mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-26 03:23:59 +03:00
Merge master
This commit is contained in:
commit
37845968cd
|
@ -40,6 +40,16 @@ You can determine your currently installed version using `pip freeze`:
|
||||||
|
|
||||||
## 2.4.x series
|
## 2.4.x series
|
||||||
|
|
||||||
|
### 2.4.4
|
||||||
|
|
||||||
|
**Date**: [3rd November 2014](https://github.com/tomchristie/django-rest-framework/issues?q=milestone%3A%222.4.4+Release%22+).
|
||||||
|
|
||||||
|
* **Security fix**: Escape URLs when replacing `format=` query parameter, as used in dropdown on `GET` button in browsable API to allow explicit selection of JSON vs HTML output.
|
||||||
|
* Maintain ordering of URLs in API root view for `DefaultRouter`.
|
||||||
|
* Fix `follow=True` in `APIRequestFactory`
|
||||||
|
* Resolve issue with invalid `read_only=True`, `required=True` fields being automatically generated by `ModelSerializer` in some cases.
|
||||||
|
* Resolve issue with `OPTIONS` requests returning incorrect information for views using `get_serializer_class` to dynamically determine serializer based on request method.
|
||||||
|
|
||||||
### 2.4.3
|
### 2.4.3
|
||||||
|
|
||||||
**Date**: [19th September 2014](https://github.com/tomchristie/django-rest-framework/issues?q=milestone%3A%222.4.3+Release%22+).
|
**Date**: [19th September 2014](https://github.com/tomchristie/django-rest-framework/issues?q=milestone%3A%222.4.3+Release%22+).
|
||||||
|
|
|
@ -23,7 +23,7 @@ def replace_query_param(url, key, val):
|
||||||
query_dict = QueryDict(query).copy()
|
query_dict = QueryDict(query).copy()
|
||||||
query_dict[key] = val
|
query_dict[key] = val
|
||||||
query = query_dict.urlencode()
|
query = query_dict.urlencode()
|
||||||
return escape(urlparse.urlunsplit((scheme, netloc, path, query, fragment)))
|
return urlparse.urlunsplit((scheme, netloc, path, query, fragment))
|
||||||
|
|
||||||
|
|
||||||
# Regex for adding classes to html snippets
|
# Regex for adding classes to html snippets
|
||||||
|
@ -83,7 +83,7 @@ def add_query_param(request, key, val):
|
||||||
"""
|
"""
|
||||||
iri = request.get_full_path()
|
iri = request.get_full_path()
|
||||||
uri = iri_to_uri(iri)
|
uri = iri_to_uri(iri)
|
||||||
return replace_query_param(uri, key, val)
|
return escape(replace_query_param(uri, key, val))
|
||||||
|
|
||||||
|
|
||||||
@register.filter
|
@register.filter
|
||||||
|
|
Loading…
Reference in New Issue
Block a user