3483682749
[1.7.x] Fixed #23831 -- Supported strings escaped by third-party libs in Django.
...
Refs #7261 -- Made strings escaped by Django usable in third-party libs.
The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.
Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.
Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.
Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.
Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:
if isinstance(text, SafeData):
return text
else:
return escape(text)
render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.
This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.
Thanks mitsuhiko for the report.
Backport of 6d52f6f
2014-12-27 18:26:20 +01:00
b429a9796a
[1.7.x] Fixed an inconsistency introduced in 547b1810.
...
mark_safe and mark_for_escaping should have been kept similar.
On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
Backport of 5c5eb5fe
2014-12-27 18:17:18 +01:00
1ad5deedd4
[1.7.x] Fixed #23998 -- Added datetime.time support to migrations questioner.
...
Backport of 54085b0f9b
2014-12-22 07:26:57 -05:00
d830665007
[1.7.x] Fixed #23333 -- Made urlsafe_base64_decode() return proper type on Python 3.
...
Backport of 03d89168a2
2014-10-08 14:03:46 -04:00
5736631233
[1.7.x] Fixed test failure on Windows.
...
os.close(fd) is needed to avoid "The process cannot access the file
because it is being used by another process"
Backport of c2ab501bab
2014-07-30 14:33:58 -04:00
d1c08d4758
[1.7.x] Fixed bad usage of rstrip() that caused test failure.
...
If the temporary file name contained a p or y as its last
characters, it would be stripped. refs #23083 .
Backport of 57d2b3f2a7
2014-07-25 15:17:18 -04:00
4f8a5bd8d0
[1.7.x] Fixed #23083 -- Fixed runserver reloading when deleting a file.
...
Thanks Collin Anderson for the report and hirokiky for the fix.
Backport of b8cb5ba708
2014-07-25 13:25:16 -04:00
f2011e21a2
[1.7.x] Fixed #22991 -- Prevented *.pyc files in autoreload monitoring
...
This fixes a regression introduced in 6d302f6394e424084e
2014-07-15 09:59:25 +02:00
0100afb013
[1.7.x] Fixed flake8 errors.
...
Backport of fddd95254e
2014-07-07 19:13:00 -04:00
28962c57f3
[1.7.x] Fixed #22909 -- Removed camelCasing in some tests.
...
Thanks brylie.
Backport of 89b9e6e5d6
2014-07-07 19:10:48 -04:00
1bb8ccdb9e
[1.7.x] Fixed pyinotify performance regression in 15f82c7011
...
Refs #9722 . Thanks Tim Graham for the review.
Backport of 6d302f639
2014-07-06 21:45:09 +02:00
8dcc7810f0
[1.7.x] Fixed #22814 -- Allowed ISO-8601 [+-]hh timezone format in parse_datetime
...
Backport of 7beaeeed
2014-06-25 10:58:23 +02:00
8d6e0d4588
[1.7.x] Fixed #22681 -- Made TarArchive recognize leading directories properly.
...
Backport of 083d285b82
2014-06-03 15:03:32 -04:00
8b87473008
[1.7.x] Fixed several flake8 errors, including one where a test wouldn't be run
...
Backport of b6b873d2ad
2014-05-17 13:31:09 -04:00
62de03ee33
[1.7.x] Optimized make_aware/naive by removing redundant checks. Refs #22625 .
...
Also added tests with pytz and removed misplaced tests.
Backport of 1109ebd
2014-05-16 23:14:13 +02:00
6f8301d6cd
[1.7.x] Fixed #22625 -- Normalized make_aware/naive errors.
...
Also added tests for is/make_aware/naive.
Thanks Tom Michaelis for the report.
Backport of fa89acf
2014-05-16 22:54:21 +02:00
e8a7436941
[1.7.x] Harmonized some PEP 0263 coding preambles
...
Backport of e520a73ee
2014-05-15 20:01:31 +02:00
e7b0cace45
[1.7.x] Added additional checks in is_safe_url to account for flexible parsing.
...
This is a security fix. Disclosure following shortly.
2014-05-14 10:18:27 +02:00
7fef18ba9e
[1.7.x] Dropped fix_IE_for_vary/attach.
...
This is a security fix. Disclosure following shortly.
2014-05-14 10:18:26 +02:00
0f9f8738d5
[1.7.x] Fixed #22338 -- Fixed a test dependent on dictionary key iteration order.
...
Backport of 69a4f383f6
2014-03-30 14:27:05 -04:00
3d74f1f64a
[1.7.x] Fixed a deprecation warning on Python 3.
...
Backport of c19bbefca2
2014-03-27 07:01:04 -04:00
07d4b3c8f2
[1.7.x] Tweaked strip_tags tests to pass on Python 3.3
...
Backport of 6a0291bdaf
2014-03-22 14:44:13 +01:00
80f08dbdbc
[1.7.x] Improved strip_tags and clarified documentation
...
The fact that strip_tags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/
Backport of 6ca6c36f82
2014-03-22 11:01:14 +01:00
61917aa08b
Fixed #21840 -- Moved dunder methods from SimpleLazyObject to LazyObject.
...
This commit also added tests for LazyObject and refactored
the testsuite of SimpleLazyObject so that it can share
test cases with LazyObject.
2014-03-13 10:03:01 +01:00
210d0489c5
Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings
...
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
2014-03-08 09:57:40 +01:00
ac699cdc17
Really hidden warnings in javascript_quote tests
...
Refs #21725 .
2014-03-05 09:00:55 +01:00
775975f15d
Fixed #22130 -- Deprecated fix_ampersands, removed utils.clean_html()
2014-03-01 14:07:57 +01:00
926e18d7d1
Deprecated django.utils.text.javascript_quote.
...
Refs #21725 .
2014-02-22 13:50:12 +01:00
847171b0d0
Fixed test failures when running in a narrow Python build.
2014-02-22 13:50:12 +01:00
1c1dffca75
Fixed #21725 -- Fixed JavaScript quoting encoding.
...
Thanks to nedbatchelder for the report.
2014-02-15 19:39:21 +01:00
5d263dee30
Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string().
...
Thanks Aymeric Augustin for the suggestion and review.
2014-02-08 11:12:19 -05:00
c43c469a2e
Fixed #21731 -- Made javascript_quote escapes '</'.
2014-02-06 04:02:09 -05:00
55d19d370f
Removed import which is now unused
2014-02-05 13:26:56 -08:00
a878bf9b09
Revert "Fixed #20296 -- Allowed SafeData and EscapeData to be lazy"
...
This reverts commit 2ee447fb5f#21882 ) and didn't really
do what it was supposed to: while it did delay the evaluation
of lazy objects passed to mark_safe(), they weren't actually
marked as such so they could end up being escaped twice.
Refs #21882 .
2014-02-05 21:22:40 +01:00
ca95f8e435
Moved sys.path-extending decorator to django.test.utils and used throughout test suite.
...
Thanks Aymeric for the suggestion.
2014-01-25 22:50:40 -07:00
9cc3371a0f
Fixed #21756 -- Skipped two timezone-related tests on Windows.
...
Windows cannot use a time zone other than the default time zone.
Thanks manfre for the report.
2014-01-12 09:41:57 +01:00
e32095616c
Imported override_settings from its new location.
2013-12-23 21:37:56 +01:00
da16bb30ff
Dropped AppCache._empty, _with_app and _without_app.
...
It's now easier to achieve the same effect with modify_settings or
override_settings.
2013-12-23 21:37:56 +01:00
2fef9e5375
Moved apps back in the toplevel django namespace.
...
Reverted 4a56a93cc4
2013-12-22 11:39:55 +01:00
2239081ff1
Expurged INSTALLED_APPS from code and tests.
...
Except the app cache code and a few specific tests, of course.
2013-12-22 11:39:18 +01:00
65cd74be8e
Stopped iterating on INSTALLED_APPS.
...
Used the app cache's get_app_configs() method instead.
2013-12-22 11:39:18 +01:00
6685713869
Fixed E127 pep8 warnings.
2013-12-14 11:59:15 -05:00
2c837233f5
Fixed #21574 -- Handle bytes consistently in utils.text.normalize_newlines.
...
All input is now coerced to text before being normalized.
This changes nothing under Python 2 but it allows bytes
to be passed to the function without a TypeError under Python3
(bytes are assumed to be utf-8 encoded text).
Thanks to trac user vajrasky for the report.
2013-12-12 16:09:12 +01:00
a1a26690b9
Fixed #21572 -- Added unit test for django.utils.text.normalize_newlines.
2013-12-07 16:28:22 +08:00
7169722d5c
Fixed #21505 -- Added unit test for django.utils.text.get_valid_filename.
2013-11-24 11:10:34 +01:00
2397daab4a
Fixed #9523 -- Restart runserver after compiling apps translations
...
Django also uses locales provided by apps, which also might change. Also when
i18n is disabled, there is no need for watching translation files.
2013-11-11 11:43:09 +01:00
c347f78cc1
Fixed all E226 violations
2013-11-03 10:08:55 -08:00
c3791463a5
Fixing E302 Errors
...
Signed-off-by: Jason Myers <jason@jasonamyers.com>
2013-11-02 23:48:47 -05:00
36ded01527
Fixed #21302 -- Fixed unused imports and import *.
2013-11-02 15:24:56 -04:00
c3936c0d79
Fixed #9523 -- Restart runserver after translation MO files change
...
Thanks to Krzysztof Kulewski for the initial patch.
2013-11-02 10:29:07 +01:00
Aymeric Augustin
Oscar Ramirez
Ian Foote
Tim Graham
Claude Paroz
Richard Eames
Alexandr Shurigin
Alex Gaynor
Erik Romijn
Baptiste Mispelon
MattBlack85
Berker Peksag
Vajrasky Kok
Carl Meyer
Loic Bistuer
Bouke Haarsma
Jason Myers