| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2016-11-29 | Fixed #27181 -- Allowed contrib.sites to match domains with trailing ".". | Anton Samarchyan | |
| 2016-11-17 | Fixed #27156 -- Made changing HttpRequest.encoding clear GET. | PREMANAND | |
| 2016-11-01 | Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True. | Tim Graham | |
| This is a security fix. | |||
| 2016-09-03 | Replaced smart_* by force_* calls whenever possible | Claude Paroz | |
| The smart_* version should only be used when a lazy string should keep its lazy status. | |||
| 2016-08-11 | Fixed #27046 -- Supported IPv6-formatted IPv4 addresses in host validation. | Tim Graham | |
| Thanks LaMont Jones for the report and patch. | |||
| 2016-08-03 | Fixed #27005 -- Fixed crash if request.META[''CONTENT_LENGTH']=''. | Tim Graham | |
| 2016-06-06 | Fixed #26707 -- Added QueryDict.fromkeys() | wim glenn | |
| 2016-05-12 | Fixed #21231 -- Enforced a max size for GET/POST values read into memory. | Andre Cruz | |
| Thanks Tom Christie for review. | |||
| 2016-05-03 | Refs #22897 -- Removed unneeded empty string QueryDict argument. | Tim Graham | |
| 2016-02-10 | Fixed #26014 -- Added WSGIRequest content_type and content_params attributes. | Curtis Maloney | |
| Parsed the CONTENT_TYPE header once and recorded it on the request. | |||
| 2016-01-25 | Fixed #26125 -- Fixed E731 flake warnings. | userimack | |
| 2015-09-16 | Fixed #24496 -- Added CSRF Referer checking against CSRF_COOKIE_DOMAIN. | Matt Robenolt | |
| Thanks Seth Gottlieb for help with the documentation and Carl Meyer and Joshua Kehn for reviews. | |||
| 2015-09-04 | Fixed #25099 -- Fixed crash in AdminEmailHandler on DisallowedHost. | Vlastimil Zíma | |
| 2015-08-31 | Fixed #25331 -- Removed trailing blank lines in docstrings. | Maxime Lorant | |
| 2015-08-04 | Fixed #25211 -- Added HttpRequest.get_port() and USE_X_FORWARDED_PORT setting. | Matt Robenolt | |
| 2015-07-13 | Fixed #25099 -- Cleaned up HttpRequest representations in error reporting. | Vlastimil Zíma | |
| 2015-05-13 | Removed unnecessary arguments in .get method calls | Piotr Jakimiak | |
| 2015-03-26 | Fixed #19910 -- Added slash to i18n redirect if APPEND_SLASH is set. | Bas Peschier | |
| This introduces a force_append_slash argument for request.get_full_path() which is used by RedirectFallbackMiddleware and CommonMiddleware when handling redirects for settings.APPEND_SLASH. | |||
| 2015-03-11 | Fixed #24463 -- Removed mod_python functionality from HttpRequest._get_scheme() | Rik | |
| 2015-02-06 | Sorted imports with isort; refs #23860. | Tim Graham | |
| 2014-12-08 | Fixed #23968 -- Replaced list comprehension with generators and dict ↵ | Jon Dufresne | |
| comprehension | |||
| 2014-11-24 | Removed unused variable django.http.request.absolute_http_url_re | Matt Robenolt | |
| 2014-11-20 | Fixed #12098 -- Simplified HttpRequest.__repr__(). | Berker Peksag | |
| 2014-11-03 | Fixed #18456 -- Added path escaping to HttpRequest.get_full_path(). | Unai Zalakain | |
| 2014-09-05 | Limited lines to 119 characters in django/ | Tim Graham | |
| refs #23395. | |||
| 2014-08-19 | Fixed #22996 -- Prevented crash with unencoded query string | Claude Paroz | |
| Thanks Jorge Carleitao for the report and Aymeric Augustin, Tim Graham for the reviews. | |||
| 2014-07-05 | Added a space before explanation of "Invalid HTTP_HOST header: ..." | Daniel Hahler | |
| 2014-06-24 | Fixed #22799 -- Made GET and POST on HttpRequest QueryDicts, and FILES a ↵ | Duncan Parkes | |
| MultiValueDict. Previously, GET, POST, and FILES on an HttpRequest were created in the __init__ method as dictionaries. This was not something you would usually notice causing trouble in production as you'd only see a WSGIRequest, but in testing using the test client, calling .getlist on GET, POST, or FILES for a request with no get/post data resulted in an AttributeError. Changed GET and POST on an HttpRequest object to be mutable QueryDicts (mutable because the Django tests, and probably many third party tests, were expecting it). | |||
| 2014-06-24 | Fixed #22897 -- Made QueryDict query_string argument optional. | Duncan Parkes | |
| Now QueryDict() is equivalent to QueryDict('') or QueryDict(None). | |||
| 2014-06-24 | Improved documentation for QueryDict. | Duncan Parkes | |
| 2014-06-11 | Fixed #22680 -- I/O operation on closed file. | Florian Apolloner | |
| This patch is two-fold; first it ensure that Django does close everything in request.FILES at the end of the request and secondly the storage system should no longer close any files during save, it's up to the caller to handle that -- or let Django close the files at the end of the request. | |||
| 2014-06-07 | Fixed #18314 -- Corrected request.build_absolute_uri() handling of paths ↵ | Unai Zalakain | |
| starting with // ``HttpRequest.build_absolute_uri()`` now correctly handles paths starting with ``//``. ``WSGIRequest`` now doesn't remove all the leading slashes either, because ``http://test/server`` and http://test//server`` aren't the same thing (RFC2396). Thanks to SmileyChris for the initial patch. | |||
| 2014-04-26 | Fix many many typos in comments throughout the codebase | Alex Gaynor | |
| 2014-03-31 | Replaced urllib/urlparse imports with from django.utils.six.moves. | Tim Graham | |
| 2013-11-28 | Fixed E125 pep8 warnings | Christopher Medrela | |
| 2013-11-16 | Fixed #21447 -- Restored code erroneously removed in ↵ | Baptiste Mispelon | |
| 20472aa827669d2b83b74e521504e88e18d086a1. Also added some tests for HttpRequest.__repr__. Note that the added tests don't actually catch the accidental code removal (see ticket) but they do cover a codepath that wasn't tested before. Thanks to Tom Christie for the report and the original patch. | |||
| 2013-11-02 | Fixed all E261 warnings | coagulant | |
| 2013-10-24 | Fixed #20338 -- Stripped ending dot during host validation | Claude Paroz | |
| Thanks manfre for the report and Timo Graham for the review. | |||
| 2013-10-18 | Fixed #21287 -- Fixed E123 pep8 warnings | Alasdair Nicol | |
| 2013-10-15 | Fixed #7603 -- Added a 'scheme' property to the HttpRequest object | Unai Zalakain | |
| `HttpRequest.scheme` is `https` if `settings.SECURE_PROXY_SSL_HEADER` is appropriately set and falls back to `HttpRequest._get_scheme()` (a hook for subclasses to implement) otherwise. `WSGIRequest._get_scheme()` makes use of the `wsgi.url_scheme` WSGI environ variable to determine the request scheme. `HttpRequest.is_secure()` simply checks if `HttpRequest.scheme` is `https`. This provides a way to check the current scheme in templates, for example. It also allows us to deal with other schemes. Thanks nslater for the suggestion. | |||
| 2013-10-08 | Fixed #16822 -- Added RawPostDataException | Tim Graham | |
| Thanks jaylett for the patch. | |||
| 2013-10-05 | Fixed #21189: Cleaned up usage of bare except clauses. | Baptiste Mispelon | |
| Thanks to berkerpeksag for the report and to claudep for the review. | |||
| 2013-07-31 | Fixed #19987 -- Disabled host validation when DEBUG=True. | Will Hardy | |
| The documentation promises that host validation is disabled when DEBUG=True, that all hostnames are accepted. Domains not compliant with RFC 1034/1035 were however being validated, this validation has now been removed when DEBUG=True. Additionally, when DEBUG=False a more detailed SuspiciousOperation exception message is provided when host validation fails because the hostname is not RFC 1034/1035 compliant. | |||
| 2013-07-29 | Removed most of absolute_import imports | Claude Paroz | |
| Should be unneeded with Python 2.7 and up. Added some unicode_literals along the way. | |||
| 2013-06-26 | Fixed missing initializations in WSGIRequest. Refs #20619 | Loic Bistuer | |
| 2013-06-01 | Fixed #18481 -- Wrapped request.FILES read error in UnreadablePostError | Claude Paroz | |
| Thanks KyleMac for the report, André Cruz for the initial patch and Hiroki Kiyohara for the tests. | |||
| 2013-05-25 | Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation. | Preston Holmes | |
| SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review. | |||
| 2013-04-03 | Fixed #20038 -- Better error message for host validation. | Baptiste Mispelon | |
| 2013-03-10 | Fixed #20019 -- Ensured HttpRequest.resolver_match always exists. | Aymeric Augustin | |
| Obviously it isn't set until the URL is resolved. | |||
| 2013-02-19 | Added a new required ALLOWED_HOSTS setting for HTTP host header validation. | Carl Meyer | |
| This is a security fix; disclosure and advisory coming shortly. | |||
 |
index : django.git | |
| django |
| summaryrefslogtreecommitdiff |