summaryrefslogtreecommitdiff
path: root/django/core/cache/backends/filebased.py
AgeCommit message (Collapse)Author
2026-03-03Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions on file ↵Natalia
system object creation. This fix introduces `safe_makedirs()` in the `os` utils as a safer alternative to `os.makedirs()` that avoids umask-related race conditions in multi-threaded environments. This is a workaround for https://github.com/python/cpython/issues/86533 and the solution is based on the fix being proposed for CPython. Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-authored-by: Zackery Spytz <zspytz@gmail.com> Refs CVE-2020-24583 and #31921. Thanks Tarek Nakkouch for the report, and Jake Howard, Jacob Walls, and Shai Berger for reviews.
2025-03-01Applied Black's 2025 stable style.Mariusz Felisiak
https://github.com/psf/black/releases/tag/25.1.0
2024-10-28Refs #34900 -- Removed usage of deprecated glob.glob1().earthyoung
2023-01-18Fixed #34233 -- Dropped support for Python 3.8 and 3.9.Mariusz Felisiak
2022-12-13Fixed #34209 -- Prevented FileBasedCache.has_key() crash caused by a race ↵Marti Raudsepp
condition.
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2021-10-12Fixed #28401 -- Allowed hashlib.md5() calls to work with FIPS kernels.Ade Lee
md5 is not an approved algorithm in FIPS mode, and trying to instantiate a hashlib.md5() will fail when the system is running in FIPS mode. md5 is allowed when in a non-security context. There is a plan to add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate whether or not the instance is being used in a security context. In the case where it is not, the instantiation of md5 will be allowed. See https://bugs.python.org/issue9216 for more details. Some downstream python versions already support this parameter. To support these versions, a new encapsulation of md5() has been added. This encapsulation will pass through the usedforsecurity parameter in the case where the parameter is supported, and strip it if it is not. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-09-07Fixed #33060 -- Added BaseCache.make_and_validate_key() hook.Nick Pope
This helper function reduces the amount of duplicated code and makes it easier to ensure that we always validate the keys.
2020-09-01Fixed CVE-2020-24584 -- Fixed permission escalation in intermediate-level ↵Mariusz Felisiak
directories of the file system cache on Python 3.7+.
2019-11-14Fixed #30759 -- Made cache.delete() return whether it succeeded.daniel a rios
Thanks Simon Charette for the review.
2019-02-08Simplified FileBasedCache.clear().Jon Dufresne
glob.glob1() ignores missing paths.
2019-01-31Fixed #30147 -- Simplified directory creation with os.makedirs(..., ↵Jon Dufresne
exist_ok=True).
2018-07-09Fixed #29550 -- Eased overriding pickle.dumps() protocol in cache backends ↵Simon Charette
and session serializer.
2018-07-09Refs #27480 -- Moved FileBasedCache content writing logic to a method.Simon Charette
2018-04-27Fixed #27480 -- Added cache.touch().Nicolas Noé
2018-02-02Refs #27795 -- Replaced force_bytes() usage in django.core.cache.Jon Dufresne
2017-09-07Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."Tim Graham
This reverts commit 550cb3a365dee4edfdd1563224d5304de2a57fda because try/except performs better.
2017-09-03Fixed #28500 -- Fixed crash in FileBasedCache._is_expired() if the cache ↵caleb logan
file is empty.
2017-06-28Fixed #27818 -- Replaced try/except/pass with contextlib.suppress().Mads Jensen
2017-02-21Refs #27656 -- Updated django.core docstring verbs according to PEP 257.Anton Samarchyan
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2017-01-25Refs #23919 -- Replaced errno checking with PEP 3151 exceptions.Tim Graham
2017-01-18Refs #23919 -- Replaced io.open() with open().Aymeric Augustin
io.open() is an alias for open() on Python 3.
2017-01-18Refs #23919 -- Removed most of remaining six usageClaude Paroz
Thanks Tim Graham for the review.
2016-06-01Fixed #26694 -- Made FileBasedCache.get() reraise non-ENOENT IOErrors.Jon Dufresne
2016-05-31Fixed #26691 -- Removed checking for a file's existence before deleting.Jon Dufresne
File operations always raise a ENOENT error when a file doesn't exist. Checking the file exists before the operation adds a race condition condition where the file could be removed between operations. As the operation already raises an error on a missing file, avoid this race and avoid checking the file exists twice. Instead only check a file exists by catching the ENOENT error.
2015-11-14Refs #25501 -- Fixed a typo in django/core/cache/backends/filebased.pyJaap Roes
The original intent in refs #20536 was to use the highest protocol. Calling zlib.compress() with a compression level of -1 seems to fall back to the default level of 6.
2015-10-20Fixed #25501 -- Made the file-based cache backend use the highest pickling ↵Andrew Artajos
protocol.
2015-02-06Sorted imports with isort; refs #23860.Tim Graham
2014-10-10Fixed #23625 -- Removed CacheClass shimJaap Roes
2013-11-07Fixed a couple flake8 warnings.Tim Graham
2013-11-07Fixed #20536 -- rewrite of the file based cache backendJaap Roes
* Safer for use in multiprocess environments * Better random culling * Cache files use less disk space * Safer delete behavior Also fixed #15806, fixed #15825.
2013-11-02More attacking E302 violatorsAlex Gaynor
2013-10-24Start attacking E231 violationsAlex Gaynor
2013-10-01Fixed #21147 -- Avoided time.time precision issue with cache backends.Michael Manfre
The precision of time.time() is OS specific and it is possible for the resolution to be low enough to allow reading a cache key previously set with a timeout of 0.
2013-05-18Fixed #9595 -- Allow non-expiring cache timeouts.Jacob Burch
Also, streamline the use of 0 and None between cache backends.
2012-08-29Replaced many smart_bytes by force_bytesClaude Paroz
In all those occurrences, we didn't care about preserving the lazy status of the strings, but we really wanted to obtain a real bytestring.
2012-08-12[py3] Encoded value before feeding it to hashlib.md5Claude Paroz
2012-07-22[py3] Switched to Python 3-compatible imports.Aymeric Augustin
xrange/range will be dealt with in a separate commit due to the huge number of changes.
2012-05-05Made more extensive usage of context managers with open.Claude Paroz
2011-03-28Removed a bunch of Python 2.4 workarounds now that we don't support it. Refs ↵Adrian Holovaty
#15702 -- thanks to jonash for the patch. Splitting this over muliple commits to make it more manageable. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15926 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-21Fixed #11675 -- Added support for the PyLibMC cache library. In order to ↵Russell Keith-Magee
support this, and clean up some other 1.3 caching additions, this patch also includes some changes to the way caches are defined. This means you can now have multiple caches, in the same way you have multiple databases. A huge thanks to Jacob Burch for the work on the PyLibMC backend, and to Jannis for his work on the cache definition changes. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15005 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-19Fixed #13795 -- Added a site-wide cache prefix and cache versioning. Thanks ↵Russell Keith-Magee
to bruth for the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@14623 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-02Fixed #14596 -- Light refactoring of the cache backends.Russell Keith-Magee
* Removes some code duplication, * Provides a convenient base class for db-like cache backends * Adds tests for an edge case of culling, * Marks the memcached tests as "skipped", rather than omitting them. Thanks to Jonas H for the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@14434 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-12Add warning when using cache keys that might not work with memcached.Malcolm Tredinnick
This means testing with local dev caches (not memcache) will warn developers if they are introducing inadvertent importabilities. There is also the ability to silence the warning if a dev is not planning to use memcache and knows what they are doing with their keys. Thanks to Carl Meyer for the patch. Fixed #6447. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13766 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-10Fixed #14250 - FileBasedCacheTests.test_cull test failureLuke Plant
This patch makes the cull behaviour (which files deleted and how many deleted) deterministic. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13705 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-04-16Fixed #13357 -- Minor changes to get Django running under PyPy. Thanks to ↵Russell Keith-Magee
Alex Gaynor for the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12991 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-27Fixed #12671 -- Added set_many(), get_many(), and clear() methods to the ↵Russell Keith-Magee
cache backend interface. Thanks to Jeff Balogh for the report and patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12306 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10Changed a whole bunch of places to raise exception instances instead of ↵Adrian Holovaty
old-style raising exception classes plus a comma. Good for the future Python 3 conversion git-svn-id: http://code.djangoproject.com/svn/django/trunk@12180 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-10Added a return value to the add() method for caches. It's now possible to tellMalcolm Tredinnick
if a call to add() ended up storing something in the cache. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8278 bcc190cf-cafb-0310-a4f2-bffc1f526a37