p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
django/docs/ref
History
Shai Berger 42cd8c390d Fixed #33986 -- Hardened binary lookup in template commands. 
Made template commands look up formatters before writing files.
This makes sure files included in the template are not identified
as executable formatter commands, even in case the template is
rendered into the system path (as might easily happen on Windows,
where the current directory is on the system path by default).

While at it, Warned about trusting custom templates for
startapp/startproject.

Thanks Trung Pham of Viettel Cyber Security for reporting the issue,
Django Security Team for discussions, and Adam Johnson and
Carlton Gibson for reviews.
 		2022-09-07 11:08:43 +02:00
..
class-based-views Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
contrib Reverted "Fixed #30711 -- Doc'd django.contrib.postgres.fields.hstore.KeyTransform()." 2022-08-31 22:12:30 +02:00
files Refs #26029 -- Doc'd django.core.files.storage.default_storage. 2022-08-10 12:23:13 +02:00
forms Fixed #33842 -- Used :source: role for links to repo files on GitHub. 2022-08-09 14:44:51 +02:00
models Corrected heading level of "Registering and fetching lookups" section in docs. 2022-09-04 14:32:24 +02:00
templates Fixed #33864 -- Deprecated length_is template filter. 2022-07-23 12:36:21 +02:00
applications.txt Removed hyphen from pre-/re- prefixes. 2022-04-28 10:44:14 +02:00
checks.txt Fixed #33872 -- Deprecated django.contrib.postgres.fields.CIText/CICharField/CIEmailField/CITextField. 2022-08-03 11:42:51 +02:00
clickjacking.txt Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. 2021-05-17 09:46:09 +02:00
csrf.txt Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
databases.txt Refs #30511 -- Updated docs about auto-incrementing primary keys on PostgreSQL. 2022-08-26 21:42:44 +02:00
django-admin.txt Fixed #33986 -- Hardened binary lookup in template commands. 2022-09-07 11:08:43 +02:00
exceptions.txt Refs #32956 -- Capitalized HTTP/HTTPS in comments, docs, and docstrings. 2021-10-20 08:40:19 +02:00
index.txt Refs #32880 -- Moved logging reference to new document. 2021-06-30 07:21:52 +02:00
logging.txt Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
middleware.txt Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
migration-operations.txt Refs #27236 -- Doc'd that AlterIndexTogether is no longer officially supported for Django 4.2+ migration files. 2022-07-26 11:42:54 +02:00
paginator.txt Doc'd a precise exception type in Paginator.page() docs. 2021-10-13 08:46:46 +02:00
request-response.txt Fixed #33683 -- Document HttpResponseBase and allow import from django.http 2022-05-17 09:51:16 +02:00
schema-editor.txt Refs #27064 -- Added RenameIndex migration operation. 2022-05-12 20:44:03 +02:00
settings.txt Fixed #33920 -- Doc'd dependency of LOGGING_CONFIG callback on non-empty LOGGING. 2022-08-24 11:38:43 +02:00
signals.txt Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
template-response.txt Removed hyphen from pre-/re- prefixes. 2022-04-28 10:44:14 +02:00
unicode.txt Updated Oracle docs links to Oracle 21c. 2022-03-29 09:41:57 +02:00
urlresolvers.txt Fixed #16406 -- Added ResolveMatch.captured_kwargs and extra_kwargs. 2022-03-29 10:27:40 +02:00
urls.txt Refs #33365, Refs #30530 -- Doc'd re_path() behavior change in Django 2.2.25, 3.1.14, and 3.2.10. 2021-12-15 18:54:02 +01:00
utils.txt Fixed #33779 -- Allowed customizing encoder class in django.utils.html.json_script(). 2022-06-28 10:54:38 +02:00
validators.txt Fixed #32559 -- Added 'step_size’ to numeric form fields. 2022-05-12 14:16:52 +02:00
views.txt Refs #32394 -- Changed STATIC_URL/MEDIA_URL to relative paths in tests and docs where appropriate. 2021-02-06 13:41:35 +01:00