summaryrefslogtreecommitdiff
path: root/tests/utils_tests/test_http.py
AgeCommit message (Collapse)Author
2022-12-05Fixed #34194 -- Added django.utils.http.content_disposition_header().Alex Vandiver
2022-11-10Updated documentation and comments for RFC updates.Nick Pope
- Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents
2022-07-01Updated vendored _urlsplit() to strip newline and tabs.Michael Manfre
Refs Python CVE-2022-0391. Django is not affected, but others who incorrectly use internal function url_has_allowed_host_and_scheme() with unsanitized input could be at risk.
2022-06-28Refs #33697 -- Used django.utils.http.parse_header_parameters() for parsing ↵Mehrdad
boundary streams. This also removes unused parse_header() and _parse_header_params() helpers in django.http.multipartparser.
2022-05-11Refs #33173 -- Removed use of deprecated cgi module.Carlton Gibson
https://peps.python.org/pep-0594/#cgi
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-01-07Fixed #28628 -- Changed \d to [0-9] in regexes where appropriate.Ad Timmering
2021-05-12Fixed #32366 -- Updated datetime module usage to recommended approach.Nick Pope
- Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
2021-02-10Fixed #32355 -- Dropped support for Python 3.6 and 3.7Mariusz Felisiak
2021-01-14Refs #30747 -- Removed django.utils.http.is_safe_url() per deprecation timeline.Mariusz Felisiak
2021-01-14Refs #27753 -- Removed django.utils.http urllib aliases per deprecation ↵Mariusz Felisiak
timeline.
2020-09-03Refs #21231 -- Backport urllib.parse.parse_qsl() from Python 3.8.Nick Pope
2020-04-30Fixed #31521 -- Skipped test_parsing_rfc850 test on 32-bit systems.Hasan Ramezani
2019-09-30Fixed #28690 -- Fixed handling of two-digit years in parse_http_date().Ad Timmering
Due to RFC7231 ayear that appears to be more than 50 years in the future are interpreted as representing the past.
2019-09-30Refs #28690 -- Added more tests for parse_http_date().Ad Timmering
2019-09-02Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme().Carlton Gibson
2019-08-11Fixed #30677 -- Improved error message for urlencode() and Client when None ↵swatantra
is passed as data.
2019-06-19Refs #30485 -- Removed non-representative test that emitted a warning.Jon Dufresne
Previously, when running the Django test suite with warnings enabled, the following was emitted: /usr/lib64/python3.7/urllib/parse.py:915: BytesWarning: str() on a bytearray instance v = quote_via(str(v), safe, encoding, errors) This occurred due to the bytearray() being passed to urllib.parse.urlencode() which eventually calls str() on it. The test does not represent desired real world behavior. Rather than test for and assert strange unspecified behavior that emits a warning, remove it. This was also discussed in PR #11374.
2019-05-24Fixed #30485 -- Adjusted django.utils.http.urlencode for doseq=False case.Johan Lübcke
2019-03-20Fixed #30264 -- Fixed crash of test_parsing_year_less_than_70() on 32-bit ↵Mariusz Felisiak
systems. Thanks Andreas Beckmann and Chris Lamb for the report.
2019-02-04Refs #27753 -- Deprecated django.utils.http urllib aliases.Tim Graham
2019-01-17Refs #28965 -- Removed utils.http.cookie_date() per deprecation timeline.Tim Graham
2018-12-27Fixed #30024 -- Made urlencode() and Client raise TypeError when None is ↵Jon Dufresne
passed as data.
2018-11-03Increased test coverage of django.utils.http.Hasan Ramezani
2018-08-01Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.Andreas Hug
2018-06-29Fixed #29525 -- Allowed is_safe_url()'s allowed_hosts arg to be a string.Przemysław Suliga
2018-01-11Fixed #28638 -- Made allowed_hosts a required argument of is_safe_url().Jon Dufresne
2018-01-02Refs #28965 -- Deprecated unused django.utils.http.cookie_date().Tim Graham
2017-10-12Fixed #28679 -- Fixed urlencode()'s handling of bytes.François Freitag
Regression in fee42fd99ee470528858c2ccb3621135c30ec262. Thanks Claude Paroz, Jon Dufresne, and Tim Graham for the guidance.
2017-10-10Split django.utils.http tests into separate test classes.François Freitag
2017-09-22Refs #26956 -- Removed the host parameter of django.utils.http.is_safe_url().Tim Graham
Per deprecation timeline.
2017-09-21Added test for too large input to django.utils.http.base36_to_int().Mads Jensen
2017-05-10Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs.UmanShahzad
2017-04-04Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.Tim Graham
This is a security fix.
2017-01-18Refs #23919 -- Removed six.PY2/PY3 usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-09-17Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.Tim Graham
http://bugs.python.org/issue27364
2016-09-10Fixed #27083 -- Added support for weak ETags.Kevin Christopher Henry
2016-09-07Refs #26956 -- Allowed is_safe_url() to validate against multiple hostsJon Dufresne
2016-08-19Fixed #26902 -- Allowed is_safe_url() to require an https URL.Przemysław Suliga
Thanks Andrew Nester, Berker Peksag, and Tim Graham for reviews.
2016-04-08Fixed E128 flake8 warnings in tests/.Tim Graham
2016-03-04Added safety to URL decoding in is_safe_url() on Python 2Claude Paroz
The errors='replace' parameter to force_text altered the URL before checking it, which wasn't considered sane. Refs 24fc935218 and ada7a4aef.
2016-03-04Fixed #26308 -- Prevented crash with binary URLs in is_safe_url()Claude Paroz
This fixes a regression introduced by c5544d28923. Thanks John Eskew for the reporti and Tim Graham for the review.
2016-03-01Fixed CVE-2016-2512 -- Prevented spoofing is_safe_url() with basic auth.Mark Striemer
This is a security fix.
2016-01-29Refs #26022 -- Used context manager version of assertRaises in tests.Hasan
2016-01-05Fixed #26024 -- Fixed regression in ConditionalGetMiddleware ETag support.Denis Cornehl
Thanks Denis Cornehl for help with the patch.
2015-12-03Fixed many spelling mistakes in code, comments, and docs.Josh Soref
2015-09-16Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN.Matt Robenolt
Thanks Seth Gottlieb for help with the documentation and Carl Meyer and Joshua Kehn for reviews.
2015-03-18Made is_safe_url() reject URLs that start with control characters.Tim Graham
This is a security fix; disclosure to follow shortly.
2015-02-12Fixed #24321 -- Improved `utils.http.same_origin` compliance with RFC6454Lukas Klein