in settings
And without causing a circular import. Thanks Akis Kesoglou for
the report.
2014-02-18 10:23:30 +01:00
Grzegorz Nosek 0b6f9f7c6f Improved fix for #18373 -- backward compatibility
Commit 79558c78 cleaned up the (undocumented) interface of Resolver404
exception, which breaks compatibility with code messing with .args[0]
directly. Revert the cleanup part and simply leave the fix itself.
2014-02-15 17:51:18 +01:00
Grzegorz Nosek 79558c787e Fixed #18373 - improved handling of Resolver404s from views
When django.core.urlresolvers.resolve was called from a view, failed
and the exception was propagated and rendered by technical_404_response,
the URL mentioned on the page was the current URL instead of the URL
passed to resolve().

Fixed by using the path attribute from the Resolver404 exception instead
of request.path_info. Also cleaned up the exceptions to use standard
named parameters instead of stuffing a dict in args[0]
2014-02-15 15:56:04 +01:00
Aymeric Augustin e32095616c Imported override_settings from its new location. 2013-12-23 21:37:56 +01:00
Alex Gaynor bc742ca110 Flake8 fixes -- including not runnign flake8 over a backported file 2013-11-11 14:05:14 -08:00
Bouke Haarsma 9b7455e918 Fixed #21351 -- Replaced memoize with Python's lru_cache.
Replaced the custom, untested memoize with a similar decorator from Python's
3.2 stdlib. Although some minor performance degradation (see ticket), it is
expected that in the long run lru_cache will outperform memoize once it is
implemented in C.

Thanks to EvilDMP for the report and Baptiste Mispelon for the idea of
replacing memoize with lru_cache.
2013-11-11 08:53:09 +01:00
Jason Myers c3791463a5 Fixing E302 Errors
Signed-off-by: Jason Myers <jason@jasonamyers.com>
2013-11-02 23:48:47 -05:00
Boryslav Larin e737c009b8 Fixed flake8 E241 2013-11-02 21:45:40 +02:00
Tim Graham 36ded01527 Fixed #21302 -- Fixed unused imports and import *. 2013-11-02 15:24:56 -04:00
Alex Gaynor 9d740eb8b1 Fix all violators of E231 2013-10-26 12:15:03 -07:00
Bouke Haarsma 3565efaa45 Removed some direct settings manipulations in tests; refs #21230. 2013-10-21 11:31:05 -04:00
Tim Graham 96d1d4e292 Removed unused local variables in tests. 2013-10-19 08:31:38 -04:00
Tim Graham 1dae4ac177 Whitespace cleanup.
* Removed trailing whitespace.
* Added newline to EOF if missing.
* Removed blank lines at EOF.
* Removed some stray tabs.
2013-10-10 16:49:20 -04:00
Aymeric Augustin a5b062576b Removed a few trailing backslashes.
We have always been at war with trailing backslashes.
2013-09-22 14:04:10 +02:00
Dan Johnson df462cf760 Fixed #21043 -- Made resolve() handle reverse_lazy objects.
Thanks Keryn Knight for the report.
2013-09-06 15:46:43 -04:00
Claude Paroz 5c1143910e Removed most of absolute_import imports
Should be unneeded with Python 2.7 and up.
Added some unicode_literals along the way.
2013-07-29 20:28:13 +02:00
Aymeric Augustin cfcf4b3605 Stopped using django.utils.unittest in the test suite.
Refs #20680.
2013-07-01 14:29:33 +02:00
Wilfred Hughes 8365ed08b8 Fixed #17076 -- When reversing a URL fails, inform the user which patterns were tried. 2013-06-14 10:26:30 +01:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Marc Tamlyn 09f8652765 Use assertIsInstance in tests.
Gives much nicer errors when it fails.
2013-05-21 10:42:15 +01:00
Loic Bistuer 521765f63d Fixed #19541 -- Fixed BaseHandler to enable reversing URLs in response middlewares
and streamed responses with respect to per-request urlconf.
2013-03-25 03:19:19 +07:00
Aymeric Augustin 31b5275235 Fixed #13260 -- Quoted arguments interpolated in URLs in reverse. 2013-03-18 23:58:22 +01:00
Baptiste Mispelon 4fa7f3cdd9 Fix #20022: Correctly handle prefixes with url-unsafe characters in reverse(). 2013-03-13 18:19:29 +01:00
Aymeric Augustin ce76fbfc5a Fixed #20019 -- Ensured HttpRequest.resolver_match always exists.
Obviously it isn't set until the URL is resolved.
2013-03-10 23:28:19 +01:00
Florian Apolloner 33836cf88d Renamed some tests and removed references to modeltests/regressiontests. 2013-02-26 14:36:57 +01:00
Florian Apolloner 89f40e3624 Merged regressiontests and modeltests into the test root. 2013-02-26 14:36:57 +01:00