Certain email addresses/URLs could trigger a catastrophic backtracking situation, causing 100% CPU and server overload. If deliberately triggered, this could be the basis of a denial-of-service attack.
This security vulnerability was disclosed in public, so we're skipping our
normal security release process to get the fix out as soon as possible.
This is a security related update. A full announcement, as well as backports for the 1.1.X and 1.0.X series will follow.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11603 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This is required to support the use of non-default form widgets such as RadioSelect when the data comes from MySQL, which uses 1/0 to represent booleans.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* The API now more closely matches a proper file API. This unfortunately means a few backwards-incompatible renamings; see BackwardsIncompatibleChanges. This refs #7593.
* While we were at it, renamed chunk() to chunks() to clarify that it's an iterator.
* Temporary uploaded files now property use the tempfile library behind the scenes which should ensure better cleanup of tempfiles (refs #7593 again).
Thanks to Mike Axiak for the bulk of this patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7859 bcc190cf-cafb-0310-a4f2-bffc1f526a37
A description of the new features can be found in the new [http://www.djangoproject.com/documentation/upload_handing/ upload handling documentation]; the executive summary is that Django will now happily handle uploads of large files without issues.
This changes the representation of uploaded files from dictionaries to bona fide objects; see BackwardsIncompatibleChanges for details.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7814 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This has been the documented behaviour for ages, but it wasn't correctly
implemented. A required BooleanField must be True/checked, since False values
aren't submitted. Ideal for things like "terms of service" agreements.
Backwards incompatible (since required=True is the default for all fields).
Unclear who the original patch was from, but Tai Lee and Alex have kept it up
to date recently.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7799 bcc190cf-cafb-0310-a4f2-bffc1f526a37
The previous change was failing Django's "check for well-formed domain name"
validation, rather than failing on the network side. Providing we don't ever
set up www.broken.djangoproject.com as a valid domain name, this change should
let us control our own destiny.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7776 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Jacob Kaplan-Moss
Russell Keith-Magee
Joseph Kocherhans
Karen Tracey
Malcolm Tredinnick
Gary Wilson Jr
Adrian Holovaty