| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-09-09 | Fixed #20889 -- Prevented email.Header from inserting newlines | Daniel Boeve | |
| Passed large maxlinelen to email.Header to prevent newlines from being inserted into value returned by _convert_to_charset Thanks mjl at laubach.at for the report. | |||
| 2013-09-02 | Replaced "not PY3" by "PY2", new in six 1.4.0. | Aymeric Augustin | |
| 2013-08-24 | Fixed #20961 -- Fixed HttpResponse default empty content | Claude Paroz | |
| Thanks epandurski at gmail.com for the report. | |||
| 2013-07-31 | Fixed #19987 -- Disabled host validation when DEBUG=True. | Will Hardy | |
| The documentation promises that host validation is disabled when DEBUG=True, that all hostnames are accepted. Domains not compliant with RFC 1034/1035 were however being validated, this validation has now been removed when DEBUG=True. Additionally, when DEBUG=False a more detailed SuspiciousOperation exception message is provided when host validation fails because the hostname is not RFC 1034/1035 compliant. | |||
| 2013-07-30 | Fixed #10491 -- Allowed passing lazy objects to HttpResponseRedirect. | Baptiste Mispelon | |
| Thanks liangent for the report. | |||
| 2013-07-29 | Removed most of absolute_import imports | Claude Paroz | |
| Should be unneeded with Python 2.7 and up. Added some unicode_literals along the way. | |||
| 2013-07-11 | Fixed #13721 -- Added UploadedFile.content_type_extra. | Benjamin Kagia | |
| Thanks Waldemar Kornewald and mvschaik for work on the patch. | |||
| 2013-06-29 | Removed compatibility code for streaming responses. | Aymeric Augustin | |
| This code provided a deprecation path for old-style streaming responses. Refs #6527, #7581. | |||
| 2013-06-28 | Removed 'mimetype' arguments from a few places, as per deprecation TL. | Ramiro Morales | |
| This includes HttpResponse and co. __init__() methods, django.shortcuts.render_to_response() and the index(), sitemap() sitemap app views. | |||
| 2013-06-26 | Fixed missing initializations in WSGIRequest. Refs #20619 | Loic Bistuer | |
| 2013-06-14 | Fixed #20598 -- Add new HTTP status codes defined in rfc6585 | CHI Cheng | |
| 428, 429, 431 and 511 | |||
| 2013-06-01 | Fixed #18481 -- Wrapped request.FILES read error in UnreadablePostError | Claude Paroz | |
| Thanks KyleMac for the report, André Cruz for the initial patch and Hiroki Kiyohara for the tests. | |||
| 2013-05-25 | Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation. | Preston Holmes | |
| SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review. | |||
| 2013-05-21 | Fixed #20472: response.content should be bytes on both Python 2 and 3 | Łukasz Langa | |
| 2013-05-19 | Fixed #12747 -- Made reason phrases customizable. | Aymeric Augustin | |
| 2013-05-17 | Corrected documentation on the constructor arguments of MultiPartParser | Eric Urban | |
| 2013-05-17 | Replaced an antiquated pattern. | Aymeric Augustin | |
| Thanks Lennart Regebro for pointing it out. | |||
| 2013-04-03 | Fixed #20038 -- Better error message for host validation. | Baptiste Mispelon | |
| 2013-03-19 | Fixed #18003 -- Preserved tracebacks when re-raising errors. | konarkmodi | |
| Thanks jrothenbuhler for draft patch, Konark Modi for updates. | |||
| 2013-03-10 | Fixed #20019 -- Ensured HttpRequest.resolver_match always exists. | Aymeric Augustin | |
| Obviously it isn't set until the URL is resolved. | |||
| 2013-02-19 | Added a new required ALLOWED_HOSTS setting for HTTP host header validation. | Carl Meyer | |
| This is a security fix; disclosure and advisory coming shortly. | |||
| 2013-02-13 | Fixed #18558 -- Added url property to HttpResponseRedirect* | Hiroki Kiyohara | |
| Thanks coolRR for the report. | |||
| 2013-01-15 | Kill mx.TextTools with fire | Matt Robenolt | |
| 2013-01-11 | Fixed #19585 -- Fixed loading cookie value as a dict | Claude Paroz | |
| This regression was introduced by the 'unicode_literals' patch. | |||
| 2012-12-31 | Fixed #19519 -- Fired request_finished in the WSGI iterable's close(). | Aymeric Augustin | |
| 2012-12-29 | Advanced pending deprecation warnings. | Aymeric Augustin | |
| Also added stacklevel argument, fixed #18127. | |||
| 2012-12-29 | Removed HttpRequest.raw_post_data. | Aymeric Augustin | |
| 2012-12-10 | Fixed a security issue in get_host. | Florian Apolloner | |
| Full disclosure and new release forthcoming. | |||
| 2012-11-17 | Fixed #19036 -- Fixed base64 uploads decoding | Claude Paroz | |
| Thanks anthony at adsorbtion.org for the report, and johannesl for bringing the patch up-to-date. | |||
| 2012-11-03 | Fixed #18963 -- Used a subclass-friendly pattern | Aymeric Augustin | |
| for Python 2 object model compatibility methods. | |||
| 2012-11-03 | Fixed #19101 -- Decoding of non-ASCII POST data on Python 3. | Aymeric Augustin | |
| Thanks Claude Paroz. | |||
| 2012-10-25 | Fixed #18796 -- Refactored conversion to bytes in HttpResponse | Aymeric Augustin | |
| Thanks mrmachine for the review. | |||
| 2012-10-24 | Fixed #13222 -- Made HttpResponse iterable once | Aymeric Augustin | |
| response.content can be accessed many times as desired, and always returns the same result. iter(response) works only once and consumes the iterator. | |||
| 2012-10-24 | Fixed #6527 -- Provided repeatable content access | Aymeric Augustin | |
| in HttpResponses instantiated with iterators. | |||
| 2012-10-23 | Reverted 6a64822bf4632707212314a25a843c862bdb3874. | Aymeric Augustin | |
| This commit caused every test that does two or more assertContains to fail, because of #6527. It also made HttpResponse non-pickleable. Refs #13222. | |||
| 2012-10-22 | Fixed #13222 -- Repeated iteration of HttpResponse | Aymeric Augustin | |
| Thanks teepark for the report and grahamd for his insights. | |||
| 2012-10-21 | Cleaned up the the http module. Moved all of the code from __init__.py to ↵ | Alex Gaynor | |
| request.py, response.py and utils.py | |||
| 2012-10-20 | Fixed #7581 -- Added streaming responses. | Aymeric Augustin | |
| Thanks mrmachine and everyone else involved on this long-standing ticket. | |||
| 2012-10-20 | Fixed #5611 -- Restricted accepted content types in parsing POST data | Claude Paroz | |
| Thanks paulegan for the report and Preston Holmes for the review. | |||
| 2012-10-17 | Fixed a security issue related to password resets | Preston Holmes | |
| Full disclosure and new release are forthcoming | |||
| 2012-09-07 | Fixed #18916 -- Allowed non-ASCII headers. | Aymeric Augustin | |
| Thanks Malcolm Tredinnick for the review. | |||
| 2012-09-07 | Removed many uses of bare "except:", which were either going to a) silence ↵ | Alex Gaynor | |
| real issues, or b) were impossible to hit. | |||
| 2012-08-30 | Replaced some smart_xxx by force_xxx equivalent | Claude Paroz | |
| smart_str/smart_text should only be used when a potential lazy string should be preserved in the result of the function call. | |||
| 2012-08-29 | Replaced many smart_bytes by force_bytes | Claude Paroz | |
| In all those occurrences, we didn't care about preserving the lazy status of the strings, but we really wanted to obtain a real bytestring. | |||
| 2012-08-23 | Fixed #18678 -- HttpResponse init arguments allowed for subclasses | Claude Paroz | |
| Thanks hp1337@gmail.com for the report. | |||
| 2012-08-22 | Fixed #11340 -- Prevented HttpResponseNotModified to have content/content-type | Claude Paroz | |
| The HTTP 1.1 spec tells that the 304 response MUST NOT contain a message body. Thanks aparajita for the report. | |||
| 2012-08-22 | Used the decorator syntax for properties in django.http | Claude Paroz | |
| 2012-08-19 | [py3] Fixed another regression from 2892cb0ec4. | Aymeric Augustin | |
| 2012-08-19 | [py3] Fixed regression introduced in 536b030363. | Aymeric Augustin | |
| Refs #18764. Reverted 536b030363 and switched to a more explicit way of avoiding calling bytes(<int>). This definitely deserves a refactoring. Specifically, _get_content should just return b''.join(self). Unfortunately that's impossible with the current tests. | |||
| 2012-08-19 | [py3] Supported integers in HttpResponse | Aymeric Augustin | |
| Fixed #18764. | |||
