summaryrefslogtreecommitdiff
path: root/django/http
AgeCommit message (Collapse)Author
2012-07-30[1.3.x] Fixed a security issue in http redirects. Disclosure and new release ↵Florian Apolloner
forthcoming. Backport of 4129201c3e0fa057c198bdefcb34686a23b4a93c from master.
2012-02-18[1.3.x] Fixed #15496 -- Corrected handling of base64 file upload encoding. ↵Aymeric Augustin
Backport of r16176 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17546 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-11[1.3.X] Fixed #16632 -- Crash on responses without Content-Type with IE. ↵Aymeric Augustin
Backport of r17196. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17198 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-03[1.3.X] Backported the fix for #15852 -- Modified cookie parsing so it can ↵Aymeric Augustin
handle duplicate invalid cookie names. Thanks goes to Fredrik Stålnacke for the report and to vung for the patch. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17168 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10[1.3.X] Added protection against spoofing of X_FORWARDED_HOST headers. A ↵Russell Keith-Magee
security announcement will be made shortly. Backport of r16758 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16761 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-23[1.3.X] Fixed #16201 -- Ensure that requests with Content-Length=0 don't ↵Russell Keith-Magee
break the multipart parser. Thanks to albsen for the report and patch Backport of r16353 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16676 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-28[1.3.X] Fixed #15679 - regression in HttpRequest.POST and raw_post_data access.Luke Plant
Thanks to vkryachko for the report. This also fixes a slight inconsistency with raw_post_data after parsing of a multipart request, and adds a test for that. (Previously accessing raw_post_data would have returned the empty string rather than raising an Exception). Backport of [15938] from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@15939 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-09Removed some dead code, and old/bad constructs from the HttpResponse classes.Alex Gaynor
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15781 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-02Fixed #4992 -- Respect the GET request query string when creating cache ↵Jannis Leidel
keys. Thanks PeterKz and guettli for the initial patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15705 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-13Fixed #13007 -- Made cookie parsing resilent to the presence of cookies with ↵Ramiro Morales
invalid characters in their names. Thanks Warlax for the report, Ubercore for his work on a fix and Jannis and Luke for review and guidance. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15523 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-27Fixed #15046 -- Added "CHROMEFRAME" as a user agent alias for various MSIE ↵Russell Keith-Magee
fixes. Thanks to chrj for the report and patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15340 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-24Rationalised CompatCookie/SimpleCookie into single SimpleCookie class with ↵Luke Plant
all fixes. Since upstream Python has fixed the encoding bug (see http://bugs.python.org/issue9824), we don't want a separate class for this bug fix, or several layers for the different fixes. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15298 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-01Fixed #14809 -- broken login related tests after r14733.Chris Beaven
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14764 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-26Fixed #3304 -- Added support for HTTPOnly cookies. Thanks to arvin for the ↵Russell Keith-Magee
suggestion, and rodolfo for the draft patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@14707 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-02Fixed #14594 -- Corrected r14435, which got the logic completely bass ↵Russell Keith-Magee
ackwards. Thanks to Mark Sundstrom for keeping me honest :-) git-svn-id: http://code.djangoproject.com/svn/django/trunk@14436 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-02Fixed #14594 -- Corrected a problem introduced by r14394 whereby reading ↵Russell Keith-Magee
POST data when running a WSGI server under CherryPy would hang. Thanks to Mark Sundstrom for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@14435 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-29Fixed #9886 -- Added a file-like interface to HttpRequest. Thanks to Ivan ↵Russell Keith-Magee
Sagalaev for the suggestion and patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@14394 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-20Consistent imports for parse_qsl function, avoiding the ↵Luke Plant
`PendingDeprecationWarning` under Python 2.6 and later git-svn-id: http://code.djangoproject.com/svn/django/trunk@14297 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-12Allow setting HttpResponse cookie expiry times with datetime objects.Malcolm Tredinnick
Patch from SmileyChris. Fixed #7770. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-11Improved unicode-type, ASCII-convertible header handling inMalcolm Tredinnick
HttpResponse. Fixed #8765. Thanks to SmileyChris and semenov for working on this one. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13740 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-28Fixed #13572: copies of QueryDicts now have their encoding set correctly.Jacob Kaplan-Moss
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13314 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-02Fixed #11522: Restored ability of http redirect responses to correctly ↵Karen Tracey
handle redirect locations with non-ASCII chars. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12659 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-23Fixed #12470 - django.contrib.messages CookieStorage failing silently in ↵Luke Plant
safari when comma is used in message This issue was fixed by changing the underlying cookie storage mechanism. This will fix other bugs with cookies for Internet Explorer and Safari, but could also cause backwards incompatibilities with existing javascript that may parse cookie values that contain commas or semi-colons, and, very rarely, with existing cookie values. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12282 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-17Fixed #11753 - Q objects with callables no longer explode on Python 2.4. ↵Jacob Kaplan-Moss
Thanks, Jeremy Dunck. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11901 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-12Fixed edge case that breaks the test suite on versions of Python > 2.6.4Brian Rosner
Before http://svn.python.org/view?view=rev&revision=74647 it was possible to pass a SimpleCookie to load, but this no longer works due to a different bug in Python the said revision fixed. My guess is a SimpleCookie was never intended to be passed through load which is perfectly reasonable. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11820 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-08Fixed #10687: fixed request parsing when upload_handlers is empty. Thanks, ↵Jacob Kaplan-Moss
Armin Ronacher. git-svn-id: http://code.djangoproject.com/svn/django/trunk@10723 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-08Fixed a silly function flow bug in [10711].Jacob Kaplan-Moss
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10712 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-08Fixed #10188: prevent newlines in HTTP headers. Thanks, bthomas.Jacob Kaplan-Moss
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10711 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-12Fixed #10267 -- Correctly handle IRIs in HttpResponse.build_absolute_uri().Malcolm Tredinnick
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10539 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31Fixed #10184: QueryDicts with multiple values can now be safely pickled. ↵Jacob Kaplan-Moss
Thanks, Alex Gaynor. git-svn-id: http://code.djangoproject.com/svn/django/trunk@10240 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-30Fixed #8643 -- Corrected docstrings of `MultiPartParser`, thanks KayEss.Gary Wilson Jr
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10213 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-29Fixed #8278: fixed `QueryDict.update(QueryDict)`. Thanks, julien.Jacob Kaplan-Moss
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8705 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-28Fixed an inconsistancy in redirects with `META['SERVER_PORT']` being either ↵Jacob Kaplan-Moss
a string or an int. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8666 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23Fixed #7494 -- Fixed build_absolute_url() for some types of (uncommon) URLs.Malcolm Tredinnick
Patch from tom@almostobsolete.net and RobotAdam. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8490 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-21Fixed #7233 -- Ensured that QueryDict classes are always unpicklable. ThisMalcolm Tredinnick
problem only arose on some systems, since it depends upon the order in which the attributes are pickled. Makes reliable testing kind of tricky. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8460 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-03Fixed #8092, #3828 -- Removed dictionary access for request objects so that ↵Gary Wilson Jr
GET and POST data doesn't "overwrite" request attributes when used in templates (since dictionary lookup is performed before attribute lookup). This is backwards-incompatible if you were using the request object for dictionary access to the combined GET and POST data, but you should use `request.REQUEST` for that instead. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8202 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-22Fixed #7848 -- Removed a bunch of code that wasn't contributing to society. ↵Adrian Holovaty
Thanks, julien git-svn-id: http://code.djangoproject.com/svn/django/trunk@8047 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-21Changed/fixed the way Django handles SCRIPT_NAME and PATH_INFO (orMalcolm Tredinnick
equivalents). Basically, URL resolving will only use the PATH_INFO and the SCRIPT_NAME will be prepended by reverse() automatically. Allows for more portable development and installation. Also exposes SCRIPT_NAME in the HttpRequest instance. There are a number of cases where things don't work completely transparently, so mod_python and fastcgi users should read the relevant docs. Fixed #285, #1516, #3414. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8015 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-19Revert [7991] - [7993]. I was committing from the wrong branch. Sorry 'boutMalcolm Tredinnick
that, folks. :-( git-svn-id: http://code.djangoproject.com/svn/django/trunk@7995 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-19First part of setting request.path correctly.Malcolm Tredinnick
Still needs: - testing - docs changes - some way of fixing reverse(). git-svn-id: http://code.djangoproject.com/svn/django/trunk@7991 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-12Fixed #7635: do a better job checking for infinite loops in multi-part MIME ↵Jacob Kaplan-Moss
parsing. Thanks, Mike Axiak. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7905 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-07Fixed #7651: uploading multiple files with the same name now work. Also, in ↵Jacob Kaplan-Moss
order to test the problem the test client now handles uploading multiple files at once. Patch from Mike Axiak. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7858 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-07Fixed #4148 -- Changed the way attachments are served to IE to avoid someMalcolm Tredinnick
caching and header-related bugs there. Only comes into play when Internet Explorer is the user-agent. Patch from Michael Axiak, with testing from Axis_of_Entropy and Karen Tracey. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7856 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-01Fixed #2070: refactored Django's file upload capabilities.Jacob Kaplan-Moss
A description of the new features can be found in the new [http://www.djangoproject.com/documentation/upload_handing/ upload handling documentation]; the executive summary is that Django will now happily handle uploads of large files without issues. This changes the representation of uploaded files from dictionaries to bona fide objects; see BackwardsIncompatibleChanges for details. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7814 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-20Fixed #6616 -- Added an is_ajax() method to HttpRequest that uses the de factoMalcolm Tredinnick
standard header for detecting an XmlHttpRequest call. Thanks, Daniel Lindsley. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7334 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-17Fixed #6764 -- Added some error checking around cookie decoding. Thanks,Malcolm Tredinnick
Michael Axiak. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7257 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-08A few styling fixes.Gary Wilson Jr
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7205 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-08Fixed #6657 -- Don't set secure attribute on cookie if `secure=False` is ↵Gary Wilson Jr
passed, thanks Gulopine. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7204 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-02-27Removed an unnecessary default argument in one __deepcopy__() method and fixedMalcolm Tredinnick
up the one place that was mistakenly relying on that. Refs #6308. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7167 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-17Fixed #5956 -- Added a better error description for non-ASCII HTTP headers. ↵Malcolm Tredinnick
Patch from jvloothuis. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6927 bcc190cf-cafb-0310-a4f2-bffc1f526a37