Tim Graham
|
958a7b4ca6
|
Refs #28965 -- Removed utils.http.cookie_date() per deprecation timeline.
|
2019-01-17 10:52:19 -05:00 |
Jon Dufresne
|
6fe9c45b72
|
Fixed #30024 -- Made urlencode() and Client raise TypeError when None is passed as data.
|
2018-12-27 11:19:55 -05:00 |
Hasan Ramezani
|
6b7f1c2530
|
Increased test coverage of django.utils.http.
|
2018-11-03 11:13:28 -04:00 |
Andreas Hug
|
a656a68127
|
Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.
|
2018-08-01 09:28:42 -04:00 |
Przemysław Suliga
|
d22b90b4ea
|
Fixed #29525 -- Allowed is_safe_url()'s allowed_hosts arg to be a string.
|
2018-06-29 10:17:52 -04:00 |
Jon Dufresne
|
1e81a4b897
|
Fixed #28638 -- Made allowed_hosts a required argument of is_safe_url().
|
2018-01-11 07:03:50 -05:00 |
Tim Graham
|
ab7f4c3306
|
Refs #28965 -- Deprecated unused django.utils.http.cookie_date().
|
2018-01-02 11:23:04 -05:00 |
François Freitag
|
41be85862d
|
Fixed #28679 -- Fixed urlencode()'s handling of bytes.
Regression in fee42fd99e .
Thanks Claude Paroz, Jon Dufresne, and Tim Graham for the guidance.
|
2017-10-12 09:08:33 -04:00 |
François Freitag
|
0e212a705e
|
Split django.utils.http tests into separate test classes.
|
2017-10-10 08:53:01 -04:00 |
Tim Graham
|
96107e2844
|
Refs #26956 -- Removed the host parameter of django.utils.http.is_safe_url().
Per deprecation timeline.
|
2017-09-22 12:51:18 -04:00 |
Mads Jensen
|
41a7876991
|
Added test for too large input to django.utils.http.base36_to_int().
|
2017-09-21 10:21:02 -04:00 |
UmanShahzad
|
856072dd4a
|
Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs.
|
2017-05-10 09:02:20 -04:00 |
Tim Graham
|
5ea48a70af
|
Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.
This is a security fix.
|
2017-04-04 10:42:06 -04:00 |
Claude Paroz
|
c716fe8782
|
Refs #23919 -- Removed six.PY2/PY3 usage
Thanks Tim Graham for the review.
|
2017-01-18 16:21:28 +01:00 |
Claude Paroz
|
d7b9aaa366
|
Refs #23919 -- Removed encoding preambles and future imports
|
2017-01-18 09:55:19 +01:00 |
Tim Graham
|
8119b679eb
|
Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
http://bugs.python.org/issue27364
|
2016-09-17 15:44:06 -04:00 |
Kevin Christopher Henry
|
4ef0e019b7
|
Fixed #27083 -- Added support for weak ETags.
|
2016-09-10 08:14:52 -04:00 |
Jon Dufresne
|
f227b8d15d
|
Refs #26956 -- Allowed is_safe_url() to validate against multiple hosts
|
2016-09-07 19:56:25 -07:00 |
Przemysław Suliga
|
5e5a17028f
|
Fixed #26902 -- Allowed is_safe_url() to require an https URL.
Thanks Andrew Nester, Berker Peksag, and Tim Graham for reviews.
|
2016-08-19 18:51:33 -04:00 |
Tim Graham
|
92053acbb9
|
Fixed E128 flake8 warnings in tests/.
|
2016-04-08 10:12:33 -04:00 |
Claude Paroz
|
552f03869e
|
Added safety to URL decoding in is_safe_url() on Python 2
The errors='replace' parameter to force_text altered the URL before checking
it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef .
|
2016-03-04 23:33:35 +01:00 |
Claude Paroz
|
ada7a4aefb
|
Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()
This fixes a regression introduced by c5544d2892 .
Thanks John Eskew for the reporti and Tim Graham for the review.
|
2016-03-04 21:14:14 +01:00 |
Mark Striemer
|
c5544d2892
|
Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.
This is a security fix.
|
2016-03-01 11:25:28 -05:00 |
Hasan
|
3d0dcd7f5a
|
Refs #26022 -- Used context manager version of assertRaises in tests.
|
2016-01-29 12:32:18 -05:00 |
Denis Cornehl
|
186b6c61bf
|
Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.
Thanks Denis Cornehl for help with the patch.
|
2016-01-05 09:37:11 -05:00 |
Josh Soref
|
93452a70e8
|
Fixed many spelling mistakes in code, comments, and docs.
|
2015-12-03 12:48:24 -05:00 |
Matt Robenolt
|
b0c56b895f
|
Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
|
2015-09-16 12:21:50 -04:00 |
Tim Graham
|
011a54315e
|
Made is_safe_url() reject URLs that start with control characters.
This is a security fix; disclosure to follow shortly.
|
2015-03-18 19:20:07 -04:00 |
Lukas Klein
|
93b3ef9b2e
|
Fixed #24321 -- Improved `utils.http.same_origin` compliance with RFC6454
|
2015-02-12 08:58:35 +01:00 |
Tim Graham
|
0ed7d15563
|
Sorted imports with isort; refs #23860.
|
2015-02-06 08:16:28 -05:00 |
Tim Graham
|
69b5e66738
|
Fixed is_safe_url() to handle leading whitespace.
This is a security fix. Disclosure following shortly.
|
2015-01-13 13:03:06 -05:00 |
Berker Peksag
|
f7969b0920
|
Fixed #23620 -- Used more specific assertions in the Django test suite.
|
2014-11-03 11:56:37 -05:00 |
Loic Bistuer
|
3c6ac0bab8
|
Consolidated some text utils into the utils_tests test package.
|
2014-09-23 19:45:59 +07:00 |
Ian Foote
|
03d89168a2
|
Fixed #23333 -- Made urlsafe_base64_decode() return proper type on Python 3.
|
2014-08-22 20:07:12 -04:00 |
Tim Graham
|
89b9e6e5d6
|
Fixed #22909 -- Removed camelCasing in some tests.
Thanks brylie.
|
2014-07-07 19:08:42 -04:00 |
Erik Romijn
|
255449c1ee
|
Added additional checks in is_safe_url to account for flexible parsing.
This is a security fix. Disclosure following shortly.
|
2014-05-14 10:19:48 +02:00 |
Aymeric Augustin
|
3800f63721
|
Dropped fix_IE_for_vary/attach.
This is a security fix. Disclosure following shortly.
|
2014-05-14 10:19:48 +02:00 |
Larry O'Neill
|
83b9bfea44
|
Fixed #21266 -- Fixed E201,E202 pep8 warnings.
|
2013-10-14 18:12:00 -04:00 |
Aymeric Augustin
|
365c3e8b73
|
Replaced "not PY3" by "PY2", new in six 1.4.0.
|
2013-09-02 12:11:02 +02:00 |
Aymeric Augustin
|
cfcf4b3605
|
Stopped using django.utils.unittest in the test suite.
Refs #20680.
|
2013-07-01 14:29:33 +02:00 |
Preston Timmons
|
612ef3e5c9
|
Modified utils_tests for unittest2 discovery.
|
2013-04-12 15:31:58 -06:00 |