| Age | Commit message (Collapse) | Author |
|
This regression was caused by 818e59a3f0. The patch is a partial
backport of the new FileResponse class available in later Django
versions.
Thanks Raphaël Hertzog for the report, and Tim Graham and Collin
Anderson for the reviews.
|
|
Thanks Jorge Carleitao for the report and Aymeric Augustin, Tim Graham
for the reviews.
Backport of fa02120d36 from master.
|
|
Backport of fff7b507ef from master
|
|
Backport of 7f4e2ef1e9 from master
|
|
Backport of 97adfc2bf8 from master
|
|
This patch is two-fold; first it ensure that Django does close everything in
request.FILES at the end of the request and secondly the storage system should
no longer close any files during save, it's up to the caller to handle that --
or let Django close the files at the end of the request.
Backport of e2efc8965edf684aaf48621680ef54b84e116576 from master.
|
|
Backport of 8a9d54aa69 from master
|
|
This is a security fix. Disclosure following shortly.
|
|
Backport of 2bcb8bfc8d from master
|
|
Backport of 981b864fbd from master
|
|
Thanks Piotr Kasprzyk for help with the patch.
|
|
encoded responses.
Thanks leahculver for the suggestion and Erik Romijn,
Simon Charette, and Marc Tamlyn for the reviews.
|
|
|
|
|
|
|
|
Fixed #20187 -- Allowed repeated iteration of HttpResponse.
All this became possible when support for old-style streaming responses was
finally removed.
|
|
20472aa827669d2b83b74e521504e88e18d086a1.
Also added some tests for HttpRequest.__repr__.
Note that the added tests don't actually catch the accidental code
removal (see ticket) but they do cover a codepath that wasn't tested
before.
Thanks to Tom Christie for the report and the original patch.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
many occurrences in the tests/ dir so it can't be removed from setup.cfg yet)
|
|
Thanks manfre for the report and Timo Graham for the review.
|
|
|
|
|
|
Thanks Raphaël Barrois for the report and the initial patch and
Aymeric Augustin for the review.
|
|
`HttpRequest.scheme` is `https` if `settings.SECURE_PROXY_SSL_HEADER` is
appropriately set and falls back to `HttpRequest._get_scheme()` (a hook
for subclasses to implement) otherwise.
`WSGIRequest._get_scheme()` makes use of the `wsgi.url_scheme` WSGI
environ variable to determine the request scheme.
`HttpRequest.is_secure()` simply checks if `HttpRequest.scheme` is
`https`.
This provides a way to check the current scheme in templates, for example.
It also allows us to deal with other schemes.
Thanks nslater for the suggestion.
|
|
Thanks jaylett for the patch.
|
|
Thanks to berkerpeksag for the report and to claudep
for the review.
|
|
Thanks Stefano Crosta for the report.
|
|
Passed large maxlinelen to email.Header to prevent newlines from being
inserted into value returned by _convert_to_charset
Thanks mjl at laubach.at for the report.
|
|
|
|
Thanks epandurski at gmail.com for the report.
|
|
The documentation promises that host validation is disabled when
DEBUG=True, that all hostnames are accepted. Domains not compliant with
RFC 1034/1035 were however being validated, this validation has now been
removed when DEBUG=True.
Additionally, when DEBUG=False a more detailed SuspiciousOperation
exception message is provided when host validation fails because the
hostname is not RFC 1034/1035 compliant.
|
|
Thanks liangent for the report.
|
|
Should be unneeded with Python 2.7 and up.
Added some unicode_literals along the way.
|
|
Thanks Waldemar Kornewald and mvschaik for work on the patch.
|
|
This code provided a deprecation path for old-style streaming responses.
Refs #6527, #7581.
|
|
This includes HttpResponse and co. __init__() methods,
django.shortcuts.render_to_response() and the index(), sitemap() sitemap
app views.
|
|
|
|
428, 429, 431 and 511
|
|
Thanks KyleMac for the report, André Cruz for the initial patch and
Hiroki Kiyohara for the tests.
|
|
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.
Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
|
|
|
|
|
|
|
|
Thanks Lennart Regebro for pointing it out.
|