| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
CSRF_COOKIE_DOMAIN.
Thanks Seth Gottlieb for help with the documentation and
Carl Meyer and Joshua Kehn for reviews.
|
|
|
|
|
|
| |
characters.
This is a security fix; disclosure to follow shortly.
|
|
|
|
| |
compliance with RFC6454
|
| |
|
|
|
|
| |
This is a security fix. Disclosure following shortly.
|
|
|
|
| |
Thanks liminspace for the patch and Keryn Knight for benchmarking.
|
|
|
|
| |
proper type on Python 3.
|
|
|
|
|
|
|
| |
And follow more closely the class of characters defined in the
RFC 3986.
Thanks Erik van Zijst for the report and the initial patch, and
Tim Graham for the review.
|
| |
|
|
|
|
|
|
| |
flexible parsing.
This is a security fix. Disclosure following shortly.
|
| |
|
| |
|
|
|
|
| |
violation still has many occurrences in the tests/ dir so it can't be removed from setup.cfg yet)
|
| |
|
|
|
|
| |
We have always been at war with trailing backslashes.
|
| |
|
| |
|
|
|
|
|
|
| |
other than HTTP/S.
This is a security fix; disclosure to follow shortly.
|
|
|
|
|
|
| |
Slightly cleaner and faster than string manipulation.
This flag has been available since Python 2.4:
http://docs.python.org/2/library/email.util.html#email.utils.formatdate
|
|
|
|
|
|
|
|
|
|
| |
non-integer UserModel.pk.
uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.
Thanks jonash for the initial patch and claudep for the review.
|
| |
|
|
|
|
|
|
| |
same origin checks.
Thanks to edevil for the report and saz for the patch.
|
| |
|
|
|
|
| |
Thanks jrothenbuhler for draft patch, Konark Modi for updates.
|
|
|
|
| |
by malicious users.
|
|
|
|
| |
Refs #18675.
|
|
|
|
|
| |
smart_str/smart_text should only be used when a potential lazy
string should be preserved in the result of the function call.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Renamed smart_unicode to smart_text (but kept the old name under
Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
and smart_bytes under Python 2 (which is backwards compatible).
Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
want a str.
|
|
|
|
| |
Also fixed #18706: improved exceptions raised by int_to_base36.
|
|
|
|
|
| |
Lots of functions were moved. Use explicit imports in all cases
to keey it easy to identify where the functions come from.
|
| |
|
|
|
|
| |
Thanks aneil for the report and the initial patch.
|
|
|
|
| |
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17830 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
more readable.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17526 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
conversion utils. Thanks Keryn Knight for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17525 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
urlunquote and urlunquote_plus.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17407 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
rather than relying on teh classic behavior.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16745 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
that we are on Python 2.5 to ease the Python 3 port. Thanks, Martin von Löwis.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16731 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
constructs from code and mentions from docs. Thanks Aymeric Augustin for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16349 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
MultiValueDict instances when passed to django.utils.http.urlencode. Thanks, kratorius, guettli and obeattie.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16064 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
Thanks to adam for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15840 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
'if' syntax introduce in Python 2.5. Thanks to an anonymous reporter for the heads up.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15731 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
|
|
|
| |
dates according to RFC 2616
Thanks to Maniac for the report, julienb for the initial patch, and
especially to aaugustin for the final patch and tests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15696 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
base36_to_int so you are guaranteed to always get an int, avoiding possible OverflowErrors. Thanks to Garthex for the report, jboutros for the patch, and kfrazier for the feedback.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15288 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
new release forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15032 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
Thanks to KyleMac for the suggestion and SmileyChris for the patch
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13849 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(ETags and Last-modified).
This provides support for views that can have their ETag and/or Last-modified
values computed much more quickly than the view itself. Supports all HTTP
verbs (not just GET).
Documentation and tests need a little more fleshing out (I'm not happy with the
documentation at the moment, since it's a bit backwards), but the functionality
is correct.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10114 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
that uses a token and prompts user for new password.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8162 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
generates incorrect cookie "expires" dates when using a locale other than English. Introduced `http_date` and `cookie_date` utility functions. Thanks for the report Michael Lemaire. Thanks for the patch Karen Tracey and `SmileyChris`.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6634 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|