| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-05-17 | Factored skip condition when pytz isn't installed. | Aymeric Augustin | |
| 2015-05-16 | Removed redundant list() calls. | Tim Graham | |
| 2015-04-24 | Fixed #22598 -- Allowed make_aware() to work with ambiguous datetime | Josh Smeaton | |
| 2015-03-27 | Fixed #24469 -- Refined escaping of Django's form elements in non-Django ↵ | Moritz Sichert | |
| templates. | |||
| 2015-03-18 | Made is_safe_url() reject URLs that start with control characters. | Tim Graham | |
| This is a security fix; disclosure to follow shortly. | |||
| 2015-03-18 | Fixed an infinite loop possibility in strip_tags(). | Tim Graham | |
| This is a security fix; disclosure to follow shortly. | |||
| 2015-03-09 | Fixed #24382 -- Allowed unicode chars inside formatted numbers | Claude Paroz | |
| Thanks Jacob Rief for the report and Tim Graham for the review. | |||
| 2015-03-08 | Fixed #23838 -- added missing `__iter__` to LazyObject | Rik | |
| 2015-02-23 | Normalized usage of the tempfile module. | Aymeric Augustin | |
| Specifically stopped using the dir argument. | |||
| 2015-02-17 | Refs #24324 -- Fixed Python 2 test failures when path to Django source ↵ | Tim Graham | |
| contains non-ASCII characters. | |||
| 2015-02-12 | Fixed #24321 -- Improved `utils.http.same_origin` compliance with RFC6454 | Lukas Klein | |
| 2015-02-08 | Fixed #24181 -- Fixed multi-char THOUSAND_SEPARATOR insertion | Varun Sharma | |
| Report and original patch by Kay Cha. | |||
| 2015-02-06 | Sorted imports with isort; refs #23860. | Tim Graham | |
| 2015-02-04 | Fixed #24242 -- Improved efficiency of utils.text.compress_sequence() | Matthew Somerville | |
| The function no longer flushes zfile after each write as doing so can lead to the gzipped streamed content being larger than the original content; each flush adds a 5/6 byte type 0 block. Removing this means buf.read() may return nothing, so only yield if that has some data. Testing shows without the flush() the buffer is being flushed every 17k or so and compresses the same as if it had been done as a whole string. | |||
| 2015-02-03 | Fixed #24149 -- Normalized tuple settings to lists. | darkryder | |
| 2015-01-27 | Cleaned up some forms tests. | Loic Bistuer | |
| Thanks Berker Peksag and Tim Graham for the reviews. Refs #24219. | |||
| 2015-01-18 | Removed utils.module_loading.import_by_path() per deprecation timeline; refs ↵ | Tim Graham | |
| #21674. | |||
| 2015-01-17 | Removed utils.text.javascript_quote() per deprecation timeline; refs #21725. | Tim Graham | |
| 2015-01-17 | Removed django.utils.tzinfo per deprecation timeline; refs #17262. | Tim Graham | |
| 2015-01-17 | Removed django.utils.datastructures.SortedDict per deprecation timeline. | Tim Graham | |
| 2015-01-17 | Removed django.utils.datastructures.MergeDict per deprecation timeline; refs ↵ | Tim Graham | |
| #18659. | |||
| 2015-01-13 | Fixed is_safe_url() to handle leading whitespace. | Tim Graham | |
| This is a security fix. Disclosure following shortly. | |||
| 2015-01-12 | Accounted for multiple template engines in template responses. | Aymeric Augustin | |
| 2014-12-30 | Applied ignore_warnings to Django tests | Claude Paroz | |
| 2014-12-27 | Fixed #23831 -- Supported strings escaped by third-party libs in Django. | Aymeric Augustin | |
| Refs #7261 -- Made strings escaped by Django usable in third-party libs. The changes in mark_safe and mark_for_escaping are straightforward. The more tricky part is to handle correctly objects that implement __html__. Historically escape() has escaped SafeData. Even if that doesn't seem a good behavior, changing it would create security concerns. Therefore support for __html__() was only added to conditional_escape() where this concern doesn't exist. Then using conditional_escape() instead of escape() in the Django template engine makes it understand data escaped by other libraries. Template filter |escape accounts for __html__() when it's available. |force_escape forces the use of Django's HTML escaping implementation. Here's why the change in render_value_in_context() is safe. Before Django 1.7 conditional_escape() was implemented as follows: if isinstance(text, SafeData): return text else: return escape(text) render_value_in_context() never called escape() on SafeData. Therefore replacing escape() with conditional_escape() doesn't change the autoescaping logic as it was originally intended. This change should be backported to Django 1.7 because it corrects a feature added in Django 1.7. Thanks mitsuhiko for the report. | |||
| 2014-12-27 | Fixed an inconsistency introduced in 547b1810. | Aymeric Augustin | |
| mark_safe and mark_for_escaping should have been kept similar. On Python 2 this change has no effect. On Python 3 it fixes the use case shown in the regression test for mark_for_escaping, which used to raise a TypeError. The regression test for mark_safe is just for completeness. | |||
| 2014-12-26 | Fixed #23346 -- Fixed lazy() to lookup methods on the real object, not ↵ | Gavin Wahl | |
| resultclasses. Co-Authored-By: Rocky Meza <rmeza@fusionbox.com> | |||
| 2014-12-22 | Fixed #23998 -- Added datetime.time support to migrations questioner. | Oscar Ramirez | |
| 2014-12-20 | Fixed #2443 -- Added DurationField. | Marc Tamlyn | |
| A field for storing periods of time - modeled in Python by timedelta. It is stored in the native interval data type on PostgreSQL and as a bigint of microseconds on other backends. Also includes significant changes to the internals of time related maths in expressions, including the removal of DateModifierNode. Thanks to Tim and Josh in particular for reviews. | |||
| 2014-12-13 | Fixed #23812 -- Changed django.utils.six.moves.xrange imports to range | Michael Hall | |
| 2014-12-06 | Refs #23947 -- Worked around a bug in Python that prevents deprecation ↵ | Diego Guimarães | |
| warnings from appearing in tests. | |||
| 2014-12-03 | Removed redundant numbered parameters from str.format(). | Berker Peksag | |
| Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}". | |||
| 2014-12-03 | Fixed #23935 -- Converted decimals to fixed point in utils.numberformat.format | Eric Rouleau | |
| 2014-11-11 | Raised SuspiciousFileOperation in safe_join. | Aymeric Augustin | |
| Added a test for the condition safe_join is designed to prevent. Previously, a generic ValueError was raised. It was impossible to tell an intentional exception raised to implement safe_join's contract from an unintentional exception caused by incorrect inputs or unexpected conditions. That resulted in bizarre exception catching patterns, which this patch removes. Since safe_join is a private API and since the change is unlikely to create security issues for users who use it anyway -- at worst, an uncaught SuspiciousFileOperation exception will bubble up -- it isn't documented. | |||
| 2014-11-03 | Fixed #21281 -- Made override_settings act at class level when used as a ↵ | Thomas Chaumeny | |
| TestCase decorator. | |||
| 2014-11-03 | Fixed #23620 -- Used more specific assertions in the Django test suite. | Berker Peksag | |
| 2014-11-03 | Fixed #18456 -- Added path escaping to HttpRequest.get_full_path(). | Unai Zalakain | |
| 2014-10-31 | Fixed #23670 -- Prevented partial import state during module autodiscovery | Markus Holtermann | |
| Thanks kostko for the report. | |||
| 2014-10-20 | Fixed #23688 -- Updated cached_property to preserve docstring of original ↵ | John-Scott Atlakson | |
| function | |||
| 2014-10-20 | Fixed #20221 -- Allowed some functions that use mark_safe() to result in ↵ | Jon Dufresne | |
| SafeText. Thanks Baptiste Mispelon for the report. | |||
| 2014-10-16 | Fixed #23664 -- Provided a consistent definition for OrderedSet.__bool__ | Thomas Chaumeny | |
| This also defines QuerySet.__bool__ for consistency though this should not have any consequence as bool(qs) used to fallback on QuerySet.__len__ in Py3. | |||
| 2014-10-16 | Fixed #19508 -- Implemented uri_to_iri as per RFC. | Anubhav Joshi | |
| Thanks Loic Bistuer for helping in shaping the patch and Claude Paroz for the review. | |||
| 2014-10-15 | Fixed remaining test failure in jslex tests. | Florian Apolloner | |
| 2014-10-15 | Added unicode_literals to the jslexer. | Florian Apolloner | |
| This ensure that ''.join(c) in jslex.py always returns text. | |||
| 2014-10-10 | Fixed #23613 -- Deprecated django.utils.checksums | Jaap Roes | |
| 2014-09-29 | Replaced set([foo, ...]) by {foo, ...} literals. Refs PR 3282. | Thomas Chaumeny | |
| Thanks Collin Anderson for the review. | |||
| 2014-09-23 | Consolidated some text utils into the utils_tests test package. | Loic Bistuer | |
| 2014-09-09 | Fixed urlize after smart_urlquote rewrite | Claude Paroz | |
| Refs #22267. | |||
| 2014-09-09 | Fixed #22267 -- Fixed unquote/quote in smart_urlquote | Claude Paroz | |
| Thanks Md. Enzam Hossain for the report and initial patch, and Tim Graham for the review. | |||
| 2014-08-31 | Fixed #23388 -- Made django.utils.timezone.override usable as a decorator | Thomas Chaumeny | |
