Commit Graph

198 Commits

Author SHA1 Message Date
Aymeric Augustin 6d52f6f8e6 Fixed #23831 -- Supported strings escaped by third-party libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Aymeric Augustin 5c5eb5fea4 Fixed an inconsistency introduced in 547b1810.
mark_safe and mark_for_escaping should have been kept similar.

On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
2014-12-27 17:44:54 +01:00
Gavin Wahl b4e76f30d1 Fixed #23346 -- Fixed lazy() to lookup methods on the real object, not resultclasses.
Co-Authored-By: Rocky Meza <rmeza@fusionbox.com>
2014-12-26 11:30:34 -05:00
Oscar Ramirez 54085b0f9b Fixed #23998 -- Added datetime.time support to migrations questioner. 2014-12-22 07:24:54 -05:00
Marc Tamlyn 57554442fe Fixed #2443 -- Added DurationField.
A field for storing periods of time - modeled in Python by timedelta. It
is stored in the native interval data type on PostgreSQL and as a bigint
of microseconds on other backends.

Also includes significant changes to the internals of time related maths
in expressions, including the removal of DateModifierNode.

Thanks to Tim and Josh in particular for reviews.
2014-12-20 18:28:29 +00:00
Michael Hall 895dc880eb Fixed #23812 -- Changed django.utils.six.moves.xrange imports to range 2014-12-13 12:45:58 -05:00
Diego Guimarães 9f427617e4 Refs #23947 -- Worked around a bug in Python that prevents deprecation warnings from appearing in tests. 2014-12-06 14:46:01 -05:00
Berker Peksag 560b4207b1 Removed redundant numbered parameters from str.format().
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Eric Rouleau 9d1a69579b Fixed #23935 -- Converted decimals to fixed point in utils.numberformat.format 2014-12-03 07:49:06 -05:00
Aymeric Augustin b8ba73cd0c Raised SuspiciousFileOperation in safe_join.
Added a test for the condition safe_join is designed to prevent.

Previously, a generic ValueError was raised. It was impossible to tell
an intentional exception raised to implement safe_join's contract from
an unintentional exception caused by incorrect inputs or unexpected
conditions. That resulted in bizarre exception catching patterns, which
this patch removes.

Since safe_join is a private API and since the change is unlikely to
create security issues for users who use it anyway -- at worst, an
uncaught SuspiciousFileOperation exception will bubble up -- it isn't
documented.
2014-11-11 19:05:14 +01:00
Thomas Chaumeny d89f56dc4d Fixed #21281 -- Made override_settings act at class level when used as a TestCase decorator. 2014-11-03 14:14:39 -05:00
Berker Peksag f7969b0920 Fixed #23620 -- Used more specific assertions in the Django test suite. 2014-11-03 11:56:37 -05:00
Unai Zalakain c548c8d0d1 Fixed #18456 -- Added path escaping to HttpRequest.get_full_path(). 2014-11-03 07:59:19 -05:00
Markus Holtermann 98da408964 Fixed #23670 -- Prevented partial import state during module autodiscovery
Thanks kostko for the report.
2014-10-31 08:01:47 -04:00
John-Scott Atlakson dbf7a3df45 Fixed #23688 -- Updated cached_property to preserve docstring of original function 2014-10-20 17:59:07 -04:00
Jon Dufresne 54e695331b Fixed #20221 -- Allowed some functions that use mark_safe() to result in SafeText.
Thanks Baptiste Mispelon for the report.
2014-10-20 17:08:29 -04:00
Thomas Chaumeny b962653060 Fixed #23664 -- Provided a consistent definition for OrderedSet.__bool__
This also defines QuerySet.__bool__ for consistency though this should not have any consequence as bool(qs) used to fallback on QuerySet.__len__ in Py3.
2014-10-16 14:16:24 +02:00
Anubhav Joshi 10b17a22be Fixed #19508 -- Implemented uri_to_iri as per RFC.
Thanks Loic Bistuer for helping in shaping the patch and Claude Paroz
for the review.
2014-10-16 02:31:17 +07:00
Florian Apolloner 3af5af1a61 Fixed remaining test failure in jslex tests. 2014-10-15 17:36:19 +02:00
Florian Apolloner 2ccbaba1f2 Added unicode_literals to the jslexer.
This ensure that ''.join(c) in jslex.py always returns text.
2014-10-15 15:09:35 +02:00
Jaap Roes 115c307184 Fixed #23613 -- Deprecated django.utils.checksums 2014-10-10 09:22:20 -04:00
Thomas Chaumeny b2aad7b836 Replaced set([foo, ...]) by {foo, ...} literals. Refs PR 3282.
Thanks Collin Anderson for the review.
2014-09-29 00:01:38 +07:00
Loic Bistuer 3c6ac0bab8 Consolidated some text utils into the utils_tests test package. 2014-09-23 19:45:59 +07:00
Claude Paroz b9d9287f59 Fixed urlize after smart_urlquote rewrite
Refs #22267.
2014-09-09 21:59:35 +02:00
Claude Paroz 4b8a1d2c0d Fixed #22267 -- Fixed unquote/quote in smart_urlquote
Thanks Md. Enzam Hossain for the report and initial patch, and
Tim Graham for the review.
2014-09-09 21:58:07 +02:00
Thomas Chaumeny 032c091659 Fixed #23388 -- Made django.utils.timezone.override usable as a decorator 2014-08-31 09:03:53 +02:00
Ian Foote 03d89168a2 Fixed #23333 -- Made urlsafe_base64_decode() return proper type on Python 3. 2014-08-22 20:07:12 -04:00
Tim Graham e122facbd8 Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter.
Also the unused, undocumented django.utils.html.strip_entities() function.
2014-08-15 08:20:02 -04:00
Tim Graham c2ab501bab Fixed test failure on Windows.
os.close(fd) is needed to avoid "The process cannot access the file
because it is being used by another process"
2014-07-30 14:31:59 -04:00
Tim Graham 57d2b3f2a7 Fixed bad usage of rstrip() that caused test failure.
If the temporary file name contained a p or y as its last
characters, it would be stripped. refs #23083.
2014-07-25 15:16:47 -04:00
Tim Graham b8cb5ba708 Fixed #23083 -- Fixed runserver reloading when deleting a file.
Thanks Collin Anderson for the report and hirokiky for the fix.
2014-07-25 13:23:52 -04:00
Claude Paroz 4e424084e6 Fixed #22991 -- Prevented *.pyc files in autoreload monitoring
This fixes a regression introduced in 6d302f639.
Thanks lorinkoz at gmail.com for the report, Collin Anderson
for the initial patch and Simon Charette for the review.
2014-07-15 09:57:54 +02:00
Tim Graham 38e001ab6c Fixed #22789 -- Deprecated django.contrib.webdesign.
Moved the {% lorem %} tag to built-in tags.
2014-07-14 08:45:19 -04:00
Tim Graham fddd95254e Fixed flake8 errors. 2014-07-07 19:12:39 -04:00
Tim Graham 89b9e6e5d6 Fixed #22909 -- Removed camelCasing in some tests.
Thanks brylie.
2014-07-07 19:08:42 -04:00
Claude Paroz 6d302f6396 Fixed pyinotify performance regression in 15f82c7011
Refs #9722. Thanks Tim Graham for the review.
2014-07-06 21:41:02 +02:00
Curtis 71461b14ab Fixed #22691 -- Added aliasing to cached_property. 2014-07-01 06:32:53 -04:00
Richard Eames 7beaeeed2b Fixed #22814 -- Allowed ISO-8601 [+-]hh timezone format in parse_datetime 2014-06-12 10:58:50 -06:00
Alexandr Shurigin 083d285b82 Fixed #22681 -- Made TarArchive recognize leading directories properly. 2014-06-03 12:00:33 -04:00
Tim Graham 5abc811a40 Revert "Fixed #20477: Allowed settings.FORMAT_MODULE_PATH to be a list of modules."
This reverts commit 950b6de16a.
2014-05-19 08:22:46 -04:00
Martin Brochhaus 950b6de16a Fixed #20477: Allowed settings.FORMAT_MODULE_PATH to be a list of modules.
Previously the FORMAT_MODULE_PATH setting only accepted one string (dotted
module path).

This is useful when using several reusable third party apps that define new
formats. We can now use them all and we can even override some of the formats
by providing a project-wide format module.
2014-05-19 07:59:13 -04:00
Alex Gaynor b6b873d2ad Fixed several flake8 errors, including one where a test wouldn't be run 2014-05-17 09:54:34 -07:00
Aymeric Augustin 1109ebd7b3 Optimized make_aware/naive by removing redundant checks. Refs #22625.
Also added tests with pytz and removed misplaced tests.
2014-05-16 23:12:59 +02:00
Aymeric Augustin fa89acf1d0 Fixed #22625 -- Normalized make_aware/naive errors.
Also added tests for is/make_aware/naive.

Thanks Tom Michaelis for the report.
2014-05-16 22:52:10 +02:00
Moayad Mardini 393ddc10a7 Fixed #22531 -- Added tree.Node.__repr__ and tests for the class.
While Node class has a useful `__str__`, its `__repr__` is not that
useful. Added a `__repr__` that makes use of the current `__str__`.
This is especially useful since the more popular `Q` class inherits
`tree.Node`. Also created new tests that cover most of `Node` class
functionality.
2014-05-16 09:30:25 -04:00
Claude Paroz e520a73eee Harmonized some PEP 0263 coding preambles 2014-05-15 19:58:41 +02:00
Erik Romijn 255449c1ee Added additional checks in is_safe_url to account for flexible parsing.
This is a security fix. Disclosure following shortly.
2014-05-14 10:19:48 +02:00
Aymeric Augustin 3800f63721 Dropped fix_IE_for_vary/attach.
This is a security fix. Disclosure following shortly.
2014-05-14 10:19:48 +02:00
chriscauley 66ec9ee441 Fixed #22378 -- Updated \d to [0-9]+ in urlpatterns of docs and tests.
Thanks tomwys for the suggestion.
2014-04-16 20:36:29 -04:00
Tim Graham 69a4f383f6 Fixed #22338 -- Fixed a test dependent on dictionary key iteration order. 2014-03-30 14:25:06 -04:00
Tim Graham c19bbefca2 Fixed a deprecation warning on Python 3. 2014-03-27 06:59:54 -04:00
Aymeric Augustin 232181d1c5 Advanced deprecation warnings for 1.8. 2014-03-22 21:12:58 +01:00
Claude Paroz 6a0291bdaf Tweaked strip_tags tests to pass on Python 3.3 2014-03-22 14:43:11 +01:00
Claude Paroz 6ca6c36f82 Improved strip_tags and clarified documentation
The fact that strip_tags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/
2014-03-22 10:59:18 +01:00
Tim Graham 8b81dee60c Removed fix_ampersands template filter per deprecation timeline.
Also removed related utility functions:
* django.utils.html.fix_ampersands
* django.utils.html.clean_html
2014-03-21 08:50:43 -04:00
Baptiste Mispelon 61917aa08b Fixed #21840 -- Moved dunder methods from SimpleLazyObject to LazyObject.
This commit also added tests for LazyObject and refactored
the testsuite of SimpleLazyObject so that it can share
test cases with LazyObject.
2014-03-13 10:03:01 +01:00
Claude Paroz 210d0489c5 Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
2014-03-08 09:57:40 +01:00
Claude Paroz ac699cdc17 Really hidden warnings in javascript_quote tests
Refs #21725.
2014-03-05 09:00:55 +01:00
Erik Romijn 775975f15d Fixed #22130 -- Deprecated fix_ampersands, removed utils.clean_html() 2014-03-01 14:07:57 +01:00
Baptiste Mispelon 926e18d7d1 Deprecated django.utils.text.javascript_quote.
Refs #21725.
2014-02-22 13:50:12 +01:00
Baptiste Mispelon 847171b0d0 Fixed test failures when running in a narrow Python build. 2014-02-22 13:50:12 +01:00
MattBlack85 1c1dffca75 Fixed #21725 -- Fixed JavaScript quoting encoding.
Thanks to nedbatchelder for the report.
2014-02-15 19:39:21 +01:00
Berker Peksag 5d263dee30 Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string().
Thanks Aymeric Augustin for the suggestion and review.
2014-02-08 11:12:19 -05:00
Vajrasky Kok c43c469a2e Fixed #21731 -- Made javascript_quote escapes '</'. 2014-02-06 04:02:09 -05:00
Alex Gaynor 55d19d370f Removed import which is now unused 2014-02-05 13:26:56 -08:00
Baptiste Mispelon a878bf9b09 Revert "Fixed #20296 -- Allowed SafeData and EscapeData to be lazy"
This reverts commit 2ee447fb5f.

That commit introduced a regression (#21882) and didn't really
do what it was supposed to: while it did delay the evaluation
of lazy objects passed to mark_safe(), they weren't actually
marked as such so they could end up being escaped twice.

Refs #21882.
2014-02-05 21:22:40 +01:00
Carl Meyer ca95f8e435 Moved sys.path-extending decorator to django.test.utils and used throughout test suite.
Thanks Aymeric for the suggestion.
2014-01-25 22:50:40 -07:00
Aymeric Augustin 9cc3371a0f Fixed #21756 -- Skipped two timezone-related tests on Windows.
Windows cannot use a time zone other than the default time zone.

Thanks manfre for the report.
2014-01-12 09:41:57 +01:00
Aymeric Augustin e32095616c Imported override_settings from its new location. 2013-12-23 21:37:56 +01:00
Aymeric Augustin da16bb30ff Dropped AppCache._empty, _with_app and _without_app.
It's now easier to achieve the same effect with modify_settings or
override_settings.
2013-12-23 21:37:56 +01:00
Aymeric Augustin 2fef9e5375 Moved apps back in the toplevel django namespace.
Reverted 4a56a93cc4.
2013-12-22 11:39:55 +01:00
Aymeric Augustin 2239081ff1 Expurged INSTALLED_APPS from code and tests.
Except the app cache code and a few specific tests, of course.
2013-12-22 11:39:18 +01:00
Aymeric Augustin 65cd74be8e Stopped iterating on INSTALLED_APPS.
Used the app cache's get_app_configs() method instead.
2013-12-22 11:39:18 +01:00
Loic Bistuer 6685713869 Fixed E127 pep8 warnings. 2013-12-14 11:59:15 -05:00
Baptiste Mispelon 2c837233f5 Fixed #21574 -- Handle bytes consistently in utils.text.normalize_newlines.
All input is now coerced to text before being normalized.
This changes nothing under Python 2 but it allows bytes
to be passed to the function without a TypeError under Python3
(bytes are assumed to be utf-8 encoded text).

Thanks to trac user vajrasky for the report.
2013-12-12 16:09:12 +01:00
Vajrasky Kok a1a26690b9 Fixed #21572 -- Added unit test for django.utils.text.normalize_newlines. 2013-12-07 16:28:22 +08:00
Vajrasky Kok 7169722d5c Fixed #21505 -- Added unit test for django.utils.text.get_valid_filename. 2013-11-24 11:10:34 +01:00
Bouke Haarsma 2397daab4a Fixed #9523 -- Restart runserver after compiling apps translations
Django also uses locales provided by apps, which also might change. Also when
i18n is disabled, there is no need for watching translation files.
2013-11-11 11:43:09 +01:00
Alex Gaynor c347f78cc1 Fixed all E226 violations 2013-11-03 10:08:55 -08:00
Jason Myers c3791463a5 Fixing E302 Errors
Signed-off-by: Jason Myers <jason@jasonamyers.com>
2013-11-02 23:48:47 -05:00
Tim Graham 36ded01527 Fixed #21302 -- Fixed unused imports and import *. 2013-11-02 15:24:56 -04:00
Bouke Haarsma c3936c0d79 Fixed #9523 -- Restart runserver after translation MO files change
Thanks to Krzysztof Kulewski for the initial patch.
2013-11-02 10:29:07 +01:00
Alex Gaynor 9d740eb8b1 Fix all violators of E231 2013-10-26 12:15:03 -07:00
Alasdair Nicol c3aa2948c6 Fixed #21298 -- Fixed E301 pep8 warnings 2013-10-23 13:45:03 +01:00
Alasdair Nicol b289fcf1bf Fixed #21288 -- Fixed E126 pep8 warnings 2013-10-21 08:31:30 -04:00
Tim Graham 96d1d4e292 Removed unused local variables in tests. 2013-10-19 08:31:38 -04:00
Alasdair Nicol a800036981 Fixed #21287 -- Fixed E123 pep8 warnings 2013-10-18 10:07:39 +01:00
Bouke Haarsma 2fb5a51fa3 Fixed #18659 -- Deprecated request.REQUEST and MergeDict
Thanks Aymeric Augustin for the suggestion.
2013-10-17 09:42:28 -04:00
Alex Gaynor 694d7da6c5 Merge pull request #1744 from unaizalakain/ticket_7261
Fixed #7261 -- support for __html__ for library interoperability
2013-10-15 14:43:35 -07:00
Unai Zalakain af64429b99 Fixed #7261 -- support for __html__ for library interoperability
The idea is that if an object implements __html__ which returns a string this is
used as HTML representation (eg: on escaping). If the object is a str or unicode
subclass and returns itself the object is a safe string type.

This is an updated patch based on jbalogh and ivank patches.
2013-10-15 00:42:42 +02:00
Larry O'Neill 83b9bfea44 Fixed #21266 -- Fixed E201,E202 pep8 warnings. 2013-10-14 18:12:00 -04:00
Aymeric Augustin 589dc49e12 Fixed #21198 -- Prevented invalid use of @python_2_unicode_compatible.
Thanks jpic for the report and chmodas for working on a patch.

Reverts 2ea80b94. Refs #19362.
2013-10-13 18:14:04 +02:00
Tim Graham 1dae4ac177 Whitespace cleanup.
* Removed trailing whitespace.
* Added newline to EOF if missing.
* Removed blank lines at EOF.
* Removed some stray tabs.
2013-10-10 16:49:20 -04:00
Jaap Roes 40b95a24ae Fixed #20568 -- truncatewords_html no longer splits words containing HTML entities.
Thanks yann0 at hotmail.com for the report.
2013-10-08 08:24:58 -04:00
Aymeric Augustin 671757b507 Fixed #21161 -- Timezone-related tests on Windows.
Thanks Xelnor for the patch.
2013-10-05 18:50:20 +02:00
Baptiste Mispelon 3754f4ad41 Fix #21185: Added tests for unescape_entities.
Also fixed a py3 incompatibility.
Thanks to brutasse for the report.
2013-09-27 17:00:42 +02:00
Tim Graham 4f40b97d97 Fixed #21118 -- Isolated a test that uses the database.
Thanks rmboggs for the report.
2013-09-18 09:42:47 -04:00
Tim Graham 893198509e Fixed #15625 -- Made message in MultiValueDictKeyError less verbose.
Thanks margieroginski for the suggestion.
2013-09-18 06:44:38 -04:00
Juan Catalano 6feb75129f Fixed #21060 -- Refactored admin's autodiscover method to make it reusable.
We want to be able to use it for instance for discovering `tasks.py` modules
inside the INSTALLED_APPS.

This commit therefore moves the logic to `autodiscover_modules` method in
django.utils.module_loading.
2013-09-13 20:09:41 -04:00
Aymeric Augustin 79ccd1a101 Fixed test that fails when pytz is installed.
pytz' localize() method is the bane of my life.
2013-09-10 18:07:29 +02:00