summaryrefslogtreecommitdiff
path: root/tests/utils_tests/test_http.py
AgeCommit message (Collapse)Author
2021-02-19[3.2.x] Fixed CVE-2021-23336 -- Fixed web cache poisoning via ↵Nick Pope
django.utils.http.parse_qsl().
2020-09-03Refs #21231 -- Backport urllib.parse.parse_qsl() from Python 3.8.Nick Pope
2020-04-30Fixed #31521 -- Skipped test_parsing_rfc850 test on 32-bit systems.Hasan Ramezani
2019-09-30Fixed #28690 -- Fixed handling of two-digit years in parse_http_date().Ad Timmering
Due to RFC7231 ayear that appears to be more than 50 years in the future are interpreted as representing the past.
2019-09-30Refs #28690 -- Added more tests for parse_http_date().Ad Timmering
2019-09-02Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme().Carlton Gibson
2019-08-11Fixed #30677 -- Improved error message for urlencode() and Client when None ↵swatantra
is passed as data.
2019-06-19Refs #30485 -- Removed non-representative test that emitted a warning.Jon Dufresne
Previously, when running the Django test suite with warnings enabled, the following was emitted: /usr/lib64/python3.7/urllib/parse.py:915: BytesWarning: str() on a bytearray instance v = quote_via(str(v), safe, encoding, errors) This occurred due to the bytearray() being passed to urllib.parse.urlencode() which eventually calls str() on it. The test does not represent desired real world behavior. Rather than test for and assert strange unspecified behavior that emits a warning, remove it. This was also discussed in PR #11374.
2019-05-24Fixed #30485 -- Adjusted django.utils.http.urlencode for doseq=False case.Johan Lübcke
2019-03-20Fixed #30264 -- Fixed crash of test_parsing_year_less_than_70() on 32-bit ↵Mariusz Felisiak
systems. Thanks Andreas Beckmann and Chris Lamb for the report.
2019-02-04Refs #27753 -- Deprecated django.utils.http urllib aliases.Tim Graham
2019-01-17Refs #28965 -- Removed utils.http.cookie_date() per deprecation timeline.Tim Graham
2018-12-27Fixed #30024 -- Made urlencode() and Client raise TypeError when None is ↵Jon Dufresne
passed as data.
2018-11-03Increased test coverage of django.utils.http.Hasan Ramezani
2018-08-01Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.Andreas Hug
2018-06-29Fixed #29525 -- Allowed is_safe_url()'s allowed_hosts arg to be a string.Przemysław Suliga
2018-01-11Fixed #28638 -- Made allowed_hosts a required argument of is_safe_url().Jon Dufresne
2018-01-02Refs #28965 -- Deprecated unused django.utils.http.cookie_date().Tim Graham
2017-10-12Fixed #28679 -- Fixed urlencode()'s handling of bytes.François Freitag
Regression in fee42fd99ee470528858c2ccb3621135c30ec262. Thanks Claude Paroz, Jon Dufresne, and Tim Graham for the guidance.
2017-10-10Split django.utils.http tests into separate test classes.François Freitag
2017-09-22Refs #26956 -- Removed the host parameter of django.utils.http.is_safe_url().Tim Graham
Per deprecation timeline.
2017-09-21Added test for too large input to django.utils.http.base36_to_int().Mads Jensen
2017-05-10Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs.UmanShahzad
2017-04-04Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.Tim Graham
This is a security fix.
2017-01-18Refs #23919 -- Removed six.PY2/PY3 usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-09-17Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.Tim Graham
http://bugs.python.org/issue27364
2016-09-10Fixed #27083 -- Added support for weak ETags.Kevin Christopher Henry
2016-09-07Refs #26956 -- Allowed is_safe_url() to validate against multiple hostsJon Dufresne
2016-08-19Fixed #26902 -- Allowed is_safe_url() to require an https URL.Przemysław Suliga
Thanks Andrew Nester, Berker Peksag, and Tim Graham for reviews.
2016-04-08Fixed E128 flake8 warnings in tests/.Tim Graham
2016-03-04Added safety to URL decoding in is_safe_url() on Python 2Claude Paroz
The errors='replace' parameter to force_text altered the URL before checking it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
2016-03-04Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()Claude Paroz
This fixes a regression introduced by c5544d28923. Thanks John Eskew for the reporti and Tim Graham for the review.
2016-03-01Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.Mark Striemer
This is a security fix.
2016-01-29Refs #26022 -- Used context manager version of assertRaises in tests.Hasan
2016-01-05Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.Denis Cornehl
Thanks Denis Cornehl for help with the patch.
2015-12-03Fixed many spelling mistakes in code, comments, and docs.Josh Soref
2015-09-16Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.Matt Robenolt
Thanks Seth Gottlieb for help with the documentation and Carl Meyer and Joshua Kehn for reviews.
2015-03-18Made is_safe_url() reject URLs that start with control characters.Tim Graham
This is a security fix; disclosure to follow shortly.
2015-02-12Fixed #24321 -- Improved `utils.http.same_origin` compliance with RFC6454Lukas Klein
2015-02-06Sorted imports with isort; refs #23860.Tim Graham
2015-01-13Fixed is_safe_url() to handle leading whitespace.Tim Graham
This is a security fix. Disclosure following shortly.
2014-11-03Fixed #23620 -- Used more specific assertions in the Django test suite.Berker Peksag
2014-09-23Consolidated some text utils into the utils_tests test package.Loic Bistuer
2014-08-22Fixed #23333 -- Made urlsafe_base64_decode() return proper type on Python 3.Ian Foote
2014-07-07Fixed #22909 -- Removed camelCasing in some tests.Tim Graham
Thanks brylie.
2014-05-14Added additional checks in is_safe_url to account for flexible parsing.Erik Romijn
This is a security fix. Disclosure following shortly.
2014-05-14Dropped fix_IE_for_vary/attach.Aymeric Augustin
This is a security fix. Disclosure following shortly.
2013-10-14Fixed #21266 -- Fixed E201,E202 pep8 warnings.Larry O'Neill
2013-09-02Replaced "not PY3" by "PY2", new in six 1.4.0.Aymeric Augustin