| Age | Commit message (Collapse) | Author |
|
This is a security fix. Disclosure following shortly.
|
|
refs #22170.
Backport of b341f33697 from master
|
|
Backport of d240b29c08 from master
|
|
Backport of 1dcc603eff from master
|
|
functools.partial.
Regression in 8b93b31487d6d3b0fcbbd0498991ea0db9088054.
Thanks rcoup for the report.
Backport of 3c06b2f2a3 from master
|
|
Thanks Benjamin Bach for the report and initial patch.
This is a security fix; disclosure to follow shortly.
Backport of 8b93b31487d6d3b0fcbbd0498991ea0db9088054 from master
|
|
Fixed URL resolving in the case where an outer regex includes an inner
regex and both regexes use positional parameters instead of named
groups, causing the outer regex's parameters to override the inner
regex's.
Modified the regex url resolver so that it will concatenates and then
normalizes, instead of normalizing and then concatenating.
|
|
The new error message now hints that the most likely issue
is a circular import.
Thanks to trac user elena for the report and to
bpeschier for the original patch.
|
|
|
|
And without causing a circular import. Thanks Akis Kesoglou for
the report.
|
|
Commit 79558c78 cleaned up the (undocumented) interface of Resolver404
exception, which breaks compatibility with code messing with .args[0]
directly. Revert the cleanup part and simply leave the fix itself.
|
|
When django.core.urlresolvers.resolve was called from a view, failed
and the exception was propagated and rendered by technical_404_response,
the URL mentioned on the page was the current URL instead of the URL
passed to resolve().
Fixed by using the path attribute from the Resolver404 exception instead
of request.path_info. Also cleaned up the exceptions to use standard
named parameters instead of stuffing a dict in args[0]
|
|
|
|
Added comments in the three empty models.py files that are still needed.
Adjusted the test runner to add applications corresponding to test
labels to INSTALLED_APPS even when they don't have a models module.
|
|
|
|
|
|
Replaced the custom, untested memoize with a similar decorator from Python's
3.2 stdlib. Although some minor performance degradation (see ticket), it is
expected that in the long run lru_cache will outperform memoize once it is
implemented in C.
Thanks to EvilDMP for the report and Baptiste Mispelon for the idea of
replacing memoize with lru_cache.
|
|
Signed-off-by: Jason Myers <jason@jasonamyers.com>
|
|
|
|
|
|
|
|
|
|
|
|
* Removed trailing whitespace.
* Added newline to EOF if missing.
* Removed blank lines at EOF.
* Removed some stray tabs.
|
|
We have always been at war with trailing backslashes.
|
|
Thanks Keryn Knight for the report.
|
|
Should be unneeded with Python 2.7 and up.
Added some unicode_literals along the way.
|
|
Refs #20680.
|
|
were tried.
|
|
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.
Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
|
|
Gives much nicer errors when it fails.
|
|
middlewares
and streamed responses with respect to per-request urlconf.
|
|
|
|
|
|
Obviously it isn't set until the URL is resolved.
|
|
|
|
|