| Age | Commit message (Collapse) | Author |
|---|
|
This simplicaftion mitigates a potential DoS in URLField on Windows. The
usage of `urlsplit()` in `URLField.to_python()` was replaced with
`str.partition(":")` for URL scheme detection. On Windows, `urlsplit()`
performs Unicode normalization which is slow for certain characters,
making `URLField` vulnerable to DoS via specially crafted POST payloads.
Thanks Seokchan Yoon for the report, and Jake Howard and Shai Berger
for the review.
Refs #36923.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Backport of 951ffb3832cd83ba672c1e3deae2bda128eb9cca from main.
|
|
True.
There was unresolved discussion regarding whether to set
ClearableFileInput.use_fieldset to True or False when use_fieldset was
introduced in Django 4.1, since the clear checkbox appears only
sometimes. Although using <fieldset> is likely desirable, since the
primary motivation in #35892 was just to improve markup in the admin,
and a deprecation path was not provided for general form usage, future
work is deferred to #36828.
Regression in 4187da258fe212d494cb578a0bc2b52c4979ab95.
Thanks Tim Graham, Antoliny, and David Smith for triage.
|
|
Signed-off-by: SaJH <wogur981208@gmail.com>
|
|
django/forms/models.py.
|
|
|
|
Manually reformatted some comments and docstrings where autofix_w505.py
changed the meaning of the formatting.
|
|
Rewrapped long docstrings and block comments to 79 characters + newline
using script from https://github.com/medmunds/autofix-w505.
|
|
Manually reformatted some long docstrings and comments that would be
damaged by the to-be-applied autofixer script, in cases where editorial
judgment seemed necessary for style or wording changes.
|
|
|
|
InlineForeignKeyField.
Co-authored-by: Simon Charette <charette.s@gmail.com>
|
|
ModelChoiceField/ModelMultipleChoiceField.clean().
Signed-off-by: saJaeHyukc <wogur981208@gmail.com>
|
|
https://github.com/psf/black/releases/tag/25.1.0
|
|
FORMS_URLFIELD_ASSUME_HTTPS per deprecation timeline.
|
|
|
|
renderers.
Thank you Sarah Boyce, Carlton Gibson, Tim Schilling and Adam Johnson
for reviews.
Co-authored-by: Christophe Henry <contact@c-henry.fr>
Co-authored-by: David Smith <smithdc@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Matthias Kestenholz <mk@feinheit.ch>
|
|
Thanks Saravana Kumar for the report, and Sarah Boyce and Mariusz
Felisiak for the reviews.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
is set.
|
|
renderers.
|
|
|
|
|
|
|
|
Applied the ProhibitNullCharactersValidator to ModelChoiceField and ModelMultipleChoiceField.
Co-authored-by: Viktor Paripás <viktor.paripas@gmail.com>
Co-authored-by: Vasyl Dizhak <vasyl@dizhak.com>
Co-authored-by: Arthur Vasconcelos <vasconcelos.arthur@gmail.com>
|
|
unhashable type.
|
|
This work should not generate any change of functionality, and
`urlsplit` is approximately 6x faster.
Most use cases of `urlparse` didn't touch the path, so they can be
converted to `urlsplit` without any issue. Most of those which do use
`.path`, simply parse the URL, mutate the querystring, then put them
back together, which is also fine (so long as urlunsplit is used).
|
|
linkcode ext.
Co-authored-by: David Smith <smithdc@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
Hidden elements are not visible for both accessibility tools and browsers presentation layer. This change therefore only reduces the size of the generated HTML.
|
|
when form is invalid.
|
|
co-authored-by: Keryn Knight <keryn@kerynknight.com>
co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
co-authored-by: David Smith <smithdc@gmail.com>
co-authored-by: Paolo Melchiorre <paolo@melchiorre.org>
|
|
get_attname()/get_attname_column().
|
|
https://github.com/psf/black/releases/tag/24.1.0
|
|
|
|
This allows early adoption of the new default "https".
|
|
Co-authored-by: Parth Verma <parth.verma@gmail.com>
|
|
bf.errors returns an ErrorList. Access this directly and avoid creating
a new instance in BaseForm.get_context()
Calling str() on the ErrorList can also be deferred to when the
variable used in the template.
|
|
help text.
This adds aria-describedby for widgets rendered in a fieldset such as
radios. aria-describedby for these widgets is added to the <fieldset>
element rather than each <input>.
|
|
the field.
`id_for_label` is blank for widgets with multiple inputs such as radios
and multiple checkboxes. Therefore , `help_text` for fields using these
widgets cannot currently be associated using `aria-describedby`.
`id_for_label` is being used as a guard to avoid incorrectly adding
`aria-describedby` to those widgets.
This change uses `auto_id` as the unique identified for the fields
`help_text`. A guard is added to avoid incorrectly adding
`aria-describedby` to inputs by checking the widget's `use_fieldset`
attribute. Fields rendered in a `<fieldset>` should have
`aria-describedby` added to the `<fieldset>` and not every `<input>`.
|
|
proxy models.
Follow up to 0e8be73812a6e62d5a6b12a585d133b56bc2bf52.
|
|
Some third-party applications, e.g. `django-filter`, already define
their own `ChoiceIterator`, so renaming this `BaseChoiceIterator` will
be a better fit and avoid any potential confusion.
See https://github.com/carltongibson/django-filter/pull/1607.
|
|
ChoiceField's choices.
|
|
Co-authored-by: Demetris Stavrou <demestav@gmail.com>
Co-authored-by: David Smith <smithdc@gmail.com>
|
|
Co-authored-by: David Smith <smithdc@gmail.com>
|
|
aria-describedby.
Regression in 966ecdd482167f3f6b08b00f484936c837751cb9.
|
|
|
