Hopiu/django-downloadview
1
0
Fork 0
mirror of https://github.com/jazzband/django-downloadview.git synced 2026-03-16 22:40:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
375 commits 4 branches 18 tags 910 KiB
Commit graph

375 commits

This branch
This branch
All branches
Author SHA1 Message Date
pre-commit-ci[bot]
ebcd3a0028
[pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/pre-commit/pre-commit-hooks: v4.6.0 → v5.0.0](https://github.com/pre-commit/pre-commit-hooks/compare/v4.6.0...v5.0.0)
- [github.com/pycqa/doc8: v1.1.1 → v1.1.2](https://github.com/pycqa/doc8/compare/v1.1.1...v1.1.2)
- [github.com/adamchainz/django-upgrade: 1.20.0 → 1.22.2](https://github.com/adamchainz/django-upgrade/compare/1.20.0...1.22.2)
- [github.com/pre-commit/mirrors-eslint: v9.8.0 → v9.16.0](https://github.com/pre-commit/mirrors-eslint/compare/v9.8.0...v9.16.0)
- [github.com/astral-sh/ruff-pre-commit: v0.5.6 → v0.8.2](https://github.com/astral-sh/ruff-pre-commit/compare/v0.5.6...v0.8.2)
- [github.com/tox-dev/pyproject-fmt: 2.2.1 → v2.5.0](https://github.com/tox-dev/pyproject-fmt/compare/2.2.1...v2.5.0)
- [github.com/abravalheri/validate-pyproject: v0.18 → v0.23](https://github.com/abravalheri/validate-pyproject/compare/v0.18...v0.23)
 2024-12-09 17:44:37 +00:00
Rémy HUBSCHER
6c0e0a8c82
Merge pull request #214 from jazzband/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2024-08-06 09:26:57 +02:00
pre-commit-ci[bot]
d3a8f6b725
[pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/astral-sh/ruff-pre-commit: v0.5.5 → v0.5.6](https://github.com/astral-sh/ruff-pre-commit/compare/v0.5.5...v0.5.6)
- [github.com/tox-dev/pyproject-fmt: 2.1.4 → 2.2.1](https://github.com/tox-dev/pyproject-fmt/compare/2.1.4...2.2.1)
 2024-08-05 17:54:35 +00:00
Rémy HUBSCHER
13a502bc4a
Post release 2.4.0 2024-08-05 14:51:35 +02:00
Rémy HUBSCHER
9f42cde8cb
Merge pull request #213 from jazzband/prepare-2.4 
Prepare 2.4 release
 2024-08-05 14:49:32 +02:00
Rémy HUBSCHER
5c8bbda4b3
Update AUTHORS 2024-08-05 14:03:55 +02:00
Rémy HUBSCHER
eab4fa7abf
Deduplicate names 2024-08-05 11:00:37 +02:00
Rémy HUBSCHER
711b2e50b5
Run pre-commit on all files 2024-08-05 10:53:19 +02:00
Rémy HUBSCHER
dd35f867e0
Add .pre-commit-config.yaml file 2024-08-05 10:51:09 +02:00
Rémy HUBSCHER
402c77b332
Add readthedocs config 2024-08-05 10:50:24 +02:00
Rémy HUBSCHER
347f0202ab
Prepare 2.4 release 2024-08-05 10:45:59 +02:00
Rémy HUBSCHER
18cb41f760
Merge pull request #211 from tari/196-rfd 
Guard against reflected file download
 2024-08-05 10:26:15 +02:00
Rémy HUBSCHER
1b294f00fa
Merge pull request #212 from sevdog/xaccel-headers 
Allow XResponses to keep original headers provided to base response
 2024-08-05 10:23:48 +02:00
Davide
51deef0a7e
Allow XResponses to keep original headers provided to base response 2024-08-01 08:35:53 +02:00
Peter Marheine
e7e25e68dd Add missing import in packaging test 
This test was broken when changed to begin using importlib,
but that wasn't evident because the tests directory
wasn't being automatically tested.
 2024-08-01 06:28:06 +00:00
Peter Marheine
0568c3c559 Prevent reflected file downloads on specially-named files 
This fixes #196, where it was observed that django_downloadview
was vulnerable to reflected file download attacks with
specially-named files, similar to CVE-2022-36359 in Django.
This change adopts the same replacement rules as used in Django's fix
in commit b3e4494d759202a3b6bf247fd34455bf13be5b80.
 2024-08-01 06:24:00 +00:00
Peter Marheine
e2b4470c5b Ensure tests are actually run 
pytest by default only discovers tests in files named test_*.py,
so none of the tests were actually being executed. Set the appropriate
pytest option
to discover the tests so they are automatically run.
 2024-08-01 06:24:00 +00:00
Peter Marheine
71488c49c4
Merge pull request #204 from sevdog/fix-realdownload-check 
Use safer check in RealDownloadMiddleware
 2024-08-01 09:53:07 +10:00
Peter Marheine
6c7b7f8a31
Merge pull request #209 from tari/pkg-resources 
Replace use of pkg_resources (setuptools)
 2024-08-01 09:50:07 +10:00
Davide
d385cbba6f
Use hasattr to check if any of required attribute is present 2024-07-31 16:18:20 +02:00
Peter Marheine
60c1839bf5 Replace use of pkg_resources (setuptools) 
Since Python 3.12, setuptools isn't included with Python
and importlib is the recommended replacement, available
since Python 3.8.
 2024-07-31 11:41:25 +00:00
Peter Marheine
ba6be8c3cd
Merge pull request #210 from tari/django-4.2 
Upgrade support matrix to maintained versions of Django
 2024-07-31 21:05:14 +10:00
Peter Marheine
16b241d9b5
Merge pull request #206 from sevdog/upgrade-middleware-doc 
Update usage of middleware settings
 2024-07-30 22:07:22 +10:00
Davide
c51720296a
Update references to middleware settings 2024-07-30 13:01:56 +02:00
Peter Marheine
fba10f7b1b
Merge pull request #207 from sevdog/improve-py3-code 
Improve codebase to python3
 2024-07-30 20:20:14 +10:00
Peter Marheine
41caa79f46 Upgrade support matrix to maintained versions of Django 
Currently, only Django versions 4.2 and 5.0 are maintained and
collectively only support Python down to version 3.8. This change updates the support matrix
for this package to match.
 2024-07-30 10:03:32 +00:00
Davide
ff5073d00b
Use python3 super and remove useless method re-definitions 2023-09-26 11:26:43 +02:00
Rémy HUBSCHER
338e17195f
Merge pull request #194 from felixxm/was_modified_since_size 
Removed passing unused size parameter to was_modified_since().
 2022-08-05 09:38:56 +02:00
Rémy HUBSCHER
df439fbd4f
Merge pull request #199 from jazzband/johnthagen-patch-1 
Enforce minimum Python version
 2022-08-05 09:37:00 +02:00
johnthagen
dd2e148b05
Enforce minimum Python version 2022-08-04 13:23:07 -04:00
Rémy HUBSCHER
64e36826ff
Merge pull request #197 from johnthagen/drop-py3.6 
Drop Python 3.6 support
 2022-08-04 16:10:02 +02:00
johnthagen
d19e4bee50
Update GitHub Actions 2022-08-04 09:23:23 -04:00
johnthagen
8c74a77ebe Drop Python 3.6 support 2022-08-04 09:22:28 -04:00
Rémy HUBSCHER
a6975d9669
Merge pull request #195 from devidw/patch-1 
Add missing `)` to settings docs sample
 2022-08-04 14:26:22 +02:00
David Wolf
f715f72032
Add missing ) to settings docs sample 2022-04-14 17:02:49 +02:00
Mariusz Felisiak
293403b807 Removed passing unused size parameter to was_modified_since(). 
The size parameter is unused because we pass timestamp and not the
If-Modified-Since HTML header.
 2022-03-14 20:38:28 +01:00
jazzband-bot
b64b1ad21a Jazzband: Created local 'CODE_OF_CONDUCT.md' from remote 'CODE_OF_CONDUCT.md' 2022-02-17 11:46:17 +01:00
Rémy HUBSCHER
3c2951ceac
Merge pull request #192 from jazzband/prepare-2.3-release 
Prepare release of django-downloadview 2.3
 2022-01-11 10:41:15 +01:00
Rémy HUBSCHER
aa003ed6bf
Prepare 2.3 release. 2022-01-11 10:37:35 +01:00
Rémy HUBSCHER
6dbf06c4ea
Merge pull request #190 from johnthagen/patch-2 
Document Python 3.10 support
 2022-01-05 14:11:53 +01:00
johnthagen
7c2af759c8
Document Python 3.10 support 2022-01-05 07:45:22 -05:00
Rémy HUBSCHER
7e9f81d758
Merge pull request #188 from tari/django-4.0-compat 
Update compatibility for Django 4.0
 2022-01-05 13:38:34 +01:00
Peter Marheine
e9fbb74b2c Uncap Github Actions parallelism 
There seems to be no reason to limit tests to 5 jobs at a time; removing
the limit should allow tests to finish faster.
 2021-12-23 20:27:29 +11:00
Peter Marheine
6381dc94f1 Include Django 4.0 in the test matrix 2021-12-23 13:05:46 +11:00
Peter Marheine
198f6a3295 Update compatibility for Django 4.0 
The only meaningful change is removing use of `force_text` (which was
deprecated in Django 3.0) in favor of `force_str` (which has existed
since before Django 1.11). On Python 3 there is no functional difference
between the two.
 2021-12-23 13:05:46 +11:00
Peter Marheine
a64a0e8c33 Split DownloadDispatcherMiddleware into two classes 
Instantiating a middleware but not using it as a middleware was a
strange behavior, so this change splits the dispatching out to another
class with a more specialized API and uses that middleware.
 2021-12-23 13:05:45 +11:00
Peter Marheine
0ab8aa3e8f Stop using django.util.deprecation.MiddlewareMixin 
That class is intended primarily for compatibility with Pre-1.10
middleware, and recently gained a check that get_response is not None.
This package ensures an unexpecified `get_response` function is never
called on its own, so it's simplest to manually implement the middleware
API.
 2021-12-23 13:05:45 +11:00
Peter Marheine
2524668e86 Test on Python 3.10 2021-12-23 11:53:26 +11:00
Peter Marheine
cb3ec3a091 Stop using nosetests 
Nose is no longer maintained and is incompatible with Python 3.10, so
can no longer be used. This change runs `coverage` manually to collect
coverage and uses `pytest` to run doctests, collectively covering what
was tested using django_nose.
 2021-12-23 11:51:53 +11:00
Peter Marheine
95b36fc843 Import ABCs from collections.abc, not collections 
The types in collections.abc were moved from just collections in Python
3.3, and Python 3.10 removed the old aliases. We no longer support
Python versions earlier than 3.3 and need to support 3.10, so update the
import.
 2021-12-23 10:27:14 +11:00