summaryrefslogtreecommitdiff
path: root/django/utils/http.py
AgeCommit message (Collapse)Author
2022-12-05Fixed #34194 -- Added django.utils.http.content_disposition_header().Alex Vandiver
2022-11-10Updated documentation and comments for RFC updates.Nick Pope
- Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents
2022-07-01Updated vendored _urlsplit() to strip newline and tabs.Michael Manfre
Refs Python CVE-2022-0391. Django is not affected, but others who incorrectly use internal function url_has_allowed_host_and_scheme() with unsanitized input could be at risk.
2022-06-28Refs #33697 -- Used django.utils.http.parse_header_parameters() for parsing ↵Mehrdad
boundary streams. This also removes unused parse_header() and _parse_header_params() helpers in django.http.multipartparser.
2022-05-11Refs #33173 -- Removed use of deprecated cgi module.Carlton Gibson
https://peps.python.org/pep-0594/#cgi
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-01-07Fixed #28628 -- Changed \d to [0-9] in regexes where appropriate.Ad Timmering
2021-05-12Fixed #32366 -- Updated datetime module usage to recommended approach.Nick Pope
- Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
2021-02-10Fixed #32355 -- Dropped support for Python 3.6 and 3.7Mariusz Felisiak
2021-01-14Refs #30747 -- Removed django.utils.http.is_safe_url() per deprecation timeline.Mariusz Felisiak
2021-01-14Refs #27753 -- Removed django.utils.http urllib aliases per deprecation ↵Mariusz Felisiak
timeline.
2020-09-03Refs #21231 -- Backport urllib.parse.parse_qsl() from Python 3.8.Nick Pope
2020-05-11Refs #30116 -- Simplified regex match group access with Match.__getitem__().Jon Dufresne
The method has been available since Python 3.6. The shorter syntax is also marginally faster.
2019-10-29Fixed #30899 -- Lazily compiled import time regular expressions.Hasan Ramezani
2019-09-30Fixed #28690 -- Fixed handling of two-digit years in parse_http_date().Ad Timmering
Due to RFC7231 ayear that appears to be more than 50 years in the future are interpreted as representing the past.
2019-09-02Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme().Carlton Gibson
2019-08-11Fixed #30677 -- Improved error message for urlencode() and Client when None ↵swatantra
is passed as data.
2019-05-27Refs #30485 -- Avoided unnecessary instance checks in urlencode.Simon Charette
Given doseq defaults to False it should avoid an unnecessary instance check in most cases.
2019-05-24Fixed #30485 -- Adjusted django.utils.http.urlencode for doseq=False case.Johan Lübcke
2019-02-04Refs #27753 -- Deprecated django.utils.http urllib aliases.Tim Graham
2019-01-17Refs #28965 -- Removed utils.http.cookie_date() per deprecation timeline.Tim Graham
2018-12-27Fixed #30024 -- Made urlencode() and Client raise TypeError when None is ↵Jon Dufresne
passed as data.
2018-10-10Refs #27795 -- Removed force_bytes() usage from django/utils/http.py.Jon Dufresne
django.utils.http.urlsafe_base64_encode() now returns a string, not a bytestring. Since URLs are represented as strings, urlsafe_base64_encode() should return a string. All uses immediately decoded the bytestring to a string anyway. As the inverse operation, urlsafe_base64_decode() accepts a string.
2018-08-01Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.Andreas Hug
2018-06-29Fixed #29525 -- Allowed is_safe_url()'s allowed_hosts arg to be a string.Przemysław Suliga
2018-01-11Fixed #28638 -- Made allowed_hosts a required argument of is_safe_url().Jon Dufresne
2018-01-02Refs #28965 -- Deprecated unused django.utils.http.cookie_date().Tim Graham
2017-12-07Fixed #28906 -- Removed unnecessary bool() calls.Tim Graham
2017-12-04Fixed #28860 -- Removed unnecessary len() calls.Дилян Палаузов
2017-10-13Updated email.Util (Python 2) references to email.utils (Python 3).Tim Graham
2017-10-12Fixed #28679 -- Fixed urlencode()'s handling of bytes.François Freitag
Regression in fee42fd99ee470528858c2ccb3621135c30ec262. Thanks Claude Paroz, Jon Dufresne, and Tim Graham for the guidance.
2017-09-22Refs #26956 -- Removed the host parameter of django.utils.http.is_safe_url().Tim Graham
Per deprecation timeline.
2017-09-07Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."Tim Graham
This reverts commit 550cb3a365dee4edfdd1563224d5304de2a57fda because try/except performs better.
2017-06-28Fixed #27818 -- Replaced try/except/pass with contextlib.suppress().Mads Jensen
2017-05-10Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs.UmanShahzad
2017-04-04Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.Tim Graham
This is a security fix.
2017-02-11Refs #27656 -- Updated django.utils docstring verbs according to PEP 257.Anton Samarchyan
2017-01-26Refs #23919 -- Replaced usage of django.utils.http utilities with Python ↵Claude Paroz
equivalents Thanks Tim Graham for the review.
2017-01-22Refs #23919 -- Replaced six.reraise by raiseClaude Paroz
2017-01-20Refs #23919 -- Removed unneeded str() callsClaude Paroz
2017-01-19Fixed django/utils/http.py comment typo.Tim Graham
2017-01-18Refs #23919 -- Removed most of remaining six usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed six.PY2/PY3 usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-09-10Fixed #27083 -- Added support for weak ETags.Kevin Christopher Henry
2016-09-07Refs #26956 -- Allowed is_safe_url() to validate against multiple hostsJon Dufresne
2016-08-19Fixed #26902 -- Allowed is_safe_url() to require an https URL.Przemysław Suliga
Thanks Andrew Nester, Berker Peksag, and Tim Graham for reviews.
2016-05-12Fixed #21231 -- Enforced a max size for GET/POST values read into memory.Andre Cruz
Thanks Tom Christie for review.
2016-05-03Fixed #26567 -- Updated references to obsolete RFC2616.Vasiliy Faronov
Didn't touch comments where it wasn't obvious that the code adhered to the newer standard.
2016-04-06Removed unused django.utils.http.PROTOCOL_TO_PORT.Tim Graham
Unused since b0c56b895fd2694d7f5d4595bdbbc41916607f45.