Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Refs #34482 -- Reverted "Fixed #32969 -- Fixed pickling HttpResponse and ↵ | Mariusz Felisiak | 2023-04-12 | 1 | -19/+0 |
| | | | | | | | | subclasses." This reverts commit d7f5bfd241666c0a76e90208da1e9ef81aec44db. Thanks Márton Salomváry for the report. | ||||
* | Fixed #34484, Refs #34482 -- Reverted "Fixed #29186 -- Fixed pickling ↵ | Mariusz Felisiak | 2023-04-12 | 2 | -17/+2 |
| | | | | | | | | HttpRequest and subclasses." This reverts commit 6220c445c40a6a7f4d442de8bde2628346153963. Thanks Adam Johnson and Márton Salomváry for reports. | ||||
* | Fixed #34405 -- Fixed setting Content-Type header in FileResponse for ↵ | Mariusz Felisiak | 2023-03-14 | 1 | -0/+2 |
| | | | | | compress and brotli. Thanks Chamal De Silva for the report. | ||||
* | Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. | Markus Holtermann | 2023-02-14 | 2 | -15/+57 |
| | | | | Thanks to Jakob Ackermann for the report. | ||||
* | Refs #34233 -- Used str.removeprefix()/removesuffix(). | Mariusz Felisiak | 2023-01-18 | 1 | -5/+3 |
| | |||||
* | Refs #34233 -- Used aiter() and anext(). | Nick Pope | 2023-01-18 | 1 | -1/+1 |
| | | | Available since Python 3.10. | ||||
* | Fixed #33735 -- Added async support to StreamingHttpResponse. | Carlton Gibson | 2022-12-22 | 1 | -3/+53 |
| | | | | | Thanks to Florian Vazelle for initial exploratory work, and to Nick Pope and Mariusz Felisiak for review. | ||||
* | Fixed #34194 -- Added django.utils.http.content_disposition_header(). | Alex Vandiver | 2022-12-05 | 1 | -16/+6 |
| | |||||
* | Fixed #34074 -- Added headers argument to RequestFactory and Client classes. | David Wobrock | 2022-11-14 | 2 | -0/+27 |
| | |||||
* | Updated documentation and comments for RFC updates. | Nick Pope | 2022-11-10 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | - Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents | ||||
* | Used more augmented assignment statements. | Nick Pope | 2022-10-31 | 1 | -1/+1 |
| | | | | | | Identified using the following command: $ git grep -I '\(\<[_a-zA-Z0-9]\+\>\) *= *\1 *[-+/*^%&|<>@]' | ||||
* | Fixed #29186 -- Fixed pickling HttpRequest and subclasses. | Anvesh Mishra | 2022-09-14 | 2 | -2/+17 |
| | |||||
* | Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header. | Carlton Gibson | 2022-08-03 | 1 | -1/+3 |
| | | | | Thanks to Motoyasu Saburi for the report. | ||||
* | Refs #33697 -- Used django.utils.http.parse_header_parameters() for parsing ↵ | Mehrdad | 2022-06-28 | 1 | -49/+2 |
| | | | | | | | boundary streams. This also removes unused parse_header() and _parse_header_params() helpers in django.http.multipartparser. | ||||
* | Removed unnecessary _parse_header() from MultiPartParser. | Mariusz Felisiak | 2022-06-28 | 1 | -10/+3 |
| | | | | Reraising ValueError was unused since its introduction in d725cc9734272f867d41f7236235c28b3931a1b2. | ||||
* | Refs #33697 -- Made MediaType use django.utils.http.parse_header_parameters(). | Mehrdad | 2022-06-28 | 1 | -7/+3 |
| | |||||
* | Fixed #32969 -- Fixed pickling HttpResponse and subclasses. | Anv3sh | 2022-06-20 | 1 | -0/+19 |
| | |||||
* | Fixed #33755 -- Moved ASGI body-file cleanup into request class. | Jonas Lundberg | 2022-06-09 | 1 | -0/+2 |
| | |||||
* | Refs #33697 -- Made MultiPartParser use ↵ | Mehrdad | 2022-06-03 | 1 | -6/+7 |
| | | | | django.utils.http.parse_header_parameters() for parsing Content-Type header. | ||||
* | Refs #33697 -- Fixed multipart parsing of headers with double quotes and ↵ | Mehrdad | 2022-06-01 | 1 | -1/+1 |
| | | | | | | semicolons. See https://github.com/python/cpython/commit/1ef0c0349e8fdb5415e21231cb42edbf232b742a | ||||
* | Fixed #33683 -- Document HttpResponseBase and allow import from django.http | Collin Anderson | 2022-05-17 | 1 | -0/+2 |
| | |||||
* | Refs #33173 -- Removed use of deprecated cgi module. | Carlton Gibson | 2022-05-11 | 2 | -5/+6 |
| | | | | https://peps.python.org/pep-0594/#cgi | ||||
* | Refs #32365 -- Removed internal uses of utils.timezone.utc alias. | Carlton Gibson | 2022-03-24 | 1 | -2/+2 |
| | | | | | Remaining test case ensures that uses of the alias are mapped canonically by the migration writer. | ||||
* | Fixed #33569 -- Added SECURE_PROXY_SSL_HEADER support for list of protocols ↵ | Thomas Schmidt | 2022-03-23 | 1 | -1/+2 |
| | | | | in the header value. | ||||
* | Refs #33562 -- Made HttpResponse.set_cookie() raise ValueError when both ↵ | Luke Plant | 2022-03-07 | 1 | -0/+2 |
| | | | | | | | "expires" and "max_age" are passed. This fixes the case where you might pass set_cookie(expires=val, max_age=val) and max_age is silently ignored. | ||||
* | Fixed #33562 -- Made HttpResponse.set_cookie() support timedelta for the ↵ | Luke Plant | 2022-03-07 | 1 | -0/+6 |
| | | | | max_age argument. | ||||
* | Refs #33546 -- Optimized handling content types in HttpResponseBase.__init__(). | Keryn Knight | 2022-03-02 | 1 | -5/+5 |
| | | | | | | This removes an extraneous conditional causing "Content-Type" to be checked within the ResponseHeaders twice, if a content_type parameter is provided. | ||||
* | Refs #33546 -- Optimized HttpResponseBase.charset a bit. | Keryn Knight | 2022-03-02 | 1 | -5/+9 |
| | | | | | | This avoids scanning the Content-Type if it's empty, allowing the Content-Type header itself to have a charset assigned without using the re module. | ||||
* | Refs #33546 -- Optimized ResponseHeaders._convert_to_charset() by reducing ↵ | Keryn Knight | 2022-03-02 | 1 | -9/+19 |
| | | | | | | | | | | the type-checking duplication. In the common case, where keys and values are be encoded into ascii/latin-1, defer the checking for newlines until it's been successfully coerced to a string. Co-authored-by: Nick Pope <nick@nickpope.me.uk> | ||||
* | Refs #33546 -- Avoided unpacking data in ResponseHeaders when not necessary. | Keryn Knight | 2022-03-02 | 1 | -3/+4 |
| | |||||
* | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | 2022-02-07 | 2 | -8/+16 |
| | |||||
* | Refs #33476 -- Reformatted code with Black. | django-bot | 2022-02-07 | 5 | -301/+462 |
| | |||||
* | Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. | Mariusz Felisiak | 2022-02-01 | 1 | -0/+2 |
| | | | | Thanks Alan Ryan for the report and initial patch. | ||||
* | Fixed #33062 -- Made MultiPartParser remove non-printable chars from file names. | Hrushikesh Vaidya | 2022-01-20 | 1 | -0/+2 |
| | |||||
* | Fixed #28628 -- Changed \d to [0-9] in regexes where appropriate. | Ad Timmering | 2022-01-07 | 1 | -1/+1 |
| | |||||
* | Updated various links to HTTPS and new locations. | Mariusz Felisiak | 2021-12-02 | 1 | -1/+1 |
| | | | | Co-Authored-By: Nick Pope <nick@nickpope.me.uk> | ||||
* | Refs #30509 -- Adjusted internal FileResponse variable name. | Carlton Gibson | 2021-10-15 | 1 | -2/+2 |
| | | | Follow up to dc724c5bf9d3b8d59c9571aa751c3cd001cdeced. | ||||
* | Fixed #30509 -- Made FileResponse better handle buffers and non-zero file ↵ | Piotr Kunicki | 2021-10-14 | 1 | -15/+26 |
| | | | | offsets. | ||||
* | Optimized handling case-insensitive mappings. | Illia Volochii | 2021-09-22 | 1 | -7/+2 |
| | | | | | | | | | Elements yielded by _destruct_iterable_mapping_values are always unpacked. Since unpacking can be done with any iterable, there is no need to convert elements to tuples. Also, such elements can be used directly in for loops, creating a dictionary of them is excessive. Co-authored-by: Nick Pope <nick@nickpope.me.uk> | ||||
* | Simplified serializing HTTP response headers. | Illia Volochii | 2021-08-02 | 1 | -7/+3 |
| | | | | | | Since ResponseHeaders was introduced, header names and values are stored as strings. There is no need to check whether they are bytes. Co-authored-by: Nick Pope <nick@nickpope.me.uk> | ||||
* | Refs #24121 -- Added __repr__() to StreamingHttpResponse and subclasses. | Nicolas Restrepo | 2021-06-22 | 1 | -0/+7 |
| | |||||
* | Fixed #32366 -- Updated datetime module usage to recommended approach. | Nick Pope | 2021-05-12 | 1 | -3/+3 |
| | | | | | | | - Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp(). | ||||
* | Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. | Florian Apolloner | 2021-05-04 | 1 | -4/+18 |
| | |||||
* | Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ↵ | Hasan Ramezani | 2021-04-30 | 1 | -11/+0 |
| | | | | ExceptionReporter._get_raw_insecure_uri(). | ||||
* | Fixed capitalization of "ECMAScript" and "JavaScript". | Nick Pope | 2021-04-29 | 1 | -1/+1 |
| | |||||
* | Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. | Mariusz Felisiak | 2021-04-06 | 1 | -5/+8 |
| | | | | | Thanks Claude Paroz for the initial patch. Thanks Dennis Brinkrolf for the report. | ||||
* | Fixed #32355 -- Dropped support for Python 3.6 and 3.7 | Mariusz Felisiak | 2021-02-10 | 2 | -12/+0 |
| | |||||
* | Fixed #32389 -- Fixed ResponseHeaders crash when data is not mapping. | Illia Volochii | 2021-01-28 | 1 | -5/+4 |
| | |||||
* | Refs #30997 -- Removed HttpRequest.is_ajax() per deprecation timeline. | Mariusz Felisiak | 2021-01-14 | 1 | -11/+0 |
| | |||||
* | Fixed grammar in HttpResponse docstring. | ᴙɘɘᴙgYmɘᴙɘj | 2020-12-08 | 1 | -1/+1 |
| |