summaryrefslogtreecommitdiff
path: root/tests/utils_tests
AgeCommit message (Collapse)Author
2015-01-13Fixed is_safe_url() to handle leading whitespace.Tim Graham
This is a security fix. Disclosure following shortly.
2015-01-12Accounted for multiple template engines in template responses.Aymeric Augustin
2014-12-30Applied ignore_warnings to Django testsClaude Paroz
2014-12-27Fixed #23831 -- Supported strings escaped by third-party libs in Django.Aymeric Augustin
Refs #7261 -- Made strings escaped by Django usable in third-party libs. The changes in mark_safe and mark_for_escaping are straightforward. The more tricky part is to handle correctly objects that implement __html__. Historically escape() has escaped SafeData. Even if that doesn't seem a good behavior, changing it would create security concerns. Therefore support for __html__() was only added to conditional_escape() where this concern doesn't exist. Then using conditional_escape() instead of escape() in the Django template engine makes it understand data escaped by other libraries. Template filter |escape accounts for __html__() when it's available. |force_escape forces the use of Django's HTML escaping implementation. Here's why the change in render_value_in_context() is safe. Before Django 1.7 conditional_escape() was implemented as follows: if isinstance(text, SafeData): return text else: return escape(text) render_value_in_context() never called escape() on SafeData. Therefore replacing escape() with conditional_escape() doesn't change the autoescaping logic as it was originally intended. This change should be backported to Django 1.7 because it corrects a feature added in Django 1.7. Thanks mitsuhiko for the report.
2014-12-27Fixed an inconsistency introduced in 547b1810.Aymeric Augustin
mark_safe and mark_for_escaping should have been kept similar. On Python 2 this change has no effect. On Python 3 it fixes the use case shown in the regression test for mark_for_escaping, which used to raise a TypeError. The regression test for mark_safe is just for completeness.
2014-12-26Fixed #23346 -- Fixed lazy() to lookup methods on the real object, not ↵Gavin Wahl
resultclasses. Co-Authored-By: Rocky Meza <rmeza@fusionbox.com>
2014-12-22Fixed #23998 -- Added datetime.time support to migrations questioner.Oscar Ramirez
2014-12-20Fixed #2443 -- Added DurationField.Marc Tamlyn
A field for storing periods of time - modeled in Python by timedelta. It is stored in the native interval data type on PostgreSQL and as a bigint of microseconds on other backends. Also includes significant changes to the internals of time related maths in expressions, including the removal of DateModifierNode. Thanks to Tim and Josh in particular for reviews.
2014-12-13Fixed #23812 -- Changed django.utils.six.moves.xrange imports to rangeMichael Hall
2014-12-06Refs #23947 -- Worked around a bug in Python that prevents deprecation ↵Diego Guimarães
warnings from appearing in tests.
2014-12-03Removed redundant numbered parameters from str.format().Berker Peksag
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03Fixed #23935 -- Converted decimals to fixed point in utils.numberformat.formatEric Rouleau
2014-11-11Raised SuspiciousFileOperation in safe_join.Aymeric Augustin
Added a test for the condition safe_join is designed to prevent. Previously, a generic ValueError was raised. It was impossible to tell an intentional exception raised to implement safe_join's contract from an unintentional exception caused by incorrect inputs or unexpected conditions. That resulted in bizarre exception catching patterns, which this patch removes. Since safe_join is a private API and since the change is unlikely to create security issues for users who use it anyway -- at worst, an uncaught SuspiciousFileOperation exception will bubble up -- it isn't documented.
2014-11-03Fixed #21281 -- Made override_settings act at class level when used as a ↵Thomas Chaumeny
TestCase decorator.
2014-11-03Fixed #23620 -- Used more specific assertions in the Django test suite.Berker Peksag
2014-11-03Fixed #18456 -- Added path escaping to HttpRequest.get_full_path().Unai Zalakain
2014-10-31Fixed #23670 -- Prevented partial import state during module autodiscoveryMarkus Holtermann
Thanks kostko for the report.
2014-10-20Fixed #23688 -- Updated cached_property to preserve docstring of original ↵John-Scott Atlakson
function
2014-10-20Fixed #20221 -- Allowed some functions that use mark_safe() to result in ↵Jon Dufresne
SafeText. Thanks Baptiste Mispelon for the report.
2014-10-16Fixed #23664 -- Provided a consistent definition for OrderedSet.__bool__Thomas Chaumeny
This also defines QuerySet.__bool__ for consistency though this should not have any consequence as bool(qs) used to fallback on QuerySet.__len__ in Py3.
2014-10-16Fixed #19508 -- Implemented uri_to_iri as per RFC.Anubhav Joshi
Thanks Loic Bistuer for helping in shaping the patch and Claude Paroz for the review.
2014-10-15Fixed remaining test failure in jslex tests.Florian Apolloner
2014-10-15Added unicode_literals to the jslexer.Florian Apolloner
This ensure that ''.join(c) in jslex.py always returns text.
2014-10-10Fixed #23613 -- Deprecated django.utils.checksumsJaap Roes
2014-09-29Replaced set([foo, ...]) by {foo, ...} literals. Refs PR 3282.Thomas Chaumeny
Thanks Collin Anderson for the review.
2014-09-23Consolidated some text utils into the utils_tests test package.Loic Bistuer
2014-09-09Fixed urlize after smart_urlquote rewriteClaude Paroz
Refs #22267.
2014-09-09Fixed #22267 -- Fixed unquote/quote in smart_urlquoteClaude Paroz
Thanks Md. Enzam Hossain for the report and initial patch, and Tim Graham for the review.
2014-08-31Fixed #23388 -- Made django.utils.timezone.override usable as a decoratorThomas Chaumeny
2014-08-22Fixed #23333 -- Made urlsafe_base64_decode() return proper type on Python 3.Ian Foote
2014-08-15Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter.Tim Graham
Also the unused, undocumented django.utils.html.strip_entities() function.
2014-07-30Fixed test failure on Windows.Tim Graham
os.close(fd) is needed to avoid "The process cannot access the file because it is being used by another process"
2014-07-25Fixed bad usage of rstrip() that caused test failure.Tim Graham
If the temporary file name contained a p or y as its last characters, it would be stripped. refs #23083.
2014-07-25Fixed #23083 -- Fixed runserver reloading when deleting a file.Tim Graham
Thanks Collin Anderson for the report and hirokiky for the fix.
2014-07-15Fixed #22991 -- Prevented *.pyc files in autoreload monitoringClaude Paroz
This fixes a regression introduced in 6d302f639. Thanks lorinkoz at gmail.com for the report, Collin Anderson for the initial patch and Simon Charette for the review.
2014-07-14Fixed #22789 -- Deprecated django.contrib.webdesign.Tim Graham
Moved the {% lorem %} tag to built-in tags.
2014-07-07Fixed flake8 errors.Tim Graham
2014-07-07Fixed #22909 -- Removed camelCasing in some tests.Tim Graham
Thanks brylie.
2014-07-06Fixed pyinotify performance regression in 15f82c7011Claude Paroz
Refs #9722. Thanks Tim Graham for the review.
2014-07-01Fixed #22691 -- Added aliasing to cached_property.Curtis
2014-06-12Fixed #22814 -- Allowed ISO-8601 [+-]hh timezone format in parse_datetimeRichard Eames
2014-06-03Fixed #22681 -- Made TarArchive recognize leading directories properly.Alexandr Shurigin
2014-05-19Revert "Fixed #20477: Allowed settings.FORMAT_MODULE_PATH to be a list of ↵Tim Graham
modules." This reverts commit 950b6de16ac2f8135612f2ed5984c090dd8e4dcf.
2014-05-19Fixed #20477: Allowed settings.FORMAT_MODULE_PATH to be a list of modules.Martin Brochhaus
Previously the FORMAT_MODULE_PATH setting only accepted one string (dotted module path). This is useful when using several reusable third party apps that define new formats. We can now use them all and we can even override some of the formats by providing a project-wide format module.
2014-05-17Fixed several flake8 errors, including one where a test wouldn't be runAlex Gaynor
2014-05-16Optimized make_aware/naive by removing redundant checks. Refs #22625.Aymeric Augustin
Also added tests with pytz and removed misplaced tests.
2014-05-16Fixed #22625 -- Normalized make_aware/naive errors.Aymeric Augustin
Also added tests for is/make_aware/naive. Thanks Tom Michaelis for the report.
2014-05-16Fixed #22531 -- Added tree.Node.__repr__ and tests for the class.Moayad Mardini
While Node class has a useful `__str__`, its `__repr__` is not that useful. Added a `__repr__` that makes use of the current `__str__`. This is especially useful since the more popular `Q` class inherits `tree.Node`. Also created new tests that cover most of `Node` class functionality.
2014-05-15Harmonized some PEP 0263 coding preamblesClaude Paroz
2014-05-14Added additional checks in is_safe_url to account for flexible parsing.Erik Romijn
This is a security fix. Disclosure following shortly.