mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-03 18:38:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.

Browse source 
This is a security fix.
This commit is contained in:
Tim Graham 2017-03-14 10:46:53 -04:00
parent a1f948b468
commit 5ea48a70af
5 changed files with 93 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tests/utils_tests/test_http.py
View file

@ -97,6 +97,8 @@ class TestUtilsHttp(unittest.TestCase):
r'http://testserver\me:pass@example.com',
r'http://testserver\@example.com',
r'http:\\testserver\confirm\me@example.com',
'http:999999999',
'ftp:9999999999',
'\n',
)
for bad_url in bad_urls:
@ -117,6 +119,7 @@ class TestUtilsHttp(unittest.TestCase):
'//testserver/',
'http://testserver/confirm?email=me@example.com',
'/url%20with%20spaces/',
'path/http:2222222222',
)
for good_url in good_urls:
with ignore_warnings(category=RemovedInDjango21Warning):