Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/django/utils/http.py
Commit message (Collapse)AuthorAgeFilesLines
* Fixed #24496 -- Added CSRF Referer checking against ↵Matt Robenolt2015-09-161-8/+14
| | | | | | | CSRF_COOKIE_DOMAIN. Thanks Seth Gottlieb for help with the documentation and Carl Meyer and Joshua Kehn for reviews.
* Made is_safe_url() reject URLs that start with control ↵Tim Graham2015-03-191-1/+8
| | | | | | characters. This is a security fix; disclosure to follow shortly.
* Fixed #24321 -- Improved `utils.http.same_origin` ↵Lukas Klein2015-02-121-2/+9
| | | | compliance with RFC6454
* Sorted imports with isort; refs #23860.Tim Graham2015-02-061-4/+4
|
* Fixed is_safe_url() to handle leading whitespace.Tim Graham2015-01-131-0/+1
| | | | This is a security fix. Disclosure following shortly.
* Fixed #23399 -- Optimized django.utils.http.int_to_bas36()Tim Graham2014-09-091-16/+8
| | | | Thanks liminspace for the patch and Keryn Knight for benchmarking.
* Fixed #23333 -- Made urlsafe_base64_decode() return ↵Ian Foote2014-08-231-2/+2
| | | | proper type on Python 3.
* Fixed #22223 -- Prevented over-escaping URLs in reverse()Claude Paroz2014-07-091-0/+3
| | | | | | | And follow more closely the class of characters defined in the RFC 3986. Thanks Erik van Zijst for the report and the initial patch, and Tim Graham for the review.
* typo: urlaprse -> urlparseCollin Anderson2014-05-141-1/+1
|
* Added additional checks in is_safe_url to account for ↵Erik Romijn2014-05-141-0/+12
| | | | | | flexible parsing. This is a security fix. Disclosure following shortly.
* Correct flake8 E302 violationsRay Ashman Jr2013-11-031-0/+17
|
* Correct flake8 violation E261Ray Ashman Jr2013-11-021-1/+1
|
* Fixed up some more flake8 violations (this particular ↵Alex Gaynor2013-10-261-1/+1
| | | | violation still has many occurrences in the tests/ dir so it can't be removed from setup.cfg yet)
* Fixed #21288 -- Fixed E126 pep8 warningsAlasdair Nicol2013-10-211-2/+2
|
* Removed a few trailing backslashes.Aymeric Augustin2013-09-221-2/+2
| | | | We have always been at war with trailing backslashes.
* Took advantage of django.utils.six.moves.urllib.*.Aymeric Augustin2013-09-051-13/+10
|
* Replaced "not PY3" by "PY2", new in six 1.4.0.Aymeric Augustin2013-09-021-2/+2
|
* Fixed is_safe_url() to reject URLs that use a scheme ↵Jacob Kaplan-Moss2013-08-131-3/+4
| | | | | | other than HTTP/S. This is a security fix; disclosure to follow shortly.
* Use `usegmt` flag in formatdateDavid Evans2013-08-071-2/+1
| | | | | | Slightly cleaner and faster than string manipulation. This flag has been available since Python 2.4: http://docs.python.org/2/library/email.util.html#email.utils.formatdate
* Fixed #14881 -- Modified password reset to work with a ↵Tim Graham2013-06-261-1/+20
| | | | | | | | | | non-integer UserModel.pk. uid is now base64 encoded in password reset URLs/views. A backwards compatible password_reset_confirm view/URL will allow password reset links generated before this change to continue to work. This view will be removed in Django 1.7. Thanks jonash for the initial patch and claudep for the review.
* Fix a typo in a comment.Marc Tamlyn2013-05-191-1/+1
|
* Fixed #20411 -- Don't let invalid referers blow up CSRF ↵Florian Apolloner2013-05-181-1/+4
| | | | | | same origin checks. Thanks to edevil for the report and saz for the patch.
* Fixed spelling errorsGavin Wahl2013-03-281-1/+1
|
* Fixed #18003 -- Preserved tracebacks when re-raising errors.konarkmodi2013-03-191-1/+1
| | | | Thanks jrothenbuhler for draft patch, Konark Modi for updates.
* Fixed #18856 -- Ensured that redirects can't be poisoned ↵Florian Apolloner2012-12-101-0/+12
| | | | by malicious users.
* Fixed parse_http_date docstring and moved related testsClaude Paroz2012-09-261-2/+1
| | | | Refs #18675.
* Replaced some smart_xxx by force_xxx equivalentClaude Paroz2012-08-301-7/+7
| | | | | smart_str/smart_text should only be used when a potential lazy string should be preserved in the result of the function call.
* [py3] Fixed conditional_processing testsClaude Paroz2012-08-141-1/+3
|
* [py3] Ported django.utils.encoding.Aymeric Augustin2012-08-071-5/+5
| | | | | | | | | | | * Renamed smart_unicode to smart_text (but kept the old name under Python 2 for backwards compatibility). * Renamed smart_str to smart_bytes. * Re-introduced smart_str as an alias for smart_text under Python 3 and smart_bytes under Python 2 (which is backwards compatible). Thus smart_str always returns a str objects. * Used the new smart_str in a few places where both Python 2 and 3 want a str.
* [py3] Removed uses of sys.maxint under Python 3.Aymeric Augustin2012-08-031-4/+10
| | | | Also fixed #18706: improved exceptions raised by int_to_base36.
* [py3] Updated urllib/urllib2/urlparse imports.Aymeric Augustin2012-07-221-8/+14
| | | | | Lots of functions were moved. Use explicit imports in all cases to keey it easy to identify where the functions come from.
* [py3] Replaced unicode/str by six.text_type/bytes.Aymeric Augustin2012-07-221-4/+5
|
* Fixed #12140 -- Fixed http.urlencode result for empty listsClaude Paroz2012-06-141-1/+1
| | | | Thanks aneil for the report and the initial patch.
* Removed some Python < 2.6 compatibility code. Refs #17965.Aymeric Augustin2012-03-301-17/+6
| | | | git-svn-id: http://code.djangoproject.com/svn/django/trunk@17830 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Use Python's changed comparisons, which makes this a bit ↵Alex Gaynor2012-02-161-1/+1
| | | | | | more readable. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17526 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #17693. Input validation and tests for base36 ↵Paul McMillan2012-02-161-0/+2
| | | | | | conversion utils. Thanks Keryn Knight for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17525 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #5964 -- Added unicode-aware versions of ↵Aymeric Augustin2012-01-291-1/+16
| | | | | | urlunquote and urlunquote_plus. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17407 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Switch to using explicit new-style division behavior, ↵Alex Gaynor2011-09-091-1/+1
| | | | | | rather than relying on teh classic behavior. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16745 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed a bunch of imports of the email stdlib module now ↵Jannis Leidel2011-09-091-1/+1
| | | | | | that we are on Python 2.5 to ease the Python 3 port. Thanks, Martin von Löwis. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16731 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #16155 -- Removed Python 2.4 compatibility ↵Ramiro Morales2011-06-091-2/+2
| | | | | | constructs from code and mentions from docs. Thanks Aymeric Augustin for the report and patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16349 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #9089 -- Correctly handle list values in ↵Jannis Leidel2011-04-221-1/+4
| | | | | | MultiValueDict instances when passed to django.utils.http.urlencode. Thanks, kratorius, guettli and obeattie. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16064 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #15617 - CSRF referer checking too strictLuke Plant2011-03-151-0/+18
| | | | | | Thanks to adam for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15840 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #15543 -- Tweaked change from r15696 to not use ↵Ramiro Morales2011-03-031-1/+4
| | | | | | 'if' syntax introduce in Python 2.5. Thanks to an anonymous reporter for the heads up. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15731 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #717 - If-Modified-Since handling should compare ↵Luke Plant2011-03-011-0/+55
| | | | | | | | | dates according to RFC 2616 Thanks to Maniac for the report, julienb for the initial patch, and especially to aaugustin for the final patch and tests. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15696 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #15067 -- Modified the range checks on ↵Russell Keith-Magee2011-01-241-5/+11
| | | | | | base36_to_int so you are guaranteed to always get an int, avoiding possible OverflowErrors. Thanks to Garthex for the report, jboutros for the patch, and kfrazier for the feedback. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15288 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fix a security issue in the auth system. Disclosure and ↵Alex Gaynor2010-12-231-1/+6
| | | | | | new release forthcoming. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15032 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #13765 - 'safe' parameter for urlencode filterLuke Plant2010-09-141-2/+2
| | | | | | Thanks to KyleMac for the suggestion and SmileyChris for the patch git-svn-id: http://code.djangoproject.com/svn/django/trunk@13849 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #5791 -- Added early-bailout support for views ↵Malcolm Tredinnick2009-03-221-0/+23
| | | | | | | | | | | | | | (ETags and Last-modified). This provides support for views that can have their ETag and/or Last-modified values computed much more quickly than the view itself. Supports all HTTP verbs (not just GET). Documentation and tests need a little more fleshing out (I'm not happy with the documentation at the moment, since it's a bit backwards), but the functionality is correct. git-svn-id: http://code.djangoproject.com/svn/django/trunk@10114 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #7723 - implemented a secure password reset form ↵Luke Plant2008-07-311-0/+29
| | | | | | that uses a token and prompts user for new password. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8162 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #5816 -- Fixed a regression from [6333] that ↵Gary Wilson Jr2007-10-311-0/+28
| | | | | | generates incorrect cookie "expires" dates when using a locale other than English. Introduced `http_date` and `cookie_date` utility functions. Thanks for the report Michael Lemaire. Thanks for the patch Karen Tracey and `SmileyChris`. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6634 bcc190cf-cafb-0310-a4f2-bffc1f526a37