summaryrefslogtreecommitdiff
path: root/django/http/request.py
AgeCommit message (Collapse)Author
2013-06-26Fixed missing initializations in WSGIRequest. Refs #20619Loic Bistuer
2013-06-01Fixed #18481 -- Wrapped request.FILES read error in UnreadablePostErrorClaude Paroz
Thanks KyleMac for the report, André Cruz for the initial patch and Hiroki Kiyohara for the tests.
2013-05-25Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.Preston Holmes
SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.
2013-04-03Fixed #20038 -- Better error message for host validation.Baptiste Mispelon
2013-03-10Fixed #20019 -- Ensured HttpRequest.resolver_match always exists.Aymeric Augustin
Obviously it isn't set until the URL is resolved.
2013-02-19Added a new required ALLOWED_HOSTS setting for HTTP host header validation.Carl Meyer
This is a security fix; disclosure and advisory coming shortly.
2012-12-29Removed HttpRequest.raw_post_data.Aymeric Augustin
2012-12-10Fixed a security issue in get_host.Florian Apolloner
Full disclosure and new release forthcoming.
2012-11-03Fixed #19101 -- Decoding of non-ASCII POST data on Python 3.Aymeric Augustin
Thanks Claude Paroz.
2012-10-21Cleaned up the the http module. Moved all of the code from __init__.py to ↵Alex Gaynor
request.py, response.py and utils.py