django.git/tests/regressiontests/requests/tests.py, branch 1.4.7

django.git/tests/regressiontests/requests/tests.py, branch 1.4.7 django http://cgit.adnoto.dev/django.git/atom?h=1.4.7 2013-02-19T17:37:54Z [1.4.x] Added ALLOWED_HOSTS setting for HTTP host header validation. 2013-02-19T17:37:54Z Carl Meyer carl@oddbird.net 2013-02-09T18:32:51Z urn:sha1:9936fdb11d0bbf0bd242f259bfb97bbf849d16f8 This is a security fix; disclosure and advisory coming shortly. [1.4.x] Removed try-except in django.db.close_connection() 2013-02-12T22:39:43Z Anssi Kääriäinen akaariai@gmail.com 2013-02-12T21:11:22Z urn:sha1:dec7dd99f095f938bc4306a0260d5b131935ad82 The reason was that the except clause needed to remove a connection from the django.db.connections dict, but other parts of Django do not expect this to happen. In addition the except clause was silently swallowing the exception messages. Refs #19707, special thanks to Carl Meyer for pointing out that this approach should be taken. [1.4.x] Fixed #19707 -- Reset transaction state after requests 2013-02-10T15:34:38Z Anssi Kääriäinen akaariai@gmail.com 2013-02-05T21:52:29Z urn:sha1:9918b3f50212bfb408eebc8f9965beb061baf840 Backpatch of a4e97cf315142e61bb4bc3ed8259b95d8586d09c. [1.4.X] Fixed a security issue in get_host. 2012-12-10T21:14:16Z Florian Apolloner florian@apolloner.eu 2012-11-27T21:26:29Z urn:sha1:319627c184e71ae267d6b7f000e293168c7b6e09 Full disclosure and new release forthcoming. Added missed poisoned host header test changes 2012-10-18T18:18:25Z Preston Holmes preston@ptone.com 2012-10-18T18:18:25Z urn:sha1:773a29295a8811fd018b3b30c6efa9266c5f540a Fixed #17931 -- Accepted aware datetimes to set cookies expiry dates. Thanks jaddison for the report. 2012-03-18T20:58:22Z Aymeric Augustin aymeric.augustin@m4x.org 2012-03-18T20:58:22Z urn:sha1:c8e2f7591d6ea3545aeb32fa4c92cbeb9a622546 git-svn-id: http://code.djangoproject.com/svn/django/trunk@17766 bcc190cf-cafb-0310-a4f2-bffc1f526a37 Fixed #17277 - Wrap IOErrors raised due to client disconnect in a specific IOError subclass so they can be distinguished from more serious errors. Thanks David Lowe. 2012-02-10T22:51:07Z Carl Meyer carl@oddbird.net 2012-02-10T22:51:07Z urn:sha1:0ce6636102d9e1c8c158c0e3eadb5a5db6b06a71 git-svn-id: http://code.djangoproject.com/svn/django/trunk@17493 bcc190cf-cafb-0310-a4f2-bffc1f526a37 Refs #17323 -- Updated a test to use try/finally to avoid state leakage. Thanks dstufft for the patch. 2011-12-16T23:50:34Z Carl Meyer carl@oddbird.net 2011-12-16T23:50:34Z urn:sha1:1b312edbeb469c58d8518cc0ece9cdb6c37f5c7e git-svn-id: http://code.djangoproject.com/svn/django/trunk@17211 bcc190cf-cafb-0310-a4f2-bffc1f526a37 Fixed #17323 -- Renamed HttpRequest.raw_post_data to request.body. Thanks for the patch, dstufft 2011-12-16T23:40:32Z Adrian Holovaty adrian@holovaty.com 2011-12-16T23:40:32Z urn:sha1:3f003a3c4b5338915e3889da8bf10577296459b3 git-svn-id: http://code.djangoproject.com/svn/django/trunk@17210 bcc190cf-cafb-0310-a4f2-bffc1f526a37 Added protection against spoofing of X_FORWARDED_HOST headers. A security announcement will be made shortly. 2011-09-10T00:46:38Z Russell Keith-Magee russell@keith-magee.com 2011-09-10T00:46:38Z urn:sha1:893cea211ae88c6f68a6c2c281890d6f63541286 git-svn-id: http://code.djangoproject.com/svn/django/trunk@16758 bcc190cf-cafb-0310-a4f2-bffc1f526a37