summaryrefslogtreecommitdiff
path: root/django/http/request.py
AgeCommit message (Collapse)Author
2014-08-19[1.7.x] Fixed #22996 -- Prevented crash with unencoded query stringClaude Paroz
Thanks Jorge Carleitao for the report and Aymeric Augustin, Tim Graham for the reviews. Backport of fa02120d36 from master.
2014-07-05[1.7.x] Added a space before explanation of "Invalid HTTP_HOST header: ..."Daniel Hahler
Backport of fff7b507ef from master
2014-06-24[1.7.x] Improved documentation for QueryDict.Duncan Parkes
Backport of 7f4e2ef1e9 from master
2014-06-11[1.7.x] Fixed #22680 -- I/O operation on closed file.Florian Apolloner
This patch is two-fold; first it ensure that Django does close everything in request.FILES at the end of the request and secondly the storage system should no longer close any files during save, it's up to the caller to handle that -- or let Django close the files at the end of the request. Backport of e2efc8965edf684aaf48621680ef54b84e116576 from master.
2014-04-26[1.7.x] Fix many many typos in comments throughout the codebaseAlex Gaynor
Backport of 2bcb8bfc8d from master
2014-03-31[1.7.x] Replaced urllib/urlparse imports with from django.utils.six.moves.Tim Graham
Backport of 981b864fbd from master
2013-11-28Fixed E125 pep8 warningsChristopher Medrela
2013-11-16Fixed #21447 -- Restored code erroneously removed in ↵Baptiste Mispelon
20472aa827669d2b83b74e521504e88e18d086a1. Also added some tests for HttpRequest.__repr__. Note that the added tests don't actually catch the accidental code removal (see ticket) but they do cover a codepath that wasn't tested before. Thanks to Tom Christie for the report and the original patch.
2013-11-02Fixed all E261 warningscoagulant
2013-10-24Fixed #20338 -- Stripped ending dot during host validationClaude Paroz
Thanks manfre for the report and Timo Graham for the review.
2013-10-18Fixed #21287 -- Fixed E123 pep8 warningsAlasdair Nicol
2013-10-15Fixed #7603 -- Added a 'scheme' property to the HttpRequest objectUnai Zalakain
`HttpRequest.scheme` is `https` if `settings.SECURE_PROXY_SSL_HEADER` is appropriately set and falls back to `HttpRequest._get_scheme()` (a hook for subclasses to implement) otherwise. `WSGIRequest._get_scheme()` makes use of the `wsgi.url_scheme` WSGI environ variable to determine the request scheme. `HttpRequest.is_secure()` simply checks if `HttpRequest.scheme` is `https`. This provides a way to check the current scheme in templates, for example. It also allows us to deal with other schemes. Thanks nslater for the suggestion.
2013-10-08Fixed #16822 -- Added RawPostDataExceptionTim Graham
Thanks jaylett for the patch.
2013-10-05Fixed #21189: Cleaned up usage of bare except clauses.Baptiste Mispelon
Thanks to berkerpeksag for the report and to claudep for the review.
2013-07-31Fixed #19987 -- Disabled host validation when DEBUG=True.Will Hardy
The documentation promises that host validation is disabled when DEBUG=True, that all hostnames are accepted. Domains not compliant with RFC 1034/1035 were however being validated, this validation has now been removed when DEBUG=True. Additionally, when DEBUG=False a more detailed SuspiciousOperation exception message is provided when host validation fails because the hostname is not RFC 1034/1035 compliant.
2013-07-29Removed most of absolute_import importsClaude Paroz
Should be unneeded with Python 2.7 and up. Added some unicode_literals along the way.
2013-06-26Fixed missing initializations in WSGIRequest. Refs #20619Loic Bistuer
2013-06-01Fixed #18481 -- Wrapped request.FILES read error in UnreadablePostErrorClaude Paroz
Thanks KyleMac for the report, André Cruz for the initial patch and Hiroki Kiyohara for the tests.
2013-05-25Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.Preston Holmes
SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.
2013-04-03Fixed #20038 -- Better error message for host validation.Baptiste Mispelon
2013-03-10Fixed #20019 -- Ensured HttpRequest.resolver_match always exists.Aymeric Augustin
Obviously it isn't set until the URL is resolved.
2013-02-19Added a new required ALLOWED_HOSTS setting for HTTP host header validation.Carl Meyer
This is a security fix; disclosure and advisory coming shortly.
2012-12-29Removed HttpRequest.raw_post_data.Aymeric Augustin
2012-12-10Fixed a security issue in get_host.Florian Apolloner
Full disclosure and new release forthcoming.
2012-11-03Fixed #19101 -- Decoding of non-ASCII POST data on Python 3.Aymeric Augustin
Thanks Claude Paroz.
2012-10-21Cleaned up the the http module. Moved all of the code from __init__.py to ↵Alex Gaynor
request.py, response.py and utils.py