django http://cgit.adnoto.dev/django.git/atom?h=fix-31295 2025-11-12T22:42:24Z 2025-11-12T22:42:24Z Benedict Etzel developer@beheh.de 2025-11-10T12:29:34Z urn:sha1:5401b125abca53200eacb62c8a10e602359b76d4 Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> 2025-07-22T19:29:14Z Claude Paroz claude@2xlibre.net 2024-08-10T14:57:29Z urn:sha1:77d455ae73b177a32102f0b248828b5d63c0aa24 Updated django.contrib.auth's views and admin modules to apply decorators consistently. 2025-01-13T14:51:21Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-01-13T11:01:49Z urn:sha1:23c6effac0c39669e17904165c9762f24b010cc5 2024-05-29T13:48:27Z Jake Howard RealOrangeOne@users.noreply.github.com 2024-05-29T13:48:27Z urn:sha1:ff308a06047cd60806d604a7cf612e5656ee2ac9 This work should not generate any change of functionality, and `urlsplit` is approximately 6x faster. Most use cases of `urlparse` didn't touch the path, so they can be converted to `urlsplit` without any issue. Most of those which do use `.path`, simply parse the URL, mutate the querystring, then put them back together, which is also fine (so long as urlunsplit is used). 2024-05-22T06:51:17Z Hisham Mahmood hishammahmood41@gmail.com 2024-05-05T06:21:28Z urn:sha1:c7fc9f20b49b5889a9a8f47de45165ac443c1a21 Co-authored-by: Adam Johnson <me@adamj.eu> Co-authored-by: Mehmet İnce <mehmet@mehmetince.net> Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> 2023-01-17T10:49:15Z Mariusz Felisiak felisiak.mariusz@gmail.com 2023-01-13T05:03:29Z urn:sha1:9a01311d204ebf23e615a0802cedcc7b6b373826 Per deprecation timeline. 2022-04-20T08:04:29Z Aymeric Augustin aymeric.augustin@m4x.org 2022-04-16T18:27:49Z urn:sha1:5dfa6fca967cd1ba5a0d40013a298b7e52b0822b This also adds a default implementation of get_default_redirect_url(). 2022-04-20T08:04:29Z Aymeric Augustin aymeric.augustin@m4x.org 2022-04-16T18:21:29Z urn:sha1:04bc2564b6e0a1a0f75bb5f015e47c96c86fa0be This preserves the behavior of redirecting to the logout URL without query string parameters when an insecure ?next=... parameter is given. It changes the behavior of a POST to the logout URL, as shown by the test that is changed. Currently, this results in a GET to the logout URL. However, such GET requests are deprecated. This change would be necessary in Django 5.0 anyway. This commit merely anticipates it. 2022-04-20T08:04:29Z Aymeric Augustin aymeric.augustin@m4x.org 2022-04-16T17:36:59Z urn:sha1:5fcd9b8c3383e2ab20c1573b44131105654b99d0 This might change the behavior when self.next_page == "". However, resolve_url(self.next_page) would almost certainly fail in that case. It is technically possible to define a logout URLpattern whose name is "": path('logout/', LogoutView.as_view(), name=''), and then to refer to this pattern with next_page = "". However this feels like a pathological case, so we decided not to handle it. Most checks on next_page, LOGIN_REDIRECT_URL, and LOGOUT_REDIRECT_URL are performed with boolean evaluation rather than comparison with None. That's why we standardizing that way. 2022-04-20T08:04:29Z Aymeric Augustin aymeric.augustin@m4x.org 2022-04-16T16:53:46Z urn:sha1:5b8699e723d9daf373fff46c6859fed2b780a9bd This aligns it with LoginView. Also, it removes confusion with the get_next_page() method of paginators. get_next_page() was a private API, therefore this refactoring is allowed.