summaryrefslogtreecommitdiff
path: root/django/http
AgeCommit message (Collapse)Author
2013-09-09Fixed #20889 -- Prevented email.Header from inserting newlinesDaniel Boeve
Passed large maxlinelen to email.Header to prevent newlines from being inserted into value returned by _convert_to_charset Thanks mjl at laubach.at for the report.
2013-09-02Replaced "not PY3" by "PY2", new in six 1.4.0.Aymeric Augustin
2013-08-24Fixed #20961 -- Fixed HttpResponse default empty contentClaude Paroz
Thanks epandurski at gmail.com for the report.
2013-07-31Fixed #19987 -- Disabled host validation when DEBUG=True.Will Hardy
The documentation promises that host validation is disabled when DEBUG=True, that all hostnames are accepted. Domains not compliant with RFC 1034/1035 were however being validated, this validation has now been removed when DEBUG=True. Additionally, when DEBUG=False a more detailed SuspiciousOperation exception message is provided when host validation fails because the hostname is not RFC 1034/1035 compliant.
2013-07-30Fixed #10491 -- Allowed passing lazy objects to HttpResponseRedirect.Baptiste Mispelon
Thanks liangent for the report.
2013-07-29Removed most of absolute_import importsClaude Paroz
Should be unneeded with Python 2.7 and up. Added some unicode_literals along the way.
2013-07-11Fixed #13721 -- Added UploadedFile.content_type_extra.Benjamin Kagia
Thanks Waldemar Kornewald and mvschaik for work on the patch.
2013-06-29Removed compatibility code for streaming responses.Aymeric Augustin
This code provided a deprecation path for old-style streaming responses. Refs #6527, #7581.
2013-06-28Removed 'mimetype' arguments from a few places, as per deprecation TL.Ramiro Morales
This includes HttpResponse and co. __init__() methods, django.shortcuts.render_to_response() and the index(), sitemap() sitemap app views.
2013-06-26Fixed missing initializations in WSGIRequest. Refs #20619Loic Bistuer
2013-06-14Fixed #20598 -- Add new HTTP status codes defined in rfc6585CHI Cheng
428, 429, 431 and 511
2013-06-01Fixed #18481 -- Wrapped request.FILES read error in UnreadablePostErrorClaude Paroz
Thanks KyleMac for the report, André Cruz for the initial patch and Hiroki Kiyohara for the tests.
2013-05-25Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.Preston Holmes
SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.
2013-05-21Fixed #20472: response.content should be bytes on both Python 2 and 3Łukasz Langa
2013-05-19Fixed #12747 -- Made reason phrases customizable.Aymeric Augustin
2013-05-17Corrected documentation on the constructor arguments of MultiPartParserEric Urban
2013-05-17Replaced an antiquated pattern.Aymeric Augustin
Thanks Lennart Regebro for pointing it out.
2013-04-03Fixed #20038 -- Better error message for host validation.Baptiste Mispelon
2013-03-19Fixed #18003 -- Preserved tracebacks when re-raising errors.konarkmodi
Thanks jrothenbuhler for draft patch, Konark Modi for updates.
2013-03-10Fixed #20019 -- Ensured HttpRequest.resolver_match always exists.Aymeric Augustin
Obviously it isn't set until the URL is resolved.
2013-02-19Added a new required ALLOWED_HOSTS setting for HTTP host header validation.Carl Meyer
This is a security fix; disclosure and advisory coming shortly.
2013-02-13Fixed #18558 -- Added url property to HttpResponseRedirect*Hiroki Kiyohara
Thanks coolRR for the report.
2013-01-15Kill mx.TextTools with fireMatt Robenolt
2013-01-11Fixed #19585 -- Fixed loading cookie value as a dictClaude Paroz
This regression was introduced by the 'unicode_literals' patch.
2012-12-31Fixed #19519 -- Fired request_finished in the WSGI iterable's close().Aymeric Augustin
2012-12-29Advanced pending deprecation warnings.Aymeric Augustin
Also added stacklevel argument, fixed #18127.
2012-12-29Removed HttpRequest.raw_post_data.Aymeric Augustin
2012-12-10Fixed a security issue in get_host.Florian Apolloner
Full disclosure and new release forthcoming.
2012-11-17Fixed #19036 -- Fixed base64 uploads decodingClaude Paroz
Thanks anthony at adsorbtion.org for the report, and johannesl for bringing the patch up-to-date.
2012-11-03Fixed #18963 -- Used a subclass-friendly patternAymeric Augustin
for Python 2 object model compatibility methods.
2012-11-03Fixed #19101 -- Decoding of non-ASCII POST data on Python 3.Aymeric Augustin
Thanks Claude Paroz.
2012-10-25Fixed #18796 -- Refactored conversion to bytes in HttpResponseAymeric Augustin
Thanks mrmachine for the review.
2012-10-24Fixed #13222 -- Made HttpResponse iterable onceAymeric Augustin
response.content can be accessed many times as desired, and always returns the same result. iter(response) works only once and consumes the iterator.
2012-10-24Fixed #6527 -- Provided repeatable content accessAymeric Augustin
in HttpResponses instantiated with iterators.
2012-10-23Reverted 6a64822bf4632707212314a25a843c862bdb3874.Aymeric Augustin
This commit caused every test that does two or more assertContains to fail, because of #6527. It also made HttpResponse non-pickleable. Refs #13222.
2012-10-22Fixed #13222 -- Repeated iteration of HttpResponseAymeric Augustin
Thanks teepark for the report and grahamd for his insights.
2012-10-21Cleaned up the the http module. Moved all of the code from __init__.py to ↵Alex Gaynor
request.py, response.py and utils.py
2012-10-20Fixed #7581 -- Added streaming responses.Aymeric Augustin
Thanks mrmachine and everyone else involved on this long-standing ticket.
2012-10-20Fixed #5611 -- Restricted accepted content types in parsing POST dataClaude Paroz
Thanks paulegan for the report and Preston Holmes for the review.
2012-10-17Fixed a security issue related to password resetsPreston Holmes
Full disclosure and new release are forthcoming
2012-09-07Fixed #18916 -- Allowed non-ASCII headers.Aymeric Augustin
Thanks Malcolm Tredinnick for the review.
2012-09-07Removed many uses of bare "except:", which were either going to a) silence ↵Alex Gaynor
real issues, or b) were impossible to hit.
2012-08-30Replaced some smart_xxx by force_xxx equivalentClaude Paroz
smart_str/smart_text should only be used when a potential lazy string should be preserved in the result of the function call.
2012-08-29Replaced many smart_bytes by force_bytesClaude Paroz
In all those occurrences, we didn't care about preserving the lazy status of the strings, but we really wanted to obtain a real bytestring.
2012-08-23Fixed #18678 -- HttpResponse init arguments allowed for subclassesClaude Paroz
Thanks hp1337@gmail.com for the report.
2012-08-22Fixed #11340 -- Prevented HttpResponseNotModified to have content/content-typeClaude Paroz
The HTTP 1.1 spec tells that the 304 response MUST NOT contain a message body. Thanks aparajita for the report.
2012-08-22Used the decorator syntax for properties in django.httpClaude Paroz
2012-08-19[py3] Fixed another regression from 2892cb0ec4.Aymeric Augustin
2012-08-19[py3] Fixed regression introduced in 536b030363.Aymeric Augustin
Refs #18764. Reverted 536b030363 and switched to a more explicit way of avoiding calling bytes(<int>). This definitely deserves a refactoring. Specifically, _get_content should just return b''.join(self). Unfortunately that's impossible with the current tests.
2012-08-19[py3] Supported integers in HttpResponseAymeric Augustin
Fixed #18764.