| Age | Commit message (Collapse) | Author |
|
url_has_allowed_host_and_scheme() on Windows.
Thank you sw0rd1ight for the report.
Backport of 39e2297210d9d2938c75fc911d45f0e863dc4821 from main.
|
|
https://github.com/psf/black/releases/tag/25.1.0
Backport of ff3aaf036f0cb66cd8f404cd51c603e68aaa7676 from main
|
|
Removed obsolete and potentially problematic IDNA 2003 ("punycode")
encoding of international domain names in smart_urlquote() and Urlizer,
which are used (only) by AdminURLFieldWidget and the urlize/urlizetrunc
template filters. Changed to use percent-encoded UTF-8, which defers
IDNA details to the browser (like other URLs rendered by Django).
Backport of 29ba75e6e57414f0e6f9528d08a520b8b931fb28 from main.
|
|
Backport of 61dae11df52fae71fc3050974ac459f362c9dfd7 from main.
|
|
for non-string values.
Regression in ca2be7724e1244a4cb723de40a070f873c6e94bf.
|
|
Thanks Saravana Kumar for the report, and Sarah Boyce and Mariusz
Felisiak for the reviews.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
To use the simple `filename="..."` form, the value must conform to the
official grammar from RFC6266[^1]:
filename-parm = "filename" "=" value
value = <value, defined in [RFC2616], Section 3.6>
; token | quoted-string
The `quoted-string` definition comes from RFC 9110[^2]:
```
quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE
qdtext = HTAB / SP / %x21 / %x23-5B / %x5D-7E / obs-text
The backslash octet ("\") can be used as a single-octet quoting
mechanism within quoted-string and comment constructs. Recipients that
process the value of a quoted-string MUST handle a quoted-pair as if
it were replaced by the octet following the backslash.
quoted-pair = "\" ( HTAB / SP / VCHAR / obs-text )
A sender SHOULD NOT generate a quoted-pair in a quoted-string except
where necessary to quote DQUOTE and backslash octets occurring within
that string.
```
That is, quoted strings are able to express horizontal tabs, space
characters, and everything in the range from 0x21 to 0x7e, expect for
0x22 (`"`) and 0x5C (`\`), which can still be expressed but must be
escaped with their own `\`.
We ignore the case of `obs-text`, which is defined as the range
0x80-0xFF, since its presence is there for permissive parsing of
accidental high-bit characters, and it should not be generated by
conforming implementations.
Transform this character range into a regex and apply it in addition
to the "is ASCII" check. This ensures that all simple filenames are
expressed in the simple format, and that all filenames with newlines
and other control characters are properly expressed with the
percent-encoded `filename*=...`form.
[^1]: https://datatracker.ietf.org/doc/html/rfc6266#section-4.1
[^2]: https://datatracker.ietf.org/doc/html/rfc9110#name-quoted-strings
|
|
Urlizer was not properly encoding email addresses containing punctuation
in generated mailto links. Per RFC 6068, fixed by percent encoding
(urllib.parse.quote) the local and domain address parts.
|
|
Thanks to jiangniao for the report, and Shai Berger and Natalia Bidart
for the reviews.
|
|
template filters.
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
|
|
gettext 0.19 was released in 2014.
|
|
suite accordingly.
Over the years we've had multiple instances of hit and misses when
emitting warnings: either setting the wrong stacklevel or not setting
it at all.
This work adds assertions for the existing warnings that were declaring
the correct stacklevel, but were lacking tests for it.
|
|
Co-authored-by: Simon Charette <charette.s@gmail.com>
|
|
|
|
non-string RHS.
This change ensures SafeString addition operations handle non-string RHS
properly, allowing them to implement __radd__ for better compatibility.
|
|
utils_tests.
|
|
django.utils.html.urlize() and AdminURLFieldWidget.
Thanks Seokchan Yoon for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
|
|
template filters.
Thanks to MProgrammer for the report.
|
|
template filters.
Thank you to Elias Myllymäki for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
|
|
|
|
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
|
|
|
|
|
|
https://github.com/psf/black/releases/tag/24.1.0
|
|
Regression test for behavior change in
f35ab74752adb37138112657c1bc8b91f50e799b.
|
|
|
|
|
|
These failures were due to minor inconsistencies or implementation
differences between CPython and PyPy.
|
|
utils_tests.test_http.HttpDateProcessingTests.test_parsing_rfc850.
Mocking in the `datetime` module can be tricky. In CPython the datetime
C module is used, but PyPy uses a pure Python implementation. This
caused issues with the prior approach to mocking `datetime.datetime`.
See https://docs.python.org/3/library/unittest.mock-examples.html#partial-mocking
|
|
|
|
Co-authored-by: Natalia Bidart <124304+nessita@users.noreply.github.com>
|
|
This makes it easier to work with lazy iterators used for callables,
etc. when extracting items or comparing to lists, e.g. during testing.
Also added `BaseChoiceIterator.__iter__()` to make it clear that
subclasses must implement this and added `__all__` to the module.
Co-authored-by: Adam Johnson <me@adamj.eu>
Co-authored-by: Natalia Bidart <124304+nessita@users.noreply.github.com>
|
|
django.utils.text.Truncator when truncating HTML text.
Thanks Wenchao Li of Alibaba Group for the report.
|
|
django.utils.encoding.uri_to_iri().
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
|
|
ChoiceField's choices.
|
|
Windows.
|
|
|
|
SimpleLazyObjectPickleTestCase executes database queries so it must
inherit from django.test.TestCase.
|
|
Dicts preserve order since Python 3.6.
|
|
This allows for formatting of lazy objects which have a custom formatter
defined by overriding the default implementation from `object`.
|
|
|
|
Previously, the proxy class was prepared lazily:
lazy_identity = lazy(identity, int)
lazy_identity(10) # prepared here
lazy_identity(10)
This has a slight advantage that if the lazy doesn't end up getting
used, the preparation work is skipped, however that's not very likely.
Besides this laziness, it is also inconsistent in that the methods which
are wrapped directly (__str__ etc.) are prepared already when __proxy__
is defined, and there is a weird half-initialized state.
This change it so that everything is prepared already on the first line
of the example above.
|
|
|
|
They are no longer special cased.
|
|
may be bytes.
If the result type is bytes, then calling bytes() on it does nothing.
If the result type is not bytes, we should not cast to bytes, just
because the return value may be bytes.
|
|
|
|
FunctionalTests.test_cached_property_reuse_different_names() on Python 3.12+.
Python 3.12+ no longer wraps exceptions in __set_name__, see
https://github.com/python/cpython/commit/55c99d97e14618dfce41472dd4446f763b0da13f
|
|
different days and interval less than 1 day.
Follow up to 813015d67e2557fa859a07930a9becec4e5f64a0.
Regression in 8d67e16493c903adc9d049141028bc0fff43f8c8.
|
|
interval less than 1 day.
Regression in 8d67e16493c903adc9d049141028bc0fff43f8c8.
Thanks Lorenzo Peña for the report.
|